./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1012757368 <...> Warning: Permanently added '10.128.1.182' (ED25519) to the list of known hosts. execve("./syz-executor1012757368", ["./syz-executor1012757368"], 0x7fff9dc72490 /* 10 vars */) = 0 brk(NULL) = 0x55556c245000 brk(0x55556c245e00) = 0x55556c245e00 arch_prctl(ARCH_SET_FS, 0x55556c245480) = 0 set_tid_address(0x55556c245750) = 5827 set_robust_list(0x55556c245760, 24) = 0 rseq(0x55556c245da0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1012757368", 4096) = 28 getrandom("\x31\x87\x19\x55\xfa\xec\xb4\x4d", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55556c245e00 brk(0x55556c266e00) = 0x55556c266e00 brk(0x55556c267000) = 0x55556c267000 mprotect(0x7fac1e980000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 rt_sigaction(SIGRTMIN, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGSEGV, {sa_handler=0x7fac1e8d0950, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7fac1e8d91d0}, NULL, 8) = 0 rt_sigaction(SIGBUS, {sa_handler=0x7fac1e8d0950, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7fac1e8d91d0}, NULL, 8) = 0 getrandom("\x6c\x7c\x5b\x28\x5f\x55\x51\x4c", 8, GRND_NONBLOCK) = 8 mkdir("./syzkaller.4aZfTY", 0700) = 0 chmod("./syzkaller.4aZfTY", 0777) = 0 chdir("./syzkaller.4aZfTY") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5828 attached , child_tidptr=0x55556c245750) = 5828 [pid 5828] set_robust_list(0x55556c245760, 24) = 0 [pid 5828] chdir("./0") = 0 [pid 5828] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5828] setpgid(0, 0) = 0 [pid 5828] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5828] write(3, "1000", 4) = 4 [pid 5828] close(3) = 0 [pid 5828] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5828] write(1, "executing program\n", 18executing program ) = 18 [pid 5828] memfd_create("syzkaller", 0) = 3 [pid 5828] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5828] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5828] munmap(0x7fac16400000, 138412032) = 0 [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5828] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5828] close(3) = 0 [pid 5828] close(4) = 0 [pid 5828] mkdir("./bus", 0777) = 0 [pid 5828] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5828] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5828] chdir("./bus") = 0 [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 90.866112][ T5828] loop0: detected capacity change from 0 to 32768 [ 90.903445][ T5828] [ 90.903445][ T5828] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 90.903445][ T5828] [pid 5828] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5828] exit_group(0) = ? [pid 5828] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5828, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 [ 90.983740][ T36] [ 90.983740][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 90.983740][ T36] [ 90.996765][ T36] [ 90.996765][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 90.996765][ T36] [ 91.009522][ T5827] [ 91.009522][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 91.009522][ T5827] [ 91.021303][ T113] [ 91.021303][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 91.021303][ T113] umount2("./0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 91.032818][ T5827] [ 91.032818][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 91.032818][ T5827] openat(AT_FDCWD, "./0/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5830 attached [pid 5830] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 5830 [pid 5830] <... set_robust_list resumed>) = 0 [pid 5830] chdir("./1") = 0 [pid 5830] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5830] setpgid(0, 0) = 0 [pid 5830] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5830] write(3, "1000", 4) = 4 [pid 5830] close(3) = 0 [pid 5830] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5830] write(1, "executing program\n", 18executing program ) = 18 [pid 5830] memfd_create("syzkaller", 0) = 3 [pid 5830] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5830] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5830] munmap(0x7fac16400000, 138412032) = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5830] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5830] close(3) = 0 [pid 5830] close(4) = 0 [pid 5830] mkdir("./bus", 0777) = 0 [pid 5830] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5830] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5830] chdir("./bus") = 0 [ 91.543233][ T5830] loop0: detected capacity change from 0 to 32768 [ 91.577269][ T5830] [ 91.577269][ T5830] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 91.577269][ T5830] [pid 5830] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5830] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5830] exit_group(0) = ? [pid 5830] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5830, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=15 /* 0.15 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 [ 91.642462][ T36] [ 91.642462][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 91.642462][ T36] [ 91.653086][ T36] [ 91.653086][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 91.653086][ T36] [ 91.664454][ T5827] [ 91.664454][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 91.664454][ T5827] [ 91.676340][ T113] [ 91.676340][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 91.676340][ T113] [ 91.687144][ T5827] umount2("./1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 91.687144][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 91.687144][ T5827] umount2("./1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5831 attached , child_tidptr=0x55556c245750) = 5831 [pid 5831] set_robust_list(0x55556c245760, 24) = 0 [pid 5831] chdir("./2") = 0 [pid 5831] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5831] setpgid(0, 0) = 0 [pid 5831] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5831] write(3, "1000", 4) = 4 [pid 5831] close(3) = 0 [pid 5831] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5831] write(1, "executing program\n", 18executing program ) = 18 [pid 5831] memfd_create("syzkaller", 0) = 3 [pid 5831] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5831] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5831] munmap(0x7fac16400000, 138412032) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5831] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5831] close(3) = 0 [pid 5831] close(4) = 0 [pid 5831] mkdir("./bus", 0777) = 0 [ 92.239519][ T5831] loop0: detected capacity change from 0 to 32768 [pid 5831] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5831] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5831] chdir("./bus") = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5831] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5831] exit_group(0) = ? [pid 5831] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5831, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=15 /* 0.15 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/binderfs") = 0 [ 92.284219][ T5831] [ 92.284219][ T5831] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 92.284219][ T5831] [ 92.328258][ T36] [ 92.328258][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 92.328258][ T36] [ 92.338847][ T36] [ 92.338847][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 92.338847][ T36] [ 92.349923][ T5827] [ 92.349923][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 92.349923][ T5827] [ 92.361702][ T112] [ 92.361702][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 92.361702][ T112] [ 92.373041][ T5827] umount2("./2/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./2/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./2/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 92.373041][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 92.373041][ T5827] close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556c245750) = 5832 ./strace-static-x86_64: Process 5832 attached [pid 5832] set_robust_list(0x55556c245760, 24) = 0 [pid 5832] chdir("./3") = 0 [pid 5832] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5832] setpgid(0, 0) = 0 [pid 5832] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5832] write(3, "1000", 4) = 4 [pid 5832] close(3) = 0 [pid 5832] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5832] write(1, "executing program\n", 18executing program ) = 18 [pid 5832] memfd_create("syzkaller", 0) = 3 [pid 5832] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5832] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5832] munmap(0x7fac16400000, 138412032) = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5832] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5832] close(3) = 0 [pid 5832] close(4) = 0 [pid 5832] mkdir("./bus", 0777) = 0 [ 92.789025][ T5832] loop0: detected capacity change from 0 to 32768 [pid 5832] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5832] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5832] chdir("./bus") = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5832] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5832] exit_group(0) = ? [pid 5832] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5832, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/binderfs") = 0 [ 92.835223][ T5832] [ 92.835223][ T5832] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 92.835223][ T5832] [ 92.891010][ T36] [ 92.891010][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 92.891010][ T36] [ 92.902050][ T36] [ 92.902050][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 92.902050][ T36] [ 92.913133][ T113] [ 92.913133][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 92.913133][ T113] [ 92.923801][ T5827] [ 92.923801][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 92.923801][ T5827] [ 92.935011][ T5827] umount2("./3/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./3/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 92.935011][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 92.935011][ T5827] umount2("./3/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5833 attached , child_tidptr=0x55556c245750) = 5833 [pid 5833] set_robust_list(0x55556c245760, 24) = 0 [pid 5833] chdir("./4") = 0 [pid 5833] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5833] setpgid(0, 0) = 0 [pid 5833] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5833] write(3, "1000", 4) = 4 [pid 5833] close(3) = 0 [pid 5833] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5833] write(1, "executing program\n", 18) = 18 [pid 5833] memfd_create("syzkaller", 0) = 3 [pid 5833] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5833] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5833] munmap(0x7fac16400000, 138412032) = 0 [pid 5833] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5833] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5833] close(3) = 0 [pid 5833] close(4) = 0 [pid 5833] mkdir("./bus", 0777) = 0 [pid 5833] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5833] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5833] chdir("./bus") = 0 [pid 5833] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5833] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5833] exit_group(0) = ? [pid 5833] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5833, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=17 /* 0.17 s */} --- umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 93.516645][ T5833] loop0: detected capacity change from 0 to 32768 [ 93.554838][ T5833] [ 93.554838][ T5833] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 93.554838][ T5833] newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/binderfs") = 0 [ 93.583752][ T49] [ 93.583752][ T49] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 93.583752][ T49] [ 93.595806][ T49] [ 93.595806][ T49] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 93.595806][ T49] [ 93.606951][ T5827] [ 93.606951][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 93.606951][ T5827] [ 93.618702][ T112] [ 93.618702][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 93.618702][ T112] [ 93.631750][ T5827] umount2("./4/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 93.631750][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 93.631750][ T5827] close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5835 attached , child_tidptr=0x55556c245750) = 5835 [pid 5835] set_robust_list(0x55556c245760, 24) = 0 [pid 5835] chdir("./5") = 0 [pid 5835] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5835] setpgid(0, 0) = 0 [pid 5835] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5835] write(3, "1000", 4) = 4 [pid 5835] close(3) = 0 [pid 5835] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5835] write(1, "executing program\n", 18) = 18 [pid 5835] memfd_create("syzkaller", 0) = 3 [pid 5835] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5835] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5835] munmap(0x7fac16400000, 138412032) = 0 [pid 5835] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5835] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5835] close(3) = 0 [pid 5835] close(4) = 0 [pid 5835] mkdir("./bus", 0777) = 0 [pid 5835] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5835] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5835] chdir("./bus") = 0 [pid 5835] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5835] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5835] exit_group(0) = ? [pid 5835] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5835, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=19 /* 0.19 s */} --- [ 94.085165][ T5835] loop0: detected capacity change from 0 to 32768 [ 94.105297][ T5835] [ 94.105297][ T5835] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 94.105297][ T5835] umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/binderfs") = 0 [ 94.174624][ T36] [ 94.174624][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 94.174624][ T36] [ 94.186191][ T36] [ 94.186191][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 94.186191][ T36] [ 94.197790][ T5827] [ 94.197790][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 94.197790][ T5827] [ 94.210194][ T113] [ 94.210194][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 94.210194][ T113] umount2("./5/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./5/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./5/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/bus") = 0 [ 94.223317][ T5827] [ 94.223317][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 94.223317][ T5827] getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5839 attached , child_tidptr=0x55556c245750) = 5839 [pid 5839] set_robust_list(0x55556c245760, 24) = 0 [pid 5839] chdir("./6") = 0 [pid 5839] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5839] setpgid(0, 0) = 0 [pid 5839] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5839] write(3, "1000", 4) = 4 [pid 5839] close(3) = 0 [pid 5839] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5839] write(1, "executing program\n", 18executing program ) = 18 [pid 5839] memfd_create("syzkaller", 0) = 3 [pid 5839] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5839] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5839] munmap(0x7fac16400000, 138412032) = 0 [pid 5839] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5839] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5839] close(3) = 0 [pid 5839] close(4) = 0 [pid 5839] mkdir("./bus", 0777) = 0 [pid 5839] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5839] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5839] chdir("./bus") = 0 [pid 5839] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5839] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5839] exit_group(0) = ? [pid 5839] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5839, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=17 /* 0.17 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 94.694482][ T5839] loop0: detected capacity change from 0 to 32768 [ 94.733447][ T5839] [ 94.733447][ T5839] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 94.733447][ T5839] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/binderfs") = 0 [ 94.783121][ T49] [ 94.783121][ T49] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 94.783121][ T49] [ 94.794634][ T49] [ 94.794634][ T49] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 94.794634][ T49] [ 94.806227][ T112] [ 94.806227][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 94.806227][ T112] [ 94.816890][ T5827] [ 94.816890][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 94.816890][ T5827] [ 94.828105][ T5827] umount2("./6/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./6/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 94.828105][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 94.828105][ T5827] umount2("./6/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5842 attached , child_tidptr=0x55556c245750) = 5842 [pid 5842] set_robust_list(0x55556c245760, 24) = 0 [pid 5842] chdir("./7") = 0 [pid 5842] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5842] setpgid(0, 0) = 0 [pid 5842] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5842] write(3, "1000", 4) = 4 [pid 5842] close(3) = 0 [pid 5842] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5842] write(1, "executing program\n", 18) = 18 [pid 5842] memfd_create("syzkaller", 0) = 3 [pid 5842] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5842] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5842] munmap(0x7fac16400000, 138412032) = 0 [pid 5842] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5842] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5842] close(3) = 0 [pid 5842] close(4) = 0 [pid 5842] mkdir("./bus", 0777) = 0 [pid 5842] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [ 95.442314][ T5842] loop0: detected capacity change from 0 to 32768 [ 95.481415][ T5842] [ 95.481415][ T5842] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 95.481415][ T5842] [pid 5842] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5842] chdir("./bus") = 0 [pid 5842] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5842] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5842] exit_group(0) = ? [pid 5842] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5842, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=15 /* 0.15 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/binderfs") = 0 [ 95.617536][ T36] [ 95.617536][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 95.617536][ T36] [ 95.628082][ T36] [ 95.628082][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 95.628082][ T36] [ 95.639427][ T5827] [ 95.639427][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 95.639427][ T5827] [ 95.650646][ T113] [ 95.650646][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 95.650646][ T113] [ 95.661313][ T5827] umount2("./7/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./7/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 95.661313][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 95.661313][ T5827] umount2("./7/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5843 attached , child_tidptr=0x55556c245750) = 5843 [pid 5843] set_robust_list(0x55556c245760, 24) = 0 [pid 5843] chdir("./8") = 0 [pid 5843] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5843] setpgid(0, 0) = 0 [pid 5843] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5843] write(3, "1000", 4) = 4 [pid 5843] close(3) = 0 [pid 5843] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5843] write(1, "executing program\n", 18) = 18 executing program [pid 5843] memfd_create("syzkaller", 0) = 3 [pid 5843] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5843] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5843] munmap(0x7fac16400000, 138412032) = 0 [pid 5843] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5843] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5843] close(3) = 0 [pid 5843] close(4) = 0 [pid 5843] mkdir("./bus", 0777) = 0 [pid 5843] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5843] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5843] chdir("./bus") = 0 [pid 5843] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5843] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5843] exit_group(0) = ? [pid 5843] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5843, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=16 /* 0.16 s */} --- [ 96.219621][ T5843] loop0: detected capacity change from 0 to 32768 [ 96.249266][ T5843] [ 96.249266][ T5843] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 96.249266][ T5843] restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/binderfs") = 0 [ 96.421229][ T36] [ 96.421229][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 96.421229][ T36] [ 96.431761][ T36] [ 96.431761][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 96.431761][ T36] [ 96.442720][ T112] [ 96.442720][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 96.442720][ T112] [ 96.453375][ T5827] [ 96.453375][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 96.453375][ T5827] [ 96.464527][ T5827] umount2("./8/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./8/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./8/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 96.464527][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 96.464527][ T5827] close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5844 attached , child_tidptr=0x55556c245750) = 5844 [pid 5844] set_robust_list(0x55556c245760, 24) = 0 [pid 5844] chdir("./9") = 0 [pid 5844] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5844] setpgid(0, 0) = 0 [pid 5844] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5844] write(3, "1000", 4) = 4 [pid 5844] close(3) = 0 [pid 5844] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5844] write(1, "executing program\n", 18executing program ) = 18 [pid 5844] memfd_create("syzkaller", 0) = 3 [pid 5844] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5844] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5844] munmap(0x7fac16400000, 138412032) = 0 [pid 5844] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5844] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5844] close(3) = 0 [pid 5844] close(4) = 0 [pid 5844] mkdir("./bus", 0777) = 0 [pid 5844] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5844] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5844] chdir("./bus") = 0 [pid 5844] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 96.808731][ T5844] loop0: detected capacity change from 0 to 32768 [ 96.837228][ T5844] [ 96.837228][ T5844] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 96.837228][ T5844] [pid 5844] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5844] exit_group(0) = ? [pid 5844] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5844, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=17 /* 0.17 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/binderfs") = 0 [ 96.947817][ T36] [ 96.947817][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 96.947817][ T36] [ 96.958385][ T36] [ 96.958385][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 96.958385][ T36] [ 96.969416][ T112] [ 96.969416][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 96.969416][ T112] [ 96.980108][ T5827] [ 96.980108][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 96.980108][ T5827] [ 96.991345][ T5827] umount2("./9/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./9/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./9/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 96.991345][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 96.991345][ T5827] close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5845 attached [pid 5845] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 5845 [pid 5845] <... set_robust_list resumed>) = 0 [pid 5845] chdir("./10") = 0 [pid 5845] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5845] setpgid(0, 0) = 0 [pid 5845] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5845] write(3, "1000", 4) = 4 [pid 5845] close(3) = 0 [pid 5845] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5845] write(1, "executing program\n", 18) = 18 [pid 5845] memfd_create("syzkaller", 0) = 3 [pid 5845] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [ 97.211287][ T1214] cfg80211: failed to load regulatory.db [pid 5845] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5845] munmap(0x7fac16400000, 138412032) = 0 [pid 5845] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5845] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5845] close(3) = 0 [pid 5845] close(4) = 0 [pid 5845] mkdir("./bus", 0777) = 0 [pid 5845] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5845] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5845] chdir("./bus") = 0 [pid 5845] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5845] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [ 97.383115][ T5845] loop0: detected capacity change from 0 to 32768 [ 97.414799][ T5845] [ 97.414799][ T5845] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 97.414799][ T5845] [pid 5845] exit_group(0) = ? [pid 5845] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5845, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/binderfs") = 0 [ 97.494915][ T49] [ 97.494915][ T49] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 97.494915][ T49] [ 97.507740][ T49] [ 97.507740][ T49] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 97.507740][ T49] [ 97.519621][ T5827] [ 97.519621][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 97.519621][ T5827] [ 97.530418][ T113] [ 97.530418][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 97.530418][ T113] [ 97.541003][ T5827] umount2("./10/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./10/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./10/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 97.541003][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 97.541003][ T5827] openat(AT_FDCWD, "./10/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5846 attached , child_tidptr=0x55556c245750) = 5846 [pid 5846] set_robust_list(0x55556c245760, 24) = 0 [pid 5846] chdir("./11") = 0 [pid 5846] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5846] setpgid(0, 0) = 0 [pid 5846] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5846] write(3, "1000", 4) = 4 [pid 5846] close(3) = 0 [pid 5846] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5846] write(1, "executing program\n", 18executing program ) = 18 [pid 5846] memfd_create("syzkaller", 0) = 3 [pid 5846] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5846] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5846] munmap(0x7fac16400000, 138412032) = 0 [pid 5846] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5846] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5846] close(3) = 0 [pid 5846] close(4) = 0 [pid 5846] mkdir("./bus", 0777) = 0 [pid 5846] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5846] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5846] chdir("./bus") = 0 [pid 5846] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5846] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5846] exit_group(0) = ? [pid 5846] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5846, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=15 /* 0.15 s */} --- [ 98.154423][ T5846] loop0: detected capacity change from 0 to 32768 [ 98.186417][ T5846] [ 98.186417][ T5846] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 98.186417][ T5846] umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/binderfs") = 0 [ 98.242581][ T49] [ 98.242581][ T49] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 98.242581][ T49] [ 98.253098][ T49] [ 98.253098][ T49] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 98.253098][ T49] [ 98.264572][ T112] [ 98.264572][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 98.264572][ T112] [ 98.275242][ T5827] [ 98.275242][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 98.275242][ T5827] [ 98.287641][ T5827] umount2("./11/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./11/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./11/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 98.287641][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 98.287641][ T5827] openat(AT_FDCWD, "./11/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5847 attached , child_tidptr=0x55556c245750) = 5847 [pid 5847] set_robust_list(0x55556c245760, 24) = 0 [pid 5847] chdir("./12") = 0 [pid 5847] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5847] setpgid(0, 0) = 0 [pid 5847] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5847] write(3, "1000", 4) = 4 [pid 5847] close(3) = 0 [pid 5847] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5847] write(1, "executing program\n", 18executing program ) = 18 [pid 5847] memfd_create("syzkaller", 0) = 3 [pid 5847] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5847] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5847] munmap(0x7fac16400000, 138412032) = 0 [pid 5847] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5847] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5847] close(3) = 0 [pid 5847] close(4) = 0 [pid 5847] mkdir("./bus", 0777) = 0 [pid 5847] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5847] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5847] chdir("./bus") = 0 [pid 5847] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5847] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5847] exit_group(0) = ? [pid 5847] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5847, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 [ 98.895768][ T5847] loop0: detected capacity change from 0 to 32768 [ 98.928043][ T5847] [ 98.928043][ T5847] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 98.928043][ T5847] umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/binderfs") = 0 [ 98.982096][ T49] [ 98.982096][ T49] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 98.982096][ T49] [ 98.992943][ T49] [ 98.992943][ T49] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 98.992943][ T49] [ 99.003819][ T5827] [ 99.003819][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 99.003819][ T5827] [ 99.014894][ T113] [ 99.014894][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 99.014894][ T113] [ 99.026352][ T5827] umount2("./12/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./12/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 99.026352][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 99.026352][ T5827] umount2("./12/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5848 attached , child_tidptr=0x55556c245750) = 5848 [pid 5848] set_robust_list(0x55556c245760, 24) = 0 [pid 5848] chdir("./13") = 0 [pid 5848] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5848] setpgid(0, 0) = 0 [pid 5848] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5848] write(3, "1000", 4) = 4 [pid 5848] close(3) = 0 [pid 5848] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5848] write(1, "executing program\n", 18executing program ) = 18 [pid 5848] memfd_create("syzkaller", 0) = 3 [pid 5848] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5848] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5848] munmap(0x7fac16400000, 138412032) = 0 [pid 5848] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5848] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5848] close(3) = 0 [pid 5848] close(4) = 0 [pid 5848] mkdir("./bus", 0777) = 0 [pid 5848] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5848] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5848] chdir("./bus") = 0 [pid 5848] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5848] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5848] exit_group(0) = ? [pid 5848] +++ exited with 0 +++ [ 99.639157][ T5848] loop0: detected capacity change from 0 to 32768 [ 99.669742][ T5848] [ 99.669742][ T5848] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 99.669742][ T5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5848, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=15 /* 0.15 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/binderfs") = 0 [ 99.735961][ T36] [ 99.735961][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 99.735961][ T36] [ 99.746927][ T36] [ 99.746927][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 99.746927][ T36] [ 99.758139][ T112] [ 99.758139][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 99.758139][ T112] [ 99.770292][ T5827] [ 99.770292][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 99.770292][ T5827] [ 99.781086][ T5827] umount2("./13/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./13/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./13/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 99.781086][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 99.781086][ T5827] openat(AT_FDCWD, "./13/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5849 attached , child_tidptr=0x55556c245750) = 5849 [pid 5849] set_robust_list(0x55556c245760, 24) = 0 [pid 5849] chdir("./14") = 0 [pid 5849] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5849] setpgid(0, 0) = 0 [pid 5849] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5849] write(3, "1000", 4) = 4 [pid 5849] close(3) = 0 [pid 5849] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5849] write(1, "executing program\n", 18) = 18 [pid 5849] memfd_create("syzkaller", 0) = 3 [pid 5849] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5849] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5849] munmap(0x7fac16400000, 138412032) = 0 [pid 5849] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5849] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5849] close(3) = 0 [pid 5849] close(4) = 0 [pid 5849] mkdir("./bus", 0777) = 0 [pid 5849] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5849] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5849] chdir("./bus") = 0 [pid 5849] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5849] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5849] exit_group(0) = ? [pid 5849] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5849, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=15 /* 0.15 s */} --- umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/binderfs") = 0 [ 100.366431][ T5849] loop0: detected capacity change from 0 to 32768 [ 100.384454][ T5849] [ 100.384454][ T5849] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 100.384454][ T5849] [ 100.443857][ T49] [ 100.443857][ T49] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 100.443857][ T49] [ 100.454726][ T49] [ 100.454726][ T49] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 100.454726][ T49] [ 100.465819][ T113] [ 100.465819][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 100.465819][ T113] [ 100.476441][ T5827] [ 100.476441][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 100.476441][ T5827] [ 100.488159][ T5827] umount2("./14/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./14/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./14/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 100.488159][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 100.488159][ T5827] close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5851 attached [pid 5851] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 5851 [pid 5851] <... set_robust_list resumed>) = 0 [pid 5851] chdir("./15") = 0 [pid 5851] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5851] setpgid(0, 0) = 0 [pid 5851] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5851] write(3, "1000", 4) = 4 [pid 5851] close(3) = 0 [pid 5851] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5851] write(1, "executing program\n", 18executing program ) = 18 [pid 5851] memfd_create("syzkaller", 0) = 3 [pid 5851] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5851] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5851] munmap(0x7fac16400000, 138412032) = 0 [pid 5851] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5851] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5851] close(3) = 0 [pid 5851] close(4) = 0 [pid 5851] mkdir("./bus", 0777) = 0 [pid 5851] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5851] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5851] chdir("./bus") = 0 [pid 5851] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5851] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5851] exit_group(0) = ? [pid 5851] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5851, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=18 /* 0.18 s */} --- umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/binderfs") = 0 [ 100.845243][ T5851] loop0: detected capacity change from 0 to 32768 [ 100.884748][ T5851] [ 100.884748][ T5851] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 100.884748][ T5851] [ 100.919743][ T36] [ 100.919743][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 100.919743][ T36] [ 100.930321][ T36] [ 100.930321][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 100.930321][ T36] [ 100.942648][ T5827] [ 100.942648][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 100.942648][ T5827] [ 100.953666][ T112] [ 100.953666][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 100.953666][ T112] [ 100.965868][ T5827] umount2("./15/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./15/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./15/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 100.965868][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 100.965868][ T5827] close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5852 attached [pid 5852] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 5852 [pid 5852] <... set_robust_list resumed>) = 0 [pid 5852] chdir("./16") = 0 [pid 5852] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5852] setpgid(0, 0) = 0 [pid 5852] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5852] write(3, "1000", 4) = 4 [pid 5852] close(3) = 0 [pid 5852] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5852] write(1, "executing program\n", 18) = 18 [pid 5852] memfd_create("syzkaller", 0) = 3 [pid 5852] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5852] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5852] munmap(0x7fac16400000, 138412032) = 0 [pid 5852] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5852] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5852] close(3) = 0 [pid 5852] close(4) = 0 [pid 5852] mkdir("./bus", 0777) = 0 [pid 5852] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5852] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5852] chdir("./bus") = 0 [pid 5852] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5852] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5852] exit_group(0) = ? [pid 5852] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5852, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=15 /* 0.15 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/binderfs") = 0 [ 101.362598][ T5852] loop0: detected capacity change from 0 to 32768 [ 101.390359][ T5852] [ 101.390359][ T5852] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 101.390359][ T5852] [ 101.440813][ T36] [ 101.440813][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 101.440813][ T36] [ 101.452463][ T36] [ 101.452463][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 101.452463][ T36] [ 101.463595][ T5827] [ 101.463595][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 101.463595][ T5827] [ 101.474465][ T112] [ 101.474465][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 101.474465][ T112] [ 101.485134][ T5827] umount2("./16/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./16/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./16/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 101.485134][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 101.485134][ T5827] close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5853 attached [pid 5853] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 5853 [pid 5853] <... set_robust_list resumed>) = 0 [pid 5853] chdir("./17") = 0 [pid 5853] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5853] setpgid(0, 0) = 0 [pid 5853] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5853] write(3, "1000", 4) = 4 [pid 5853] close(3) = 0 [pid 5853] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5853] write(1, "executing program\n", 18) = 18 [pid 5853] memfd_create("syzkaller", 0) = 3 [pid 5853] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5853] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5853] munmap(0x7fac16400000, 138412032) = 0 [pid 5853] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5853] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5853] close(3) = 0 [pid 5853] close(4) = 0 [pid 5853] mkdir("./bus", 0777) = 0 [pid 5853] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5853] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5853] chdir("./bus") = 0 [pid 5853] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5853] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5853] exit_group(0) = ? [pid 5853] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5853, si_uid=0, si_status=0, si_utime=0, si_stime=17 /* 0.17 s */} --- [ 101.857276][ T5853] loop0: detected capacity change from 0 to 32768 [ 101.896535][ T5853] [ 101.896535][ T5853] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 101.896535][ T5853] restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./17", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./17/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/binderfs") = 0 [ 101.953936][ T1161] [ 101.953936][ T1161] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 101.953936][ T1161] [ 101.964675][ T1161] [ 101.964675][ T1161] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 101.964675][ T1161] [ 101.976074][ T112] [ 101.976074][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 101.976074][ T112] [ 101.986970][ T5827] [ 101.986970][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 101.986970][ T5827] [ 101.998379][ T5827] umount2("./17/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./17/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./17/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 101.998379][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 101.998379][ T5827] close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5854 attached , child_tidptr=0x55556c245750) = 5854 [pid 5854] set_robust_list(0x55556c245760, 24) = 0 [pid 5854] chdir("./18") = 0 [pid 5854] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5854] setpgid(0, 0) = 0 [pid 5854] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5854] write(3, "1000", 4) = 4 [pid 5854] close(3) = 0 [pid 5854] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5854] write(1, "executing program\n", 18) = 18 [pid 5854] memfd_create("syzkaller", 0) = 3 [pid 5854] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5854] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5854] munmap(0x7fac16400000, 138412032) = 0 [pid 5854] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5854] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5854] close(3) = 0 [pid 5854] close(4) = 0 [pid 5854] mkdir("./bus", 0777) = 0 [pid 5854] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5854] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5854] chdir("./bus") = 0 [pid 5854] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5854] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5854] exit_group(0) = ? [pid 5854] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5854, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=16 /* 0.16 s */} --- [ 102.433592][ T5854] loop0: detected capacity change from 0 to 32768 [ 102.463301][ T5854] [ 102.463301][ T5854] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 102.463301][ T5854] umount2("./18", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./18/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/binderfs") = 0 [ 102.524019][ T49] [ 102.524019][ T49] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 102.524019][ T49] [ 102.536312][ T49] [ 102.536312][ T49] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 102.536312][ T49] [ 102.547164][ T5827] [ 102.547164][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 102.547164][ T5827] [ 102.557986][ T113] [ 102.557986][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 102.557986][ T113] [ 102.569231][ T5827] umount2("./18/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./18/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./18/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 102.569231][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 102.569231][ T5827] close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5855 attached [pid 5855] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 5855 [pid 5855] <... set_robust_list resumed>) = 0 [pid 5855] chdir("./19") = 0 [pid 5855] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5855] setpgid(0, 0) = 0 [pid 5855] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5855] write(3, "1000", 4) = 4 [pid 5855] close(3) = 0 [pid 5855] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5855] write(1, "executing program\n", 18) = 18 [pid 5855] memfd_create("syzkaller", 0) = 3 [pid 5855] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5855] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5855] munmap(0x7fac16400000, 138412032) = 0 [pid 5855] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5855] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5855] close(3) = 0 [pid 5855] close(4) = 0 [pid 5855] mkdir("./bus", 0777) = 0 [pid 5855] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5855] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5855] chdir("./bus") = 0 [pid 5855] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 102.974074][ T5855] loop0: detected capacity change from 0 to 32768 [ 103.000235][ T5855] [ 103.000235][ T5855] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 103.000235][ T5855] [pid 5855] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5855] exit_group(0) = ? [pid 5855] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5855, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=17 /* 0.17 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./19", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./19/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/binderfs") = 0 [ 103.186103][ T49] [ 103.186103][ T49] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 103.186103][ T49] [ 103.196699][ T49] [ 103.196699][ T49] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 103.196699][ T49] [ 103.207876][ T113] [ 103.207876][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 103.207876][ T113] [ 103.218397][ T5827] [ 103.218397][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 103.218397][ T5827] [ 103.229380][ T5827] umount2("./19/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./19/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./19/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 103.229380][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 103.229380][ T5827] close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5856 attached [pid 5856] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 5856 [pid 5856] <... set_robust_list resumed>) = 0 [pid 5856] chdir("./20") = 0 [pid 5856] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5856] setpgid(0, 0) = 0 [pid 5856] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5856] write(3, "1000", 4) = 4 [pid 5856] close(3) = 0 [pid 5856] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5856] write(1, "executing program\n", 18executing program ) = 18 [pid 5856] memfd_create("syzkaller", 0) = 3 [pid 5856] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5856] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5856] munmap(0x7fac16400000, 138412032) = 0 [pid 5856] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5856] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5856] close(3) = 0 [pid 5856] close(4) = 0 [pid 5856] mkdir("./bus", 0777) = 0 [pid 5856] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5856] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5856] chdir("./bus") = 0 [pid 5856] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5856] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5856] exit_group(0) = ? [pid 5856] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5856, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=14 /* 0.14 s */} --- [ 103.640998][ T5856] loop0: detected capacity change from 0 to 32768 [ 103.674617][ T5856] [ 103.674617][ T5856] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 103.674617][ T5856] umount2("./20", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./20/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/binderfs") = 0 [ 103.823673][ T49] [ 103.823673][ T49] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 103.823673][ T49] [ 103.834225][ T49] [ 103.834225][ T49] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 103.834225][ T49] [ 103.845301][ T112] [ 103.845301][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 103.845301][ T112] [ 103.855918][ T5827] [ 103.855918][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 103.855918][ T5827] [ 103.866764][ T5827] umount2("./20/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./20/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./20/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 103.866764][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 103.866764][ T5827] close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5857 attached , child_tidptr=0x55556c245750) = 5857 [pid 5857] set_robust_list(0x55556c245760, 24) = 0 [pid 5857] chdir("./21") = 0 [pid 5857] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5857] setpgid(0, 0) = 0 [pid 5857] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5857] write(3, "1000", 4) = 4 [pid 5857] close(3) = 0 [pid 5857] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5857] write(1, "executing program\n", 18executing program ) = 18 [pid 5857] memfd_create("syzkaller", 0) = 3 [pid 5857] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5857] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5857] munmap(0x7fac16400000, 138412032) = 0 [pid 5857] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5857] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5857] close(3) = 0 [pid 5857] close(4) = 0 [pid 5857] mkdir("./bus", 0777) = 0 [pid 5857] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5857] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5857] chdir("./bus") = 0 [pid 5857] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5857] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5857] exit_group(0) = ? [pid 5857] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5857, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=18 /* 0.18 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 104.265756][ T5857] loop0: detected capacity change from 0 to 32768 [ 104.292123][ T5857] [ 104.292123][ T5857] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 104.292123][ T5857] umount2("./21", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./21/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/binderfs") = 0 [ 104.375340][ T1088] [ 104.375340][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 104.375340][ T1088] [ 104.399826][ T1088] [ 104.399826][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 104.399826][ T1088] umount2("./21/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./21/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 104.430311][ T5827] [ 104.430311][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 104.430311][ T5827] [ 104.449311][ T113] [ 104.449311][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 104.449311][ T113] [ 104.460788][ T5827] [ 104.460788][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 104.460788][ T5827] umount2("./21/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5858 attached , child_tidptr=0x55556c245750) = 5858 [pid 5858] set_robust_list(0x55556c245760, 24) = 0 [pid 5858] chdir("./22") = 0 [pid 5858] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5858] setpgid(0, 0) = 0 [pid 5858] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5858] write(3, "1000", 4) = 4 [pid 5858] close(3) = 0 [pid 5858] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5858] write(1, "executing program\n", 18executing program ) = 18 [pid 5858] memfd_create("syzkaller", 0) = 3 [pid 5858] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5858] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5858] munmap(0x7fac16400000, 138412032) = 0 [pid 5858] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5858] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5858] close(3) = 0 [pid 5858] close(4) = 0 [pid 5858] mkdir("./bus", 0777) = 0 [pid 5858] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5858] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5858] chdir("./bus") = 0 [pid 5858] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5858] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5858] exit_group(0) = ? [pid 5858] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5858, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=16 /* 0.16 s */} --- umount2("./22", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 105.037476][ T5858] loop0: detected capacity change from 0 to 32768 [ 105.073634][ T5858] [ 105.073634][ T5858] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 105.073634][ T5858] getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./22/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/binderfs") = 0 [ 105.147683][ T36] [ 105.147683][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 105.147683][ T36] [ 105.158716][ T36] [ 105.158716][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 105.158716][ T36] [ 105.169810][ T112] [ 105.169810][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 105.169810][ T112] [ 105.180573][ T5827] [ 105.180573][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 105.180573][ T5827] [ 105.191934][ T5827] umount2("./22/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./22/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 105.191934][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 105.191934][ T5827] umount2("./22/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5859 attached , child_tidptr=0x55556c245750) = 5859 [pid 5859] set_robust_list(0x55556c245760, 24) = 0 [pid 5859] chdir("./23") = 0 [pid 5859] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5859] setpgid(0, 0) = 0 [pid 5859] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5859] write(3, "1000", 4) = 4 [pid 5859] close(3) = 0 [pid 5859] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5859] write(1, "executing program\n", 18) = 18 [pid 5859] memfd_create("syzkaller", 0) = 3 [pid 5859] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5859] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5859] munmap(0x7fac16400000, 138412032) = 0 [pid 5859] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5859] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5859] close(3) = 0 [pid 5859] close(4) = 0 [pid 5859] mkdir("./bus", 0777) = 0 [pid 5859] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5859] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5859] chdir("./bus") = 0 [pid 5859] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5859] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5859] exit_group(0) = ? [ 105.765984][ T5859] loop0: detected capacity change from 0 to 32768 [ 105.796308][ T5859] [ 105.796308][ T5859] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 105.796308][ T5859] [pid 5859] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5859, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=16 /* 0.16 s */} --- umount2("./23", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./23/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/binderfs") = 0 [ 105.949672][ T36] [ 105.949672][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 105.949672][ T36] [ 105.960222][ T36] [ 105.960222][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 105.960222][ T36] [ 105.971134][ T113] [ 105.971134][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 105.971134][ T113] [ 105.982084][ T5827] [ 105.982084][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 105.982084][ T5827] [ 105.992889][ T5827] umount2("./23/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./23/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./23/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 [ 105.992889][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 105.992889][ T5827] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5860 attached , child_tidptr=0x55556c245750) = 5860 [pid 5860] set_robust_list(0x55556c245760, 24) = 0 [pid 5860] chdir("./24") = 0 [pid 5860] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5860] setpgid(0, 0) = 0 [pid 5860] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5860] write(3, "1000", 4) = 4 [pid 5860] close(3) = 0 [pid 5860] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5860] write(1, "executing program\n", 18executing program ) = 18 [pid 5860] memfd_create("syzkaller", 0) = 3 [pid 5860] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5860] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5860] munmap(0x7fac16400000, 138412032) = 0 [pid 5860] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5860] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5860] close(3) = 0 [pid 5860] close(4) = 0 [pid 5860] mkdir("./bus", 0777) = 0 [ 106.407422][ T5860] loop0: detected capacity change from 0 to 32768 [pid 5860] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5860] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5860] chdir("./bus") = 0 [pid 5860] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5860] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5860] exit_group(0) = ? [pid 5860] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5860, si_uid=0, si_status=0, si_utime=0, si_stime=20 /* 0.20 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./24", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./24/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/binderfs") = 0 [ 106.461848][ T5860] [ 106.461848][ T5860] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 106.461848][ T5860] [ 106.507691][ T36] [ 106.507691][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 106.507691][ T36] [ 106.519109][ T36] [ 106.519109][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 106.519109][ T36] [ 106.530255][ T112] [ 106.530255][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 106.530255][ T112] [ 106.541014][ T5827] [ 106.541014][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 106.541014][ T5827] [ 106.551982][ T5827] umount2("./24/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./24/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 106.551982][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 106.551982][ T5827] umount2("./24/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5861 attached , child_tidptr=0x55556c245750) = 5861 [pid 5861] set_robust_list(0x55556c245760, 24) = 0 [pid 5861] chdir("./25") = 0 [pid 5861] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5861] setpgid(0, 0) = 0 [pid 5861] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5861] write(3, "1000", 4) = 4 [pid 5861] close(3) = 0 [pid 5861] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5861] write(1, "executing program\n", 18) = 18 [pid 5861] memfd_create("syzkaller", 0) = 3 [pid 5861] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5861] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5861] munmap(0x7fac16400000, 138412032) = 0 [pid 5861] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5861] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5861] close(3) = 0 [pid 5861] close(4) = 0 [pid 5861] mkdir("./bus", 0777) = 0 [ 107.129119][ T5861] loop0: detected capacity change from 0 to 32768 [pid 5861] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5861] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5861] chdir("./bus") = 0 [pid 5861] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5861] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5861] exit_group(0) = ? [pid 5861] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5861, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=17 /* 0.17 s */} --- umount2("./25", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 107.171867][ T5861] [ 107.171867][ T5861] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 107.171867][ T5861] openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./25/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/binderfs") = 0 [ 107.236256][ T36] [ 107.236256][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 107.236256][ T36] [ 107.246881][ T36] [ 107.246881][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 107.246881][ T36] [ 107.258215][ T113] [ 107.258215][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 107.258215][ T113] [ 107.268897][ T5827] [ 107.268897][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 107.268897][ T5827] [ 107.280020][ T5827] umount2("./25/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./25/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 107.280020][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 107.280020][ T5827] umount2("./25/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./25/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./25") = 0 mkdir("./26", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5862 attached , child_tidptr=0x55556c245750) = 5862 [pid 5862] set_robust_list(0x55556c245760, 24) = 0 [pid 5862] chdir("./26") = 0 [pid 5862] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5862] setpgid(0, 0) = 0 [pid 5862] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5862] write(3, "1000", 4) = 4 [pid 5862] close(3) = 0 [pid 5862] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5862] write(1, "executing program\n", 18executing program ) = 18 [pid 5862] memfd_create("syzkaller", 0) = 3 [pid 5862] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5862] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5862] munmap(0x7fac16400000, 138412032) = 0 [pid 5862] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5862] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5862] close(3) = 0 [pid 5862] close(4) = 0 [pid 5862] mkdir("./bus", 0777) = 0 [ 107.814944][ T5862] loop0: detected capacity change from 0 to 32768 [pid 5862] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5862] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5862] chdir("./bus") = 0 [pid 5862] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5862] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5862] exit_group(0) = ? [pid 5862] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5862, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./26", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./26/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/binderfs") = 0 [ 107.855928][ T5862] [ 107.855928][ T5862] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 107.855928][ T5862] [ 107.904125][ T36] [ 107.904125][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 107.904125][ T36] [ 107.915030][ T36] [ 107.915030][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 107.915030][ T36] [ 107.926450][ T112] [ 107.926450][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 107.926450][ T112] [ 107.939272][ T5827] [ 107.939272][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 107.939272][ T5827] [ 107.950199][ T5827] umount2("./26/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./26/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./26/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./26/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./26") = 0 mkdir("./27", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 107.950199][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 107.950199][ T5827] close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5863 attached [pid 5863] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 5863 [pid 5863] <... set_robust_list resumed>) = 0 [pid 5863] chdir("./27") = 0 [pid 5863] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5863] setpgid(0, 0) = 0 [pid 5863] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5863] write(3, "1000", 4) = 4 [pid 5863] close(3) = 0 [pid 5863] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5863] write(1, "executing program\n", 18) = 18 [pid 5863] memfd_create("syzkaller", 0) = 3 [pid 5863] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5863] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5863] munmap(0x7fac16400000, 138412032) = 0 [pid 5863] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5863] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5863] close(3) = 0 [pid 5863] close(4) = 0 [pid 5863] mkdir("./bus", 0777) = 0 [pid 5863] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5863] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5863] chdir("./bus") = 0 [pid 5863] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 108.353713][ T5863] loop0: detected capacity change from 0 to 32768 [ 108.390180][ T5863] [ 108.390180][ T5863] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 108.390180][ T5863] [pid 5863] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5863] exit_group(0) = ? [pid 5863] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5863, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=15 /* 0.15 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./27", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./27/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/binderfs") = 0 [ 108.580519][ T1088] [ 108.580519][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 108.580519][ T1088] [ 108.591164][ T1088] [ 108.591164][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 108.591164][ T1088] [ 108.603646][ T5827] [ 108.603646][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 108.603646][ T5827] [ 108.614673][ T113] [ 108.614673][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 108.614673][ T113] [ 108.625443][ T5827] umount2("./27/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./27/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./27/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 108.625443][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 108.625443][ T5827] getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./27/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./27") = 0 mkdir("./28", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5864 attached [pid 5864] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 5864 [pid 5864] <... set_robust_list resumed>) = 0 [pid 5864] chdir("./28") = 0 [pid 5864] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5864] setpgid(0, 0) = 0 [pid 5864] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5864] write(3, "1000", 4) = 4 [pid 5864] close(3) = 0 [pid 5864] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5864] write(1, "executing program\n", 18executing program ) = 18 [pid 5864] memfd_create("syzkaller", 0) = 3 [pid 5864] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5864] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5864] munmap(0x7fac16400000, 138412032) = 0 [pid 5864] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5864] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5864] close(3) = 0 [pid 5864] close(4) = 0 [pid 5864] mkdir("./bus", 0777) = 0 [pid 5864] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5864] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5864] chdir("./bus") = 0 [pid 5864] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5864] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5864] exit_group(0) = ? [pid 5864] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5864, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=17 /* 0.17 s */} --- [ 109.108751][ T5864] loop0: detected capacity change from 0 to 32768 [ 109.138107][ T5864] [ 109.138107][ T5864] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 109.138107][ T5864] umount2("./28", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./28/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/binderfs") = 0 [ 109.256878][ T1088] [ 109.256878][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 109.256878][ T1088] [ 109.267447][ T1088] [ 109.267447][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 109.267447][ T1088] [ 109.278376][ T112] [ 109.278376][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 109.278376][ T112] [ 109.289300][ T5827] [ 109.289300][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 109.289300][ T5827] [ 109.300089][ T5827] umount2("./28/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./28/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./28/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./28/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./28") = 0 mkdir("./29", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 109.300089][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 109.300089][ T5827] close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5865 attached [pid 5865] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 5865 [pid 5865] <... set_robust_list resumed>) = 0 [pid 5865] chdir("./29") = 0 [pid 5865] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5865] setpgid(0, 0) = 0 [pid 5865] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5865] write(3, "1000", 4) = 4 [pid 5865] close(3) = 0 [pid 5865] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5865] write(1, "executing program\n", 18) = 18 [pid 5865] memfd_create("syzkaller", 0) = 3 [pid 5865] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5865] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5865] munmap(0x7fac16400000, 138412032) = 0 [pid 5865] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5865] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5865] close(3) = 0 [pid 5865] close(4) = 0 [pid 5865] mkdir("./bus", 0777) = 0 [pid 5865] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5865] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5865] chdir("./bus") = 0 [pid 5865] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 109.715234][ T5865] loop0: detected capacity change from 0 to 32768 [ 109.738398][ T5865] [ 109.738398][ T5865] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 109.738398][ T5865] [pid 5865] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5865] exit_group(0) = ? [pid 5865] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5865, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=17 /* 0.17 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./29", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./29/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/binderfs") = 0 [ 109.957850][ T36] [ 109.957850][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 109.957850][ T36] [ 109.968452][ T36] [ 109.968452][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 109.968452][ T36] [ 109.979608][ T5827] [ 109.979608][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 109.979608][ T5827] [ 109.990491][ T112] [ 109.990491][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 109.990491][ T112] [ 110.001145][ T5827] umount2("./29/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./29/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 110.001145][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 110.001145][ T5827] umount2("./29/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./29/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./29") = 0 mkdir("./30", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5866 attached [pid 5866] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 5866 [pid 5866] <... set_robust_list resumed>) = 0 [pid 5866] chdir("./30") = 0 [pid 5866] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5866] setpgid(0, 0) = 0 [pid 5866] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5866] write(3, "1000", 4) = 4 [pid 5866] close(3) = 0 [pid 5866] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5866] write(1, "executing program\n", 18executing program ) = 18 [pid 5866] memfd_create("syzkaller", 0) = 3 [pid 5866] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5866] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5866] munmap(0x7fac16400000, 138412032) = 0 [pid 5866] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5866] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5866] close(3) = 0 [pid 5866] close(4) = 0 [pid 5866] mkdir("./bus", 0777) = 0 [pid 5866] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5866] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5866] chdir("./bus") = 0 [pid 5866] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5866] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5866] exit_group(0) = ? [pid 5866] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5866, si_uid=0, si_status=0, si_utime=0, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./30", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./30/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/binderfs") = 0 [ 110.528931][ T5866] loop0: detected capacity change from 0 to 32768 [ 110.566924][ T5866] [ 110.566924][ T5866] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 110.566924][ T5866] [ 110.600224][ T1088] [ 110.600224][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 110.600224][ T1088] [ 110.612107][ T1088] [ 110.612107][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 110.612107][ T1088] [ 110.624076][ T113] [ 110.624076][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 110.624076][ T113] [ 110.634764][ T5827] [ 110.634764][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 110.634764][ T5827] [ 110.645691][ T5827] umount2("./30/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./30/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./30/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./30/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./30") = 0 mkdir("./31", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 110.645691][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 110.645691][ T5827] close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5867 attached , child_tidptr=0x55556c245750) = 5867 [pid 5867] set_robust_list(0x55556c245760, 24) = 0 [pid 5867] chdir("./31") = 0 [pid 5867] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5867] setpgid(0, 0) = 0 [pid 5867] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5867] write(3, "1000", 4) = 4 [pid 5867] close(3) = 0 [pid 5867] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5867] write(1, "executing program\n", 18) = 18 [pid 5867] memfd_create("syzkaller", 0) = 3 [pid 5867] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5867] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5867] munmap(0x7fac16400000, 138412032) = 0 [pid 5867] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5867] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5867] close(3) = 0 [pid 5867] close(4) = 0 [pid 5867] mkdir("./bus", 0777) = 0 [pid 5867] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5867] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5867] chdir("./bus") = 0 [pid 5867] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5867] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5867] exit_group(0) = ? [ 111.026123][ T5867] loop0: detected capacity change from 0 to 32768 [ 111.065246][ T5867] [ 111.065246][ T5867] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 111.065246][ T5867] [pid 5867] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5867, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=15 /* 0.15 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./31", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./31/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/binderfs") = 0 [ 111.132863][ T36] [ 111.132863][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 111.132863][ T36] [ 111.143481][ T36] [ 111.143481][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 111.143481][ T36] [ 111.154727][ T113] [ 111.154727][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 111.154727][ T113] [ 111.165322][ T5827] [ 111.165322][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 111.165322][ T5827] [ 111.176096][ T5827] umount2("./31/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./31/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./31/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./31/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./31") = 0 mkdir("./32", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 111.176096][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 111.176096][ T5827] close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5868 attached , child_tidptr=0x55556c245750) = 5868 [pid 5868] set_robust_list(0x55556c245760, 24) = 0 [pid 5868] chdir("./32") = 0 [pid 5868] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5868] setpgid(0, 0) = 0 [pid 5868] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5868] write(3, "1000", 4) = 4 [pid 5868] close(3) = 0 [pid 5868] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5868] write(1, "executing program\n", 18executing program ) = 18 [pid 5868] memfd_create("syzkaller", 0) = 3 [pid 5868] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5868] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5868] munmap(0x7fac16400000, 138412032) = 0 [pid 5868] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5868] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5868] close(3) = 0 [pid 5868] close(4) = 0 [pid 5868] mkdir("./bus", 0777) = 0 [ 111.583654][ T5868] loop0: detected capacity change from 0 to 32768 [pid 5868] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5868] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5868] chdir("./bus") = 0 [pid 5868] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5868] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5868] exit_group(0) = ? [pid 5868] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5868, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=17 /* 0.17 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 111.633342][ T5868] [ 111.633342][ T5868] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 111.633342][ T5868] umount2("./32", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./32/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./32/binderfs") = 0 [ 111.812554][ T36] [ 111.812554][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 111.812554][ T36] [ 111.823139][ T36] [ 111.823139][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 111.823139][ T36] [ 111.833925][ T5827] [ 111.833925][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 111.833925][ T5827] [ 111.844900][ T113] [ 111.844900][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 111.844900][ T113] [ 111.855552][ T5827] umount2("./32/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./32/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 111.855552][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 111.855552][ T5827] umount2("./32/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./32/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./32") = 0 mkdir("./33", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5869 attached , child_tidptr=0x55556c245750) = 5869 [pid 5869] set_robust_list(0x55556c245760, 24) = 0 [pid 5869] chdir("./33") = 0 [pid 5869] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5869] setpgid(0, 0) = 0 [pid 5869] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5869] write(3, "1000", 4) = 4 [pid 5869] close(3) = 0 [pid 5869] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5869] write(1, "executing program\n", 18) = 18 [pid 5869] memfd_create("syzkaller", 0) = 3 [pid 5869] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5869] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5869] munmap(0x7fac16400000, 138412032) = 0 [pid 5869] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5869] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5869] close(3) = 0 [pid 5869] close(4) = 0 [pid 5869] mkdir("./bus", 0777) = 0 [pid 5869] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5869] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5869] chdir("./bus") = 0 [pid 5869] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5869] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5869] exit_group(0) = ? [pid 5869] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5869, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./33", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 112.465471][ T5869] loop0: detected capacity change from 0 to 32768 [ 112.502134][ T5869] [ 112.502134][ T5869] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 112.502134][ T5869] getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./33/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./33/binderfs") = 0 [ 112.551141][ T1088] [ 112.551141][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 112.551141][ T1088] [ 112.561953][ T1088] [ 112.561953][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 112.561953][ T1088] [ 112.572905][ T113] [ 112.572905][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 112.572905][ T113] [ 112.584945][ T5827] [ 112.584945][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 112.584945][ T5827] [ 112.595985][ T5827] umount2("./33/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./33/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 112.595985][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 112.595985][ T5827] umount2("./33/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./33/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./33") = 0 mkdir("./34", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5870 attached , child_tidptr=0x55556c245750) = 5870 [pid 5870] set_robust_list(0x55556c245760, 24) = 0 [pid 5870] chdir("./34") = 0 [pid 5870] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5870] setpgid(0, 0) = 0 [pid 5870] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5870] write(3, "1000", 4) = 4 [pid 5870] close(3) = 0 [pid 5870] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5870] write(1, "executing program\n", 18) = 18 [pid 5870] memfd_create("syzkaller", 0) = 3 [pid 5870] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5870] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5870] munmap(0x7fac16400000, 138412032) = 0 [pid 5870] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5870] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5870] close(3) = 0 [pid 5870] close(4) = 0 [pid 5870] mkdir("./bus", 0777) = 0 [ 113.172352][ T5870] loop0: detected capacity change from 0 to 32768 [pid 5870] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5870] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5870] chdir("./bus") = 0 [pid 5870] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 113.220049][ T5870] [ 113.220049][ T5870] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 113.220049][ T5870] [pid 5870] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5870] exit_group(0) = ? [pid 5870] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5870, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=17 /* 0.17 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./34", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./34/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./34/binderfs") = 0 [ 113.380508][ T1088] [ 113.380508][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 113.380508][ T1088] [ 113.391085][ T1088] [ 113.391085][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 113.391085][ T1088] [ 113.402313][ T5827] [ 113.402313][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 113.402313][ T5827] [ 113.413249][ T112] [ 113.413249][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 113.413249][ T112] [ 113.423892][ T5827] umount2("./34/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./34/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./34/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./34/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./34") = 0 mkdir("./35", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 113.423892][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 113.423892][ T5827] close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5871 attached [pid 5871] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 5871 [pid 5871] <... set_robust_list resumed>) = 0 [pid 5871] chdir("./35") = 0 [pid 5871] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5871] setpgid(0, 0) = 0 [pid 5871] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5871] write(3, "1000", 4) = 4 [pid 5871] close(3) = 0 [pid 5871] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5871] write(1, "executing program\n", 18executing program ) = 18 [pid 5871] memfd_create("syzkaller", 0) = 3 [pid 5871] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5871] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5871] munmap(0x7fac16400000, 138412032) = 0 [pid 5871] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5871] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5871] close(3) = 0 [pid 5871] close(4) = 0 [pid 5871] mkdir("./bus", 0777) = 0 [ 113.821392][ T5871] loop0: detected capacity change from 0 to 32768 [pid 5871] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5871] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5871] chdir("./bus") = 0 [pid 5871] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5871] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5871] exit_group(0) = ? [pid 5871] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5871, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=17 /* 0.17 s */} --- umount2("./35", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./35/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./35/binderfs") = 0 [ 113.883004][ T5871] [ 113.883004][ T5871] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 113.883004][ T5871] [ 113.914998][ T1088] [ 113.914998][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 113.914998][ T1088] [ 113.925915][ T1088] umount2("./35/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./35/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./35/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./35/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./35") = 0 mkdir("./36", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 113.925915][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 113.925915][ T1088] [ 113.937167][ T113] [ 113.937167][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 113.937167][ T113] [ 113.947820][ T5827] [ 113.947820][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 113.947820][ T5827] [ 113.960151][ T5827] [ 113.960151][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 113.960151][ T5827] ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5872 attached [pid 5872] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 5872 [pid 5872] <... set_robust_list resumed>) = 0 [pid 5872] chdir("./36") = 0 [pid 5872] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5872] setpgid(0, 0) = 0 [pid 5872] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5872] write(3, "1000", 4) = 4 [pid 5872] close(3) = 0 [pid 5872] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5872] write(1, "executing program\n", 18) = 18 [pid 5872] memfd_create("syzkaller", 0) = 3 [pid 5872] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5872] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5872] munmap(0x7fac16400000, 138412032) = 0 [pid 5872] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5872] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5872] close(3) = 0 [pid 5872] close(4) = 0 [pid 5872] mkdir("./bus", 0777) = 0 [pid 5872] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5872] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5872] chdir("./bus") = 0 [pid 5872] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5872] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5872] exit_group(0) = ? [pid 5872] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5872, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=17 /* 0.17 s */} --- [ 114.387807][ T5872] loop0: detected capacity change from 0 to 32768 [ 114.420716][ T5872] [ 114.420716][ T5872] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 114.420716][ T5872] restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./36", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./36/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./36/binderfs") = 0 [ 114.496328][ T36] [ 114.496328][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 114.496328][ T36] [ 114.507751][ T36] [ 114.507751][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 114.507751][ T36] [ 114.518725][ T5827] [ 114.518725][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 114.518725][ T5827] [ 114.530276][ T112] [ 114.530276][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 114.530276][ T112] [ 114.540909][ T5827] umount2("./36/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./36/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 114.540909][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 114.540909][ T5827] umount2("./36/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./36/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./36") = 0 mkdir("./37", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5873 attached , child_tidptr=0x55556c245750) = 5873 [pid 5873] set_robust_list(0x55556c245760, 24) = 0 [pid 5873] chdir("./37") = 0 [pid 5873] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5873] setpgid(0, 0) = 0 [pid 5873] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5873] write(3, "1000", 4) = 4 [pid 5873] close(3) = 0 [pid 5873] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5873] write(1, "executing program\n", 18) = 18 [pid 5873] memfd_create("syzkaller", 0) = 3 [pid 5873] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5873] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5873] munmap(0x7fac16400000, 138412032) = 0 [pid 5873] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5873] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5873] close(3) = 0 [pid 5873] close(4) = 0 [pid 5873] mkdir("./bus", 0777) = 0 [pid 5873] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5873] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5873] chdir("./bus") = 0 [pid 5873] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5873] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5873] exit_group(0) = ? [pid 5873] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5873, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=17 /* 0.17 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./37", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 115.144513][ T5873] loop0: detected capacity change from 0 to 32768 [ 115.175784][ T5873] [ 115.175784][ T5873] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 115.175784][ T5873] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./37/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./37/binderfs") = 0 [ 115.256491][ T1088] [ 115.256491][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 115.256491][ T1088] [ 115.267757][ T1088] [ 115.267757][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 115.267757][ T1088] [ 115.278895][ T113] [ 115.278895][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 115.278895][ T113] [ 115.289553][ T5827] [ 115.289553][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 115.289553][ T5827] [ 115.300335][ T5827] umount2("./37/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./37/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./37/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./37/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./37") = 0 mkdir("./38", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 115.300335][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 115.300335][ T5827] close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5874 attached [pid 5874] set_robust_list(0x55556c245760, 24) = 0 [pid 5874] chdir("./38") = 0 [pid 5874] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5874] setpgid(0, 0) = 0 [pid 5874] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5874] write(3, "1000", 4) = 4 [pid 5874] close(3) = 0 [pid 5874] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5874] write(1, "executing program\n", 18executing program ) = 18 [pid 5874] memfd_create("syzkaller", 0) = 3 [pid 5874] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 5874 [pid 5874] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5874] munmap(0x7fac16400000, 138412032) = 0 [pid 5874] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5874] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5874] close(3) = 0 [pid 5874] close(4) = 0 [pid 5874] mkdir("./bus", 0777) = 0 [ 115.614386][ T5874] loop0: detected capacity change from 0 to 32768 [pid 5874] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5874] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5874] chdir("./bus") = 0 [pid 5874] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5874] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5874] exit_group(0) = ? [pid 5874] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5874, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./38/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./38/binderfs") = 0 [ 115.686158][ T5874] [ 115.686158][ T5874] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 115.686158][ T5874] [ 115.720008][ T1088] [ 115.720008][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 115.720008][ T1088] [ 115.730538][ T1088] umount2("./38/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./38/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./38/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 [ 115.730538][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 115.730538][ T1088] [ 115.741569][ T113] [ 115.741569][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 115.741569][ T113] [ 115.752171][ T5827] [ 115.752171][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 115.752171][ T5827] [ 115.763128][ T5827] [ 115.763128][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 115.763128][ T5827] getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./38/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./38") = 0 mkdir("./39", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5875 attached [pid 5875] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 5875 [pid 5875] <... set_robust_list resumed>) = 0 [pid 5875] chdir("./39") = 0 [pid 5875] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5875] setpgid(0, 0) = 0 [pid 5875] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5875] write(3, "1000", 4) = 4 [pid 5875] close(3) = 0 [pid 5875] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5875] write(1, "executing program\n", 18executing program ) = 18 [pid 5875] memfd_create("syzkaller", 0) = 3 [pid 5875] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5875] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5875] munmap(0x7fac16400000, 138412032) = 0 [pid 5875] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5875] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5875] close(3) = 0 [pid 5875] close(4) = 0 [pid 5875] mkdir("./bus", 0777) = 0 [pid 5875] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5875] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5875] chdir("./bus") = 0 [pid 5875] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5875] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [ 116.305691][ T5875] loop0: detected capacity change from 0 to 32768 [ 116.337513][ T5875] [ 116.337513][ T5875] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 116.337513][ T5875] [pid 5875] exit_group(0) = ? [pid 5875] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5875, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=18 /* 0.18 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./39", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./39/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./39/binderfs") = 0 [ 116.525346][ T1088] [ 116.525346][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 116.525346][ T1088] [ 116.535913][ T1088] [ 116.535913][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 116.535913][ T1088] [ 116.546978][ T112] [ 116.546978][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 116.546978][ T112] [ 116.557602][ T5827] [ 116.557602][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 116.557602][ T5827] [ 116.569024][ T5827] umount2("./39/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./39/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./39/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./39/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./39") = 0 mkdir("./40", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 116.569024][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 116.569024][ T5827] close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5876 attached [pid 5876] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 5876 [pid 5876] <... set_robust_list resumed>) = 0 [pid 5876] chdir("./40") = 0 [pid 5876] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5876] setpgid(0, 0) = 0 [pid 5876] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5876] write(3, "1000", 4) = 4 [pid 5876] close(3) = 0 [pid 5876] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5876] write(1, "executing program\n", 18executing program ) = 18 [pid 5876] memfd_create("syzkaller", 0) = 3 [pid 5876] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5876] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5876] munmap(0x7fac16400000, 138412032) = 0 [pid 5876] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5876] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5876] close(3) = 0 [pid 5876] close(4) = 0 [pid 5876] mkdir("./bus", 0777) = 0 [pid 5876] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5876] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5876] chdir("./bus") = 0 [pid 5876] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5876] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5876] exit_group(0) = ? [pid 5876] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5876, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=15 /* 0.15 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 116.907004][ T5876] loop0: detected capacity change from 0 to 32768 [ 116.935504][ T5876] [ 116.935504][ T5876] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 116.935504][ T5876] umount2("./40", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./40/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./40/binderfs") = 0 [ 117.032329][ T1088] [ 117.032329][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 117.032329][ T1088] [ 117.043012][ T1088] [ 117.043012][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 117.043012][ T1088] [ 117.053772][ T5827] [ 117.053772][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 117.053772][ T5827] [ 117.065143][ T113] [ 117.065143][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 117.065143][ T113] [ 117.075774][ T5827] umount2("./40/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./40/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./40/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./40/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./40") = 0 mkdir("./41", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 117.075774][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 117.075774][ T5827] close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5877 attached , child_tidptr=0x55556c245750) = 5877 [pid 5877] set_robust_list(0x55556c245760, 24) = 0 [pid 5877] chdir("./41") = 0 [pid 5877] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5877] setpgid(0, 0) = 0 [pid 5877] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5877] write(3, "1000", 4) = 4 [pid 5877] close(3) = 0 [pid 5877] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5877] write(1, "executing program\n", 18executing program ) = 18 [pid 5877] memfd_create("syzkaller", 0) = 3 [pid 5877] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5877] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5877] munmap(0x7fac16400000, 138412032) = 0 [pid 5877] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5877] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5877] close(3) = 0 [pid 5877] close(4) = 0 [pid 5877] mkdir("./bus", 0777) = 0 [pid 5877] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5877] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5877] chdir("./bus") = 0 [pid 5877] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5877] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5877] exit_group(0) = ? [pid 5877] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5877, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=18 /* 0.18 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./41", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./41/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./41/binderfs") = 0 [ 117.467799][ T5877] loop0: detected capacity change from 0 to 32768 [ 117.486889][ T5877] [ 117.486889][ T5877] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 117.486889][ T5877] [ 117.531561][ T13] [ 117.531561][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 117.531561][ T13] [ 117.542884][ T13] [ 117.542884][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 117.542884][ T13] [ 117.553654][ T5827] [ 117.553654][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 117.553654][ T5827] [ 117.564897][ T113] [ 117.564897][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 117.564897][ T113] [ 117.576021][ T5827] umount2("./41/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./41/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./41/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./41/bus") = 0 [ 117.576021][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 117.576021][ T5827] getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./41") = 0 mkdir("./42", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5878 attached , child_tidptr=0x55556c245750) = 5878 [pid 5878] set_robust_list(0x55556c245760, 24) = 0 [pid 5878] chdir("./42") = 0 [pid 5878] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5878] setpgid(0, 0) = 0 [pid 5878] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5878] write(3, "1000", 4) = 4 [pid 5878] close(3) = 0 [pid 5878] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5878] write(1, "executing program\n", 18) = 18 [pid 5878] memfd_create("syzkaller", 0) = 3 [pid 5878] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5878] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5878] munmap(0x7fac16400000, 138412032) = 0 [pid 5878] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5878] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5878] close(3) = 0 [pid 5878] close(4) = 0 [pid 5878] mkdir("./bus", 0777) = 0 [pid 5878] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5878] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5878] chdir("./bus") = 0 [pid 5878] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5878] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5878] exit_group(0) = ? [pid 5878] +++ exited with 0 +++ [ 118.009118][ T5878] loop0: detected capacity change from 0 to 32768 [ 118.037508][ T5878] [ 118.037508][ T5878] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 118.037508][ T5878] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5878, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./42", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./42/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./42/binderfs") = 0 [ 118.190655][ T13] [ 118.190655][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 118.190655][ T13] [ 118.201574][ T13] [ 118.201574][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 118.201574][ T13] [ 118.212303][ T5827] [ 118.212303][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 118.212303][ T5827] [ 118.223123][ T113] [ 118.223123][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 118.223123][ T113] [ 118.233759][ T5827] umount2("./42/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./42/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./42/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 118.233759][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 118.233759][ T5827] openat(AT_FDCWD, "./42/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./42/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./42") = 0 mkdir("./43", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5879 attached , child_tidptr=0x55556c245750) = 5879 [pid 5879] set_robust_list(0x55556c245760, 24) = 0 [pid 5879] chdir("./43") = 0 [pid 5879] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5879] setpgid(0, 0) = 0 [pid 5879] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5879] write(3, "1000", 4) = 4 [pid 5879] close(3) = 0 [pid 5879] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5879] write(1, "executing program\n", 18executing program ) = 18 [pid 5879] memfd_create("syzkaller", 0) = 3 [pid 5879] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5879] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5879] munmap(0x7fac16400000, 138412032) = 0 [pid 5879] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5879] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5879] close(3) = 0 [pid 5879] close(4) = 0 [pid 5879] mkdir("./bus", 0777) = 0 [pid 5879] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5879] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5879] chdir("./bus") = 0 [pid 5879] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5879] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5879] exit_group(0) = ? [pid 5879] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5879, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=15 /* 0.15 s */} --- [ 118.832418][ T5879] loop0: detected capacity change from 0 to 32768 [ 118.863732][ T5879] [ 118.863732][ T5879] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 118.863732][ T5879] restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./43", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./43/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./43/binderfs") = 0 [ 119.008350][ T13] [ 119.008350][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 119.008350][ T13] [ 119.018903][ T13] [ 119.018903][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 119.018903][ T13] [ 119.029896][ T112] [ 119.029896][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 119.029896][ T112] [ 119.040516][ T5827] [ 119.040516][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 119.040516][ T5827] [ 119.051468][ T5827] umount2("./43/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./43/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 119.051468][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 119.051468][ T5827] umount2("./43/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./43/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./43") = 0 mkdir("./44", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5880 attached , child_tidptr=0x55556c245750) = 5880 [pid 5880] set_robust_list(0x55556c245760, 24) = 0 [pid 5880] chdir("./44") = 0 [pid 5880] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5880] setpgid(0, 0) = 0 [pid 5880] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5880] write(3, "1000", 4) = 4 [pid 5880] close(3) = 0 [pid 5880] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5880] write(1, "executing program\n", 18executing program ) = 18 [pid 5880] memfd_create("syzkaller", 0) = 3 [pid 5880] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5880] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5880] munmap(0x7fac16400000, 138412032) = 0 [pid 5880] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5880] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5880] close(3) = 0 [pid 5880] close(4) = 0 [pid 5880] mkdir("./bus", 0777) = 0 [pid 5880] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5880] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5880] chdir("./bus") = 0 [pid 5880] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5880] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [ 119.668694][ T5880] loop0: detected capacity change from 0 to 32768 [ 119.699761][ T5880] [ 119.699761][ T5880] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 119.699761][ T5880] [pid 5880] exit_group(0) = ? [pid 5880] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5880, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=18 /* 0.18 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./44", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./44/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./44/binderfs") = 0 [ 119.781293][ T1088] [ 119.781293][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 119.781293][ T1088] [ 119.791810][ T1088] [ 119.791810][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 119.791810][ T1088] [ 119.802596][ T5827] [ 119.802596][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 119.802596][ T5827] [ 119.814148][ T112] [ 119.814148][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 119.814148][ T112] [ 119.824815][ T5827] umount2("./44/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./44/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./44/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./44/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./44") = 0 mkdir("./45", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 119.824815][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 119.824815][ T5827] close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5881 attached , child_tidptr=0x55556c245750) = 5881 [pid 5881] set_robust_list(0x55556c245760, 24) = 0 [pid 5881] chdir("./45") = 0 [pid 5881] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5881] setpgid(0, 0) = 0 [pid 5881] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5881] write(3, "1000", 4) = 4 [pid 5881] close(3) = 0 [pid 5881] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5881] write(1, "executing program\n", 18) = 18 [pid 5881] memfd_create("syzkaller", 0) = 3 [pid 5881] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5881] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5881] munmap(0x7fac16400000, 138412032) = 0 [pid 5881] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5881] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5881] close(3) = 0 [pid 5881] close(4) = 0 [pid 5881] mkdir("./bus", 0777) = 0 [ 120.220769][ T5881] loop0: detected capacity change from 0 to 32768 [pid 5881] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5881] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5881] chdir("./bus") = 0 [pid 5881] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5881] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5881] exit_group(0) = ? [pid 5881] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5881, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=15 /* 0.15 s */} --- umount2("./45", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./45/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./45/binderfs") = 0 [ 120.273854][ T5881] [ 120.273854][ T5881] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 120.273854][ T5881] [ 120.321832][ T13] [ 120.321832][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 120.321832][ T13] [ 120.332383][ T13] [ 120.332383][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 120.332383][ T13] [ 120.344516][ T5827] [ 120.344516][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 120.344516][ T5827] [ 120.355637][ T112] [ 120.355637][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 120.355637][ T112] [ 120.366511][ T5827] umount2("./45/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./45/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 120.366511][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 120.366511][ T5827] umount2("./45/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./45/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./45") = 0 mkdir("./46", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5882 attached [pid 5882] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 5882 [pid 5882] <... set_robust_list resumed>) = 0 [pid 5882] chdir("./46") = 0 [pid 5882] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5882] setpgid(0, 0) = 0 [pid 5882] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5882] write(3, "1000", 4) = 4 [pid 5882] close(3) = 0 [pid 5882] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5882] write(1, "executing program\n", 18) = 18 [pid 5882] memfd_create("syzkaller", 0) = 3 [pid 5882] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5882] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5882] munmap(0x7fac16400000, 138412032) = 0 [pid 5882] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5882] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5882] close(3) = 0 [pid 5882] close(4) = 0 [pid 5882] mkdir("./bus", 0777) = 0 [pid 5882] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5882] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5882] chdir("./bus") = 0 [pid 5882] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5882] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5882] exit_group(0) = ? [pid 5882] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5882, si_uid=0, si_status=0, si_utime=0, si_stime=18 /* 0.18 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./46", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./46/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./46/binderfs") = 0 [ 120.992160][ T5882] loop0: detected capacity change from 0 to 32768 [ 121.019852][ T5882] [ 121.019852][ T5882] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 121.019852][ T5882] [ 121.076163][ T36] [ 121.076163][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 121.076163][ T36] [ 121.087403][ T36] [ 121.087403][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 121.087403][ T36] [ 121.098203][ T5827] [ 121.098203][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 121.098203][ T5827] [ 121.109087][ T112] [ 121.109087][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 121.109087][ T112] [ 121.120011][ T5827] umount2("./46/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./46/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 121.120011][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 121.120011][ T5827] umount2("./46/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./46/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./46") = 0 mkdir("./47", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5883 attached , child_tidptr=0x55556c245750) = 5883 [pid 5883] set_robust_list(0x55556c245760, 24) = 0 [pid 5883] chdir("./47") = 0 [pid 5883] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5883] setpgid(0, 0) = 0 [pid 5883] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5883] write(3, "1000", 4) = 4 [pid 5883] close(3) = 0 [pid 5883] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5883] write(1, "executing program\n", 18) = 18 [pid 5883] memfd_create("syzkaller", 0) = 3 [pid 5883] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5883] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5883] munmap(0x7fac16400000, 138412032) = 0 [pid 5883] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5883] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5883] close(3) = 0 [pid 5883] close(4) = 0 [pid 5883] mkdir("./bus", 0777) = 0 [pid 5883] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5883] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5883] chdir("./bus") = 0 [pid 5883] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5883] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5883] exit_group(0) = ? [ 121.718220][ T5883] loop0: detected capacity change from 0 to 32768 [ 121.752083][ T5883] [ 121.752083][ T5883] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 121.752083][ T5883] [pid 5883] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5883, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./47", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./47/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./47/binderfs") = 0 [ 121.830511][ T36] [ 121.830511][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 121.830511][ T36] [ 121.841092][ T36] [ 121.841092][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 121.841092][ T36] [ 121.852204][ T113] [ 121.852204][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 121.852204][ T113] [ 121.862810][ T5827] [ 121.862810][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 121.862810][ T5827] [ 121.874318][ T5827] umount2("./47/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./47/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./47/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 121.874318][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 121.874318][ T5827] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./47/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./47") = 0 mkdir("./48", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5884 attached , child_tidptr=0x55556c245750) = 5884 [pid 5884] set_robust_list(0x55556c245760, 24) = 0 [pid 5884] chdir("./48") = 0 [pid 5884] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5884] setpgid(0, 0) = 0 [pid 5884] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5884] write(3, "1000", 4) = 4 [pid 5884] close(3) = 0 [pid 5884] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5884] write(1, "executing program\n", 18executing program ) = 18 [pid 5884] memfd_create("syzkaller", 0) = 3 [pid 5884] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5884] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5884] munmap(0x7fac16400000, 138412032) = 0 [pid 5884] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5884] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5884] close(3) = 0 [pid 5884] close(4) = 0 [pid 5884] mkdir("./bus", 0777) = 0 [pid 5884] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5884] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [ 122.384005][ T5884] loop0: detected capacity change from 0 to 32768 [ 122.422881][ T5884] [ 122.422881][ T5884] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 122.422881][ T5884] [pid 5884] chdir("./bus") = 0 [pid 5884] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5884] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5884] exit_group(0) = ? [pid 5884] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5884, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=18 /* 0.18 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./48", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./48/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./48/binderfs") = 0 [ 122.607874][ T36] [ 122.607874][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 122.607874][ T36] [ 122.618425][ T36] [ 122.618425][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 122.618425][ T36] [ 122.629129][ T5827] [ 122.629129][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 122.629129][ T5827] [ 122.640287][ T113] [ 122.640287][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 122.640287][ T113] [ 122.651027][ T5827] umount2("./48/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./48/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 122.651027][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 122.651027][ T5827] umount2("./48/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./48/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./48") = 0 mkdir("./49", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5885 attached [pid 5885] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 5885 [pid 5885] <... set_robust_list resumed>) = 0 [pid 5885] chdir("./49") = 0 [pid 5885] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5885] setpgid(0, 0) = 0 [pid 5885] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5885] write(3, "1000", 4) = 4 [pid 5885] close(3) = 0 [pid 5885] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5885] write(1, "executing program\n", 18) = 18 [pid 5885] memfd_create("syzkaller", 0) = 3 [pid 5885] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5885] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5885] munmap(0x7fac16400000, 138412032) = 0 [pid 5885] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5885] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5885] close(3) = 0 [pid 5885] close(4) = 0 [pid 5885] mkdir("./bus", 0777) = 0 [pid 5885] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5885] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5885] chdir("./bus") = 0 [pid 5885] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5885] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5885] exit_group(0) = ? [pid 5885] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5885, si_uid=0, si_status=0, si_utime=0, si_stime=19 /* 0.19 s */} --- umount2("./49", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./49/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./49/binderfs") = 0 [ 123.233588][ T5885] loop0: detected capacity change from 0 to 32768 [ 123.262479][ T5885] [ 123.262479][ T5885] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 123.262479][ T5885] [ 123.305381][ T13] [ 123.305381][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 123.305381][ T13] [ 123.316481][ T13] [ 123.316481][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 123.316481][ T13] [ 123.327714][ T112] [ 123.327714][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 123.327714][ T112] [ 123.340790][ T5827] [ 123.340790][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 123.340790][ T5827] [ 123.352357][ T5827] umount2("./49/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./49/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./49/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 123.352357][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 123.352357][ T5827] openat(AT_FDCWD, "./49/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./49/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./49") = 0 mkdir("./50", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5886 attached , child_tidptr=0x55556c245750) = 5886 [pid 5886] set_robust_list(0x55556c245760, 24) = 0 [pid 5886] chdir("./50") = 0 [pid 5886] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5886] setpgid(0, 0) = 0 [pid 5886] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5886] write(3, "1000", 4) = 4 [pid 5886] close(3) = 0 [pid 5886] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5886] write(1, "executing program\n", 18executing program ) = 18 [pid 5886] memfd_create("syzkaller", 0) = 3 [pid 5886] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5886] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5886] munmap(0x7fac16400000, 138412032) = 0 [pid 5886] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5886] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5886] close(3) = 0 [pid 5886] close(4) = 0 [pid 5886] mkdir("./bus", 0777) = 0 [ 123.976935][ T5886] loop0: detected capacity change from 0 to 32768 [pid 5886] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5886] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5886] chdir("./bus") = 0 [pid 5886] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5886] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5886] exit_group(0) = ? [pid 5886] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5886, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=17 /* 0.17 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./50", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./50/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./50/binderfs") = 0 [ 124.019581][ T5886] [ 124.019581][ T5886] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 124.019581][ T5886] [ 124.079357][ T13] [ 124.079357][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 124.079357][ T13] [ 124.090009][ T13] [ 124.090009][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 124.090009][ T13] [ 124.101107][ T113] [ 124.101107][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 124.101107][ T113] [ 124.111754][ T5827] [ 124.111754][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 124.111754][ T5827] [ 124.122952][ T5827] umount2("./50/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./50/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./50/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./50/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./50") = 0 mkdir("./51", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 124.122952][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 124.122952][ T5827] close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5887 attached , child_tidptr=0x55556c245750) = 5887 [pid 5887] set_robust_list(0x55556c245760, 24) = 0 [pid 5887] chdir("./51") = 0 [pid 5887] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5887] setpgid(0, 0) = 0 [pid 5887] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5887] write(3, "1000", 4) = 4 [pid 5887] close(3) = 0 [pid 5887] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5887] write(1, "executing program\n", 18) = 18 [pid 5887] memfd_create("syzkaller", 0) = 3 [pid 5887] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5887] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5887] munmap(0x7fac16400000, 138412032) = 0 [pid 5887] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5887] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5887] close(3) = 0 [pid 5887] close(4) = 0 [pid 5887] mkdir("./bus", 0777) = 0 [pid 5887] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5887] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5887] chdir("./bus") = 0 [pid 5887] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5887] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [ 124.555928][ T5887] loop0: detected capacity change from 0 to 32768 [ 124.578044][ T5887] [ 124.578044][ T5887] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 124.578044][ T5887] [pid 5887] exit_group(0) = ? [pid 5887] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5887, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./51", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./51/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./51/binderfs") = 0 [ 124.779575][ T36] [ 124.779575][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 124.779575][ T36] [ 124.790182][ T36] [ 124.790182][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 124.790182][ T36] [ 124.801112][ T112] [ 124.801112][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 124.801112][ T112] [ 124.811789][ T5827] [ 124.811789][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 124.811789][ T5827] [ 124.822536][ T5827] umount2("./51/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./51/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./51/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./51/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./51") = 0 mkdir("./52", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 124.822536][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 124.822536][ T5827] close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5888 attached , child_tidptr=0x55556c245750) = 5888 [pid 5888] set_robust_list(0x55556c245760, 24) = 0 [pid 5888] chdir("./52") = 0 [pid 5888] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5888] setpgid(0, 0) = 0 [pid 5888] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5888] write(3, "1000", 4) = 4 [pid 5888] close(3) = 0 [pid 5888] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5888] write(1, "executing program\n", 18executing program ) = 18 [pid 5888] memfd_create("syzkaller", 0) = 3 [pid 5888] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5888] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5888] munmap(0x7fac16400000, 138412032) = 0 [pid 5888] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5888] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5888] close(3) = 0 [pid 5888] close(4) = 0 [pid 5888] mkdir("./bus", 0777) = 0 [pid 5888] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5888] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5888] chdir("./bus") = 0 [pid 5888] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5888] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5888] exit_group(0) = ? [pid 5888] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5888, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./52", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 125.232558][ T5888] loop0: detected capacity change from 0 to 32768 [ 125.251800][ T5888] [ 125.251800][ T5888] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 125.251800][ T5888] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./52/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./52/binderfs") = 0 [ 125.331302][ T36] [ 125.331302][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 125.331302][ T36] [ 125.342084][ T36] [ 125.342084][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 125.342084][ T36] [ 125.354982][ T5827] [ 125.354982][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 125.354982][ T5827] [ 125.366435][ T113] [ 125.366435][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 125.366435][ T113] [ 125.377130][ T5827] umount2("./52/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./52/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./52/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 125.377130][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 125.377130][ T5827] openat(AT_FDCWD, "./52/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./52/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./52") = 0 mkdir("./53", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5890 attached [pid 5890] set_robust_list(0x55556c245760, 24) = 0 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 5890 [pid 5890] chdir("./53") = 0 [pid 5890] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5890] setpgid(0, 0) = 0 [pid 5890] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5890] write(3, "1000", 4) = 4 [pid 5890] close(3) = 0 [pid 5890] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5890] write(1, "executing program\n", 18) = 18 [pid 5890] memfd_create("syzkaller", 0) = 3 [pid 5890] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5890] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5890] munmap(0x7fac16400000, 138412032) = 0 [pid 5890] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5890] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5890] close(3) = 0 [pid 5890] close(4) = 0 [pid 5890] mkdir("./bus", 0777) = 0 [pid 5890] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5890] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5890] chdir("./bus") = 0 [pid 5890] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5890] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5890] exit_group(0) = ? [pid 5890] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5890, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=15 /* 0.15 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./53", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./53/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./53/binderfs") = 0 [ 125.923024][ T5890] loop0: detected capacity change from 0 to 32768 [ 125.951097][ T5890] [ 125.951097][ T5890] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 125.951097][ T5890] [ 126.001581][ T36] [ 126.001581][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 126.001581][ T36] [ 126.012443][ T36] [ 126.012443][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 126.012443][ T36] [ 126.024966][ T113] [ 126.024966][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 126.024966][ T113] [ 126.035802][ T5827] [ 126.035802][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 126.035802][ T5827] [ 126.047732][ T5827] umount2("./53/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./53/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./53/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./53/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./53") = 0 mkdir("./54", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 126.047732][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 126.047732][ T5827] close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5892 attached [pid 5892] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 5892 [pid 5892] <... set_robust_list resumed>) = 0 [pid 5892] chdir("./54") = 0 [pid 5892] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5892] setpgid(0, 0) = 0 [pid 5892] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5892] write(3, "1000", 4) = 4 [pid 5892] close(3) = 0 [pid 5892] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5892] write(1, "executing program\n", 18executing program ) = 18 [pid 5892] memfd_create("syzkaller", 0) = 3 [pid 5892] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5892] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5892] munmap(0x7fac16400000, 138412032) = 0 [pid 5892] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5892] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5892] close(3) = 0 [pid 5892] close(4) = 0 [pid 5892] mkdir("./bus", 0777) = 0 [pid 5892] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5892] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5892] chdir("./bus") = 0 [pid 5892] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5892] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [ 126.402803][ T5892] loop0: detected capacity change from 0 to 32768 [ 126.433598][ T5892] [ 126.433598][ T5892] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 126.433598][ T5892] [pid 5892] exit_group(0) = ? [pid 5892] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5892, si_uid=0, si_status=0, si_utime=0, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./54", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./54/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./54/binderfs") = 0 [ 126.613112][ T36] [ 126.613112][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 126.613112][ T36] [ 126.623787][ T36] [ 126.623787][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 126.623787][ T36] [ 126.635532][ T112] [ 126.635532][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 126.635532][ T112] [ 126.646180][ T5827] [ 126.646180][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 126.646180][ T5827] [ 126.657005][ T5827] umount2("./54/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./54/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 126.657005][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 126.657005][ T5827] umount2("./54/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./54/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./54") = 0 mkdir("./55", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5895 attached , child_tidptr=0x55556c245750) = 5895 [pid 5895] set_robust_list(0x55556c245760, 24) = 0 [pid 5895] chdir("./55") = 0 [pid 5895] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5895] setpgid(0, 0) = 0 [pid 5895] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5895] write(3, "1000", 4) = 4 [pid 5895] close(3) = 0 [pid 5895] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5895] write(1, "executing program\n", 18) = 18 [pid 5895] memfd_create("syzkaller", 0) = 3 [pid 5895] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5895] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5895] munmap(0x7fac16400000, 138412032) = 0 [pid 5895] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5895] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5895] close(3) = 0 [pid 5895] close(4) = 0 [pid 5895] mkdir("./bus", 0777) = 0 [pid 5895] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5895] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5895] chdir("./bus") = 0 [pid 5895] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 127.183621][ T5895] loop0: detected capacity change from 0 to 32768 [ 127.219758][ T5895] [ 127.219758][ T5895] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 127.219758][ T5895] [pid 5895] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5895] exit_group(0) = ? [pid 5895] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5895, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./55", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./55/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./55/binderfs") = 0 [ 127.427092][ T13] [ 127.427092][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 127.427092][ T13] [ 127.437694][ T13] [ 127.437694][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 127.437694][ T13] [ 127.448789][ T5827] [ 127.448789][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 127.448789][ T5827] [ 127.460005][ T112] [ 127.460005][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 127.460005][ T112] [ 127.470599][ T5827] umount2("./55/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./55/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./55/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./55/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./55") = 0 mkdir("./56", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 127.470599][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 127.470599][ T5827] close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5898 attached [pid 5898] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 5898 [pid 5898] <... set_robust_list resumed>) = 0 [pid 5898] chdir("./56") = 0 [pid 5898] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5898] setpgid(0, 0) = 0 [pid 5898] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5898] write(3, "1000", 4) = 4 [pid 5898] close(3) = 0 [pid 5898] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5898] write(1, "executing program\n", 18) = 18 [pid 5898] memfd_create("syzkaller", 0) = 3 [pid 5898] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5898] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5898] munmap(0x7fac16400000, 138412032) = 0 [pid 5898] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5898] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5898] close(3) = 0 [pid 5898] close(4) = 0 [pid 5898] mkdir("./bus", 0777) = 0 [pid 5898] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5898] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [ 127.818666][ T5898] loop0: detected capacity change from 0 to 32768 [ 127.855755][ T5898] [ 127.855755][ T5898] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 127.855755][ T5898] [pid 5898] chdir("./bus") = 0 [pid 5898] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5898] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5898] exit_group(0) = ? [pid 5898] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5898, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./56", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./56/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./56/binderfs") = 0 [ 128.036130][ T13] [ 128.036130][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 128.036130][ T13] [ 128.046708][ T13] [ 128.046708][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 128.046708][ T13] [ 128.058344][ T113] [ 128.058344][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 128.058344][ T113] [ 128.069117][ T5827] [ 128.069117][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 128.069117][ T5827] [ 128.080965][ T5827] umount2("./56/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./56/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./56/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./56/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./56") = 0 mkdir("./57", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 128.080965][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 128.080965][ T5827] close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5899 attached , child_tidptr=0x55556c245750) = 5899 [pid 5899] set_robust_list(0x55556c245760, 24) = 0 [pid 5899] chdir("./57") = 0 [pid 5899] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5899] setpgid(0, 0) = 0 [pid 5899] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5899] write(3, "1000", 4) = 4 [pid 5899] close(3) = 0 [pid 5899] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5899] write(1, "executing program\n", 18) = 18 [pid 5899] memfd_create("syzkaller", 0) = 3 [pid 5899] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5899] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5899] munmap(0x7fac16400000, 138412032) = 0 [pid 5899] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5899] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5899] close(3) = 0 [pid 5899] close(4) = 0 [pid 5899] mkdir("./bus", 0777) = 0 [pid 5899] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5899] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5899] chdir("./bus") = 0 [pid 5899] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5899] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5899] exit_group(0) = ? [ 128.499812][ T5899] loop0: detected capacity change from 0 to 32768 [ 128.534860][ T5899] [ 128.534860][ T5899] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 128.534860][ T5899] [pid 5899] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5899, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=17 /* 0.17 s */} --- umount2("./57", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./57/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./57/binderfs") = 0 [ 128.704140][ T36] [ 128.704140][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 128.704140][ T36] [ 128.714723][ T36] [ 128.714723][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 128.714723][ T36] [ 128.725455][ T5827] [ 128.725455][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 128.725455][ T5827] [ 128.736615][ T113] [ 128.736615][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 128.736615][ T113] [ 128.747224][ T5827] umount2("./57/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./57/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./57/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./57/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./57") = 0 mkdir("./58", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 128.747224][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 128.747224][ T5827] close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5900 attached , child_tidptr=0x55556c245750) = 5900 [pid 5900] set_robust_list(0x55556c245760, 24) = 0 [pid 5900] chdir("./58") = 0 [pid 5900] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5900] setpgid(0, 0) = 0 [pid 5900] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5900] write(3, "1000", 4) = 4 [pid 5900] close(3) = 0 [pid 5900] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5900] write(1, "executing program\n", 18) = 18 [pid 5900] memfd_create("syzkaller", 0) = 3 [pid 5900] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5900] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5900] munmap(0x7fac16400000, 138412032) = 0 [pid 5900] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5900] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5900] close(3) = 0 [pid 5900] close(4) = 0 [pid 5900] mkdir("./bus", 0777) = 0 [pid 5900] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5900] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5900] chdir("./bus") = 0 [pid 5900] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 129.175792][ T5900] loop0: detected capacity change from 0 to 32768 [ 129.207793][ T5900] [ 129.207793][ T5900] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 129.207793][ T5900] [pid 5900] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5900] exit_group(0) = ? [pid 5900] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5900, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=18 /* 0.18 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./58", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./58/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./58/binderfs") = 0 [ 129.414393][ T36] [ 129.414393][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 129.414393][ T36] [ 129.424952][ T36] [ 129.424952][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 129.424952][ T36] [ 129.436115][ T112] [ 129.436115][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 129.436115][ T112] [ 129.446810][ T5827] [ 129.446810][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 129.446810][ T5827] [ 129.458306][ T5827] umount2("./58/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./58/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 129.458306][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 129.458306][ T5827] umount2("./58/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./58/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./58") = 0 mkdir("./59", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5901 attached , child_tidptr=0x55556c245750) = 5901 [pid 5901] set_robust_list(0x55556c245760, 24) = 0 [pid 5901] chdir("./59") = 0 [pid 5901] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5901] setpgid(0, 0) = 0 [pid 5901] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5901] write(3, "1000", 4) = 4 [pid 5901] close(3) = 0 [pid 5901] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5901] write(1, "executing program\n", 18) = 18 [pid 5901] memfd_create("syzkaller", 0) = 3 [pid 5901] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5901] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5901] munmap(0x7fac16400000, 138412032) = 0 [pid 5901] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5901] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5901] close(3) = 0 [pid 5901] close(4) = 0 [pid 5901] mkdir("./bus", 0777) = 0 [pid 5901] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5901] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5901] chdir("./bus") = 0 [pid 5901] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5901] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5901] exit_group(0) = ? [pid 5901] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5901, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./59", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./59/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./59/binderfs") = 0 [ 129.973311][ T5901] loop0: detected capacity change from 0 to 32768 [ 130.007664][ T5901] [ 130.007664][ T5901] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 130.007664][ T5901] [ 130.039867][ T36] [ 130.039867][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 130.039867][ T36] [ 130.052313][ T36] [ 130.052313][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 130.052313][ T36] [ 130.063981][ T5827] [ 130.063981][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 130.063981][ T5827] [ 130.075147][ T112] [ 130.075147][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 130.075147][ T112] [ 130.086029][ T5827] umount2("./59/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./59/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./59/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./59/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./59") = 0 [ 130.086029][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 130.086029][ T5827] mkdir("./60", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5902 attached , child_tidptr=0x55556c245750) = 5902 [pid 5902] set_robust_list(0x55556c245760, 24) = 0 [pid 5902] chdir("./60") = 0 [pid 5902] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5902] setpgid(0, 0) = 0 [pid 5902] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5902] write(3, "1000", 4) = 4 [pid 5902] close(3) = 0 [pid 5902] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5902] write(1, "executing program\n", 18) = 18 [pid 5902] memfd_create("syzkaller", 0) = 3 [pid 5902] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5902] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5902] munmap(0x7fac16400000, 138412032) = 0 [pid 5902] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5902] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5902] close(3) = 0 [pid 5902] close(4) = 0 [pid 5902] mkdir("./bus", 0777) = 0 [pid 5902] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5902] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5902] chdir("./bus") = 0 [pid 5902] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5902] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5902] exit_group(0) = ? [pid 5902] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5902, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=17 /* 0.17 s */} --- [ 130.562080][ T5902] loop0: detected capacity change from 0 to 32768 [ 130.592386][ T5902] [ 130.592386][ T5902] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 130.592386][ T5902] restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./60", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./60/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./60/binderfs") = 0 [ 130.752627][ T36] [ 130.752627][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 130.752627][ T36] [ 130.763333][ T36] [ 130.763333][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 130.763333][ T36] [ 130.774513][ T113] [ 130.774513][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 130.774513][ T113] [ 130.785104][ T5827] [ 130.785104][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 130.785104][ T5827] [ 130.796037][ T5827] umount2("./60/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./60/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./60/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./60/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./60") = 0 mkdir("./61", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 130.796037][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 130.796037][ T5827] close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5903 attached [pid 5903] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 5903 [pid 5903] <... set_robust_list resumed>) = 0 [pid 5903] chdir("./61") = 0 [pid 5903] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5903] setpgid(0, 0) = 0 [pid 5903] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5903] write(3, "1000", 4) = 4 [pid 5903] close(3) = 0 [pid 5903] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5903] write(1, "executing program\n", 18executing program ) = 18 [pid 5903] memfd_create("syzkaller", 0) = 3 [pid 5903] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5903] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5903] munmap(0x7fac16400000, 138412032) = 0 [pid 5903] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5903] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5903] close(3) = 0 [pid 5903] close(4) = 0 [pid 5903] mkdir("./bus", 0777) = 0 [pid 5903] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5903] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5903] chdir("./bus") = 0 [pid 5903] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5903] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5903] exit_group(0) = ? [pid 5903] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5903, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./61", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./61/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./61/binderfs") = 0 [ 131.194512][ T5903] loop0: detected capacity change from 0 to 32768 [ 131.224755][ T5903] [ 131.224755][ T5903] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 131.224755][ T5903] [ 131.254093][ T13] [ 131.254093][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 131.254093][ T13] [ 131.265009][ T13] [ 131.265009][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 131.265009][ T13] [ 131.278114][ T112] [ 131.278114][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 131.278114][ T112] [ 131.301140][ T5827] umount2("./61/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./61/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./61/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 131.301140][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 131.301140][ T5827] [ 131.312182][ T5827] [ 131.312182][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 131.312182][ T5827] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./61/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./61") = 0 mkdir("./62", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5904 attached , child_tidptr=0x55556c245750) = 5904 [pid 5904] set_robust_list(0x55556c245760, 24) = 0 [pid 5904] chdir("./62") = 0 [pid 5904] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5904] setpgid(0, 0) = 0 [pid 5904] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5904] write(3, "1000", 4) = 4 [pid 5904] close(3) = 0 [pid 5904] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5904] write(1, "executing program\n", 18executing program ) = 18 [pid 5904] memfd_create("syzkaller", 0) = 3 [pid 5904] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5904] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5904] munmap(0x7fac16400000, 138412032) = 0 [pid 5904] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5904] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5904] close(3) = 0 [pid 5904] close(4) = 0 [pid 5904] mkdir("./bus", 0777) = 0 [pid 5904] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5904] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5904] chdir("./bus") = 0 [pid 5904] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5904] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5904] exit_group(0) = ? [pid 5904] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5904, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=14 /* 0.14 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./62", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./62/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./62/binderfs") = 0 [ 131.862952][ T5904] loop0: detected capacity change from 0 to 32768 [ 131.899340][ T5904] [ 131.899340][ T5904] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 131.899340][ T5904] [ 131.940505][ T36] [ 131.940505][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 131.940505][ T36] [ 131.951548][ T36] [ 131.951548][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 131.951548][ T36] [ 131.962891][ T113] [ 131.962891][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 131.962891][ T113] [ 131.973506][ T5827] [ 131.973506][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 131.973506][ T5827] [ 131.984497][ T5827] umount2("./62/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./62/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./62/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./62/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./62") = 0 mkdir("./63", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 131.984497][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 131.984497][ T5827] close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5905 attached [pid 5905] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 5905 [pid 5905] <... set_robust_list resumed>) = 0 [pid 5905] chdir("./63") = 0 [pid 5905] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5905] setpgid(0, 0) = 0 [pid 5905] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5905] write(3, "1000", 4) = 4 [pid 5905] close(3) = 0 [pid 5905] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5905] write(1, "executing program\n", 18) = 18 [pid 5905] memfd_create("syzkaller", 0) = 3 [pid 5905] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5905] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5905] munmap(0x7fac16400000, 138412032) = 0 [pid 5905] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5905] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5905] close(3) = 0 [pid 5905] close(4) = 0 [pid 5905] mkdir("./bus", 0777) = 0 [pid 5905] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5905] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5905] chdir("./bus") = 0 [pid 5905] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5905] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5905] exit_group(0) = ? [pid 5905] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5905, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=13 /* 0.13 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./63", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./63/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./63/binderfs") = 0 [ 132.396149][ T5905] loop0: detected capacity change from 0 to 32768 [ 132.435234][ T5905] [ 132.435234][ T5905] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 132.435234][ T5905] [ 132.465410][ T13] [ 132.465410][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 132.465410][ T13] [ 132.476139][ T13] [ 132.476139][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 132.476139][ T13] [ 132.488112][ T113] [ 132.488112][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 132.488112][ T113] [ 132.500230][ T5827] [ 132.500230][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 132.500230][ T5827] [ 132.513196][ T5827] umount2("./63/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./63/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./63/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./63/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./63") = 0 mkdir("./64", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 132.513196][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 132.513196][ T5827] close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5906 attached , child_tidptr=0x55556c245750) = 5906 [pid 5906] set_robust_list(0x55556c245760, 24) = 0 [pid 5906] chdir("./64") = 0 [pid 5906] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5906] setpgid(0, 0) = 0 [pid 5906] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5906] write(3, "1000", 4) = 4 [pid 5906] close(3) = 0 [pid 5906] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5906] write(1, "executing program\n", 18executing program ) = 18 [pid 5906] memfd_create("syzkaller", 0) = 3 [pid 5906] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5906] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5906] munmap(0x7fac16400000, 138412032) = 0 [pid 5906] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5906] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5906] close(3) = 0 [pid 5906] close(4) = 0 [pid 5906] mkdir("./bus", 0777) = 0 [ 132.908560][ T5906] loop0: detected capacity change from 0 to 32768 [pid 5906] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5906] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5906] chdir("./bus") = 0 [pid 5906] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5906] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5906] exit_group(0) = ? [pid 5906] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5906, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./64", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./64/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./64/binderfs") = 0 [ 132.949415][ T5906] [ 132.949415][ T5906] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 132.949415][ T5906] [ 133.001938][ T13] [ 133.001938][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 133.001938][ T13] [ 133.013675][ T13] [ 133.013675][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 133.013675][ T13] [ 133.024733][ T112] [ 133.024733][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 133.024733][ T112] [ 133.036003][ T5827] [ 133.036003][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 133.036003][ T5827] [ 133.047816][ T5827] umount2("./64/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./64/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./64/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 133.047816][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 133.047816][ T5827] openat(AT_FDCWD, "./64/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./64/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./64") = 0 mkdir("./65", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5907 attached [pid 5907] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 5907 [pid 5907] <... set_robust_list resumed>) = 0 [pid 5907] chdir("./65") = 0 [pid 5907] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5907] setpgid(0, 0) = 0 [pid 5907] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5907] write(3, "1000", 4) = 4 [pid 5907] close(3) = 0 [pid 5907] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5907] write(1, "executing program\n", 18executing program ) = 18 [pid 5907] memfd_create("syzkaller", 0) = 3 [pid 5907] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5907] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5907] munmap(0x7fac16400000, 138412032) = 0 [pid 5907] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5907] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5907] close(3) = 0 [pid 5907] close(4) = 0 [pid 5907] mkdir("./bus", 0777) = 0 [ 133.583672][ T5907] loop0: detected capacity change from 0 to 32768 [pid 5907] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5907] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5907] chdir("./bus") = 0 [pid 5907] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5907] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5907] exit_group(0) = ? [pid 5907] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5907, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=17 /* 0.17 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./65", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./65/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./65/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./65/binderfs") = 0 [ 133.625086][ T5907] [ 133.625086][ T5907] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 133.625086][ T5907] [ 133.667777][ T36] [ 133.667777][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 133.667777][ T36] [ 133.681120][ T36] [ 133.681120][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 133.681120][ T36] [ 133.692947][ T113] [ 133.692947][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 133.692947][ T113] [ 133.703635][ T5827] [ 133.703635][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 133.703635][ T5827] [ 133.714973][ T5827] umount2("./65/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./65/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./65/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./65/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 133.714973][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 133.714973][ T5827] getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./65/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./65") = 0 mkdir("./66", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5908 attached , child_tidptr=0x55556c245750) = 5908 [pid 5908] set_robust_list(0x55556c245760, 24) = 0 [pid 5908] chdir("./66") = 0 [pid 5908] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5908] setpgid(0, 0) = 0 [pid 5908] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5908] write(3, "1000", 4) = 4 [pid 5908] close(3) = 0 [pid 5908] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5908] write(1, "executing program\n", 18executing program ) = 18 [pid 5908] memfd_create("syzkaller", 0) = 3 [pid 5908] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5908] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5908] munmap(0x7fac16400000, 138412032) = 0 [pid 5908] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5908] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5908] close(3) = 0 [pid 5908] close(4) = 0 [pid 5908] mkdir("./bus", 0777) = 0 [pid 5908] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5908] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5908] chdir("./bus") = 0 [pid 5908] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5908] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5908] exit_group(0) = ? [pid 5908] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5908, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=18 /* 0.18 s */} --- [ 134.255924][ T5908] loop0: detected capacity change from 0 to 32768 [ 134.275627][ T5908] [ 134.275627][ T5908] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 134.275627][ T5908] restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./66", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./66/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./66/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./66/binderfs") = 0 [ 134.456887][ T13] [ 134.456887][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 134.456887][ T13] [ 134.467435][ T13] [ 134.467435][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 134.467435][ T13] [ 134.478846][ T113] [ 134.478846][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 134.478846][ T113] [ 134.489506][ T5827] [ 134.489506][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 134.489506][ T5827] [ 134.500622][ T5827] umount2("./66/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./66/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./66/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 134.500622][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 134.500622][ T5827] umount2("./66/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./66/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./66") = 0 mkdir("./67", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5909 attached [pid 5909] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 5909 [pid 5909] <... set_robust_list resumed>) = 0 [pid 5909] chdir("./67") = 0 [pid 5909] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5909] setpgid(0, 0) = 0 [pid 5909] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5909] write(3, "1000", 4) = 4 [pid 5909] close(3) = 0 [pid 5909] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5909] write(1, "executing program\n", 18executing program ) = 18 [pid 5909] memfd_create("syzkaller", 0) = 3 [pid 5909] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5909] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5909] munmap(0x7fac16400000, 138412032) = 0 [pid 5909] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5909] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5909] close(3) = 0 [pid 5909] close(4) = 0 [pid 5909] mkdir("./bus", 0777) = 0 [pid 5909] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5909] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5909] chdir("./bus") = 0 [pid 5909] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5909] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5909] exit_group(0) = ? [pid 5909] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5909, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=13 /* 0.13 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./67", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./67/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./67/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./67/binderfs") = 0 [ 135.090722][ T5909] loop0: detected capacity change from 0 to 32768 [ 135.127861][ T5909] [ 135.127861][ T5909] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 135.127861][ T5909] [ 135.159892][ T13] [ 135.159892][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 135.159892][ T13] [ 135.170565][ T13] [ 135.170565][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 135.170565][ T13] [ 135.182761][ T5827] [ 135.182761][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 135.182761][ T5827] [ 135.193722][ T113] [ 135.193722][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 135.193722][ T113] [ 135.204862][ T5827] umount2("./67/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./67/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./67/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./67/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./67/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./67") = 0 mkdir("./68", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 135.204862][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 135.204862][ T5827] close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5910 attached [pid 5910] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 5910 [pid 5910] <... set_robust_list resumed>) = 0 [pid 5910] chdir("./68") = 0 [pid 5910] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5910] setpgid(0, 0) = 0 [pid 5910] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5910] write(3, "1000", 4) = 4 [pid 5910] close(3) = 0 [pid 5910] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5910] write(1, "executing program\n", 18executing program ) = 18 [pid 5910] memfd_create("syzkaller", 0) = 3 [pid 5910] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5910] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5910] munmap(0x7fac16400000, 138412032) = 0 [pid 5910] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5910] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5910] close(3) = 0 [pid 5910] close(4) = 0 [pid 5910] mkdir("./bus", 0777) = 0 [pid 5910] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5910] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5910] chdir("./bus") = 0 [pid 5910] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5910] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5910] exit_group(0) = ? [ 135.610529][ T5910] loop0: detected capacity change from 0 to 32768 [ 135.640700][ T5910] [ 135.640700][ T5910] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 135.640700][ T5910] [pid 5910] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5910, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=15 /* 0.15 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./68", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./68/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./68/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./68/binderfs") = 0 [ 135.821525][ T36] [ 135.821525][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 135.821525][ T36] [ 135.832144][ T36] [ 135.832144][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 135.832144][ T36] [ 135.843578][ T5827] [ 135.843578][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 135.843578][ T5827] [ 135.854269][ T112] [ 135.854269][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 135.854269][ T112] [ 135.864875][ T5827] umount2("./68/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./68/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./68/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./68/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./68/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./68") = 0 mkdir("./69", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 135.864875][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 135.864875][ T5827] close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5911 attached , child_tidptr=0x55556c245750) = 5911 [pid 5911] set_robust_list(0x55556c245760, 24) = 0 [pid 5911] chdir("./69") = 0 [pid 5911] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5911] setpgid(0, 0) = 0 [pid 5911] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5911] write(3, "1000", 4) = 4 [pid 5911] close(3) = 0 [pid 5911] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5911] write(1, "executing program\n", 18) = 18 [pid 5911] memfd_create("syzkaller", 0) = 3 [pid 5911] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5911] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5911] munmap(0x7fac16400000, 138412032) = 0 [pid 5911] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5911] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5911] close(3) = 0 [pid 5911] close(4) = 0 [pid 5911] mkdir("./bus", 0777) = 0 [pid 5911] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5911] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5911] chdir("./bus") = 0 [pid 5911] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5911] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5911] exit_group(0) = ? [pid 5911] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5911, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=18 /* 0.18 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./69", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./69/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./69/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./69/binderfs") = 0 [ 136.274612][ T5911] loop0: detected capacity change from 0 to 32768 [ 136.307369][ T5911] [ 136.307369][ T5911] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 136.307369][ T5911] [ 136.351034][ T36] [ 136.351034][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 136.351034][ T36] [ 136.365206][ T36] [ 136.365206][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 136.365206][ T36] [ 136.376683][ T5827] [ 136.376683][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 136.376683][ T5827] [ 136.387849][ T112] [ 136.387849][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 136.387849][ T112] [ 136.398446][ T5827] umount2("./69/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./69/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./69/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./69/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./69/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./69") = 0 mkdir("./70", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 136.398446][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 136.398446][ T5827] close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556c245750) = 5912 ./strace-static-x86_64: Process 5912 attached [pid 5912] set_robust_list(0x55556c245760, 24) = 0 [pid 5912] chdir("./70") = 0 [pid 5912] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5912] setpgid(0, 0) = 0 [pid 5912] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5912] write(3, "1000", 4) = 4 [pid 5912] close(3) = 0 [pid 5912] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5912] write(1, "executing program\n", 18) = 18 [pid 5912] memfd_create("syzkaller", 0) = 3 [pid 5912] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5912] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5912] munmap(0x7fac16400000, 138412032) = 0 [pid 5912] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5912] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5912] close(3) = 0 [pid 5912] close(4) = 0 [pid 5912] mkdir("./bus", 0777) = 0 [ 136.804185][ T5912] loop0: detected capacity change from 0 to 32768 [pid 5912] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5912] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5912] chdir("./bus") = 0 [pid 5912] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5912] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5912] exit_group(0) = ? [pid 5912] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5912, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=17 /* 0.17 s */} --- umount2("./70", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./70/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./70/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./70/binderfs") = 0 [ 136.861816][ T5912] [ 136.861816][ T5912] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 136.861816][ T5912] [ 136.901620][ T13] [ 136.901620][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 136.901620][ T13] umount2("./70/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./70/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./70/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./70/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 136.912204][ T13] [ 136.912204][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 136.912204][ T13] [ 136.923307][ T113] [ 136.923307][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 136.923307][ T113] [ 136.933985][ T5827] [ 136.933985][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 136.933985][ T5827] [ 136.945045][ T5827] [ 136.945045][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 136.945045][ T5827] openat(AT_FDCWD, "./70/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./70/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./70") = 0 mkdir("./71", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5913 attached , child_tidptr=0x55556c245750) = 5913 [pid 5913] set_robust_list(0x55556c245760, 24) = 0 [pid 5913] chdir("./71") = 0 [pid 5913] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5913] setpgid(0, 0) = 0 [pid 5913] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5913] write(3, "1000", 4) = 4 [pid 5913] close(3) = 0 [pid 5913] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5913] write(1, "executing program\n", 18) = 18 [pid 5913] memfd_create("syzkaller", 0) = 3 [pid 5913] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5913] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5913] munmap(0x7fac16400000, 138412032) = 0 [pid 5913] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5913] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5913] close(3) = 0 [pid 5913] close(4) = 0 [pid 5913] mkdir("./bus", 0777) = 0 [pid 5913] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5913] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [ 137.554943][ T5913] loop0: detected capacity change from 0 to 32768 [ 137.592605][ T5913] [ 137.592605][ T5913] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 137.592605][ T5913] [pid 5913] chdir("./bus") = 0 [pid 5913] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5913] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5913] exit_group(0) = ? [pid 5913] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5913, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=15 /* 0.15 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./71", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./71/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./71/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./71/binderfs") = 0 [ 137.791414][ T13] [ 137.791414][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 137.791414][ T13] [ 137.801991][ T13] [ 137.801991][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 137.801991][ T13] [ 137.813596][ T112] [ 137.813596][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 137.813596][ T112] [ 137.824230][ T5827] [ 137.824230][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 137.824230][ T5827] [ 137.835036][ T5827] umount2("./71/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./71/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./71/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 137.835036][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 137.835036][ T5827] umount2("./71/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./71/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./71") = 0 mkdir("./72", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5914 attached [pid 5914] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 5914 [pid 5914] <... set_robust_list resumed>) = 0 [pid 5914] chdir("./72") = 0 [pid 5914] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5914] setpgid(0, 0) = 0 [pid 5914] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5914] write(3, "1000", 4) = 4 [pid 5914] close(3) = 0 [pid 5914] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5914] write(1, "executing program\n", 18executing program ) = 18 [pid 5914] memfd_create("syzkaller", 0) = 3 [pid 5914] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5914] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5914] munmap(0x7fac16400000, 138412032) = 0 [pid 5914] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5914] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5914] close(3) = 0 [pid 5914] close(4) = 0 [pid 5914] mkdir("./bus", 0777) = 0 [pid 5914] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5914] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5914] chdir("./bus") = 0 [pid 5914] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5914] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [ 138.425584][ T5914] loop0: detected capacity change from 0 to 32768 [ 138.452024][ T5914] [ 138.452024][ T5914] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 138.452024][ T5914] [pid 5914] exit_group(0) = ? [pid 5914] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5914, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=17 /* 0.17 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./72", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./72", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./72/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./72/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./72/binderfs") = 0 [ 138.670414][ T13] [ 138.670414][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 138.670414][ T13] [ 138.680956][ T13] [ 138.680956][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 138.680956][ T13] [ 138.691787][ T5827] [ 138.691787][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 138.691787][ T5827] [ 138.703287][ T112] [ 138.703287][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 138.703287][ T112] [ 138.713938][ T5827] umount2("./72/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./72/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./72/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./72/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./72/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./72/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./72") = 0 mkdir("./73", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 138.713938][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 138.713938][ T5827] close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5915 attached [pid 5915] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 5915 [pid 5915] <... set_robust_list resumed>) = 0 [pid 5915] chdir("./73") = 0 [pid 5915] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5915] setpgid(0, 0) = 0 [pid 5915] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5915] write(3, "1000", 4) = 4 [pid 5915] close(3) = 0 [pid 5915] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5915] write(1, "executing program\n", 18) = 18 [pid 5915] memfd_create("syzkaller", 0) = 3 [pid 5915] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5915] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5915] munmap(0x7fac16400000, 138412032) = 0 [pid 5915] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5915] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5915] close(3) = 0 [pid 5915] close(4) = 0 [pid 5915] mkdir("./bus", 0777) = 0 [ 139.101533][ T5915] loop0: detected capacity change from 0 to 32768 [pid 5915] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5915] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5915] chdir("./bus") = 0 [pid 5915] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5915] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5915] exit_group(0) = ? [pid 5915] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5915, si_uid=0, si_status=0, si_utime=0, si_stime=18 /* 0.18 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 139.149725][ T5915] [ 139.149725][ T5915] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 139.149725][ T5915] umount2("./73", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./73/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./73/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./73/binderfs") = 0 [ 139.273741][ T13] [ 139.273741][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 139.273741][ T13] [ 139.284372][ T13] [ 139.284372][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 139.284372][ T13] [ 139.295693][ T5827] [ 139.295693][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 139.295693][ T5827] [ 139.306593][ T112] [ 139.306593][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 139.306593][ T112] [ 139.317196][ T5827] umount2("./73/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./73/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./73/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./73/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./73/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./73") = 0 mkdir("./74", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 139.317196][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 139.317196][ T5827] close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5916 attached , child_tidptr=0x55556c245750) = 5916 [pid 5916] set_robust_list(0x55556c245760, 24) = 0 [pid 5916] chdir("./74") = 0 [pid 5916] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5916] setpgid(0, 0) = 0 [pid 5916] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5916] write(3, "1000", 4) = 4 [pid 5916] close(3) = 0 [pid 5916] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5916] write(1, "executing program\n", 18) = 18 [pid 5916] memfd_create("syzkaller", 0) = 3 [pid 5916] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5916] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5916] munmap(0x7fac16400000, 138412032) = 0 [pid 5916] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5916] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5916] close(3) = 0 [pid 5916] close(4) = 0 [pid 5916] mkdir("./bus", 0777) = 0 [pid 5916] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5916] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5916] chdir("./bus") = 0 [pid 5916] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 139.705980][ T5916] loop0: detected capacity change from 0 to 32768 [ 139.742696][ T5916] [ 139.742696][ T5916] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 139.742696][ T5916] [pid 5916] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5916] exit_group(0) = ? [pid 5916] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5916, si_uid=0, si_status=0, si_utime=0, si_stime=17 /* 0.17 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./74", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./74/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./74/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./74/binderfs") = 0 [ 139.931033][ T36] [ 139.931033][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 139.931033][ T36] [ 139.941690][ T36] [ 139.941690][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 139.941690][ T36] [ 139.952754][ T5827] [ 139.952754][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 139.952754][ T5827] [ 139.963679][ T112] [ 139.963679][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 139.963679][ T112] [ 139.974306][ T5827] umount2("./74/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./74/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./74/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./74/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./74/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./74") = 0 mkdir("./75", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 139.974306][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 139.974306][ T5827] close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5917 attached [pid 5917] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 5917 [pid 5917] <... set_robust_list resumed>) = 0 [pid 5917] chdir("./75") = 0 [pid 5917] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5917] setpgid(0, 0) = 0 [pid 5917] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5917] write(3, "1000", 4) = 4 [pid 5917] close(3) = 0 [pid 5917] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5917] write(1, "executing program\n", 18executing program ) = 18 [pid 5917] memfd_create("syzkaller", 0) = 3 [pid 5917] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5917] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5917] munmap(0x7fac16400000, 138412032) = 0 [pid 5917] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5917] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5917] close(3) = 0 [pid 5917] close(4) = 0 [pid 5917] mkdir("./bus", 0777) = 0 [pid 5917] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5917] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5917] chdir("./bus") = 0 [pid 5917] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5917] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5917] exit_group(0) = ? [ 140.396609][ T5917] loop0: detected capacity change from 0 to 32768 [ 140.425912][ T5917] [ 140.425912][ T5917] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 140.425912][ T5917] [pid 5917] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5917, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=15 /* 0.15 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./75", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./75", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./75/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./75/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./75/binderfs") = 0 [ 140.495640][ T13] [ 140.495640][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 140.495640][ T13] [ 140.506291][ T13] [ 140.506291][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 140.506291][ T13] [ 140.517608][ T113] [ 140.517608][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 140.517608][ T113] [ 140.528238][ T5827] [ 140.528238][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 140.528238][ T5827] [ 140.539073][ T5827] umount2("./75/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./75/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./75/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./75/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./75/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./75/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./75") = 0 mkdir("./76", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 140.539073][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 140.539073][ T5827] close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5918 attached , child_tidptr=0x55556c245750) = 5918 [pid 5918] set_robust_list(0x55556c245760, 24) = 0 [pid 5918] chdir("./76") = 0 [pid 5918] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5918] setpgid(0, 0) = 0 [pid 5918] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5918] write(3, "1000", 4) = 4 [pid 5918] close(3) = 0 [pid 5918] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5918] write(1, "executing program\n", 18) = 18 [pid 5918] memfd_create("syzkaller", 0) = 3 [pid 5918] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5918] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5918] munmap(0x7fac16400000, 138412032) = 0 [pid 5918] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5918] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5918] close(3) = 0 [pid 5918] close(4) = 0 [pid 5918] mkdir("./bus", 0777) = 0 [ 140.960995][ T5918] loop0: detected capacity change from 0 to 32768 [pid 5918] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5918] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5918] chdir("./bus") = 0 [pid 5918] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5918] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [ 141.003013][ T5918] [ 141.003013][ T5918] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 141.003013][ T5918] [pid 5918] exit_group(0) = ? [pid 5918] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5918, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=14 /* 0.14 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./76", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./76", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./76/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./76/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./76/binderfs") = 0 [ 141.169528][ T36] [ 141.169528][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 141.169528][ T36] [ 141.180327][ T36] [ 141.180327][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 141.180327][ T36] [ 141.191175][ T5827] [ 141.191175][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 141.191175][ T5827] [ 141.202102][ T113] [ 141.202102][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 141.202102][ T113] [ 141.212722][ T5827] umount2("./76/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./76/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./76/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 141.212722][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 141.212722][ T5827] umount2("./76/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./76/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./76/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./76") = 0 mkdir("./77", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5919 attached , child_tidptr=0x55556c245750) = 5919 [pid 5919] set_robust_list(0x55556c245760, 24) = 0 [pid 5919] chdir("./77") = 0 [pid 5919] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5919] setpgid(0, 0) = 0 [pid 5919] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5919] write(3, "1000", 4) = 4 [pid 5919] close(3) = 0 [pid 5919] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5919] write(1, "executing program\n", 18) = 18 [pid 5919] memfd_create("syzkaller", 0) = 3 [pid 5919] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5919] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5919] munmap(0x7fac16400000, 138412032) = 0 [pid 5919] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5919] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5919] close(3) = 0 [pid 5919] close(4) = 0 [pid 5919] mkdir("./bus", 0777) = 0 [ 141.778361][ T5919] loop0: detected capacity change from 0 to 32768 [pid 5919] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5919] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5919] chdir("./bus") = 0 [pid 5919] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5919] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5919] exit_group(0) = ? [pid 5919] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5919, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=17 /* 0.17 s */} --- [ 141.820534][ T5919] [ 141.820534][ T5919] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 141.820534][ T5919] restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./77", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./77", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./77/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./77/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./77/binderfs") = 0 [ 141.992304][ T36] [ 141.992304][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 141.992304][ T36] [ 142.002912][ T36] [ 142.002912][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 142.002912][ T36] [ 142.013652][ T5827] [ 142.013652][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 142.013652][ T5827] [ 142.024552][ T112] [ 142.024552][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 142.024552][ T112] [ 142.035142][ T5827] umount2("./77/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./77/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./77/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./77/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./77/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./77/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./77") = 0 mkdir("./78", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 142.035142][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 142.035142][ T5827] close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5920 attached , child_tidptr=0x55556c245750) = 5920 [pid 5920] set_robust_list(0x55556c245760, 24) = 0 [pid 5920] chdir("./78") = 0 [pid 5920] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5920] setpgid(0, 0) = 0 [pid 5920] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5920] write(3, "1000", 4) = 4 [pid 5920] close(3) = 0 [pid 5920] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5920] write(1, "executing program\n", 18) = 18 [pid 5920] memfd_create("syzkaller", 0) = 3 [pid 5920] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5920] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5920] munmap(0x7fac16400000, 138412032) = 0 [pid 5920] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5920] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5920] close(3) = 0 [pid 5920] close(4) = 0 [pid 5920] mkdir("./bus", 0777) = 0 [pid 5920] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5920] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5920] chdir("./bus") = 0 [pid 5920] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 142.448610][ T5920] loop0: detected capacity change from 0 to 32768 [ 142.479726][ T5920] [ 142.479726][ T5920] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 142.479726][ T5920] [pid 5920] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5920] exit_group(0) = ? [pid 5920] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5920, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=14 /* 0.14 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./78", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./78", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./78/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./78/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./78/binderfs") = 0 [ 142.564666][ T36] [ 142.564666][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 142.564666][ T36] [ 142.576151][ T36] [ 142.576151][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 142.576151][ T36] [ 142.587632][ T112] [ 142.587632][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 142.587632][ T112] [ 142.598220][ T5827] [ 142.598220][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 142.598220][ T5827] [ 142.609052][ T5827] umount2("./78/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./78/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./78/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 142.609052][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 142.609052][ T5827] umount2("./78/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./78/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./78/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./78") = 0 mkdir("./79", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5921 attached [pid 5921] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 5921 [pid 5921] <... set_robust_list resumed>) = 0 [pid 5921] chdir("./79") = 0 [pid 5921] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5921] setpgid(0, 0) = 0 [pid 5921] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5921] write(3, "1000", 4) = 4 [pid 5921] close(3) = 0 [pid 5921] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5921] write(1, "executing program\n", 18) = 18 [pid 5921] memfd_create("syzkaller", 0) = 3 [pid 5921] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5921] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5921] munmap(0x7fac16400000, 138412032) = 0 [pid 5921] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5921] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5921] close(3) = 0 [pid 5921] close(4) = 0 [pid 5921] mkdir("./bus", 0777) = 0 [pid 5921] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5921] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5921] chdir("./bus") = 0 [pid 5921] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5921] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5921] exit_group(0) = ? [pid 5921] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5921, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=13 /* 0.13 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 143.184275][ T5921] loop0: detected capacity change from 0 to 32768 [ 143.209815][ T5921] [ 143.209815][ T5921] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 143.209815][ T5921] umount2("./79", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./79", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./79/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./79/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./79/binderfs") = 0 [ 143.352139][ T13] [ 143.352139][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 143.352139][ T13] [ 143.362721][ T13] [ 143.362721][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 143.362721][ T13] [ 143.373660][ T113] [ 143.373660][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 143.373660][ T113] [ 143.384251][ T5827] [ 143.384251][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 143.384251][ T5827] [ 143.394996][ T5827] umount2("./79/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./79/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./79/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./79/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./79/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./79/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./79") = 0 mkdir("./80", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 143.394996][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 143.394996][ T5827] close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5922 attached , child_tidptr=0x55556c245750) = 5922 [pid 5922] set_robust_list(0x55556c245760, 24) = 0 [pid 5922] chdir("./80") = 0 [pid 5922] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5922] setpgid(0, 0) = 0 [pid 5922] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5922] write(3, "1000", 4) = 4 [pid 5922] close(3) = 0 [pid 5922] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5922] write(1, "executing program\n", 18) = 18 [pid 5922] memfd_create("syzkaller", 0) = 3 [pid 5922] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5922] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5922] munmap(0x7fac16400000, 138412032) = 0 [pid 5922] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5922] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5922] close(3) = 0 [pid 5922] close(4) = 0 [pid 5922] mkdir("./bus", 0777) = 0 [pid 5922] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5922] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [ 143.797988][ T5922] loop0: detected capacity change from 0 to 32768 [ 143.832236][ T5922] [ 143.832236][ T5922] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 143.832236][ T5922] [pid 5922] chdir("./bus") = 0 [pid 5922] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5922] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5922] exit_group(0) = ? [pid 5922] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5922, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=17 /* 0.17 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./80", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./80", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./80/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./80/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./80/binderfs") = 0 [ 144.059857][ T13] [ 144.059857][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 144.059857][ T13] [ 144.070442][ T13] [ 144.070442][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 144.070442][ T13] [ 144.081675][ T113] [ 144.081675][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 144.081675][ T113] [ 144.092277][ T5827] [ 144.092277][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 144.092277][ T5827] [ 144.103127][ T5827] umount2("./80/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./80/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./80/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 144.103127][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 144.103127][ T5827] umount2("./80/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./80/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./80/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./80") = 0 mkdir("./81", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5923 attached , child_tidptr=0x55556c245750) = 5923 [pid 5923] set_robust_list(0x55556c245760, 24) = 0 [pid 5923] chdir("./81") = 0 [pid 5923] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5923] setpgid(0, 0) = 0 [pid 5923] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5923] write(3, "1000", 4) = 4 [pid 5923] close(3) = 0 [pid 5923] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5923] write(1, "executing program\n", 18) = 18 [pid 5923] memfd_create("syzkaller", 0) = 3 [pid 5923] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5923] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5923] munmap(0x7fac16400000, 138412032) = 0 [pid 5923] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5923] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5923] close(3) = 0 [pid 5923] close(4) = 0 [pid 5923] mkdir("./bus", 0777) = 0 [pid 5923] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5923] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5923] chdir("./bus") = 0 [pid 5923] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5923] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5923] exit_group(0) = ? [pid 5923] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5923, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=16 /* 0.16 s */} --- umount2("./81", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./81", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./81/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./81/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./81/binderfs") = 0 [ 144.644931][ T5923] loop0: detected capacity change from 0 to 32768 [ 144.675254][ T5923] [ 144.675254][ T5923] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 144.675254][ T5923] [ 144.708952][ T1088] [ 144.708952][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 144.708952][ T1088] [ 144.720775][ T1088] [ 144.720775][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 144.720775][ T1088] [ 144.732145][ T113] [ 144.732145][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 144.732145][ T113] [ 144.744110][ T5827] [ 144.744110][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 144.744110][ T5827] [ 144.755068][ T5827] umount2("./81/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./81/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./81/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./81/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 144.755068][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 144.755068][ T5827] openat(AT_FDCWD, "./81/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./81/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./81") = 0 mkdir("./82", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5924 attached , child_tidptr=0x55556c245750) = 5924 [pid 5924] set_robust_list(0x55556c245760, 24) = 0 [pid 5924] chdir("./82") = 0 [pid 5924] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5924] setpgid(0, 0) = 0 [pid 5924] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5924] write(3, "1000", 4) = 4 [pid 5924] close(3) = 0 [pid 5924] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5924] write(1, "executing program\n", 18) = 18 [pid 5924] memfd_create("syzkaller", 0) = 3 [pid 5924] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5924] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5924] munmap(0x7fac16400000, 138412032) = 0 [pid 5924] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5924] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5924] close(3) = 0 [pid 5924] close(4) = 0 [pid 5924] mkdir("./bus", 0777) = 0 [pid 5924] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5924] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5924] chdir("./bus") = 0 [pid 5924] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5924] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5924] exit_group(0) = ? [pid 5924] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5924, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=18 /* 0.18 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./82", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./82", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./82/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./82/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./82/binderfs") = 0 [ 145.324941][ T5924] loop0: detected capacity change from 0 to 32768 [ 145.349751][ T5924] [ 145.349751][ T5924] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 145.349751][ T5924] [ 145.397695][ T36] [ 145.397695][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 145.397695][ T36] [ 145.409887][ T36] [ 145.409887][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 145.409887][ T36] [ 145.420850][ T112] [ 145.420850][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 145.420850][ T112] [ 145.433274][ T5827] [ 145.433274][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 145.433274][ T5827] [ 145.445298][ T5827] umount2("./82/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./82/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./82/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./82/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./82/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./82/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./82") = 0 mkdir("./83", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 145.445298][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 145.445298][ T5827] close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5925 attached , child_tidptr=0x55556c245750) = 5925 [pid 5925] set_robust_list(0x55556c245760, 24) = 0 [pid 5925] chdir("./83") = 0 [pid 5925] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5925] setpgid(0, 0) = 0 [pid 5925] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5925] write(3, "1000", 4) = 4 [pid 5925] close(3) = 0 [pid 5925] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5925] write(1, "executing program\n", 18) = 18 [pid 5925] memfd_create("syzkaller", 0) = 3 [pid 5925] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5925] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5925] munmap(0x7fac16400000, 138412032) = 0 [pid 5925] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5925] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5925] close(3) = 0 [pid 5925] close(4) = 0 [pid 5925] mkdir("./bus", 0777) = 0 [pid 5925] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5925] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5925] chdir("./bus") = 0 [pid 5925] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5925] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5925] exit_group(0) = ? [pid 5925] +++ exited with 0 +++ [ 145.859740][ T5925] loop0: detected capacity change from 0 to 32768 [ 145.887835][ T5925] [ 145.887835][ T5925] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 145.887835][ T5925] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5925, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./83", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./83", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./83/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./83/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./83/binderfs") = 0 [ 146.079091][ T36] [ 146.079091][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 146.079091][ T36] [ 146.089677][ T36] [ 146.089677][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 146.089677][ T36] [ 146.101141][ T112] [ 146.101141][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 146.101141][ T112] [ 146.111746][ T5827] [ 146.111746][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 146.111746][ T5827] [ 146.122861][ T5827] umount2("./83/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./83/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./83/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 146.122861][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 146.122861][ T5827] umount2("./83/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./83/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./83/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./83") = 0 mkdir("./84", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5926 attached , child_tidptr=0x55556c245750) = 5926 [pid 5926] set_robust_list(0x55556c245760, 24) = 0 [pid 5926] chdir("./84") = 0 [pid 5926] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5926] setpgid(0, 0) = 0 [pid 5926] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5926] write(3, "1000", 4) = 4 [pid 5926] close(3) = 0 [pid 5926] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5926] write(1, "executing program\n", 18executing program ) = 18 [pid 5926] memfd_create("syzkaller", 0) = 3 [pid 5926] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5926] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5926] munmap(0x7fac16400000, 138412032) = 0 [pid 5926] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5926] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5926] close(3) = 0 [pid 5926] close(4) = 0 [pid 5926] mkdir("./bus", 0777) = 0 [pid 5926] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5926] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5926] chdir("./bus") = 0 [pid 5926] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 146.655327][ T5926] loop0: detected capacity change from 0 to 32768 [ 146.690732][ T5926] [ 146.690732][ T5926] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 146.690732][ T5926] [pid 5926] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5926] exit_group(0) = ? [pid 5926] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5926, si_uid=0, si_status=0, si_utime=0, si_stime=20 /* 0.20 s */} --- umount2("./84", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./84", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./84/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./84/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./84/binderfs") = 0 [ 146.858928][ T36] [ 146.858928][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 146.858928][ T36] [ 146.869534][ T36] [ 146.869534][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 146.869534][ T36] [ 146.880898][ T113] [ 146.880898][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 146.880898][ T113] [ 146.891497][ T5827] [ 146.891497][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 146.891497][ T5827] [ 146.902401][ T5827] umount2("./84/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./84/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./84/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./84/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./84/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./84/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./84") = 0 mkdir("./85", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 146.902401][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 146.902401][ T5827] close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5927 attached , child_tidptr=0x55556c245750) = 5927 [pid 5927] set_robust_list(0x55556c245760, 24) = 0 [pid 5927] chdir("./85") = 0 [pid 5927] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5927] setpgid(0, 0) = 0 [pid 5927] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5927] write(3, "1000", 4) = 4 [pid 5927] close(3) = 0 [pid 5927] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5927] write(1, "executing program\n", 18) = 18 [pid 5927] memfd_create("syzkaller", 0) = 3 [pid 5927] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5927] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5927] munmap(0x7fac16400000, 138412032) = 0 [pid 5927] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5927] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5927] close(3) = 0 [pid 5927] close(4) = 0 [pid 5927] mkdir("./bus", 0777) = 0 [ 147.330092][ T5927] loop0: detected capacity change from 0 to 32768 [pid 5927] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5927] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5927] chdir("./bus") = 0 [pid 5927] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 147.385233][ T5927] [ 147.385233][ T5927] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 147.385233][ T5927] [pid 5927] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5927] exit_group(0) = ? [pid 5927] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5927, si_uid=0, si_status=0, si_utime=0, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./85", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./85", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./85/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./85/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./85/binderfs") = 0 [ 147.602395][ T13] [ 147.602395][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 147.602395][ T13] [ 147.612904][ T13] [ 147.612904][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 147.612904][ T13] [ 147.624036][ T112] [ 147.624036][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 147.624036][ T112] [ 147.634630][ T5827] [ 147.634630][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 147.634630][ T5827] [ 147.645580][ T5827] umount2("./85/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./85/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./85/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 147.645580][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 147.645580][ T5827] umount2("./85/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./85/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./85/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./85") = 0 mkdir("./86", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5928 attached [pid 5928] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 5928 [pid 5928] <... set_robust_list resumed>) = 0 [pid 5928] chdir("./86") = 0 [pid 5928] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5928] setpgid(0, 0) = 0 [pid 5928] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5928] write(3, "1000", 4) = 4 [pid 5928] close(3) = 0 [pid 5928] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5928] write(1, "executing program\n", 18) = 18 [pid 5928] memfd_create("syzkaller", 0) = 3 [pid 5928] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5928] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5928] munmap(0x7fac16400000, 138412032) = 0 [pid 5928] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5928] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5928] close(3) = 0 [pid 5928] close(4) = 0 [pid 5928] mkdir("./bus", 0777) = 0 [pid 5928] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5928] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5928] chdir("./bus") = 0 [pid 5928] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 148.230041][ T5928] loop0: detected capacity change from 0 to 32768 [ 148.263967][ T5928] [ 148.263967][ T5928] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 148.263967][ T5928] [pid 5928] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5928] exit_group(0) = ? [pid 5928] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5928, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./86", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./86", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./86/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./86/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./86/binderfs") = 0 [ 148.382658][ T13] [ 148.382658][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 148.382658][ T13] [ 148.393196][ T13] [ 148.393196][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 148.393196][ T13] [ 148.405190][ T113] [ 148.405190][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 148.405190][ T113] [ 148.416613][ T5827] [ 148.416613][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 148.416613][ T5827] [ 148.427756][ T5827] umount2("./86/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./86/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 148.427756][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 148.427756][ T5827] newfstatat(AT_FDCWD, "./86/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./86/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./86/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./86/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./86") = 0 mkdir("./87", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5929 attached , child_tidptr=0x55556c245750) = 5929 [pid 5929] set_robust_list(0x55556c245760, 24) = 0 [pid 5929] chdir("./87") = 0 [pid 5929] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5929] setpgid(0, 0) = 0 [pid 5929] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5929] write(3, "1000", 4) = 4 [pid 5929] close(3) = 0 [pid 5929] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5929] write(1, "executing program\n", 18executing program ) = 18 [pid 5929] memfd_create("syzkaller", 0) = 3 [pid 5929] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5929] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5929] munmap(0x7fac16400000, 138412032) = 0 [pid 5929] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5929] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5929] close(3) = 0 [pid 5929] close(4) = 0 [pid 5929] mkdir("./bus", 0777) = 0 [pid 5929] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5929] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5929] chdir("./bus") = 0 [pid 5929] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5929] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [ 148.985693][ T5929] loop0: detected capacity change from 0 to 32768 [ 149.024618][ T5929] [ 149.024618][ T5929] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 149.024618][ T5929] [pid 5929] exit_group(0) = ? [pid 5929] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5929, si_uid=0, si_status=0, si_utime=0, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./87", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./87", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./87/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./87/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./87/binderfs") = 0 [ 149.215984][ T13] [ 149.215984][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 149.215984][ T13] [ 149.226524][ T13] [ 149.226524][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 149.226524][ T13] [ 149.237666][ T113] [ 149.237666][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 149.237666][ T113] [ 149.248337][ T5827] [ 149.248337][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 149.248337][ T5827] [ 149.259344][ T5827] umount2("./87/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./87/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./87/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 149.259344][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 149.259344][ T5827] umount2("./87/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./87/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./87/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./87") = 0 mkdir("./88", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5930 attached , child_tidptr=0x55556c245750) = 5930 [pid 5930] set_robust_list(0x55556c245760, 24) = 0 [pid 5930] chdir("./88") = 0 [pid 5930] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5930] setpgid(0, 0) = 0 [pid 5930] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5930] write(3, "1000", 4) = 4 [pid 5930] close(3) = 0 [pid 5930] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5930] write(1, "executing program\n", 18) = 18 [pid 5930] memfd_create("syzkaller", 0) = 3 [pid 5930] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5930] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5930] munmap(0x7fac16400000, 138412032) = 0 [pid 5930] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5930] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5930] close(3) = 0 [pid 5930] close(4) = 0 [pid 5930] mkdir("./bus", 0777) = 0 [ 149.815266][ T5930] loop0: detected capacity change from 0 to 32768 [pid 5930] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5930] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5930] chdir("./bus") = 0 [pid 5930] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5930] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5930] exit_group(0) = ? [pid 5930] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5930, si_uid=0, si_status=0, si_utime=0, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./88", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./88", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 149.859447][ T5930] [ 149.859447][ T5930] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 149.859447][ T5930] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./88/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./88/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./88/binderfs") = 0 [ 150.002532][ T13] [ 150.002532][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 150.002532][ T13] [ 150.013420][ T13] [ 150.013420][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 150.013420][ T13] [ 150.025131][ T112] [ 150.025131][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 150.025131][ T112] [ 150.035798][ T5827] [ 150.035798][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 150.035798][ T5827] [ 150.046650][ T5827] umount2("./88/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./88/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./88/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 150.046650][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 150.046650][ T5827] umount2("./88/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./88/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./88/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./88") = 0 mkdir("./89", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5931 attached [pid 5931] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 5931 [pid 5931] <... set_robust_list resumed>) = 0 [pid 5931] chdir("./89") = 0 [pid 5931] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5931] setpgid(0, 0) = 0 [pid 5931] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5931] write(3, "1000", 4) = 4 [pid 5931] close(3) = 0 executing program [pid 5931] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5931] write(1, "executing program\n", 18) = 18 [pid 5931] memfd_create("syzkaller", 0) = 3 [pid 5931] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5931] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5931] munmap(0x7fac16400000, 138412032) = 0 [pid 5931] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5931] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5931] close(3) = 0 [pid 5931] close(4) = 0 [pid 5931] mkdir("./bus", 0777) = 0 [pid 5931] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5931] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5931] chdir("./bus") = 0 [pid 5931] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5931] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5931] exit_group(0) = ? [ 150.633315][ T5931] loop0: detected capacity change from 0 to 32768 [ 150.666487][ T5931] [ 150.666487][ T5931] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 150.666487][ T5931] [pid 5931] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5931, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=14 /* 0.14 s */} --- umount2("./89", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./89", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./89/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./89/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./89/binderfs") = 0 [ 150.869096][ T13] [ 150.869096][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 150.869096][ T13] [ 150.879722][ T13] [ 150.879722][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 150.879722][ T13] [ 150.891202][ T112] [ 150.891202][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 150.891202][ T112] [ 150.901852][ T5827] [ 150.901852][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 150.901852][ T5827] [ 150.912625][ T5827] umount2("./89/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./89/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./89/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./89/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./89/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./89/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./89") = 0 mkdir("./90", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 150.912625][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 150.912625][ T5827] close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5932 attached [pid 5932] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 5932 [pid 5932] <... set_robust_list resumed>) = 0 [pid 5932] chdir("./90") = 0 [pid 5932] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5932] setpgid(0, 0) = 0 [pid 5932] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5932] write(3, "1000", 4) = 4 [pid 5932] close(3) = 0 [pid 5932] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5932] write(1, "executing program\n", 18executing program ) = 18 [pid 5932] memfd_create("syzkaller", 0) = 3 [pid 5932] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5932] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5932] munmap(0x7fac16400000, 138412032) = 0 [pid 5932] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5932] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5932] close(3) = 0 [pid 5932] close(4) = 0 [pid 5932] mkdir("./bus", 0777) = 0 [pid 5932] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5932] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5932] chdir("./bus") = 0 [pid 5932] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5932] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5932] exit_group(0) = ? [pid 5932] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5932, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=16 /* 0.16 s */} --- umount2("./90", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./90", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./90/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./90/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./90/binderfs") = 0 [ 151.300774][ T5932] loop0: detected capacity change from 0 to 32768 [ 151.331360][ T5932] [ 151.331360][ T5932] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 151.331360][ T5932] [ 151.373865][ T1088] [ 151.373865][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 151.373865][ T1088] [ 151.385633][ T1088] [ 151.385633][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 151.385633][ T1088] [ 151.397269][ T5827] [ 151.397269][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 151.397269][ T5827] [ 151.408269][ T113] [ 151.408269][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 151.408269][ T113] [ 151.419875][ T5827] umount2("./90/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./90/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./90/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./90/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./90/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./90/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./90") = 0 mkdir("./91", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 151.419875][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 151.419875][ T5827] close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5933 attached [pid 5933] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 5933 [pid 5933] <... set_robust_list resumed>) = 0 [pid 5933] chdir("./91") = 0 [pid 5933] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5933] setpgid(0, 0) = 0 [pid 5933] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5933] write(3, "1000", 4) = 4 [pid 5933] close(3) = 0 [pid 5933] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5933] write(1, "executing program\n", 18) = 18 [pid 5933] memfd_create("syzkaller", 0) = 3 [pid 5933] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5933] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5933] munmap(0x7fac16400000, 138412032) = 0 [pid 5933] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5933] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5933] close(3) = 0 [pid 5933] close(4) = 0 [pid 5933] mkdir("./bus", 0777) = 0 [ 151.834333][ T5933] loop0: detected capacity change from 0 to 32768 [pid 5933] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5933] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5933] chdir("./bus") = 0 [pid 5933] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5933] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5933] exit_group(0) = ? [ 151.884585][ T5933] [ 151.884585][ T5933] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 151.884585][ T5933] [pid 5933] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5933, si_uid=0, si_status=0, si_utime=0, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./91", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./91", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./91/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./91/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./91/binderfs") = 0 [ 152.065763][ T1088] [ 152.065763][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 152.065763][ T1088] [ 152.076440][ T1088] [ 152.076440][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 152.076440][ T1088] [ 152.087580][ T112] [ 152.087580][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 152.087580][ T112] [ 152.098497][ T5827] [ 152.098497][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 152.098497][ T5827] [ 152.109306][ T5827] umount2("./91/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./91/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./91/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 152.109306][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 152.109306][ T5827] umount2("./91/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./91/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./91/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./91") = 0 mkdir("./92", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5934 attached , child_tidptr=0x55556c245750) = 5934 [pid 5934] set_robust_list(0x55556c245760, 24) = 0 [pid 5934] chdir("./92") = 0 [pid 5934] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5934] setpgid(0, 0) = 0 [pid 5934] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5934] write(3, "1000", 4) = 4 [pid 5934] close(3) = 0 [pid 5934] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5934] write(1, "executing program\n", 18) = 18 [pid 5934] memfd_create("syzkaller", 0) = 3 [pid 5934] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5934] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5934] munmap(0x7fac16400000, 138412032) = 0 [pid 5934] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5934] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5934] close(3) = 0 [pid 5934] close(4) = 0 [pid 5934] mkdir("./bus", 0777) = 0 [ 152.692462][ T5934] loop0: detected capacity change from 0 to 32768 [ 152.732563][ T5934] [ 152.732563][ T5934] ... Log Wrap ... Log Wrap ... Log Wrap ... [pid 5934] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5934] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5934] chdir("./bus") = 0 [ 152.732563][ T5934] [pid 5934] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5934] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5934] exit_group(0) = ? [pid 5934] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5934, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=12 /* 0.12 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./92", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./92", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./92/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./92/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./92/binderfs") = 0 [ 152.893888][ T1088] [ 152.893888][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 152.893888][ T1088] [ 152.904433][ T1088] [ 152.904433][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 152.904433][ T1088] [ 152.915217][ T5827] [ 152.915217][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 152.915217][ T5827] [ 152.926045][ T113] [ 152.926045][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 152.926045][ T113] [ 152.936750][ T5827] umount2("./92/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./92/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./92/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./92/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./92/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./92/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./92") = 0 mkdir("./93", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 152.936750][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 152.936750][ T5827] close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5935 attached [pid 5935] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 5935 [pid 5935] <... set_robust_list resumed>) = 0 [pid 5935] chdir("./93") = 0 [pid 5935] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5935] setpgid(0, 0) = 0 [pid 5935] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5935] write(3, "1000", 4) = 4 [pid 5935] close(3) = 0 [pid 5935] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5935] write(1, "executing program\n", 18) = 18 [pid 5935] memfd_create("syzkaller", 0) = 3 [pid 5935] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5935] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5935] munmap(0x7fac16400000, 138412032) = 0 [pid 5935] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5935] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5935] close(3) = 0 [pid 5935] close(4) = 0 [pid 5935] mkdir("./bus", 0777) = 0 [ 153.369308][ T5935] loop0: detected capacity change from 0 to 32768 [pid 5935] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5935] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5935] chdir("./bus") = 0 [pid 5935] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5935] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5935] exit_group(0) = ? [pid 5935] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5935, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./93", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./93", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./93/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./93/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./93/binderfs") = 0 [ 153.415934][ T5935] [ 153.415934][ T5935] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 153.415934][ T5935] [ 153.449540][ T36] [ 153.449540][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 153.449540][ T36] [ 153.461791][ T36] umount2("./93/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./93/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./93/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./93/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 153.461791][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 153.461791][ T36] [ 153.473328][ T112] [ 153.473328][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 153.473328][ T112] [ 153.483979][ T5827] [ 153.483979][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 153.483979][ T5827] [ 153.494772][ T5827] [ 153.494772][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 153.494772][ T5827] openat(AT_FDCWD, "./93/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./93/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./93") = 0 mkdir("./94", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5936 attached , child_tidptr=0x55556c245750) = 5936 [pid 5936] set_robust_list(0x55556c245760, 24) = 0 [pid 5936] chdir("./94") = 0 [pid 5936] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5936] setpgid(0, 0) = 0 [pid 5936] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5936] write(3, "1000", 4) = 4 [pid 5936] close(3) = 0 [pid 5936] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5936] write(1, "executing program\n", 18executing program ) = 18 [pid 5936] memfd_create("syzkaller", 0) = 3 [pid 5936] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5936] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5936] munmap(0x7fac16400000, 138412032) = 0 [pid 5936] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5936] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5936] close(3) = 0 [pid 5936] close(4) = 0 [pid 5936] mkdir("./bus", 0777) = 0 [pid 5936] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5936] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5936] chdir("./bus") = 0 [pid 5936] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5936] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5936] exit_group(0) = ? [pid 5936] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5936, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./94", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./94", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 154.069032][ T5936] loop0: detected capacity change from 0 to 32768 [ 154.088605][ T5936] [ 154.088605][ T5936] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 154.088605][ T5936] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./94/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./94/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./94/binderfs") = 0 [ 154.209662][ T1088] [ 154.209662][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 154.209662][ T1088] [ 154.220317][ T1088] [ 154.220317][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 154.220317][ T1088] [ 154.231540][ T113] [ 154.231540][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 154.231540][ T113] [ 154.242259][ T5827] [ 154.242259][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 154.242259][ T5827] [ 154.253168][ T5827] umount2("./94/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./94/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./94/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./94/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./94/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./94/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./94") = 0 mkdir("./95", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 154.253168][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 154.253168][ T5827] close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5937 attached , child_tidptr=0x55556c245750) = 5937 [pid 5937] set_robust_list(0x55556c245760, 24) = 0 [pid 5937] chdir("./95") = 0 [pid 5937] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5937] setpgid(0, 0) = 0 [pid 5937] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5937] write(3, "1000", 4) = 4 [pid 5937] close(3) = 0 [pid 5937] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5937] write(1, "executing program\n", 18) = 18 [pid 5937] memfd_create("syzkaller", 0) = 3 [pid 5937] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5937] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5937] munmap(0x7fac16400000, 138412032) = 0 [pid 5937] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5937] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5937] close(3) = 0 [pid 5937] close(4) = 0 [pid 5937] mkdir("./bus", 0777) = 0 [pid 5937] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5937] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5937] chdir("./bus") = 0 [pid 5937] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 154.652598][ T5937] loop0: detected capacity change from 0 to 32768 [ 154.690194][ T5937] [ 154.690194][ T5937] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 154.690194][ T5937] [pid 5937] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5937] exit_group(0) = ? [pid 5937] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5937, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./95", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./95", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./95/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./95/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./95/binderfs") = 0 [ 154.850135][ T1088] [ 154.850135][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 154.850135][ T1088] [ 154.860725][ T1088] [ 154.860725][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 154.860725][ T1088] [ 154.871500][ T5827] [ 154.871500][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 154.871500][ T5827] [ 154.882374][ T112] [ 154.882374][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 154.882374][ T112] [ 154.893738][ T5827] umount2("./95/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./95/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./95/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./95/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./95/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./95/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./95") = 0 mkdir("./96", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 154.893738][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 154.893738][ T5827] close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5938 attached [pid 5938] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 5938 [pid 5938] <... set_robust_list resumed>) = 0 [pid 5938] chdir("./96") = 0 [pid 5938] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5938] setpgid(0, 0) = 0 [pid 5938] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5938] write(3, "1000", 4) = 4 [pid 5938] close(3) = 0 [pid 5938] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5938] write(1, "executing program\n", 18) = 18 [pid 5938] memfd_create("syzkaller", 0) = 3 [pid 5938] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5938] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5938] munmap(0x7fac16400000, 138412032) = 0 [pid 5938] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5938] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5938] close(3) = 0 [pid 5938] close(4) = 0 [pid 5938] mkdir("./bus", 0777) = 0 [pid 5938] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5938] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5938] chdir("./bus") = 0 [pid 5938] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5938] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5938] exit_group(0) = ? [pid 5938] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5938, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=17 /* 0.17 s */} --- umount2("./96", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./96", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./96/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./96/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./96/binderfs") = 0 [ 155.280037][ T5938] loop0: detected capacity change from 0 to 32768 [ 155.316760][ T5938] [ 155.316760][ T5938] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 155.316760][ T5938] [ 155.347235][ T36] [ 155.347235][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 155.347235][ T36] [ 155.359916][ T36] [ 155.359916][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 155.359916][ T36] [ 155.371563][ T113] [ 155.371563][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 155.371563][ T113] [ 155.386142][ T5827] [ 155.386142][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 155.386142][ T5827] umount2("./96/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./96/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./96/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./96/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 155.397067][ T5827] [ 155.397067][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 155.397067][ T5827] openat(AT_FDCWD, "./96/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./96/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./96") = 0 mkdir("./97", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5939 attached [pid 5939] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 5939 [pid 5939] <... set_robust_list resumed>) = 0 [pid 5939] chdir("./97") = 0 [pid 5939] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5939] setpgid(0, 0) = 0 [pid 5939] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5939] write(3, "1000", 4) = 4 [pid 5939] close(3) = 0 [pid 5939] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5939] write(1, "executing program\n", 18) = 18 [pid 5939] memfd_create("syzkaller", 0) = 3 [pid 5939] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5939] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5939] munmap(0x7fac16400000, 138412032) = 0 [pid 5939] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5939] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5939] close(3) = 0 [pid 5939] close(4) = 0 [pid 5939] mkdir("./bus", 0777) = 0 [ 155.946518][ T5939] loop0: detected capacity change from 0 to 32768 [pid 5939] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5939] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5939] chdir("./bus") = 0 [pid 5939] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5939] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5939] exit_group(0) = ? [pid 5939] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5939, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 155.991634][ T5939] [ 155.991634][ T5939] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 155.991634][ T5939] umount2("./97", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./97", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./97/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./97/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./97/binderfs") = 0 [ 156.132657][ T36] [ 156.132657][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 156.132657][ T36] [ 156.143249][ T36] [ 156.143249][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 156.143249][ T36] [ 156.153954][ T5827] [ 156.153954][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 156.153954][ T5827] [ 156.164851][ T112] [ 156.164851][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 156.164851][ T112] [ 156.175470][ T5827] umount2("./97/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./97/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./97/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./97/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./97/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./97/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 [ 156.175470][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 156.175470][ T5827] rmdir("./97") = 0 mkdir("./98", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5940 attached , child_tidptr=0x55556c245750) = 5940 [pid 5940] set_robust_list(0x55556c245760, 24) = 0 [pid 5940] chdir("./98") = 0 [pid 5940] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5940] setpgid(0, 0) = 0 [pid 5940] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5940] write(3, "1000", 4) = 4 [pid 5940] close(3) = 0 [pid 5940] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5940] write(1, "executing program\n", 18executing program ) = 18 [pid 5940] memfd_create("syzkaller", 0) = 3 [pid 5940] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5940] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5940] munmap(0x7fac16400000, 138412032) = 0 [pid 5940] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5940] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5940] close(3) = 0 [pid 5940] close(4) = 0 [pid 5940] mkdir("./bus", 0777) = 0 [pid 5940] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5940] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5940] chdir("./bus") = 0 [pid 5940] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5940] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5940] exit_group(0) = ? [ 156.698778][ T5940] loop0: detected capacity change from 0 to 32768 [ 156.733379][ T5940] [ 156.733379][ T5940] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 156.733379][ T5940] [pid 5940] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5940, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=16 /* 0.16 s */} --- umount2("./98", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./98", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./98/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./98/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./98/binderfs") = 0 [ 156.896721][ T36] [ 156.896721][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 156.896721][ T36] [ 156.907284][ T36] [ 156.907284][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 156.907284][ T36] [ 156.918264][ T5827] [ 156.918264][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 156.918264][ T5827] [ 156.929221][ T112] [ 156.929221][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 156.929221][ T112] [ 156.939828][ T5827] umount2("./98/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./98/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./98/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./98/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./98/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 156.939828][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 156.939828][ T5827] getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./98/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./98") = 0 mkdir("./99", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5941 attached , child_tidptr=0x55556c245750) = 5941 [pid 5941] set_robust_list(0x55556c245760, 24) = 0 [pid 5941] chdir("./99") = 0 [pid 5941] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5941] setpgid(0, 0) = 0 [pid 5941] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5941] write(3, "1000", 4) = 4 [pid 5941] close(3) = 0 executing program [pid 5941] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5941] write(1, "executing program\n", 18) = 18 [pid 5941] memfd_create("syzkaller", 0) = 3 [pid 5941] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5941] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5941] munmap(0x7fac16400000, 138412032) = 0 [pid 5941] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5941] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5941] close(3) = 0 [pid 5941] close(4) = 0 [pid 5941] mkdir("./bus", 0777) = 0 [pid 5941] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5941] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5941] chdir("./bus") = 0 [pid 5941] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5941] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5941] exit_group(0) = ? [ 157.461666][ T5941] loop0: detected capacity change from 0 to 32768 [ 157.496026][ T5941] [ 157.496026][ T5941] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 157.496026][ T5941] [pid 5941] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5941, si_uid=0, si_status=0, si_utime=0, si_stime=17 /* 0.17 s */} --- umount2("./99", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./99", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./99/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./99/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./99/binderfs") = 0 [ 157.671764][ T1088] [ 157.671764][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 157.671764][ T1088] [ 157.682299][ T1088] [ 157.682299][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 157.682299][ T1088] [ 157.693223][ T5827] [ 157.693223][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 157.693223][ T5827] [ 157.704110][ T112] [ 157.704110][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 157.704110][ T112] [ 157.714765][ T5827] umount2("./99/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./99/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./99/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./99/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./99/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./99/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 [ 157.714765][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 157.714765][ T5827] rmdir("./99") = 0 mkdir("./100", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556c245750) = 5942 ./strace-static-x86_64: Process 5942 attached [pid 5942] set_robust_list(0x55556c245760, 24) = 0 [pid 5942] chdir("./100") = 0 [pid 5942] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5942] setpgid(0, 0) = 0 [pid 5942] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5942] write(3, "1000", 4) = 4 [pid 5942] close(3) = 0 [pid 5942] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5942] write(1, "executing program\n", 18) = 18 [pid 5942] memfd_create("syzkaller", 0) = 3 [pid 5942] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5942] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5942] munmap(0x7fac16400000, 138412032) = 0 [pid 5942] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5942] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5942] close(3) = 0 [pid 5942] close(4) = 0 [pid 5942] mkdir("./bus", 0777) = 0 [pid 5942] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5942] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5942] chdir("./bus") = 0 [pid 5942] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5942] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5942] exit_group(0) = ? [pid 5942] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5942, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=18 /* 0.18 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 158.134942][ T5942] loop0: detected capacity change from 0 to 32768 [ 158.162230][ T5942] [ 158.162230][ T5942] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 158.162230][ T5942] umount2("./100", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./100", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./100/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./100/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./100/binderfs") = 0 [ 158.266502][ T36] [ 158.266502][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 158.266502][ T36] [ 158.277172][ T36] [ 158.277172][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 158.277172][ T36] [ 158.287993][ T5827] [ 158.287993][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 158.287993][ T5827] [ 158.299253][ T113] [ 158.299253][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 158.299253][ T113] [ 158.310021][ T5827] umount2("./100/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./100/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./100/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./100/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./100/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./100/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./100") = 0 mkdir("./101", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 158.310021][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 158.310021][ T5827] close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5943 attached , child_tidptr=0x55556c245750) = 5943 [pid 5943] set_robust_list(0x55556c245760, 24) = 0 [pid 5943] chdir("./101") = 0 [pid 5943] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5943] setpgid(0, 0) = 0 [pid 5943] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5943] write(3, "1000", 4) = 4 [pid 5943] close(3) = 0 [pid 5943] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5943] write(1, "executing program\n", 18) = 18 [pid 5943] memfd_create("syzkaller", 0) = 3 [pid 5943] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5943] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5943] munmap(0x7fac16400000, 138412032) = 0 [pid 5943] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5943] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5943] close(3) = 0 [pid 5943] close(4) = 0 [pid 5943] mkdir("./bus", 0777) = 0 [pid 5943] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5943] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5943] chdir("./bus") = 0 [pid 5943] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5943] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5943] exit_group(0) = ? [ 158.756556][ T5943] loop0: detected capacity change from 0 to 32768 [ 158.795436][ T5943] [ 158.795436][ T5943] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 158.795436][ T5943] [pid 5943] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5943, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=14 /* 0.14 s */} --- umount2("./101", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./101", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./101/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./101/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./101/binderfs") = 0 [ 158.883418][ T36] [ 158.883418][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 158.883418][ T36] [ 158.894141][ T36] [ 158.894141][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 158.894141][ T36] [ 158.904880][ T5827] [ 158.904880][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 158.904880][ T5827] [ 158.915655][ T113] [ 158.915655][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 158.915655][ T113] [ 158.926846][ T5827] umount2("./101/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./101/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./101/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./101/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./101/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 [ 158.926846][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 158.926846][ T5827] rmdir("./101/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./101") = 0 mkdir("./102", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5944 attached [pid 5944] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 5944 [pid 5944] <... set_robust_list resumed>) = 0 [pid 5944] chdir("./102") = 0 [pid 5944] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5944] setpgid(0, 0) = 0 [pid 5944] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5944] write(3, "1000", 4) = 4 [pid 5944] close(3) = 0 [pid 5944] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5944] write(1, "executing program\n", 18executing program ) = 18 [pid 5944] memfd_create("syzkaller", 0) = 3 [pid 5944] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5944] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5944] munmap(0x7fac16400000, 138412032) = 0 [pid 5944] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5944] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5944] close(3) = 0 [pid 5944] close(4) = 0 [pid 5944] mkdir("./bus", 0777) = 0 [ 159.414305][ T5944] loop0: detected capacity change from 0 to 32768 [pid 5944] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5944] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5944] chdir("./bus") = 0 [pid 5944] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5944] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5944] exit_group(0) = ? [pid 5944] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5944, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=17 /* 0.17 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./102", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./102", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./102/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./102/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./102/binderfs") = 0 [ 159.469963][ T5944] [ 159.469963][ T5944] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 159.469963][ T5944] [ 159.511162][ T36] [ 159.511162][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 159.511162][ T36] [ 159.521923][ T36] [ 159.521923][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 159.521923][ T36] [ 159.533034][ T5827] [ 159.533034][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 159.533034][ T5827] [ 159.544327][ T113] [ 159.544327][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 159.544327][ T113] [ 159.554927][ T5827] umount2("./102/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./102/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./102/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./102/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./102/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./102/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./102") = 0 mkdir("./103", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 159.554927][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 159.554927][ T5827] close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5945 attached , child_tidptr=0x55556c245750) = 5945 [pid 5945] set_robust_list(0x55556c245760, 24) = 0 [pid 5945] chdir("./103") = 0 [pid 5945] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5945] setpgid(0, 0) = 0 [pid 5945] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5945] write(3, "1000", 4) = 4 [pid 5945] close(3) = 0 [pid 5945] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5945] write(1, "executing program\n", 18) = 18 [pid 5945] memfd_create("syzkaller", 0) = 3 [pid 5945] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5945] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5945] munmap(0x7fac16400000, 138412032) = 0 [pid 5945] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5945] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5945] close(3) = 0 [pid 5945] close(4) = 0 [pid 5945] mkdir("./bus", 0777) = 0 [pid 5945] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5945] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5945] chdir("./bus") = 0 [pid 5945] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5945] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5945] exit_group(0) = ? [pid 5945] +++ exited with 0 +++ [ 159.959802][ T5945] loop0: detected capacity change from 0 to 32768 [ 159.995949][ T5945] [ 159.995949][ T5945] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 159.995949][ T5945] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5945, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=17 /* 0.17 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./103", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./103", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./103/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./103/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./103/binderfs") = 0 [ 160.138038][ T36] [ 160.138038][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 160.138038][ T36] [ 160.148850][ T36] [ 160.148850][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 160.148850][ T36] [ 160.159658][ T5827] [ 160.159658][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 160.159658][ T5827] [ 160.170711][ T112] [ 160.170711][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 160.170711][ T112] [ 160.181374][ T5827] umount2("./103/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./103/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./103/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./103/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./103/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 160.181374][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 160.181374][ T5827] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./103/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./103") = 0 mkdir("./104", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5946 attached , child_tidptr=0x55556c245750) = 5946 [pid 5946] set_robust_list(0x55556c245760, 24) = 0 [pid 5946] chdir("./104") = 0 [pid 5946] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5946] setpgid(0, 0) = 0 [pid 5946] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5946] write(3, "1000", 4) = 4 [pid 5946] close(3) = 0 [pid 5946] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5946] write(1, "executing program\n", 18) = 18 [pid 5946] memfd_create("syzkaller", 0) = 3 [pid 5946] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5946] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5946] munmap(0x7fac16400000, 138412032) = 0 [pid 5946] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5946] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5946] close(3) = 0 [pid 5946] close(4) = 0 [pid 5946] mkdir("./bus", 0777) = 0 [pid 5946] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5946] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5946] chdir("./bus") = 0 [pid 5946] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5946] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5946] exit_group(0) = ? [pid 5946] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5946, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=16 /* 0.16 s */} --- umount2("./104", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./104", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./104/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./104/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./104/binderfs") = 0 [ 160.705646][ T5946] loop0: detected capacity change from 0 to 32768 [ 160.731411][ T5946] [ 160.731411][ T5946] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 160.731411][ T5946] [ 160.780112][ T36] [ 160.780112][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 160.780112][ T36] [ 160.790760][ T36] [ 160.790760][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 160.790760][ T36] [ 160.802440][ T5827] [ 160.802440][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 160.802440][ T5827] [ 160.813828][ T113] [ 160.813828][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 160.813828][ T113] [ 160.824588][ T5827] umount2("./104/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./104/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./104/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 160.824588][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 160.824588][ T5827] umount2("./104/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./104/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./104/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./104") = 0 mkdir("./105", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5947 attached , child_tidptr=0x55556c245750) = 5947 [pid 5947] set_robust_list(0x55556c245760, 24) = 0 [pid 5947] chdir("./105") = 0 [pid 5947] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5947] setpgid(0, 0) = 0 [pid 5947] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5947] write(3, "1000", 4) = 4 [pid 5947] close(3) = 0 [pid 5947] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5947] write(1, "executing program\n", 18executing program ) = 18 [pid 5947] memfd_create("syzkaller", 0) = 3 [pid 5947] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5947] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5947] munmap(0x7fac16400000, 138412032) = 0 [pid 5947] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5947] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5947] close(3) = 0 [pid 5947] close(4) = 0 [pid 5947] mkdir("./bus", 0777) = 0 [pid 5947] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5947] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5947] chdir("./bus") = 0 [pid 5947] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5947] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5947] exit_group(0) = ? [pid 5947] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5947, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=15 /* 0.15 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./105", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./105", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./105/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 161.385355][ T5947] loop0: detected capacity change from 0 to 32768 [ 161.415248][ T5947] [ 161.415248][ T5947] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 161.415248][ T5947] newfstatat(AT_FDCWD, "./105/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./105/binderfs") = 0 [ 161.488960][ T36] [ 161.488960][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 161.488960][ T36] [ 161.499959][ T36] [ 161.499959][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 161.499959][ T36] [ 161.512087][ T5827] [ 161.512087][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 161.512087][ T5827] [ 161.522815][ T113] [ 161.522815][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 161.522815][ T113] [ 161.533493][ T5827] umount2("./105/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./105/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./105/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./105/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./105/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./105/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./105") = 0 mkdir("./106", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 161.533493][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 161.533493][ T5827] close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5948 attached [pid 5948] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 5948 [pid 5948] <... set_robust_list resumed>) = 0 [pid 5948] chdir("./106") = 0 [pid 5948] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5948] setpgid(0, 0) = 0 [pid 5948] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5948] write(3, "1000", 4) = 4 [pid 5948] close(3) = 0 [pid 5948] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5948] write(1, "executing program\n", 18executing program ) = 18 [pid 5948] memfd_create("syzkaller", 0) = 3 [pid 5948] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5948] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5948] munmap(0x7fac16400000, 138412032) = 0 [pid 5948] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5948] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5948] close(3) = 0 [pid 5948] close(4) = 0 [pid 5948] mkdir("./bus", 0777) = 0 [pid 5948] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5948] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5948] chdir("./bus") = 0 [pid 5948] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5948] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5948] exit_group(0) = ? [ 161.918525][ T5948] loop0: detected capacity change from 0 to 32768 [ 161.951036][ T5948] [ 161.951036][ T5948] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 161.951036][ T5948] [pid 5948] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5948, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=15 /* 0.15 s */} --- umount2("./106", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./106", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./106/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./106/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./106/binderfs") = 0 [ 162.118194][ T36] [ 162.118194][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 162.118194][ T36] [ 162.128856][ T36] [ 162.128856][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 162.128856][ T36] [ 162.140092][ T113] [ 162.140092][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 162.140092][ T113] [ 162.150800][ T5827] [ 162.150800][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 162.150800][ T5827] [ 162.161705][ T5827] umount2("./106/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./106/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./106/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 162.161705][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 162.161705][ T5827] umount2("./106/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./106/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./106/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./106") = 0 mkdir("./107", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5949 attached , child_tidptr=0x55556c245750) = 5949 [pid 5949] set_robust_list(0x55556c245760, 24) = 0 [pid 5949] chdir("./107") = 0 [pid 5949] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5949] setpgid(0, 0) = 0 [pid 5949] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5949] write(3, "1000", 4) = 4 [pid 5949] close(3) = 0 [pid 5949] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5949] write(1, "executing program\n", 18) = 18 [pid 5949] memfd_create("syzkaller", 0) = 3 [pid 5949] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5949] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5949] munmap(0x7fac16400000, 138412032) = 0 [pid 5949] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5949] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5949] close(3) = 0 [pid 5949] close(4) = 0 [pid 5949] mkdir("./bus", 0777) = 0 [pid 5949] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5949] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5949] chdir("./bus") = 0 [pid 5949] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5949] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [ 162.704286][ T5949] loop0: detected capacity change from 0 to 32768 [ 162.736944][ T5949] [ 162.736944][ T5949] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 162.736944][ T5949] [pid 5949] exit_group(0) = ? [pid 5949] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5949, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=17 /* 0.17 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./107", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./107", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./107/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./107/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./107/binderfs") = 0 [ 162.920477][ T13] [ 162.920477][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 162.920477][ T13] [ 162.931037][ T13] [ 162.931037][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 162.931037][ T13] [ 162.941981][ T113] [ 162.941981][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 162.941981][ T113] [ 162.952950][ T5827] [ 162.952950][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 162.952950][ T5827] [ 162.964100][ T5827] umount2("./107/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./107/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./107/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 162.964100][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 162.964100][ T5827] umount2("./107/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./107/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./107/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./107") = 0 mkdir("./108", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5950 attached , child_tidptr=0x55556c245750) = 5950 [pid 5950] set_robust_list(0x55556c245760, 24) = 0 [pid 5950] chdir("./108") = 0 [pid 5950] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5950] setpgid(0, 0) = 0 [pid 5950] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5950] write(3, "1000", 4) = 4 [pid 5950] close(3) = 0 [pid 5950] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5950] write(1, "executing program\n", 18) = 18 [pid 5950] memfd_create("syzkaller", 0) = 3 [pid 5950] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5950] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5950] munmap(0x7fac16400000, 138412032) = 0 [pid 5950] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5950] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5950] close(3) = 0 [pid 5950] close(4) = 0 [pid 5950] mkdir("./bus", 0777) = 0 [pid 5950] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5950] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5950] chdir("./bus") = 0 [pid 5950] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5950] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5950] exit_group(0) = ? [pid 5950] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5950, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=15 /* 0.15 s */} --- [ 163.462814][ T5950] loop0: detected capacity change from 0 to 32768 [ 163.489403][ T5950] [ 163.489403][ T5950] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 163.489403][ T5950] restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./108", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./108", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./108/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./108/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./108/binderfs") = 0 [ 163.554478][ T13] [ 163.554478][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 163.554478][ T13] [ 163.565572][ T13] [ 163.565572][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 163.565572][ T13] [ 163.576839][ T113] [ 163.576839][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 163.576839][ T113] [ 163.587520][ T5827] [ 163.587520][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 163.587520][ T5827] [ 163.599891][ T5827] umount2("./108/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./108/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./108/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./108/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./108/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./108/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./108") = 0 mkdir("./109", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 163.599891][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 163.599891][ T5827] close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5951 attached , child_tidptr=0x55556c245750) = 5951 [pid 5951] set_robust_list(0x55556c245760, 24) = 0 [pid 5951] chdir("./109") = 0 [pid 5951] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5951] setpgid(0, 0) = 0 [pid 5951] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5951] write(3, "1000", 4) = 4 [pid 5951] close(3) = 0 [pid 5951] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5951] write(1, "executing program\n", 18executing program ) = 18 [pid 5951] memfd_create("syzkaller", 0) = 3 [pid 5951] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5951] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5951] munmap(0x7fac16400000, 138412032) = 0 [pid 5951] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5951] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5951] close(3) = 0 [pid 5951] close(4) = 0 [pid 5951] mkdir("./bus", 0777) = 0 [pid 5951] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5951] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5951] chdir("./bus") = 0 [pid 5951] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5951] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5951] exit_group(0) = ? [pid 5951] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5951, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 164.013653][ T5951] loop0: detected capacity change from 0 to 32768 [ 164.046320][ T5951] [ 164.046320][ T5951] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 164.046320][ T5951] umount2("./109", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./109", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./109/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./109/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./109/binderfs") = 0 [ 164.207836][ T36] [ 164.207836][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 164.207836][ T36] [ 164.218577][ T36] [ 164.218577][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 164.218577][ T36] [ 164.229577][ T112] [ 164.229577][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 164.229577][ T112] [ 164.240294][ T5827] [ 164.240294][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 164.240294][ T5827] [ 164.251600][ T5827] umount2("./109/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./109/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./109/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 164.251600][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 164.251600][ T5827] umount2("./109/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./109/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./109/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./109") = 0 mkdir("./110", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5952 attached , child_tidptr=0x55556c245750) = 5952 [pid 5952] set_robust_list(0x55556c245760, 24) = 0 [pid 5952] chdir("./110") = 0 [pid 5952] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5952] setpgid(0, 0) = 0 [pid 5952] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5952] write(3, "1000", 4) = 4 [pid 5952] close(3) = 0 [pid 5952] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5952] write(1, "executing program\n", 18) = 18 [pid 5952] memfd_create("syzkaller", 0) = 3 [pid 5952] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5952] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5952] munmap(0x7fac16400000, 138412032) = 0 [pid 5952] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5952] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5952] close(3) = 0 [pid 5952] close(4) = 0 [pid 5952] mkdir("./bus", 0777) = 0 [ 164.814431][ T5952] loop0: detected capacity change from 0 to 32768 [pid 5952] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5952] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5952] chdir("./bus") = 0 [pid 5952] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5952] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5952] exit_group(0) = ? [pid 5952] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5952, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=15 /* 0.15 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./110", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./110", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./110/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./110/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./110/binderfs") = 0 [ 164.873165][ T5952] [ 164.873165][ T5952] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 164.873165][ T5952] [ 164.906619][ T1088] [ 164.906619][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 164.906619][ T1088] [ 164.917185][ T1088] umount2("./110/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./110/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./110/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./110/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./110/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./110/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./110") = 0 mkdir("./111", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 164.917185][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 164.917185][ T1088] [ 164.928397][ T5827] [ 164.928397][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 164.928397][ T5827] [ 164.940724][ T112] [ 164.940724][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 164.940724][ T112] [ 164.951559][ T5827] [ 164.951559][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 164.951559][ T5827] close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5953 attached [pid 5953] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 5953 [pid 5953] <... set_robust_list resumed>) = 0 [pid 5953] chdir("./111") = 0 [pid 5953] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5953] setpgid(0, 0) = 0 [pid 5953] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5953] write(3, "1000", 4) = 4 [pid 5953] close(3) = 0 [pid 5953] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5953] write(1, "executing program\n", 18executing program ) = 18 [pid 5953] memfd_create("syzkaller", 0) = 3 [pid 5953] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5953] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5953] munmap(0x7fac16400000, 138412032) = 0 [pid 5953] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5953] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5953] close(3) = 0 [pid 5953] close(4) = 0 [pid 5953] mkdir("./bus", 0777) = 0 [pid 5953] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5953] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5953] chdir("./bus") = 0 [pid 5953] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5953] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5953] exit_group(0) = ? [ 165.344863][ T5953] loop0: detected capacity change from 0 to 32768 [ 165.376318][ T5953] [ 165.376318][ T5953] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 165.376318][ T5953] [pid 5953] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5953, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=16 /* 0.16 s */} --- umount2("./111", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./111", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./111/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./111/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./111/binderfs") = 0 [ 165.574008][ T13] [ 165.574008][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 165.574008][ T13] [ 165.584753][ T13] [ 165.584753][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 165.584753][ T13] [ 165.595752][ T113] [ 165.595752][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 165.595752][ T113] [ 165.606410][ T5827] [ 165.606410][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 165.606410][ T5827] [ 165.617385][ T5827] umount2("./111/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./111/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./111/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./111/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./111/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./111/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./111") = 0 mkdir("./112", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 165.617385][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 165.617385][ T5827] close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5954 attached [pid 5954] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 5954 [pid 5954] <... set_robust_list resumed>) = 0 [pid 5954] chdir("./112") = 0 [pid 5954] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5954] setpgid(0, 0) = 0 [pid 5954] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5954] write(3, "1000", 4) = 4 [pid 5954] close(3) = 0 [pid 5954] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5954] write(1, "executing program\n", 18) = 18 [pid 5954] memfd_create("syzkaller", 0) = 3 [pid 5954] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5954] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5954] munmap(0x7fac16400000, 138412032) = 0 [pid 5954] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5954] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5954] close(3) = 0 [pid 5954] close(4) = 0 [pid 5954] mkdir("./bus", 0777) = 0 [pid 5954] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5954] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5954] chdir("./bus") = 0 [pid 5954] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5954] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5954] exit_group(0) = ? [pid 5954] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5954, si_uid=0, si_status=0, si_utime=0, si_stime=18 /* 0.18 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./112", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./112", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./112/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./112/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./112/binderfs") = 0 [ 165.986745][ T5954] loop0: detected capacity change from 0 to 32768 [ 166.005745][ T5954] [ 166.005745][ T5954] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 166.005745][ T5954] [ 166.068435][ T36] [ 166.068435][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 166.068435][ T36] [ 166.078983][ T36] [ 166.078983][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 166.078983][ T36] [ 166.091029][ T112] [ 166.091029][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 166.091029][ T112] [ 166.101911][ T5827] [ 166.101911][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 166.101911][ T5827] [ 166.112802][ T5827] umount2("./112/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./112/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./112/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./112/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./112/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./112/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./112") = 0 mkdir("./113", 0777) = 0 [ 166.112802][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 166.112802][ T5827] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5955 attached [pid 5955] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 5955 [pid 5955] <... set_robust_list resumed>) = 0 [pid 5955] chdir("./113") = 0 [pid 5955] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5955] setpgid(0, 0) = 0 [pid 5955] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5955] write(3, "1000", 4) = 4 [pid 5955] close(3) = 0 [pid 5955] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5955] write(1, "executing program\n", 18) = 18 [pid 5955] memfd_create("syzkaller", 0) = 3 [pid 5955] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5955] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5955] munmap(0x7fac16400000, 138412032) = 0 [pid 5955] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5955] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5955] close(3) = 0 [pid 5955] close(4) = 0 [pid 5955] mkdir("./bus", 0777) = 0 [pid 5955] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5955] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5955] chdir("./bus") = 0 [pid 5955] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5955] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [ 166.550705][ T5955] loop0: detected capacity change from 0 to 32768 [ 166.581055][ T5955] [ 166.581055][ T5955] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 166.581055][ T5955] [pid 5955] exit_group(0) = ? [pid 5955] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5955, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./113", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./113", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./113/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./113/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./113/binderfs") = 0 [ 166.667503][ T36] [ 166.667503][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 166.667503][ T36] [ 166.680076][ T36] [ 166.680076][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 166.680076][ T36] [ 166.691601][ T5827] [ 166.691601][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 166.691601][ T5827] [ 166.702376][ T113] [ 166.702376][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 166.702376][ T113] [ 166.712962][ T5827] umount2("./113/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./113/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./113/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./113/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./113/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 166.712962][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 166.712962][ T5827] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./113/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./113") = 0 mkdir("./114", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5956 attached , child_tidptr=0x55556c245750) = 5956 [pid 5956] set_robust_list(0x55556c245760, 24) = 0 [pid 5956] chdir("./114") = 0 [pid 5956] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5956] setpgid(0, 0) = 0 [pid 5956] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5956] write(3, "1000", 4) = 4 [pid 5956] close(3) = 0 [pid 5956] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5956] write(1, "executing program\n", 18executing program ) = 18 [pid 5956] memfd_create("syzkaller", 0) = 3 [pid 5956] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5956] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5956] munmap(0x7fac16400000, 138412032) = 0 [pid 5956] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5956] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5956] close(3) = 0 [pid 5956] close(4) = 0 [pid 5956] mkdir("./bus", 0777) = 0 [ 167.295443][ T5956] loop0: detected capacity change from 0 to 32768 [pid 5956] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5956] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5956] chdir("./bus") = 0 [pid 5956] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5956] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5956] exit_group(0) = ? [pid 5956] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5956, si_uid=0, si_status=0, si_utime=0, si_stime=20 /* 0.20 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./114", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./114", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./114/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./114/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./114/binderfs") = 0 [ 167.361486][ T5956] [ 167.361486][ T5956] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 167.361486][ T5956] [ 167.389940][ T1088] [ 167.389940][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 167.389940][ T1088] [ 167.401156][ T1088] [ 167.401156][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 167.401156][ T1088] umount2("./114/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./114/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./114/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./114/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./114/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./114/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./114") = 0 mkdir("./115", 0777) = 0 [ 167.412424][ T112] [ 167.412424][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 167.412424][ T112] [ 167.423129][ T5827] [ 167.423129][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 167.423129][ T5827] [ 167.435923][ T5827] [ 167.435923][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 167.435923][ T5827] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5957 attached , child_tidptr=0x55556c245750) = 5957 [pid 5957] set_robust_list(0x55556c245760, 24) = 0 [pid 5957] chdir("./115") = 0 [pid 5957] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5957] setpgid(0, 0) = 0 [pid 5957] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5957] write(3, "1000", 4) = 4 [pid 5957] close(3) = 0 [pid 5957] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5957] write(1, "executing program\n", 18) = 18 [pid 5957] memfd_create("syzkaller", 0) = 3 [pid 5957] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5957] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5957] munmap(0x7fac16400000, 138412032) = 0 [pid 5957] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5957] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5957] close(3) = 0 [pid 5957] close(4) = 0 [pid 5957] mkdir("./bus", 0777) = 0 [pid 5957] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5957] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5957] chdir("./bus") = 0 [pid 5957] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5957] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5957] exit_group(0) = ? [pid 5957] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5957, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=18 /* 0.18 s */} --- umount2("./115", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./115", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./115/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./115/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./115/binderfs") = 0 [ 167.895083][ T5957] loop0: detected capacity change from 0 to 32768 [ 167.922740][ T5957] [ 167.922740][ T5957] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 167.922740][ T5957] [ 167.972032][ T1088] [ 167.972032][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 167.972032][ T1088] [ 167.982591][ T1088] [ 167.982591][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 167.982591][ T1088] [ 167.994694][ T5827] [ 167.994694][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 167.994694][ T5827] [ 168.005881][ T112] [ 168.005881][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 168.005881][ T112] [ 168.016827][ T5827] umount2("./115/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./115/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./115/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./115/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./115/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./115/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./115") = 0 mkdir("./116", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 168.016827][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 168.016827][ T5827] close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5958 attached [pid 5958] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 5958 [pid 5958] <... set_robust_list resumed>) = 0 [pid 5958] chdir("./116") = 0 [pid 5958] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5958] setpgid(0, 0) = 0 [pid 5958] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5958] write(3, "1000", 4) = 4 [pid 5958] close(3) = 0 [pid 5958] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5958] write(1, "executing program\n", 18) = 18 [pid 5958] memfd_create("syzkaller", 0) = 3 [pid 5958] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5958] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5958] munmap(0x7fac16400000, 138412032) = 0 [pid 5958] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5958] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5958] close(3) = 0 [pid 5958] close(4) = 0 [pid 5958] mkdir("./bus", 0777) = 0 [pid 5958] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5958] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5958] chdir("./bus") = 0 [pid 5958] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5958] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5958] exit_group(0) = ? [pid 5958] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5958, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 168.385868][ T5958] loop0: detected capacity change from 0 to 32768 [ 168.405060][ T5958] [ 168.405060][ T5958] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 168.405060][ T5958] umount2("./116", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./116", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./116/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./116/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./116/binderfs") = 0 [ 168.569002][ T1088] [ 168.569002][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 168.569002][ T1088] [ 168.579562][ T1088] [ 168.579562][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 168.579562][ T1088] [ 168.590509][ T113] [ 168.590509][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 168.590509][ T113] [ 168.601702][ T5827] [ 168.601702][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 168.601702][ T5827] [ 168.612881][ T5827] umount2("./116/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./116/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./116/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 168.612881][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 168.612881][ T5827] umount2("./116/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./116/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./116/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./116") = 0 mkdir("./117", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5959 attached , child_tidptr=0x55556c245750) = 5959 [pid 5959] set_robust_list(0x55556c245760, 24) = 0 [pid 5959] chdir("./117") = 0 [pid 5959] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5959] setpgid(0, 0) = 0 [pid 5959] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5959] write(3, "1000", 4) = 4 [pid 5959] close(3) = 0 executing program [pid 5959] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5959] write(1, "executing program\n", 18) = 18 [pid 5959] memfd_create("syzkaller", 0) = 3 [pid 5959] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5959] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5959] munmap(0x7fac16400000, 138412032) = 0 [pid 5959] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5959] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5959] close(3) = 0 [pid 5959] close(4) = 0 [pid 5959] mkdir("./bus", 0777) = 0 [pid 5959] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5959] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5959] chdir("./bus") = 0 [pid 5959] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 169.153826][ T5959] loop0: detected capacity change from 0 to 32768 [ 169.188874][ T5959] [ 169.188874][ T5959] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 169.188874][ T5959] [pid 5959] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5959] exit_group(0) = ? [pid 5959] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5959, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./117", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./117", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./117/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./117/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./117/binderfs") = 0 [ 169.385892][ T36] [ 169.385892][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 169.385892][ T36] [ 169.396480][ T36] [ 169.396480][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 169.396480][ T36] [ 169.408000][ T112] [ 169.408000][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 169.408000][ T112] [ 169.418635][ T5827] [ 169.418635][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 169.418635][ T5827] [ 169.429836][ T5827] umount2("./117/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./117/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./117/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./117/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./117/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./117/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./117") = 0 mkdir("./118", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 169.429836][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 169.429836][ T5827] close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5960 attached [pid 5960] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 5960 [pid 5960] <... set_robust_list resumed>) = 0 [pid 5960] chdir("./118") = 0 [pid 5960] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5960] setpgid(0, 0) = 0 [pid 5960] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5960] write(3, "1000", 4) = 4 [pid 5960] close(3) = 0 [pid 5960] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5960] write(1, "executing program\n", 18) = 18 [pid 5960] memfd_create("syzkaller", 0) = 3 [pid 5960] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5960] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5960] munmap(0x7fac16400000, 138412032) = 0 [pid 5960] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5960] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5960] close(3) = 0 [pid 5960] close(4) = 0 [pid 5960] mkdir("./bus", 0777) = 0 [ 169.804966][ T5960] loop0: detected capacity change from 0 to 32768 [ 169.845031][ T5960] [ 169.845031][ T5960] ... Log Wrap ... Log Wrap ... Log Wrap ... [pid 5960] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5960] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5960] chdir("./bus") = 0 [ 169.845031][ T5960] [pid 5960] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5960] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5960] exit_group(0) = ? [pid 5960] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5960, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./118", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./118", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./118/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./118/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./118/binderfs") = 0 [ 170.053101][ T13] [ 170.053101][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 170.053101][ T13] [ 170.063772][ T13] [ 170.063772][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 170.063772][ T13] [ 170.074852][ T113] [ 170.074852][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 170.074852][ T113] [ 170.085604][ T5827] [ 170.085604][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 170.085604][ T5827] [ 170.096802][ T5827] umount2("./118/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./118/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./118/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./118/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 170.096802][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 170.096802][ T5827] openat(AT_FDCWD, "./118/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./118/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./118") = 0 mkdir("./119", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5961 attached [pid 5961] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 5961 [pid 5961] <... set_robust_list resumed>) = 0 [pid 5961] chdir("./119") = 0 [pid 5961] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5961] setpgid(0, 0) = 0 [pid 5961] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5961] write(3, "1000", 4) = 4 [pid 5961] close(3) = 0 [pid 5961] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5961] write(1, "executing program\n", 18executing program ) = 18 [pid 5961] memfd_create("syzkaller", 0) = 3 [pid 5961] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5961] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5961] munmap(0x7fac16400000, 138412032) = 0 [pid 5961] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5961] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5961] close(3) = 0 [pid 5961] close(4) = 0 [pid 5961] mkdir("./bus", 0777) = 0 [ 170.625022][ T5961] loop0: detected capacity change from 0 to 32768 [pid 5961] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5961] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5961] chdir("./bus") = 0 [ 170.665568][ T5961] [ 170.665568][ T5961] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 170.665568][ T5961] [pid 5961] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5961] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5961] exit_group(0) = ? [pid 5961] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5961, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=18 /* 0.18 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./119", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./119", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./119/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./119/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./119/binderfs") = 0 [ 170.855817][ T1088] [ 170.855817][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 170.855817][ T1088] [ 170.866380][ T1088] [ 170.866380][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 170.866380][ T1088] [ 170.877543][ T112] [ 170.877543][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 170.877543][ T112] [ 170.888244][ T5827] [ 170.888244][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 170.888244][ T5827] [ 170.899882][ T5827] umount2("./119/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./119/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./119/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./119/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./119/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./119/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./119") = 0 mkdir("./120", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 170.899882][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 170.899882][ T5827] close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5962 attached , child_tidptr=0x55556c245750) = 5962 [pid 5962] set_robust_list(0x55556c245760, 24) = 0 [pid 5962] chdir("./120") = 0 [pid 5962] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5962] setpgid(0, 0) = 0 [pid 5962] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5962] write(3, "1000", 4) = 4 [pid 5962] close(3) = 0 [pid 5962] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5962] write(1, "executing program\n", 18executing program ) = 18 [pid 5962] memfd_create("syzkaller", 0) = 3 [pid 5962] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5962] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5962] munmap(0x7fac16400000, 138412032) = 0 [pid 5962] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5962] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5962] close(3) = 0 [pid 5962] close(4) = 0 [pid 5962] mkdir("./bus", 0777) = 0 [ 171.300286][ T5962] loop0: detected capacity change from 0 to 32768 [pid 5962] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5962] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5962] chdir("./bus") = 0 [pid 5962] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5962] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5962] exit_group(0) = ? [pid 5962] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5962, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=14 /* 0.14 s */} --- umount2("./120", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./120", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 171.340768][ T5962] [ 171.340768][ T5962] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 171.340768][ T5962] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./120/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./120/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./120/binderfs") = 0 [ 171.492041][ T13] [ 171.492041][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 171.492041][ T13] [ 171.502625][ T13] [ 171.502625][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 171.502625][ T13] [ 171.513620][ T5827] [ 171.513620][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 171.513620][ T5827] [ 171.525151][ T112] [ 171.525151][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 171.525151][ T112] [ 171.535793][ T5827] umount2("./120/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./120/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./120/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./120/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./120/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./120/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 [ 171.535793][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 171.535793][ T5827] rmdir("./120") = 0 mkdir("./121", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5963 attached , child_tidptr=0x55556c245750) = 5963 [pid 5963] set_robust_list(0x55556c245760, 24) = 0 [pid 5963] chdir("./121") = 0 [pid 5963] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5963] setpgid(0, 0) = 0 [pid 5963] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5963] write(3, "1000", 4) = 4 [pid 5963] close(3) = 0 [pid 5963] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 5963] write(1, "executing program\n", 18) = 18 [pid 5963] memfd_create("syzkaller", 0) = 3 [pid 5963] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5963] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5963] munmap(0x7fac16400000, 138412032) = 0 [pid 5963] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5963] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5963] close(3) = 0 [pid 5963] close(4) = 0 [pid 5963] mkdir("./bus", 0777) = 0 [pid 5963] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5963] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5963] chdir("./bus") = 0 [pid 5963] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5963] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [ 171.996328][ T5963] loop0: detected capacity change from 0 to 32768 [ 172.020324][ T5963] [ 172.020324][ T5963] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 172.020324][ T5963] [pid 5963] exit_group(0) = ? [pid 5963] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5963, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./121", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./121", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./121/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./121/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./121/binderfs") = 0 [ 172.098531][ T1088] [ 172.098531][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 172.098531][ T1088] [ 172.109391][ T1088] [ 172.109391][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 172.109391][ T1088] [ 172.121421][ T112] [ 172.121421][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 172.121421][ T112] [ 172.132298][ T5827] [ 172.132298][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 172.132298][ T5827] [ 172.143137][ T5827] umount2("./121/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./121/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./121/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./121/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./121/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 [ 172.143137][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 172.143137][ T5827] rmdir("./121/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./121") = 0 mkdir("./122", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5964 attached , child_tidptr=0x55556c245750) = 5964 [pid 5964] set_robust_list(0x55556c245760, 24) = 0 [pid 5964] chdir("./122") = 0 [pid 5964] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5964] setpgid(0, 0) = 0 [pid 5964] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5964] write(3, "1000", 4) = 4 [pid 5964] close(3) = 0 [pid 5964] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5964] write(1, "executing program\n", 18) = 18 [pid 5964] memfd_create("syzkaller", 0) = 3 [pid 5964] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5964] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5964] munmap(0x7fac16400000, 138412032) = 0 [pid 5964] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5964] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5964] close(3) = 0 [pid 5964] close(4) = 0 [pid 5964] mkdir("./bus", 0777) = 0 [pid 5964] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5964] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5964] chdir("./bus") = 0 [pid 5964] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5964] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5964] exit_group(0) = ? [pid 5964] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5964, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./122", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./122", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./122/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./122/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./122/binderfs") = 0 [ 172.616068][ T5964] loop0: detected capacity change from 0 to 32768 [ 172.634516][ T5964] [ 172.634516][ T5964] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 172.634516][ T5964] [ 172.691846][ T13] [ 172.691846][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 172.691846][ T13] [ 172.703462][ T13] [ 172.703462][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 172.703462][ T13] [ 172.714721][ T5827] [ 172.714721][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 172.714721][ T5827] [ 172.726223][ T112] [ 172.726223][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 172.726223][ T112] [ 172.737168][ T5827] umount2("./122/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./122/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./122/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./122/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./122/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./122/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./122") = 0 mkdir("./123", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 172.737168][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 172.737168][ T5827] ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5965 attached [pid 5965] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 5965 [pid 5965] <... set_robust_list resumed>) = 0 [pid 5965] chdir("./123") = 0 [pid 5965] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5965] setpgid(0, 0) = 0 [pid 5965] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5965] write(3, "1000", 4) = 4 [pid 5965] close(3) = 0 [pid 5965] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5965] write(1, "executing program\n", 18) = 18 [pid 5965] memfd_create("syzkaller", 0) = 3 [pid 5965] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5965] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5965] munmap(0x7fac16400000, 138412032) = 0 [pid 5965] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5965] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5965] close(3) = 0 [pid 5965] close(4) = 0 [pid 5965] mkdir("./bus", 0777) = 0 [pid 5965] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5965] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5965] chdir("./bus") = 0 [pid 5965] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 173.164619][ T5965] loop0: detected capacity change from 0 to 32768 [ 173.201063][ T5965] [ 173.201063][ T5965] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 173.201063][ T5965] [pid 5965] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5965] exit_group(0) = ? [pid 5965] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5965, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./123", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./123", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./123/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./123/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./123/binderfs") = 0 [ 173.398915][ T1088] [ 173.398915][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 173.398915][ T1088] [ 173.409594][ T1088] [ 173.409594][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 173.409594][ T1088] [ 173.420567][ T113] [ 173.420567][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 173.420567][ T113] [ 173.431350][ T5827] [ 173.431350][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 173.431350][ T5827] [ 173.442181][ T5827] umount2("./123/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./123/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./123/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./123/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./123/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./123/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./123") = 0 mkdir("./124", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 173.442181][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 173.442181][ T5827] close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5966 attached , child_tidptr=0x55556c245750) = 5966 [pid 5966] set_robust_list(0x55556c245760, 24) = 0 [pid 5966] chdir("./124") = 0 [pid 5966] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5966] setpgid(0, 0) = 0 [pid 5966] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5966] write(3, "1000", 4) = 4 [pid 5966] close(3) = 0 [pid 5966] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5966] write(1, "executing program\n", 18) = 18 [pid 5966] memfd_create("syzkaller", 0) = 3 [pid 5966] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5966] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5966] munmap(0x7fac16400000, 138412032) = 0 [pid 5966] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5966] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5966] close(3) = 0 [pid 5966] close(4) = 0 [pid 5966] mkdir("./bus", 0777) = 0 [pid 5966] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5966] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5966] chdir("./bus") = 0 [pid 5966] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5966] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5966] exit_group(0) = ? [pid 5966] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5966, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=17 /* 0.17 s */} --- [ 173.848034][ T5966] loop0: detected capacity change from 0 to 32768 [ 173.885343][ T5966] [ 173.885343][ T5966] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 173.885343][ T5966] restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./124", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./124", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./124/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./124/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./124/binderfs") = 0 [ 173.941973][ T13] [ 173.941973][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 173.941973][ T13] [ 173.953550][ T13] [ 173.953550][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 173.953550][ T13] [ 173.964564][ T112] [ 173.964564][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 173.964564][ T112] [ 173.975246][ T5827] [ 173.975246][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 173.975246][ T5827] [ 173.986551][ T5827] umount2("./124/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./124/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./124/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./124/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./124/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./124/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./124") = 0 mkdir("./125", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 173.986551][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 173.986551][ T5827] close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5967 attached [pid 5967] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 5967 [pid 5967] <... set_robust_list resumed>) = 0 [pid 5967] chdir("./125") = 0 [pid 5967] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5967] setpgid(0, 0) = 0 [pid 5967] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5967] write(3, "1000", 4) = 4 [pid 5967] close(3) = 0 [pid 5967] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5967] write(1, "executing program\n", 18executing program ) = 18 [pid 5967] memfd_create("syzkaller", 0) = 3 [pid 5967] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5967] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5967] munmap(0x7fac16400000, 138412032) = 0 [pid 5967] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5967] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5967] close(3) = 0 [pid 5967] close(4) = 0 [pid 5967] mkdir("./bus", 0777) = 0 [pid 5967] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5967] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5967] chdir("./bus") = 0 [pid 5967] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5967] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5967] exit_group(0) = ? [ 174.381003][ T5967] loop0: detected capacity change from 0 to 32768 [ 174.416673][ T5967] [ 174.416673][ T5967] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 174.416673][ T5967] [pid 5967] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5967, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=13 /* 0.13 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./125", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./125", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./125/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./125/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./125/binderfs") = 0 [ 174.618358][ T36] [ 174.618358][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 174.618358][ T36] [ 174.629017][ T36] [ 174.629017][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 174.629017][ T36] [ 174.640077][ T113] [ 174.640077][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 174.640077][ T113] [ 174.650644][ T5827] [ 174.650644][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 174.650644][ T5827] [ 174.661656][ T5827] umount2("./125/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./125/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./125/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 174.661656][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 174.661656][ T5827] umount2("./125/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./125/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./125/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./125") = 0 mkdir("./126", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5968 attached , child_tidptr=0x55556c245750) = 5968 [pid 5968] set_robust_list(0x55556c245760, 24) = 0 [pid 5968] chdir("./126") = 0 [pid 5968] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5968] setpgid(0, 0) = 0 [pid 5968] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5968] write(3, "1000", 4) = 4 [pid 5968] close(3) = 0 [pid 5968] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5968] write(1, "executing program\n", 18) = 18 [pid 5968] memfd_create("syzkaller", 0) = 3 [pid 5968] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5968] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5968] munmap(0x7fac16400000, 138412032) = 0 [pid 5968] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5968] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5968] close(3) = 0 [pid 5968] close(4) = 0 [pid 5968] mkdir("./bus", 0777) = 0 [pid 5968] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5968] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [ 175.257244][ T5968] loop0: detected capacity change from 0 to 32768 [ 175.292019][ T5968] [ 175.292019][ T5968] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 175.292019][ T5968] [pid 5968] chdir("./bus") = 0 [pid 5968] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5968] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5968] exit_group(0) = ? [pid 5968] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5968, si_uid=0, si_status=0, si_utime=0, si_stime=17 /* 0.17 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./126", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./126", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./126/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./126/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./126/binderfs") = 0 [ 175.487808][ T13] [ 175.487808][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 175.487808][ T13] [ 175.498465][ T13] [ 175.498465][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 175.498465][ T13] [ 175.509479][ T5827] [ 175.509479][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 175.509479][ T5827] [ 175.520880][ T113] [ 175.520880][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 175.520880][ T113] [ 175.531443][ T5827] umount2("./126/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./126/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./126/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./126/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./126/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 [ 175.531443][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 175.531443][ T5827] rmdir("./126/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./126") = 0 mkdir("./127", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5969 attached [pid 5969] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 5969 [pid 5969] <... set_robust_list resumed>) = 0 [pid 5969] chdir("./127") = 0 [pid 5969] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5969] setpgid(0, 0) = 0 [pid 5969] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5969] write(3, "1000", 4) = 4 [pid 5969] close(3) = 0 [pid 5969] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5969] write(1, "executing program\n", 18) = 18 [pid 5969] memfd_create("syzkaller", 0) = 3 [pid 5969] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5969] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5969] munmap(0x7fac16400000, 138412032) = 0 [pid 5969] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5969] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5969] close(3) = 0 [pid 5969] close(4) = 0 [pid 5969] mkdir("./bus", 0777) = 0 [pid 5969] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5969] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5969] chdir("./bus") = 0 [ 175.994147][ T5969] loop0: detected capacity change from 0 to 32768 [ 176.031388][ T5969] [ 176.031388][ T5969] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 176.031388][ T5969] [pid 5969] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5969] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5969] exit_group(0) = ? [pid 5969] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5969, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=19 /* 0.19 s */} --- umount2("./127", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./127", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./127/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./127/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./127/binderfs") = 0 [ 176.128699][ T1088] [ 176.128699][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 176.128699][ T1088] [ 176.139282][ T1088] [ 176.139282][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 176.139282][ T1088] [ 176.150254][ T112] [ 176.150254][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 176.150254][ T112] [ 176.160846][ T5827] [ 176.160846][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 176.160846][ T5827] [ 176.171746][ T5827] umount2("./127/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./127/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./127/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./127/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./127/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./127/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./127") = 0 mkdir("./128", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 176.171746][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 176.171746][ T5827] close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5970 attached [pid 5970] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 5970 [pid 5970] <... set_robust_list resumed>) = 0 [pid 5970] chdir("./128") = 0 [pid 5970] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5970] setpgid(0, 0) = 0 [pid 5970] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5970] write(3, "1000", 4) = 4 [pid 5970] close(3) = 0 [pid 5970] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5970] write(1, "executing program\n", 18) = 18 [pid 5970] memfd_create("syzkaller", 0) = 3 [pid 5970] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5970] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5970] munmap(0x7fac16400000, 138412032) = 0 [pid 5970] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5970] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5970] close(3) = 0 [pid 5970] close(4) = 0 [pid 5970] mkdir("./bus", 0777) = 0 [pid 5970] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5970] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5970] chdir("./bus") = 0 [pid 5970] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5970] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5970] exit_group(0) = ? [pid 5970] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5970, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=15 /* 0.15 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 176.577551][ T5970] loop0: detected capacity change from 0 to 32768 [ 176.606840][ T5970] [ 176.606840][ T5970] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 176.606840][ T5970] umount2("./128", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./128", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./128/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./128/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./128/binderfs") = 0 [ 176.779329][ T13] [ 176.779329][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 176.779329][ T13] [ 176.789879][ T13] [ 176.789879][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 176.789879][ T13] [ 176.800595][ T5827] [ 176.800595][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 176.800595][ T5827] [ 176.811376][ T113] [ 176.811376][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 176.811376][ T113] [ 176.822039][ T5827] umount2("./128/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./128/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./128/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 176.822039][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 176.822039][ T5827] umount2("./128/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./128/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./128/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./128") = 0 mkdir("./129", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5971 attached , child_tidptr=0x55556c245750) = 5971 [pid 5971] set_robust_list(0x55556c245760, 24) = 0 [pid 5971] chdir("./129") = 0 [pid 5971] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5971] setpgid(0, 0) = 0 [pid 5971] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5971] write(3, "1000", 4) = 4 [pid 5971] close(3) = 0 [pid 5971] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5971] write(1, "executing program\n", 18executing program ) = 18 [pid 5971] memfd_create("syzkaller", 0) = 3 [pid 5971] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5971] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5971] munmap(0x7fac16400000, 138412032) = 0 [pid 5971] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5971] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5971] close(3) = 0 [pid 5971] close(4) = 0 [pid 5971] mkdir("./bus", 0777) = 0 [ 177.383426][ T5971] loop0: detected capacity change from 0 to 32768 [pid 5971] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5971] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5971] chdir("./bus") = 0 [pid 5971] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5971] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5971] exit_group(0) = ? [pid 5971] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5971, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./129", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./129", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./129/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./129/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./129/binderfs") = 0 [ 177.428788][ T5971] [ 177.428788][ T5971] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 177.428788][ T5971] [ 177.473214][ T13] [ 177.473214][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 177.473214][ T13] [ 177.483948][ T13] [ 177.483948][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 177.483948][ T13] [ 177.494656][ T5827] [ 177.494656][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 177.494656][ T5827] [ 177.505695][ T112] [ 177.505695][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 177.505695][ T112] [ 177.517117][ T5827] umount2("./129/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./129/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./129/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./129/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./129/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./129/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./129") = 0 mkdir("./130", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 177.517117][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 177.517117][ T5827] close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5972 attached [pid 5972] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 5972 [pid 5972] <... set_robust_list resumed>) = 0 [pid 5972] chdir("./130") = 0 [pid 5972] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5972] setpgid(0, 0) = 0 [pid 5972] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5972] write(3, "1000", 4) = 4 [pid 5972] close(3) = 0 [pid 5972] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 5972] write(1, "executing program\n", 18) = 18 [pid 5972] memfd_create("syzkaller", 0) = 3 [pid 5972] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5972] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5972] munmap(0x7fac16400000, 138412032) = 0 [pid 5972] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5972] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5972] close(3) = 0 [pid 5972] close(4) = 0 [pid 5972] mkdir("./bus", 0777) = 0 [ 177.918049][ T5972] loop0: detected capacity change from 0 to 32768 [pid 5972] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5972] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5972] chdir("./bus") = 0 [pid 5972] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5972] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5972] exit_group(0) = ? [pid 5972] +++ exited with 0 +++ [ 177.961623][ T5972] [ 177.961623][ T5972] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 177.961623][ T5972] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5972, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=17 /* 0.17 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./130", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./130", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./130/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./130/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./130/binderfs") = 0 [ 178.160415][ T13] [ 178.160415][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 178.160415][ T13] [ 178.170927][ T13] [ 178.170927][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 178.170927][ T13] [ 178.181874][ T113] [ 178.181874][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 178.181874][ T113] [ 178.192583][ T5827] [ 178.192583][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 178.192583][ T5827] [ 178.203789][ T5827] umount2("./130/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./130/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./130/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./130/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./130/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./130/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./130") = 0 mkdir("./131", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 178.203789][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 178.203789][ T5827] close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5973 attached [pid 5973] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 5973 [pid 5973] <... set_robust_list resumed>) = 0 [pid 5973] chdir("./131") = 0 [pid 5973] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5973] setpgid(0, 0) = 0 [pid 5973] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5973] write(3, "1000", 4) = 4 [pid 5973] close(3) = 0 [pid 5973] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5973] write(1, "executing program\n", 18) = 18 [pid 5973] memfd_create("syzkaller", 0) = 3 [pid 5973] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5973] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5973] munmap(0x7fac16400000, 138412032) = 0 [pid 5973] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5973] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5973] close(3) = 0 [pid 5973] close(4) = 0 [pid 5973] mkdir("./bus", 0777) = 0 [pid 5973] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5973] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5973] chdir("./bus") = 0 [pid 5973] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5973] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5973] exit_group(0) = ? [pid 5973] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5973, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=17 /* 0.17 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./131", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 178.674442][ T5973] loop0: detected capacity change from 0 to 32768 [ 178.698287][ T5973] [ 178.698287][ T5973] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 178.698287][ T5973] openat(AT_FDCWD, "./131", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./131/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./131/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./131/binderfs") = 0 [ 178.782202][ T36] [ 178.782202][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 178.782202][ T36] [ 178.793079][ T36] [ 178.793079][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 178.793079][ T36] [ 178.805089][ T112] [ 178.805089][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 178.805089][ T112] [ 178.815678][ T5827] [ 178.815678][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 178.815678][ T5827] [ 178.826707][ T5827] umount2("./131/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./131/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./131/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 178.826707][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 178.826707][ T5827] umount2("./131/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./131/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./131/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./131") = 0 mkdir("./132", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5974 attached , child_tidptr=0x55556c245750) = 5974 [pid 5974] set_robust_list(0x55556c245760, 24) = 0 [pid 5974] chdir("./132") = 0 [pid 5974] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5974] setpgid(0, 0) = 0 [pid 5974] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5974] write(3, "1000", 4) = 4 [pid 5974] close(3) = 0 [pid 5974] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5974] write(1, "executing program\n", 18executing program ) = 18 [pid 5974] memfd_create("syzkaller", 0) = 3 [pid 5974] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5974] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5974] munmap(0x7fac16400000, 138412032) = 0 [pid 5974] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5974] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5974] close(3) = 0 [pid 5974] close(4) = 0 [pid 5974] mkdir("./bus", 0777) = 0 [ 179.383377][ T5974] loop0: detected capacity change from 0 to 32768 [pid 5974] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5974] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5974] chdir("./bus") = 0 [pid 5974] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 179.432402][ T5974] [ 179.432402][ T5974] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 179.432402][ T5974] [pid 5974] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5974] exit_group(0) = ? [pid 5974] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5974, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=16 /* 0.16 s */} --- umount2("./132", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./132", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./132/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./132/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./132/binderfs") = 0 umount2("./132/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./132/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./132/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./132/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./132/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./132/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./132") = 0 [ 179.629189][ T1088] [ 179.629189][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 179.629189][ T1088] [ 179.639697][ T1088] [ 179.639697][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 179.639697][ T1088] [ 179.650712][ T113] [ 179.650712][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 179.650712][ T113] [ 179.661281][ T5827] [ 179.661281][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 179.661281][ T5827] [ 179.672167][ T5827] mkdir("./133", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 179.672167][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 179.672167][ T5827] ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5975 attached , child_tidptr=0x55556c245750) = 5975 [pid 5975] set_robust_list(0x55556c245760, 24) = 0 [pid 5975] chdir("./133") = 0 [pid 5975] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5975] setpgid(0, 0) = 0 [pid 5975] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5975] write(3, "1000", 4) = 4 [pid 5975] close(3) = 0 [pid 5975] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5975] write(1, "executing program\n", 18executing program ) = 18 [pid 5975] memfd_create("syzkaller", 0) = 3 [pid 5975] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5975] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5975] munmap(0x7fac16400000, 138412032) = 0 [pid 5975] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5975] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5975] close(3) = 0 [pid 5975] close(4) = 0 [pid 5975] mkdir("./bus", 0777) = 0 [pid 5975] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5975] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5975] chdir("./bus") = 0 [pid 5975] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5975] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5975] exit_group(0) = ? [pid 5975] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5975, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=15 /* 0.15 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./133", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./133", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 [ 180.140670][ T5975] loop0: detected capacity change from 0 to 32768 [ 180.166895][ T5975] [ 180.166895][ T5975] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 180.166895][ T5975] umount2("./133/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./133/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./133/binderfs") = 0 [ 180.258308][ T36] [ 180.258308][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 180.258308][ T36] [ 180.269303][ T36] [ 180.269303][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 180.269303][ T36] [ 180.280191][ T5827] [ 180.280191][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 180.280191][ T5827] [ 180.291322][ T112] [ 180.291322][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 180.291322][ T112] [ 180.302096][ T5827] umount2("./133/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./133/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./133/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./133/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./133/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./133/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./133") = 0 mkdir("./134", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 180.302096][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 180.302096][ T5827] close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5976 attached , child_tidptr=0x55556c245750) = 5976 [pid 5976] set_robust_list(0x55556c245760, 24) = 0 [pid 5976] chdir("./134") = 0 [pid 5976] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5976] setpgid(0, 0) = 0 [pid 5976] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5976] write(3, "1000", 4) = 4 [pid 5976] close(3) = 0 [pid 5976] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5976] write(1, "executing program\n", 18executing program ) = 18 [pid 5976] memfd_create("syzkaller", 0) = 3 [pid 5976] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5976] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5976] munmap(0x7fac16400000, 138412032) = 0 [pid 5976] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5976] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5976] close(3) = 0 [pid 5976] close(4) = 0 [pid 5976] mkdir("./bus", 0777) = 0 [pid 5976] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5976] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5976] chdir("./bus") = 0 [pid 5976] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5976] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5976] exit_group(0) = ? [ 180.718667][ T5976] loop0: detected capacity change from 0 to 32768 [ 180.748684][ T5976] [ 180.748684][ T5976] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 180.748684][ T5976] [pid 5976] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5976, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=17 /* 0.17 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./134", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./134", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./134/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./134/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./134/binderfs") = 0 [ 180.959217][ T36] [ 180.959217][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 180.959217][ T36] [ 180.969748][ T36] [ 180.969748][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 180.969748][ T36] [ 180.980732][ T5827] [ 180.980732][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 180.980732][ T5827] [ 180.991650][ T113] [ 180.991650][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 180.991650][ T113] [ 181.002559][ T5827] umount2("./134/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./134/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./134/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./134/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./134/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./134/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./134") = 0 mkdir("./135", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 181.002559][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 181.002559][ T5827] ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5977 attached [pid 5977] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 5977 [pid 5977] <... set_robust_list resumed>) = 0 [pid 5977] chdir("./135") = 0 [pid 5977] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5977] setpgid(0, 0) = 0 [pid 5977] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5977] write(3, "1000", 4) = 4 [pid 5977] close(3) = 0 [pid 5977] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5977] write(1, "executing program\n", 18) = 18 [pid 5977] memfd_create("syzkaller", 0) = 3 [pid 5977] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5977] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5977] munmap(0x7fac16400000, 138412032) = 0 [pid 5977] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5977] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5977] close(3) = 0 [pid 5977] close(4) = 0 [pid 5977] mkdir("./bus", 0777) = 0 [pid 5977] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5977] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5977] chdir("./bus") = 0 [pid 5977] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 181.434006][ T5977] loop0: detected capacity change from 0 to 32768 [ 181.459090][ T5977] [ 181.459090][ T5977] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 181.459090][ T5977] [pid 5977] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5977] exit_group(0) = ? [pid 5977] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5977, si_uid=0, si_status=0, si_utime=0, si_stime=20 /* 0.20 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./135", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./135", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./135/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./135/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./135/binderfs") = 0 [ 181.666685][ T13] [ 181.666685][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 181.666685][ T13] [ 181.677374][ T13] [ 181.677374][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 181.677374][ T13] [ 181.688538][ T112] [ 181.688538][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 181.688538][ T112] [ 181.699094][ T5827] [ 181.699094][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 181.699094][ T5827] [ 181.710041][ T5827] umount2("./135/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./135/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./135/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 181.710041][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 181.710041][ T5827] umount2("./135/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./135/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./135/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./135") = 0 mkdir("./136", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5978 attached , child_tidptr=0x55556c245750) = 5978 [pid 5978] set_robust_list(0x55556c245760, 24) = 0 [pid 5978] chdir("./136") = 0 [pid 5978] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5978] setpgid(0, 0) = 0 [pid 5978] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5978] write(3, "1000", 4) = 4 [pid 5978] close(3) = 0 [pid 5978] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5978] write(1, "executing program\n", 18) = 18 [pid 5978] memfd_create("syzkaller", 0) = 3 [pid 5978] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5978] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5978] munmap(0x7fac16400000, 138412032) = 0 [pid 5978] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5978] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5978] close(3) = 0 [pid 5978] close(4) = 0 [pid 5978] mkdir("./bus", 0777) = 0 [pid 5978] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5978] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5978] chdir("./bus") = 0 [pid 5978] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5978] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5978] exit_group(0) = ? [pid 5978] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5978, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=17 /* 0.17 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./136", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./136", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./136/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./136/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./136/binderfs") = 0 [ 182.291268][ T5978] loop0: detected capacity change from 0 to 32768 [ 182.321015][ T5978] [ 182.321015][ T5978] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 182.321015][ T5978] [ 182.377945][ T1088] [ 182.377945][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 182.377945][ T1088] [ 182.388534][ T1088] [ 182.388534][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 182.388534][ T1088] [ 182.399676][ T113] [ 182.399676][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 182.399676][ T113] [ 182.410278][ T5827] [ 182.410278][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 182.410278][ T5827] [ 182.421230][ T5827] umount2("./136/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./136/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./136/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./136/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./136/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./136/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 [ 182.421230][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 182.421230][ T5827] rmdir("./136") = 0 mkdir("./137", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5979 attached , child_tidptr=0x55556c245750) = 5979 [pid 5979] set_robust_list(0x55556c245760, 24) = 0 [pid 5979] chdir("./137") = 0 [pid 5979] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5979] setpgid(0, 0) = 0 [pid 5979] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5979] write(3, "1000", 4) = 4 [pid 5979] close(3) = 0 [pid 5979] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5979] write(1, "executing program\n", 18executing program ) = 18 [pid 5979] memfd_create("syzkaller", 0) = 3 [pid 5979] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5979] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5979] munmap(0x7fac16400000, 138412032) = 0 [pid 5979] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5979] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5979] close(3) = 0 [pid 5979] close(4) = 0 [pid 5979] mkdir("./bus", 0777) = 0 [pid 5979] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5979] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5979] chdir("./bus") = 0 [pid 5979] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5979] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5979] exit_group(0) = ? [pid 5979] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5979, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./137", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./137", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./137/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./137/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./137/binderfs") = 0 [ 182.888462][ T5979] loop0: detected capacity change from 0 to 32768 [ 182.918433][ T5979] [ 182.918433][ T5979] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 182.918433][ T5979] [ 182.964003][ T36] [ 182.964003][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 182.964003][ T36] [ 182.975132][ T36] [ 182.975132][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 182.975132][ T36] [ 182.986512][ T112] [ 182.986512][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 182.986512][ T112] [ 182.997255][ T5827] [ 182.997255][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 182.997255][ T5827] [ 183.008169][ T5827] umount2("./137/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./137/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./137/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./137/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./137/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./137/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 [ 183.008169][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 183.008169][ T5827] rmdir("./137") = 0 mkdir("./138", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5980 attached , child_tidptr=0x55556c245750) = 5980 [pid 5980] set_robust_list(0x55556c245760, 24) = 0 [pid 5980] chdir("./138") = 0 [pid 5980] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5980] setpgid(0, 0) = 0 [pid 5980] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5980] write(3, "1000", 4) = 4 [pid 5980] close(3) = 0 [pid 5980] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5980] write(1, "executing program\n", 18) = 18 [pid 5980] memfd_create("syzkaller", 0) = 3 [pid 5980] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5980] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5980] munmap(0x7fac16400000, 138412032) = 0 [pid 5980] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5980] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5980] close(3) = 0 [pid 5980] close(4) = 0 [pid 5980] mkdir("./bus", 0777) = 0 [pid 5980] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5980] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5980] chdir("./bus") = 0 [pid 5980] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5980] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [ 183.399722][ T5980] loop0: detected capacity change from 0 to 32768 [ 183.427283][ T5980] [ 183.427283][ T5980] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 183.427283][ T5980] [pid 5980] exit_group(0) = ? [pid 5980] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5980, si_uid=0, si_status=0, si_utime=0, si_stime=20 /* 0.20 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./138", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./138", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./138/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./138/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./138/binderfs") = 0 [ 183.628171][ T13] [ 183.628171][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 183.628171][ T13] [ 183.638777][ T13] [ 183.638777][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 183.638777][ T13] [ 183.649766][ T113] [ 183.649766][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 183.649766][ T113] [ 183.660406][ T5827] [ 183.660406][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 183.660406][ T5827] [ 183.671562][ T5827] umount2("./138/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./138/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./138/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./138/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./138/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./138/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./138") = 0 mkdir("./139", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 183.671562][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 183.671562][ T5827] close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5981 attached [pid 5981] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 5981 [pid 5981] <... set_robust_list resumed>) = 0 [pid 5981] chdir("./139") = 0 [pid 5981] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5981] setpgid(0, 0) = 0 [pid 5981] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5981] write(3, "1000", 4) = 4 [pid 5981] close(3) = 0 [pid 5981] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5981] write(1, "executing program\n", 18) = 18 [pid 5981] memfd_create("syzkaller", 0) = 3 [pid 5981] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5981] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5981] munmap(0x7fac16400000, 138412032) = 0 [pid 5981] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5981] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5981] close(3) = 0 [pid 5981] close(4) = 0 [pid 5981] mkdir("./bus", 0777) = 0 [pid 5981] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5981] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5981] chdir("./bus") = 0 [pid 5981] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5981] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5981] exit_group(0) = ? [pid 5981] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5981, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=15 /* 0.15 s */} --- [ 184.064717][ T5981] loop0: detected capacity change from 0 to 32768 [ 184.100545][ T5981] [ 184.100545][ T5981] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 184.100545][ T5981] restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./139", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./139", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./139/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./139/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./139/binderfs") = 0 [ 184.199875][ T13] [ 184.199875][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 184.199875][ T13] [ 184.210463][ T13] [ 184.210463][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 184.210463][ T13] [ 184.221794][ T112] [ 184.221794][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 184.221794][ T112] [ 184.232357][ T5827] [ 184.232357][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 184.232357][ T5827] [ 184.243875][ T5827] umount2("./139/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./139/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./139/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./139/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./139/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./139/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./139") = 0 mkdir("./140", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 184.243875][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 184.243875][ T5827] close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5982 attached [pid 5982] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 5982 [pid 5982] <... set_robust_list resumed>) = 0 [pid 5982] chdir("./140") = 0 [pid 5982] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5982] setpgid(0, 0) = 0 [pid 5982] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5982] write(3, "1000", 4) = 4 [pid 5982] close(3) = 0 [pid 5982] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5982] write(1, "executing program\n", 18) = 18 [pid 5982] memfd_create("syzkaller", 0) = 3 [pid 5982] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5982] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5982] munmap(0x7fac16400000, 138412032) = 0 [pid 5982] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5982] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5982] close(3) = 0 [pid 5982] close(4) = 0 [pid 5982] mkdir("./bus", 0777) = 0 [pid 5982] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5982] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5982] chdir("./bus") = 0 [pid 5982] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5982] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5982] exit_group(0) = ? [pid 5982] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5982, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=18 /* 0.18 s */} --- umount2("./140", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./140", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 [ 184.597329][ T5982] loop0: detected capacity change from 0 to 32768 [ 184.621314][ T5982] [ 184.621314][ T5982] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 184.621314][ T5982] umount2("./140/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./140/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./140/binderfs") = 0 [ 184.703943][ T36] [ 184.703943][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 184.703943][ T36] [ 184.714504][ T36] [ 184.714504][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 184.714504][ T36] [ 184.725923][ T5827] [ 184.725923][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 184.725923][ T5827] [ 184.736546][ T113] [ 184.736546][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 184.736546][ T113] [ 184.747236][ T5827] umount2("./140/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./140/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./140/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 184.747236][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 184.747236][ T5827] umount2("./140/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./140/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./140/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./140") = 0 mkdir("./141", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5983 attached [pid 5983] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 5983 [pid 5983] <... set_robust_list resumed>) = 0 [pid 5983] chdir("./141") = 0 [pid 5983] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5983] setpgid(0, 0) = 0 [pid 5983] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5983] write(3, "1000", 4) = 4 [pid 5983] close(3) = 0 [pid 5983] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5983] write(1, "executing program\n", 18) = 18 [pid 5983] memfd_create("syzkaller", 0) = 3 [pid 5983] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5983] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5983] munmap(0x7fac16400000, 138412032) = 0 [pid 5983] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5983] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5983] close(3) = 0 [pid 5983] close(4) = 0 [pid 5983] mkdir("./bus", 0777) = 0 [ 185.350752][ T5983] loop0: detected capacity change from 0 to 32768 [pid 5983] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5983] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5983] chdir("./bus") = 0 [pid 5983] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5983] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5983] exit_group(0) = ? [pid 5983] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5983, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=14 /* 0.14 s */} --- [ 185.406474][ T5983] [ 185.406474][ T5983] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 185.406474][ T5983] restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./141", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./141", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./141/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./141/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./141/binderfs") = 0 [ 185.595071][ T13] [ 185.595071][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 185.595071][ T13] [ 185.605680][ T13] [ 185.605680][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 185.605680][ T13] [ 185.616555][ T5827] [ 185.616555][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 185.616555][ T5827] [ 185.627605][ T113] [ 185.627605][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 185.627605][ T113] [ 185.638256][ T5827] umount2("./141/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./141/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./141/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./141/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./141/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 [ 185.638256][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 185.638256][ T5827] rmdir("./141/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./141") = 0 mkdir("./142", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5984 attached , child_tidptr=0x55556c245750) = 5984 [pid 5984] set_robust_list(0x55556c245760, 24) = 0 [pid 5984] chdir("./142") = 0 [pid 5984] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5984] setpgid(0, 0) = 0 [pid 5984] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5984] write(3, "1000", 4) = 4 [pid 5984] close(3) = 0 [pid 5984] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5984] write(1, "executing program\n", 18) = 18 [pid 5984] memfd_create("syzkaller", 0) = 3 [pid 5984] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5984] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5984] munmap(0x7fac16400000, 138412032) = 0 [pid 5984] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5984] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5984] close(3) = 0 [pid 5984] close(4) = 0 [pid 5984] mkdir("./bus", 0777) = 0 [pid 5984] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5984] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [ 186.149295][ T5984] loop0: detected capacity change from 0 to 32768 [ 186.186086][ T5984] [ 186.186086][ T5984] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 186.186086][ T5984] [pid 5984] chdir("./bus") = 0 [pid 5984] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5984] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5984] exit_group(0) = ? [pid 5984] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5984, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./142", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./142", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./142/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./142/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./142/binderfs") = 0 [ 186.356517][ T13] [ 186.356517][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 186.356517][ T13] [ 186.367099][ T13] [ 186.367099][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 186.367099][ T13] [ 186.378189][ T5827] [ 186.378189][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 186.378189][ T5827] [ 186.389245][ T113] [ 186.389245][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 186.389245][ T113] [ 186.400254][ T5827] umount2("./142/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./142/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./142/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./142/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./142/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./142/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./142") = 0 mkdir("./143", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 186.400254][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 186.400254][ T5827] close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5985 attached , child_tidptr=0x55556c245750) = 5985 [pid 5985] set_robust_list(0x55556c245760, 24) = 0 [pid 5985] chdir("./143") = 0 [pid 5985] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5985] setpgid(0, 0) = 0 [pid 5985] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5985] write(3, "1000", 4) = 4 [pid 5985] close(3) = 0 [pid 5985] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5985] write(1, "executing program\n", 18executing program ) = 18 [pid 5985] memfd_create("syzkaller", 0) = 3 [pid 5985] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5985] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5985] munmap(0x7fac16400000, 138412032) = 0 [pid 5985] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5985] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5985] close(3) = 0 [pid 5985] close(4) = 0 [pid 5985] mkdir("./bus", 0777) = 0 [ 186.797813][ T5985] loop0: detected capacity change from 0 to 32768 [ 186.837690][ T5985] [ 186.837690][ T5985] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 186.837690][ T5985] [pid 5985] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5985] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5985] chdir("./bus") = 0 [pid 5985] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5985] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5985] exit_group(0) = ? [pid 5985] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5985, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=17 /* 0.17 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./143", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./143", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./143/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./143/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./143/binderfs") = 0 [ 186.882605][ T36] [ 186.882605][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 186.882605][ T36] [ 186.895682][ T36] [ 186.895682][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 186.895682][ T36] [ 186.906808][ T5827] [ 186.906808][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 186.906808][ T5827] [ 186.917612][ T113] [ 186.917612][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 186.917612][ T113] [ 186.928219][ T5827] umount2("./143/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./143/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./143/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./143/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./143/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./143/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./143") = 0 mkdir("./144", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 186.928219][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 186.928219][ T5827] close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5986 attached , child_tidptr=0x55556c245750) = 5986 [pid 5986] set_robust_list(0x55556c245760, 24) = 0 [pid 5986] chdir("./144") = 0 [pid 5986] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5986] setpgid(0, 0) = 0 [pid 5986] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5986] write(3, "1000", 4) = 4 [pid 5986] close(3) = 0 [pid 5986] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5986] write(1, "executing program\n", 18) = 18 [pid 5986] memfd_create("syzkaller", 0) = 3 [pid 5986] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5986] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5986] munmap(0x7fac16400000, 138412032) = 0 [pid 5986] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5986] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5986] close(3) = 0 [pid 5986] close(4) = 0 [pid 5986] mkdir("./bus", 0777) = 0 [pid 5986] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5986] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5986] chdir("./bus") = 0 [pid 5986] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5986] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5986] exit_group(0) = ? [pid 5986] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5986, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=14 /* 0.14 s */} --- [ 187.344849][ T5986] loop0: detected capacity change from 0 to 32768 [ 187.382195][ T5986] [ 187.382195][ T5986] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 187.382195][ T5986] umount2("./144", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./144", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./144/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./144/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./144/binderfs") = 0 [ 187.563247][ T36] [ 187.563247][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 187.563247][ T36] [ 187.573885][ T36] [ 187.573885][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 187.573885][ T36] [ 187.585300][ T112] [ 187.585300][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 187.585300][ T112] [ 187.595987][ T5827] [ 187.595987][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 187.595987][ T5827] [ 187.607073][ T5827] umount2("./144/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./144/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./144/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 187.607073][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 187.607073][ T5827] umount2("./144/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./144/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./144/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./144") = 0 mkdir("./145", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5987 attached [pid 5987] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 5987 [pid 5987] <... set_robust_list resumed>) = 0 [pid 5987] chdir("./145") = 0 [pid 5987] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5987] setpgid(0, 0) = 0 [pid 5987] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5987] write(3, "1000", 4) = 4 [pid 5987] close(3) = 0 [pid 5987] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5987] write(1, "executing program\n", 18) = 18 [pid 5987] memfd_create("syzkaller", 0) = 3 [pid 5987] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5987] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5987] munmap(0x7fac16400000, 138412032) = 0 [pid 5987] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5987] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5987] close(3) = 0 [pid 5987] close(4) = 0 [pid 5987] mkdir("./bus", 0777) = 0 [pid 5987] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5987] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5987] chdir("./bus") = 0 [pid 5987] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5987] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5987] exit_group(0) = ? [pid 5987] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5987, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./145", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./145", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./145/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./145/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./145/binderfs") = 0 [ 188.155907][ T5987] loop0: detected capacity change from 0 to 32768 [ 188.185144][ T5987] [ 188.185144][ T5987] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 188.185144][ T5987] [ 188.212926][ T36] [ 188.212926][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 188.212926][ T36] [ 188.225130][ T36] [ 188.225130][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 188.225130][ T36] [ 188.238029][ T5827] [ 188.238029][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 188.238029][ T5827] [ 188.249819][ T5827] [ 188.249819][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 188.249819][ T5827] umount2("./145/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./145/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./145/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./145/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./145/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./145/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 [ 188.261270][ T113] [ 188.261270][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 188.261270][ T113] rmdir("./145") = 0 mkdir("./146", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5988 attached , child_tidptr=0x55556c245750) = 5988 [pid 5988] set_robust_list(0x55556c245760, 24) = 0 [pid 5988] chdir("./146") = 0 [pid 5988] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5988] setpgid(0, 0) = 0 [pid 5988] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5988] write(3, "1000", 4) = 4 [pid 5988] close(3) = 0 [pid 5988] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5988] write(1, "executing program\n", 18executing program ) = 18 [pid 5988] memfd_create("syzkaller", 0) = 3 [pid 5988] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5988] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5988] munmap(0x7fac16400000, 138412032) = 0 [pid 5988] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5988] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5988] close(3) = 0 [pid 5988] close(4) = 0 [pid 5988] mkdir("./bus", 0777) = 0 [pid 5988] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5988] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5988] chdir("./bus") = 0 [pid 5988] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5988] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5988] exit_group(0) = ? [pid 5988] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5988, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./146", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./146", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./146/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./146/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 188.735938][ T5988] loop0: detected capacity change from 0 to 32768 [ 188.764360][ T5988] [ 188.764360][ T5988] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 188.764360][ T5988] unlink("./146/binderfs") = 0 [ 188.792133][ T1088] [ 188.792133][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 188.792133][ T1088] [ 188.803163][ T1088] [ 188.803163][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 188.803163][ T1088] [ 188.817044][ T112] [ 188.817044][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 188.817044][ T112] [ 188.828516][ T5827] [ 188.828516][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 188.828516][ T5827] [ 188.839651][ T5827] umount2("./146/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./146/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./146/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./146/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./146/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./146/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./146") = 0 mkdir("./147", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 188.839651][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 188.839651][ T5827] close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5989 attached , child_tidptr=0x55556c245750) = 5989 [pid 5989] set_robust_list(0x55556c245760, 24) = 0 [pid 5989] chdir("./147") = 0 [pid 5989] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5989] setpgid(0, 0) = 0 [pid 5989] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5989] write(3, "1000", 4) = 4 [pid 5989] close(3) = 0 [pid 5989] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5989] write(1, "executing program\n", 18) = 18 [pid 5989] memfd_create("syzkaller", 0) = 3 [pid 5989] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5989] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5989] munmap(0x7fac16400000, 138412032) = 0 [pid 5989] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5989] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5989] close(3) = 0 [pid 5989] close(4) = 0 [pid 5989] mkdir("./bus", 0777) = 0 [pid 5989] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5989] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5989] chdir("./bus") = 0 [pid 5989] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5989] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5989] exit_group(0) = ? [pid 5989] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5989, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=16 /* 0.16 s */} --- [ 189.275657][ T5989] loop0: detected capacity change from 0 to 32768 [ 189.295885][ T5989] [ 189.295885][ T5989] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 189.295885][ T5989] restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./147", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./147", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./147/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./147/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./147/binderfs") = 0 [ 189.477806][ T13] [ 189.477806][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 189.477806][ T13] [ 189.488641][ T13] [ 189.488641][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 189.488641][ T13] [ 189.499661][ T5827] [ 189.499661][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 189.499661][ T5827] [ 189.510828][ T113] [ 189.510828][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 189.510828][ T113] [ 189.521514][ T5827] umount2("./147/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./147/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./147/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./147/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./147/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./147/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./147") = 0 mkdir("./148", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 189.521514][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 189.521514][ T5827] close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556c245750) = 5990 ./strace-static-x86_64: Process 5990 attached [pid 5990] set_robust_list(0x55556c245760, 24) = 0 [pid 5990] chdir("./148") = 0 [pid 5990] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5990] setpgid(0, 0) = 0 [pid 5990] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5990] write(3, "1000", 4) = 4 [pid 5990] close(3) = 0 [pid 5990] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5990] write(1, "executing program\n", 18) = 18 [pid 5990] memfd_create("syzkaller", 0) = 3 [pid 5990] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5990] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5990] munmap(0x7fac16400000, 138412032) = 0 [pid 5990] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5990] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5990] close(3) = 0 [pid 5990] close(4) = 0 [pid 5990] mkdir("./bus", 0777) = 0 [pid 5990] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5990] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [ 189.922826][ T5990] loop0: detected capacity change from 0 to 32768 [ 189.962293][ T5990] [ 189.962293][ T5990] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 189.962293][ T5990] [pid 5990] chdir("./bus") = 0 [pid 5990] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5990] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5990] exit_group(0) = ? [pid 5990] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5990, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./148", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./148", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./148/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./148/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./148/binderfs") = 0 [ 190.138913][ T13] [ 190.138913][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 190.138913][ T13] [ 190.150047][ T13] [ 190.150047][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 190.150047][ T13] [ 190.161543][ T112] [ 190.161543][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 190.161543][ T112] [ 190.172122][ T5827] [ 190.172122][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 190.172122][ T5827] [ 190.183183][ T5827] umount2("./148/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./148/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./148/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./148/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./148/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./148/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./148") = 0 mkdir("./149", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 190.183183][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 190.183183][ T5827] close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5993 attached , child_tidptr=0x55556c245750) = 5993 [pid 5993] set_robust_list(0x55556c245760, 24) = 0 [pid 5993] chdir("./149") = 0 [pid 5993] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5993] setpgid(0, 0) = 0 [pid 5993] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5993] write(3, "1000", 4) = 4 [pid 5993] close(3) = 0 [pid 5993] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5993] write(1, "executing program\n", 18executing program ) = 18 [pid 5993] memfd_create("syzkaller", 0) = 3 [pid 5993] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5993] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5993] munmap(0x7fac16400000, 138412032) = 0 [pid 5993] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5993] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5993] close(3) = 0 [pid 5993] close(4) = 0 [pid 5993] mkdir("./bus", 0777) = 0 [pid 5993] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5993] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5993] chdir("./bus") = 0 [pid 5993] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5993] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [ 190.616284][ T5993] loop0: detected capacity change from 0 to 32768 [ 190.647661][ T5993] [ 190.647661][ T5993] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 190.647661][ T5993] [pid 5993] exit_group(0) = ? [pid 5993] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5993, si_uid=0, si_status=0, si_utime=0, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./149", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./149", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./149/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./149/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./149/binderfs") = 0 [ 190.814872][ T36] [ 190.814872][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 190.814872][ T36] [ 190.825943][ T36] [ 190.825943][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 190.825943][ T36] [ 190.837270][ T113] [ 190.837270][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 190.837270][ T113] [ 190.847845][ T5827] [ 190.847845][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 190.847845][ T5827] [ 190.858804][ T5827] umount2("./149/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./149/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./149/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 190.858804][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 190.858804][ T5827] umount2("./149/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./149/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./149/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./149") = 0 mkdir("./150", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5997 attached , child_tidptr=0x55556c245750) = 5997 [pid 5997] set_robust_list(0x55556c245760, 24) = 0 [pid 5997] chdir("./150") = 0 [pid 5997] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5997] setpgid(0, 0) = 0 [pid 5997] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5997] write(3, "1000", 4) = 4 [pid 5997] close(3) = 0 [pid 5997] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5997] write(1, "executing program\n", 18) = 18 [pid 5997] memfd_create("syzkaller", 0) = 3 [pid 5997] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5997] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5997] munmap(0x7fac16400000, 138412032) = 0 [pid 5997] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5997] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5997] close(3) = 0 [pid 5997] close(4) = 0 [pid 5997] mkdir("./bus", 0777) = 0 [pid 5997] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5997] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5997] chdir("./bus") = 0 [pid 5997] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5997] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5997] exit_group(0) = ? [ 191.416204][ T5997] loop0: detected capacity change from 0 to 32768 [ 191.437783][ T5997] [ 191.437783][ T5997] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 191.437783][ T5997] [pid 5997] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5997, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./150", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./150", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./150/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./150/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./150/binderfs") = 0 [ 191.621765][ T13] [ 191.621765][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 191.621765][ T13] [ 191.632582][ T13] [ 191.632582][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 191.632582][ T13] [ 191.643356][ T5827] [ 191.643356][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 191.643356][ T5827] [ 191.654295][ T112] [ 191.654295][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 191.654295][ T112] [ 191.664899][ T5827] umount2("./150/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./150/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./150/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./150/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./150/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 [ 191.664899][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 191.664899][ T5827] rmdir("./150/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./150") = 0 mkdir("./151", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5999 attached , child_tidptr=0x55556c245750) = 5999 [pid 5999] set_robust_list(0x55556c245760, 24) = 0 [pid 5999] chdir("./151") = 0 [pid 5999] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5999] setpgid(0, 0) = 0 [pid 5999] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5999] write(3, "1000", 4) = 4 [pid 5999] close(3) = 0 [pid 5999] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5999] write(1, "executing program\n", 18executing program ) = 18 [pid 5999] memfd_create("syzkaller", 0) = 3 [pid 5999] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 5999] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5999] munmap(0x7fac16400000, 138412032) = 0 [pid 5999] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5999] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5999] close(3) = 0 [pid 5999] close(4) = 0 [pid 5999] mkdir("./bus", 0777) = 0 [pid 5999] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 5999] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5999] chdir("./bus") = 0 [pid 5999] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5999] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 5999] exit_group(0) = ? [pid 5999] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5999, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=17 /* 0.17 s */} --- umount2("./151", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./151", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./151/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./151/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./151/binderfs") = 0 [ 192.185334][ T5999] loop0: detected capacity change from 0 to 32768 [ 192.216559][ T5999] [ 192.216559][ T5999] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 192.216559][ T5999] [ 192.264037][ T36] [ 192.264037][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 192.264037][ T36] [ 192.274886][ T36] [ 192.274886][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 192.274886][ T36] [ 192.286011][ T112] [ 192.286011][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 192.286011][ T112] [ 192.296748][ T5827] [ 192.296748][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 192.296748][ T5827] [ 192.307716][ T5827] umount2("./151/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./151/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./151/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 192.307716][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 192.307716][ T5827] umount2("./151/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./151/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./151/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./151") = 0 mkdir("./152", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6000 attached , child_tidptr=0x55556c245750) = 6000 [pid 6000] set_robust_list(0x55556c245760, 24) = 0 [pid 6000] chdir("./152") = 0 [pid 6000] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6000] setpgid(0, 0) = 0 [pid 6000] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6000] write(3, "1000", 4) = 4 [pid 6000] close(3) = 0 [pid 6000] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6000] write(1, "executing program\n", 18) = 18 [pid 6000] memfd_create("syzkaller", 0) = 3 [pid 6000] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6000] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6000] munmap(0x7fac16400000, 138412032) = 0 [pid 6000] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6000] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6000] close(3) = 0 [pid 6000] close(4) = 0 [pid 6000] mkdir("./bus", 0777) = 0 [pid 6000] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6000] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6000] chdir("./bus") = 0 [pid 6000] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6000] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6000] exit_group(0) = ? [pid 6000] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6000, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=17 /* 0.17 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 192.896006][ T6000] loop0: detected capacity change from 0 to 32768 [ 192.914597][ T6000] [ 192.914597][ T6000] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 192.914597][ T6000] umount2("./152", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./152", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./152/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./152/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./152/binderfs") = 0 [ 193.063507][ T13] [ 193.063507][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 193.063507][ T13] [ 193.074036][ T13] [ 193.074036][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 193.074036][ T13] [ 193.085307][ T112] [ 193.085307][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 193.085307][ T112] [ 193.095955][ T5827] [ 193.095955][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 193.095955][ T5827] [ 193.106942][ T5827] umount2("./152/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./152/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./152/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 193.106942][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 193.106942][ T5827] umount2("./152/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./152/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./152/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./152") = 0 mkdir("./153", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6001 attached , child_tidptr=0x55556c245750) = 6001 [pid 6001] set_robust_list(0x55556c245760, 24) = 0 [pid 6001] chdir("./153") = 0 [pid 6001] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6001] setpgid(0, 0) = 0 [pid 6001] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6001] write(3, "1000", 4) = 4 [pid 6001] close(3) = 0 [pid 6001] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6001] write(1, "executing program\n", 18) = 18 [pid 6001] memfd_create("syzkaller", 0) = 3 [pid 6001] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6001] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6001] munmap(0x7fac16400000, 138412032) = 0 [pid 6001] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6001] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6001] close(3) = 0 [pid 6001] close(4) = 0 [pid 6001] mkdir("./bus", 0777) = 0 [ 193.688307][ T6001] loop0: detected capacity change from 0 to 32768 [pid 6001] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6001] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6001] chdir("./bus") = 0 [pid 6001] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6001] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6001] exit_group(0) = ? [ 193.758761][ T6001] [ 193.758761][ T6001] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 193.758761][ T6001] [pid 6001] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6001, si_uid=0, si_status=0, si_utime=0, si_stime=18 /* 0.18 s */} --- umount2("./153", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./153", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./153/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./153/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./153/binderfs") = 0 [ 193.922654][ T36] [ 193.922654][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 193.922654][ T36] [ 193.933244][ T36] [ 193.933244][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 193.933244][ T36] [ 193.943950][ T5827] [ 193.943950][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 193.943950][ T5827] [ 193.954974][ T113] [ 193.954974][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 193.954974][ T113] [ 193.965623][ T5827] umount2("./153/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./153/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./153/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./153/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./153/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./153/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./153") = 0 mkdir("./154", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 193.965623][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 193.965623][ T5827] close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6002 attached [pid 6002] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 6002 [pid 6002] <... set_robust_list resumed>) = 0 [pid 6002] chdir("./154") = 0 [pid 6002] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6002] setpgid(0, 0) = 0 [pid 6002] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6002] write(3, "1000", 4) = 4 [pid 6002] close(3) = 0 [pid 6002] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 6002] write(1, "executing program\n", 18) = 18 [pid 6002] memfd_create("syzkaller", 0) = 3 [pid 6002] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6002] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6002] munmap(0x7fac16400000, 138412032) = 0 [pid 6002] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6002] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6002] close(3) = 0 [pid 6002] close(4) = 0 [pid 6002] mkdir("./bus", 0777) = 0 [pid 6002] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6002] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6002] chdir("./bus") = 0 [pid 6002] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6002] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6002] exit_group(0) = ? [pid 6002] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6002, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=16 /* 0.16 s */} --- [ 194.374846][ T6002] loop0: detected capacity change from 0 to 32768 [ 194.403565][ T6002] [ 194.403565][ T6002] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 194.403565][ T6002] restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./154", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./154", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./154/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./154/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./154/binderfs") = 0 [ 194.524642][ T13] [ 194.524642][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 194.524642][ T13] [ 194.535209][ T13] [ 194.535209][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 194.535209][ T13] [ 194.546736][ T112] [ 194.546736][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 194.546736][ T112] [ 194.557348][ T5827] [ 194.557348][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 194.557348][ T5827] [ 194.568416][ T5827] umount2("./154/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./154/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./154/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./154/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./154/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./154/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 [ 194.568416][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 194.568416][ T5827] rmdir("./154") = 0 mkdir("./155", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6003 attached , child_tidptr=0x55556c245750) = 6003 [pid 6003] set_robust_list(0x55556c245760, 24) = 0 [pid 6003] chdir("./155") = 0 [pid 6003] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6003] setpgid(0, 0) = 0 [pid 6003] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6003] write(3, "1000", 4) = 4 [pid 6003] close(3) = 0 [pid 6003] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6003] write(1, "executing program\n", 18executing program ) = 18 [pid 6003] memfd_create("syzkaller", 0) = 3 [pid 6003] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6003] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6003] munmap(0x7fac16400000, 138412032) = 0 [pid 6003] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6003] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6003] close(3) = 0 [pid 6003] close(4) = 0 [pid 6003] mkdir("./bus", 0777) = 0 [pid 6003] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6003] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6003] chdir("./bus") = 0 [pid 6003] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6003] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6003] exit_group(0) = ? [pid 6003] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6003, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=18 /* 0.18 s */} --- [ 195.044781][ T6003] loop0: detected capacity change from 0 to 32768 [ 195.063996][ T6003] [ 195.063996][ T6003] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 195.063996][ T6003] umount2("./155", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./155", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./155/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./155/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./155/binderfs") = 0 [ 195.245113][ T36] [ 195.245113][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 195.245113][ T36] [ 195.255692][ T36] [ 195.255692][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 195.255692][ T36] [ 195.266734][ T5827] [ 195.266734][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 195.266734][ T5827] [ 195.277574][ T112] [ 195.277574][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 195.277574][ T112] [ 195.288107][ T5827] umount2("./155/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./155/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./155/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./155/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./155/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./155/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./155") = 0 mkdir("./156", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 195.288107][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 195.288107][ T5827] close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6004 attached [pid 6004] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 6004 [pid 6004] <... set_robust_list resumed>) = 0 [pid 6004] chdir("./156") = 0 [pid 6004] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6004] setpgid(0, 0) = 0 [pid 6004] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6004] write(3, "1000", 4) = 4 [pid 6004] close(3) = 0 [pid 6004] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6004] write(1, "executing program\n", 18executing program ) = 18 [pid 6004] memfd_create("syzkaller", 0) = 3 [pid 6004] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6004] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6004] munmap(0x7fac16400000, 138412032) = 0 [pid 6004] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6004] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6004] close(3) = 0 [pid 6004] close(4) = 0 [pid 6004] mkdir("./bus", 0777) = 0 [pid 6004] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6004] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6004] chdir("./bus") = 0 [pid 6004] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6004] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6004] exit_group(0) = ? [pid 6004] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6004, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=16 /* 0.16 s */} --- [ 195.665307][ T6004] loop0: detected capacity change from 0 to 32768 [ 195.692448][ T6004] [ 195.692448][ T6004] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 195.692448][ T6004] umount2("./156", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./156", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./156/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./156/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./156/binderfs") = 0 [ 195.807100][ T13] [ 195.807100][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 195.807100][ T13] [ 195.817771][ T13] [ 195.817771][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 195.817771][ T13] [ 195.828563][ T5827] [ 195.828563][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 195.828563][ T5827] [ 195.839724][ T113] [ 195.839724][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 195.839724][ T113] [ 195.850336][ T5827] umount2("./156/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./156/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./156/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 195.850336][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 195.850336][ T5827] umount2("./156/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./156/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./156/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./156") = 0 mkdir("./157", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6005 attached , child_tidptr=0x55556c245750) = 6005 [pid 6005] set_robust_list(0x55556c245760, 24) = 0 [pid 6005] chdir("./157") = 0 [pid 6005] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6005] setpgid(0, 0) = 0 [pid 6005] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6005] write(3, "1000", 4) = 4 [pid 6005] close(3) = 0 [pid 6005] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6005] write(1, "executing program\n", 18) = 18 [pid 6005] memfd_create("syzkaller", 0) = 3 [pid 6005] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6005] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6005] munmap(0x7fac16400000, 138412032) = 0 [pid 6005] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6005] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6005] close(3) = 0 [pid 6005] close(4) = 0 [pid 6005] mkdir("./bus", 0777) = 0 [pid 6005] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6005] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6005] chdir("./bus") = 0 [pid 6005] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6005] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6005] exit_group(0) = ? [ 196.417367][ T6005] loop0: detected capacity change from 0 to 32768 [ 196.437035][ T6005] [ 196.437035][ T6005] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 196.437035][ T6005] [pid 6005] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6005, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=17 /* 0.17 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./157", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./157", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./157/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./157/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./157/binderfs") = 0 [ 196.616975][ T13] [ 196.616975][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 196.616975][ T13] [ 196.627578][ T13] [ 196.627578][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 196.627578][ T13] [ 196.638414][ T5827] [ 196.638414][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 196.638414][ T5827] [ 196.649805][ T113] [ 196.649805][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 196.649805][ T113] [ 196.660489][ T5827] umount2("./157/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./157/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./157/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./157/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./157/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 [ 196.660489][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 196.660489][ T5827] close(4) = 0 rmdir("./157/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./157") = 0 mkdir("./158", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6006 attached , child_tidptr=0x55556c245750) = 6006 [pid 6006] set_robust_list(0x55556c245760, 24) = 0 [pid 6006] chdir("./158") = 0 [pid 6006] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6006] setpgid(0, 0) = 0 [pid 6006] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6006] write(3, "1000", 4) = 4 [pid 6006] close(3) = 0 [pid 6006] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6006] write(1, "executing program\n", 18) = 18 [pid 6006] memfd_create("syzkaller", 0) = 3 [pid 6006] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6006] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6006] munmap(0x7fac16400000, 138412032) = 0 [pid 6006] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6006] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6006] close(3) = 0 [pid 6006] close(4) = 0 [pid 6006] mkdir("./bus", 0777) = 0 [pid 6006] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6006] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6006] chdir("./bus") = 0 [pid 6006] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6006] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [ 197.166122][ T6006] loop0: detected capacity change from 0 to 32768 [ 197.188927][ T6006] [ 197.188927][ T6006] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 197.188927][ T6006] [pid 6006] exit_group(0) = ? [pid 6006] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6006, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=17 /* 0.17 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./158", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./158", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./158/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./158/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./158/binderfs") = 0 [ 197.378321][ T13] [ 197.378321][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 197.378321][ T13] [ 197.389060][ T13] [ 197.389060][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 197.389060][ T13] [ 197.400021][ T112] [ 197.400021][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 197.400021][ T112] [ 197.410723][ T5827] [ 197.410723][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 197.410723][ T5827] [ 197.422059][ T5827] umount2("./158/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./158/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./158/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 197.422059][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 197.422059][ T5827] umount2("./158/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./158/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./158/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./158") = 0 mkdir("./159", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556c245750) = 6007 ./strace-static-x86_64: Process 6007 attached [pid 6007] set_robust_list(0x55556c245760, 24) = 0 [pid 6007] chdir("./159") = 0 [pid 6007] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6007] setpgid(0, 0) = 0 [pid 6007] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6007] write(3, "1000", 4) = 4 [pid 6007] close(3) = 0 [pid 6007] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6007] write(1, "executing program\n", 18) = 18 [pid 6007] memfd_create("syzkaller", 0) = 3 [pid 6007] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6007] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6007] munmap(0x7fac16400000, 138412032) = 0 [pid 6007] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6007] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6007] close(3) = 0 [pid 6007] close(4) = 0 [pid 6007] mkdir("./bus", 0777) = 0 [ 197.978551][ T6007] loop0: detected capacity change from 0 to 32768 [pid 6007] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6007] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6007] chdir("./bus") = 0 [pid 6007] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6007] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6007] exit_group(0) = ? [pid 6007] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6007, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=18 /* 0.18 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./159", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 198.034231][ T6007] [ 198.034231][ T6007] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 198.034231][ T6007] openat(AT_FDCWD, "./159", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./159/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./159/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./159/binderfs") = 0 [ 198.203152][ T13] [ 198.203152][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 198.203152][ T13] [ 198.214774][ T13] [ 198.214774][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 198.214774][ T13] [ 198.225931][ T113] [ 198.225931][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 198.225931][ T113] [ 198.236659][ T5827] [ 198.236659][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 198.236659][ T5827] [ 198.247475][ T5827] umount2("./159/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./159/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./159/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 198.247475][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 198.247475][ T5827] umount2("./159/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./159/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./159/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./159") = 0 mkdir("./160", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6008 attached [pid 6008] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 6008 [pid 6008] <... set_robust_list resumed>) = 0 [pid 6008] chdir("./160") = 0 [pid 6008] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6008] setpgid(0, 0) = 0 [pid 6008] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6008] write(3, "1000", 4) = 4 [pid 6008] close(3) = 0 [pid 6008] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6008] write(1, "executing program\n", 18) = 18 [pid 6008] memfd_create("syzkaller", 0) = 3 [pid 6008] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6008] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6008] munmap(0x7fac16400000, 138412032) = 0 [pid 6008] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6008] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6008] close(3) = 0 [pid 6008] close(4) = 0 [pid 6008] mkdir("./bus", 0777) = 0 [pid 6008] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6008] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6008] chdir("./bus") = 0 [pid 6008] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6008] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6008] exit_group(0) = ? [pid 6008] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6008, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=17 /* 0.17 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 198.755479][ T6008] loop0: detected capacity change from 0 to 32768 [ 198.782333][ T6008] [ 198.782333][ T6008] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 198.782333][ T6008] umount2("./160", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./160", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./160/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./160/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./160/binderfs") = 0 [ 198.953549][ T36] [ 198.953549][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 198.953549][ T36] [ 198.964101][ T36] [ 198.964101][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 198.964101][ T36] [ 198.975258][ T112] [ 198.975258][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 198.975258][ T112] [ 198.985923][ T5827] [ 198.985923][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 198.985923][ T5827] [ 198.996988][ T5827] umount2("./160/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./160/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./160/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 198.996988][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 198.996988][ T5827] umount2("./160/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./160/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./160/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./160") = 0 mkdir("./161", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6009 attached , child_tidptr=0x55556c245750) = 6009 [pid 6009] set_robust_list(0x55556c245760, 24) = 0 [pid 6009] chdir("./161") = 0 [pid 6009] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6009] setpgid(0, 0) = 0 [pid 6009] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6009] write(3, "1000", 4) = 4 [pid 6009] close(3) = 0 [pid 6009] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6009] write(1, "executing program\n", 18) = 18 [pid 6009] memfd_create("syzkaller", 0) = 3 [pid 6009] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6009] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6009] munmap(0x7fac16400000, 138412032) = 0 [pid 6009] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6009] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6009] close(3) = 0 [pid 6009] close(4) = 0 [pid 6009] mkdir("./bus", 0777) = 0 [pid 6009] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6009] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6009] chdir("./bus") = 0 [pid 6009] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6009] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6009] exit_group(0) = ? [pid 6009] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6009, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=17 /* 0.17 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./161", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./161", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 199.585627][ T6009] loop0: detected capacity change from 0 to 32768 [ 199.615625][ T6009] [ 199.615625][ T6009] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 199.615625][ T6009] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./161/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./161/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./161/binderfs") = 0 [ 199.749638][ T13] [ 199.749638][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 199.749638][ T13] [ 199.760134][ T13] [ 199.760134][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 199.760134][ T13] [ 199.771130][ T5827] [ 199.771130][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 199.771130][ T5827] [ 199.782264][ T112] [ 199.782264][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 199.782264][ T112] [ 199.792864][ T5827] umount2("./161/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./161/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./161/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 199.792864][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 199.792864][ T5827] umount2("./161/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./161/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./161/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./161") = 0 mkdir("./162", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6010 attached [pid 6010] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 6010 [pid 6010] <... set_robust_list resumed>) = 0 [pid 6010] chdir("./162") = 0 [pid 6010] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6010] setpgid(0, 0) = 0 [pid 6010] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6010] write(3, "1000", 4) = 4 [pid 6010] close(3) = 0 [pid 6010] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6010] write(1, "executing program\n", 18) = 18 [pid 6010] memfd_create("syzkaller", 0) = 3 [pid 6010] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6010] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6010] munmap(0x7fac16400000, 138412032) = 0 [pid 6010] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6010] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6010] close(3) = 0 [pid 6010] close(4) = 0 [pid 6010] mkdir("./bus", 0777) = 0 [ 200.385414][ T6010] loop0: detected capacity change from 0 to 32768 [pid 6010] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6010] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6010] chdir("./bus") = 0 [pid 6010] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6010] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6010] exit_group(0) = ? [pid 6010] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6010, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=18 /* 0.18 s */} --- [ 200.431324][ T6010] [ 200.431324][ T6010] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 200.431324][ T6010] restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./162", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./162", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./162/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./162/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./162/binderfs") = 0 [ 200.629076][ T13] [ 200.629076][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 200.629076][ T13] [ 200.639902][ T13] [ 200.639902][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 200.639902][ T13] [ 200.650685][ T5827] [ 200.650685][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 200.650685][ T5827] [ 200.661732][ T113] [ 200.661732][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 200.661732][ T113] [ 200.672338][ T5827] umount2("./162/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./162/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./162/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 200.672338][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 200.672338][ T5827] umount2("./162/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./162/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./162/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./162") = 0 mkdir("./163", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6011 attached , child_tidptr=0x55556c245750) = 6011 [pid 6011] set_robust_list(0x55556c245760, 24) = 0 [pid 6011] chdir("./163") = 0 [pid 6011] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6011] setpgid(0, 0) = 0 [pid 6011] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6011] write(3, "1000", 4) = 4 [pid 6011] close(3) = 0 [pid 6011] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6011] write(1, "executing program\n", 18executing program ) = 18 [pid 6011] memfd_create("syzkaller", 0) = 3 [pid 6011] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6011] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6011] munmap(0x7fac16400000, 138412032) = 0 [pid 6011] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6011] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6011] close(3) = 0 [pid 6011] close(4) = 0 [pid 6011] mkdir("./bus", 0777) = 0 [pid 6011] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6011] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6011] chdir("./bus") = 0 [pid 6011] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6011] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6011] exit_group(0) = ? [pid 6011] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6011, si_uid=0, si_status=0, si_utime=0, si_stime=20 /* 0.20 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 201.296313][ T6011] loop0: detected capacity change from 0 to 32768 [ 201.334905][ T6011] [ 201.334905][ T6011] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 201.334905][ T6011] umount2("./163", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./163", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./163/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./163/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./163/binderfs") = 0 [ 201.465481][ T13] [ 201.465481][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 201.465481][ T13] [ 201.476220][ T13] [ 201.476220][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 201.476220][ T13] [ 201.487161][ T5827] [ 201.487161][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 201.487161][ T5827] [ 201.498087][ T113] [ 201.498087][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 201.498087][ T113] [ 201.508820][ T5827] umount2("./163/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./163/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./163/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./163/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./163/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 201.508820][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 201.508820][ T5827] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./163/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./163") = 0 mkdir("./164", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6012 attached [pid 6012] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 6012 [pid 6012] <... set_robust_list resumed>) = 0 [pid 6012] chdir("./164") = 0 [pid 6012] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6012] setpgid(0, 0) = 0 [pid 6012] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6012] write(3, "1000", 4) = 4 [pid 6012] close(3) = 0 [pid 6012] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6012] write(1, "executing program\n", 18) = 18 [pid 6012] memfd_create("syzkaller", 0) = 3 [pid 6012] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6012] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6012] munmap(0x7fac16400000, 138412032) = 0 [pid 6012] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6012] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6012] close(3) = 0 [pid 6012] close(4) = 0 [pid 6012] mkdir("./bus", 0777) = 0 [pid 6012] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6012] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6012] chdir("./bus") = 0 [pid 6012] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6012] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6012] exit_group(0) = ? [pid 6012] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6012, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./164", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./164", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./164/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./164/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./164/binderfs") = 0 [ 202.057764][ T6012] loop0: detected capacity change from 0 to 32768 [ 202.078578][ T6012] [ 202.078578][ T6012] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 202.078578][ T6012] [ 202.125179][ T13] [ 202.125179][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 202.125179][ T13] [ 202.139104][ T13] [ 202.139104][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 202.139104][ T13] [ 202.150419][ T5827] [ 202.150419][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 202.150419][ T5827] [ 202.161535][ T113] [ 202.161535][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 202.161535][ T113] [ 202.172217][ T5827] umount2("./164/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./164/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./164/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./164/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 202.172217][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 202.172217][ T5827] openat(AT_FDCWD, "./164/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./164/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./164") = 0 mkdir("./165", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6013 attached , child_tidptr=0x55556c245750) = 6013 [pid 6013] set_robust_list(0x55556c245760, 24) = 0 [pid 6013] chdir("./165") = 0 [pid 6013] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6013] setpgid(0, 0) = 0 [pid 6013] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6013] write(3, "1000", 4) = 4 [pid 6013] close(3) = 0 [pid 6013] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6013] write(1, "executing program\n", 18) = 18 [pid 6013] memfd_create("syzkaller", 0) = 3 [pid 6013] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6013] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6013] munmap(0x7fac16400000, 138412032) = 0 [pid 6013] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6013] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6013] close(3) = 0 [pid 6013] close(4) = 0 [pid 6013] mkdir("./bus", 0777) = 0 [pid 6013] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6013] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6013] chdir("./bus") = 0 [ 202.760483][ T6013] loop0: detected capacity change from 0 to 32768 [ 202.800125][ T6013] [ 202.800125][ T6013] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 202.800125][ T6013] [pid 6013] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6013] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6013] exit_group(0) = ? [pid 6013] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6013, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./165", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./165", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./165/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./165/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./165/binderfs") = 0 [ 202.999345][ T36] [ 202.999345][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 202.999345][ T36] [ 203.009891][ T36] [ 203.009891][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 203.009891][ T36] [ 203.020903][ T113] [ 203.020903][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 203.020903][ T113] [ 203.031481][ T5827] [ 203.031481][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 203.031481][ T5827] [ 203.042560][ T5827] umount2("./165/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./165/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./165/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 203.042560][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 203.042560][ T5827] umount2("./165/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./165/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./165/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./165") = 0 mkdir("./166", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6014 attached [pid 6014] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 6014 [pid 6014] <... set_robust_list resumed>) = 0 [pid 6014] chdir("./166") = 0 [pid 6014] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6014] setpgid(0, 0) = 0 [pid 6014] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6014] write(3, "1000", 4) = 4 [pid 6014] close(3) = 0 [pid 6014] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6014] write(1, "executing program\n", 18) = 18 [pid 6014] memfd_create("syzkaller", 0) = 3 [pid 6014] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6014] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6014] munmap(0x7fac16400000, 138412032) = 0 [pid 6014] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6014] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6014] close(3) = 0 [pid 6014] close(4) = 0 [pid 6014] mkdir("./bus", 0777) = 0 [pid 6014] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6014] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6014] chdir("./bus") = 0 [pid 6014] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 203.585935][ T6014] loop0: detected capacity change from 0 to 32768 [ 203.608987][ T6014] [ 203.608987][ T6014] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 203.608987][ T6014] [pid 6014] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6014] exit_group(0) = ? [pid 6014] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6014, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=17 /* 0.17 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./166", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./166", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./166/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./166/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./166/binderfs") = 0 [ 203.840039][ T36] [ 203.840039][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 203.840039][ T36] [ 203.850584][ T36] [ 203.850584][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 203.850584][ T36] [ 203.861322][ T5827] [ 203.861322][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 203.861322][ T5827] [ 203.872108][ T113] [ 203.872108][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 203.872108][ T113] [ 203.882742][ T5827] umount2("./166/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./166/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./166/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 203.882742][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 203.882742][ T5827] umount2("./166/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./166/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./166/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./166") = 0 mkdir("./167", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6015 attached [pid 6015] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 6015 [pid 6015] <... set_robust_list resumed>) = 0 [pid 6015] chdir("./167") = 0 [pid 6015] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6015] setpgid(0, 0) = 0 [pid 6015] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6015] write(3, "1000", 4) = 4 [pid 6015] close(3) = 0 [pid 6015] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6015] write(1, "executing program\n", 18executing program ) = 18 [pid 6015] memfd_create("syzkaller", 0) = 3 [pid 6015] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6015] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6015] munmap(0x7fac16400000, 138412032) = 0 [pid 6015] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6015] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6015] close(3) = 0 [pid 6015] close(4) = 0 [pid 6015] mkdir("./bus", 0777) = 0 [ 204.445338][ T6015] loop0: detected capacity change from 0 to 32768 [pid 6015] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6015] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6015] chdir("./bus") = 0 [pid 6015] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6015] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6015] exit_group(0) = ? [pid 6015] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6015, si_uid=0, si_status=0, si_utime=0, si_stime=20 /* 0.20 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 204.491818][ T6015] [ 204.491818][ T6015] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 204.491818][ T6015] umount2("./167", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./167", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./167/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./167/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./167/binderfs") = 0 [ 204.532278][ T36] [ 204.532278][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 204.532278][ T36] [ 204.543337][ T36] [ 204.543337][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 204.543337][ T36] [ 204.554313][ T112] [ 204.554313][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 204.554313][ T112] [ 204.564914][ T5827] [ 204.564914][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 204.564914][ T5827] [ 204.576092][ T5827] umount2("./167/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./167/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./167/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./167/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./167/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 [ 204.576092][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 204.576092][ T5827] close(4) = 0 rmdir("./167/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./167") = 0 mkdir("./168", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6016 attached , child_tidptr=0x55556c245750) = 6016 [pid 6016] set_robust_list(0x55556c245760, 24) = 0 [pid 6016] chdir("./168") = 0 [pid 6016] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6016] setpgid(0, 0) = 0 [pid 6016] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6016] write(3, "1000", 4) = 4 [pid 6016] close(3) = 0 [pid 6016] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6016] write(1, "executing program\n", 18) = 18 [pid 6016] memfd_create("syzkaller", 0) = 3 [pid 6016] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6016] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6016] munmap(0x7fac16400000, 138412032) = 0 [pid 6016] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6016] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6016] close(3) = 0 [pid 6016] close(4) = 0 [pid 6016] mkdir("./bus", 0777) = 0 [pid 6016] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6016] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6016] chdir("./bus") = 0 [pid 6016] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6016] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6016] exit_group(0) = ? [ 205.038909][ T6016] loop0: detected capacity change from 0 to 32768 [ 205.057735][ T6016] [ 205.057735][ T6016] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 205.057735][ T6016] [pid 6016] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6016, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=18 /* 0.18 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./168", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./168", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./168/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./168/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./168/binderfs") = 0 [ 205.226306][ T36] [ 205.226306][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 205.226306][ T36] [ 205.236874][ T36] [ 205.236874][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 205.236874][ T36] [ 205.247780][ T113] [ 205.247780][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 205.247780][ T113] [ 205.258420][ T5827] [ 205.258420][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 205.258420][ T5827] [ 205.269868][ T5827] umount2("./168/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./168/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./168/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./168/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./168/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./168/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./168") = 0 mkdir("./169", 0777) = 0 [ 205.269868][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 205.269868][ T5827] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6017 attached , child_tidptr=0x55556c245750) = 6017 [pid 6017] set_robust_list(0x55556c245760, 24) = 0 [pid 6017] chdir("./169") = 0 [pid 6017] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6017] setpgid(0, 0) = 0 [pid 6017] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6017] write(3, "1000", 4) = 4 [pid 6017] close(3) = 0 [pid 6017] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6017] write(1, "executing program\n", 18executing program ) = 18 [pid 6017] memfd_create("syzkaller", 0) = 3 [pid 6017] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6017] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6017] munmap(0x7fac16400000, 138412032) = 0 [pid 6017] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6017] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6017] close(3) = 0 [pid 6017] close(4) = 0 [pid 6017] mkdir("./bus", 0777) = 0 [pid 6017] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6017] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6017] chdir("./bus") = 0 [pid 6017] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6017] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6017] exit_group(0) = ? [pid 6017] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6017, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./169", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 205.708158][ T6017] loop0: detected capacity change from 0 to 32768 [ 205.737770][ T6017] [ 205.737770][ T6017] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 205.737770][ T6017] openat(AT_FDCWD, "./169", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./169/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./169/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./169/binderfs") = 0 [ 205.871755][ T13] [ 205.871755][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 205.871755][ T13] [ 205.882270][ T13] [ 205.882270][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 205.882270][ T13] [ 205.893301][ T112] [ 205.893301][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 205.893301][ T112] [ 205.903915][ T5827] [ 205.903915][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 205.903915][ T5827] [ 205.915085][ T5827] umount2("./169/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./169/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 205.915085][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 205.915085][ T5827] newfstatat(AT_FDCWD, "./169/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./169/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./169/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./169/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./169") = 0 mkdir("./170", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6018 attached [pid 6018] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 6018 [pid 6018] <... set_robust_list resumed>) = 0 [pid 6018] chdir("./170") = 0 [pid 6018] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6018] setpgid(0, 0) = 0 [pid 6018] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6018] write(3, "1000", 4) = 4 [pid 6018] close(3) = 0 [pid 6018] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6018] write(1, "executing program\n", 18executing program ) = 18 [pid 6018] memfd_create("syzkaller", 0) = 3 [pid 6018] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6018] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6018] munmap(0x7fac16400000, 138412032) = 0 [pid 6018] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6018] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6018] close(3) = 0 [pid 6018] close(4) = 0 [pid 6018] mkdir("./bus", 0777) = 0 [pid 6018] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6018] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6018] chdir("./bus") = 0 [pid 6018] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 206.472500][ T6018] loop0: detected capacity change from 0 to 32768 [ 206.505779][ T6018] [ 206.505779][ T6018] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 206.505779][ T6018] [pid 6018] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6018] exit_group(0) = ? [pid 6018] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6018, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=15 /* 0.15 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./170", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./170", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./170/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./170/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./170/binderfs") = 0 [ 206.666357][ T13] [ 206.666357][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 206.666357][ T13] [ 206.677090][ T13] [ 206.677090][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 206.677090][ T13] [ 206.688660][ T112] [ 206.688660][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 206.688660][ T112] [ 206.699245][ T5827] [ 206.699245][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 206.699245][ T5827] [ 206.710411][ T5827] umount2("./170/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./170/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./170/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./170/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./170/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./170/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./170") = 0 mkdir("./171", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 206.710411][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 206.710411][ T5827] close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6019 attached , child_tidptr=0x55556c245750) = 6019 [pid 6019] set_robust_list(0x55556c245760, 24) = 0 [pid 6019] chdir("./171") = 0 [pid 6019] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6019] setpgid(0, 0) = 0 [pid 6019] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6019] write(3, "1000", 4) = 4 [pid 6019] close(3) = 0 [pid 6019] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 6019] write(1, "executing program\n", 18) = 18 [pid 6019] memfd_create("syzkaller", 0) = 3 [pid 6019] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6019] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6019] munmap(0x7fac16400000, 138412032) = 0 [pid 6019] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6019] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6019] close(3) = 0 [pid 6019] close(4) = 0 [pid 6019] mkdir("./bus", 0777) = 0 [ 207.091312][ T6019] loop0: detected capacity change from 0 to 32768 [pid 6019] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6019] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6019] chdir("./bus") = 0 [pid 6019] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6019] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6019] exit_group(0) = ? [pid 6019] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6019, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=14 /* 0.14 s */} --- [ 207.142105][ T6019] [ 207.142105][ T6019] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 207.142105][ T6019] restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./171", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./171", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./171/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./171/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./171/binderfs") = 0 [ 207.309954][ T13] [ 207.309954][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 207.309954][ T13] [ 207.320651][ T13] [ 207.320651][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 207.320651][ T13] [ 207.331770][ T113] [ 207.331770][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 207.331770][ T113] [ 207.342426][ T5827] [ 207.342426][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 207.342426][ T5827] [ 207.353846][ T5827] umount2("./171/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./171/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./171/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 207.353846][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 207.353846][ T5827] umount2("./171/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./171/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./171/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./171") = 0 mkdir("./172", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6020 attached , child_tidptr=0x55556c245750) = 6020 [pid 6020] set_robust_list(0x55556c245760, 24) = 0 [pid 6020] chdir("./172") = 0 [pid 6020] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6020] setpgid(0, 0) = 0 [pid 6020] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6020] write(3, "1000", 4) = 4 [pid 6020] close(3) = 0 [pid 6020] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6020] write(1, "executing program\n", 18) = 18 [pid 6020] memfd_create("syzkaller", 0) = 3 [pid 6020] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6020] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6020] munmap(0x7fac16400000, 138412032) = 0 [pid 6020] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6020] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6020] close(3) = 0 [pid 6020] close(4) = 0 [pid 6020] mkdir("./bus", 0777) = 0 [pid 6020] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6020] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6020] chdir("./bus") = 0 [pid 6020] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 207.953773][ T6020] loop0: detected capacity change from 0 to 32768 [ 207.992888][ T6020] [ 207.992888][ T6020] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 207.992888][ T6020] [pid 6020] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6020] exit_group(0) = ? [pid 6020] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6020, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=20 /* 0.20 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./172", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./172", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./172/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./172/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./172/binderfs") = 0 [ 208.152055][ T13] [ 208.152055][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 208.152055][ T13] [ 208.162628][ T13] [ 208.162628][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 208.162628][ T13] [ 208.173784][ T112] [ 208.173784][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 208.173784][ T112] [ 208.184529][ T5827] [ 208.184529][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 208.184529][ T5827] [ 208.195524][ T5827] umount2("./172/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./172/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./172/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./172/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./172/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./172/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./172") = 0 mkdir("./173", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 208.195524][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 208.195524][ T5827] close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6021 attached [pid 6021] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 6021 [pid 6021] <... set_robust_list resumed>) = 0 [pid 6021] chdir("./173") = 0 [pid 6021] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6021] setpgid(0, 0) = 0 [pid 6021] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6021] write(3, "1000", 4) = 4 [pid 6021] close(3) = 0 [pid 6021] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6021] write(1, "executing program\n", 18) = 18 [pid 6021] memfd_create("syzkaller", 0) = 3 [pid 6021] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6021] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6021] munmap(0x7fac16400000, 138412032) = 0 [pid 6021] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6021] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6021] close(3) = 0 [pid 6021] close(4) = 0 [pid 6021] mkdir("./bus", 0777) = 0 [pid 6021] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6021] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6021] chdir("./bus") = 0 [pid 6021] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6021] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6021] exit_group(0) = ? [pid 6021] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6021, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=17 /* 0.17 s */} --- [ 208.591852][ T6021] loop0: detected capacity change from 0 to 32768 [ 208.625515][ T6021] [ 208.625515][ T6021] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 208.625515][ T6021] umount2("./173", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./173", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./173/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./173/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./173/binderfs") = 0 [ 208.764413][ T1088] [ 208.764413][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 208.764413][ T1088] [ 208.775097][ T1088] [ 208.775097][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 208.775097][ T1088] [ 208.786165][ T113] [ 208.786165][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 208.786165][ T113] [ 208.796840][ T5827] [ 208.796840][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 208.796840][ T5827] [ 208.807888][ T5827] umount2("./173/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./173/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./173/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 208.807888][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 208.807888][ T5827] umount2("./173/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./173/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./173/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./173") = 0 mkdir("./174", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6022 attached [pid 6022] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 6022 [pid 6022] <... set_robust_list resumed>) = 0 [pid 6022] chdir("./174") = 0 [pid 6022] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6022] setpgid(0, 0) = 0 [pid 6022] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6022] write(3, "1000", 4) = 4 [pid 6022] close(3) = 0 [pid 6022] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6022] write(1, "executing program\n", 18executing program ) = 18 [pid 6022] memfd_create("syzkaller", 0) = 3 [pid 6022] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6022] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6022] munmap(0x7fac16400000, 138412032) = 0 [pid 6022] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6022] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6022] close(3) = 0 [pid 6022] close(4) = 0 [pid 6022] mkdir("./bus", 0777) = 0 [pid 6022] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6022] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6022] chdir("./bus") = 0 [pid 6022] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6022] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6022] exit_group(0) = ? [pid 6022] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6022, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=17 /* 0.17 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 209.391427][ T6022] loop0: detected capacity change from 0 to 32768 [ 209.410625][ T6022] [ 209.410625][ T6022] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 209.410625][ T6022] umount2("./174", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./174", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./174/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./174/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./174/binderfs") = 0 [ 209.521596][ T1088] [ 209.521596][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 209.521596][ T1088] [ 209.532130][ T1088] [ 209.532130][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 209.532130][ T1088] [ 209.543261][ T112] [ 209.543261][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 209.543261][ T112] [ 209.554015][ T5827] [ 209.554015][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 209.554015][ T5827] [ 209.564976][ T5827] umount2("./174/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./174/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./174/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 209.564976][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 209.564976][ T5827] umount2("./174/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./174/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./174/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./174") = 0 mkdir("./175", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6023 attached , child_tidptr=0x55556c245750) = 6023 [pid 6023] set_robust_list(0x55556c245760, 24) = 0 [pid 6023] chdir("./175") = 0 [pid 6023] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6023] setpgid(0, 0) = 0 [pid 6023] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6023] write(3, "1000", 4) = 4 [pid 6023] close(3) = 0 [pid 6023] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6023] write(1, "executing program\n", 18executing program ) = 18 [pid 6023] memfd_create("syzkaller", 0) = 3 [pid 6023] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6023] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6023] munmap(0x7fac16400000, 138412032) = 0 [pid 6023] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6023] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6023] close(3) = 0 [pid 6023] close(4) = 0 [pid 6023] mkdir("./bus", 0777) = 0 [pid 6023] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6023] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6023] chdir("./bus") = 0 [pid 6023] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6023] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [ 210.253241][ T6023] loop0: detected capacity change from 0 to 32768 [ 210.283497][ T6023] [ 210.283497][ T6023] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 210.283497][ T6023] [pid 6023] exit_group(0) = ? [pid 6023] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6023, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=21 /* 0.21 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./175", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./175", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./175/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./175/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./175/binderfs") = 0 [ 210.479838][ T13] [ 210.479838][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 210.479838][ T13] [ 210.490617][ T13] [ 210.490617][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 210.490617][ T13] [ 210.501739][ T113] [ 210.501739][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 210.501739][ T113] [ 210.512434][ T5827] [ 210.512434][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 210.512434][ T5827] [ 210.523380][ T5827] umount2("./175/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./175/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./175/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./175/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./175/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./175/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./175") = 0 mkdir("./176", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 210.523380][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 210.523380][ T5827] close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6024 attached , child_tidptr=0x55556c245750) = 6024 [pid 6024] set_robust_list(0x55556c245760, 24) = 0 [pid 6024] chdir("./176") = 0 [pid 6024] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6024] setpgid(0, 0) = 0 [pid 6024] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6024] write(3, "1000", 4) = 4 [pid 6024] close(3) = 0 [pid 6024] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6024] write(1, "executing program\n", 18) = 18 [pid 6024] memfd_create("syzkaller", 0) = 3 [pid 6024] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6024] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6024] munmap(0x7fac16400000, 138412032) = 0 [pid 6024] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6024] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6024] close(3) = 0 [pid 6024] close(4) = 0 [pid 6024] mkdir("./bus", 0777) = 0 [pid 6024] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6024] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6024] chdir("./bus") = 0 [pid 6024] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6024] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6024] exit_group(0) = ? [pid 6024] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6024, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=15 /* 0.15 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 210.936206][ T6024] loop0: detected capacity change from 0 to 32768 [ 210.956761][ T6024] [ 210.956761][ T6024] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 210.956761][ T6024] umount2("./176", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./176", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./176/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./176/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./176/binderfs") = 0 [ 211.112884][ T36] [ 211.112884][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 211.112884][ T36] [ 211.123581][ T36] [ 211.123581][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 211.123581][ T36] [ 211.134325][ T5827] [ 211.134325][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 211.134325][ T5827] [ 211.145235][ T112] [ 211.145235][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 211.145235][ T112] [ 211.155870][ T5827] umount2("./176/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./176/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./176/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./176/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./176/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 [ 211.155870][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 211.155870][ T5827] close(4) = 0 rmdir("./176/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./176") = 0 mkdir("./177", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6025 attached , child_tidptr=0x55556c245750) = 6025 [pid 6025] set_robust_list(0x55556c245760, 24) = 0 [pid 6025] chdir("./177") = 0 [pid 6025] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6025] setpgid(0, 0) = 0 [pid 6025] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6025] write(3, "1000", 4) = 4 [pid 6025] close(3) = 0 executing program [pid 6025] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6025] write(1, "executing program\n", 18) = 18 [pid 6025] memfd_create("syzkaller", 0) = 3 [pid 6025] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6025] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6025] munmap(0x7fac16400000, 138412032) = 0 [pid 6025] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6025] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6025] close(3) = 0 [pid 6025] close(4) = 0 [pid 6025] mkdir("./bus", 0777) = 0 [ 211.608560][ T6025] loop0: detected capacity change from 0 to 32768 [pid 6025] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6025] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6025] chdir("./bus") = 0 [pid 6025] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6025] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6025] exit_group(0) = ? [pid 6025] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6025, si_uid=0, si_status=0, si_utime=0, si_stime=17 /* 0.17 s */} --- [ 211.668691][ T6025] [ 211.668691][ T6025] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 211.668691][ T6025] restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./177", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./177", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./177/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./177/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./177/binderfs") = 0 [ 211.785954][ T36] [ 211.785954][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 211.785954][ T36] [ 211.796520][ T36] [ 211.796520][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 211.796520][ T36] [ 211.808112][ T112] [ 211.808112][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 211.808112][ T112] [ 211.818679][ T5827] [ 211.818679][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 211.818679][ T5827] [ 211.829489][ T5827] umount2("./177/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./177/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./177/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 211.829489][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 211.829489][ T5827] umount2("./177/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./177/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./177/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./177") = 0 mkdir("./178", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6026 attached , child_tidptr=0x55556c245750) = 6026 [pid 6026] set_robust_list(0x55556c245760, 24) = 0 [pid 6026] chdir("./178") = 0 [pid 6026] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6026] setpgid(0, 0) = 0 [pid 6026] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6026] write(3, "1000", 4) = 4 [pid 6026] close(3) = 0 [pid 6026] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6026] write(1, "executing program\n", 18) = 18 [pid 6026] memfd_create("syzkaller", 0) = 3 [pid 6026] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6026] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6026] munmap(0x7fac16400000, 138412032) = 0 [pid 6026] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6026] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6026] close(3) = 0 [pid 6026] close(4) = 0 [pid 6026] mkdir("./bus", 0777) = 0 [pid 6026] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6026] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6026] chdir("./bus") = 0 [pid 6026] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6026] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6026] exit_group(0) = ? [pid 6026] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6026, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=17 /* 0.17 s */} --- [ 212.375647][ T6026] loop0: detected capacity change from 0 to 32768 [ 212.394914][ T6026] [ 212.394914][ T6026] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 212.394914][ T6026] umount2("./178", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./178", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./178/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./178/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./178/binderfs") = 0 [ 212.564488][ T36] [ 212.564488][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 212.564488][ T36] [ 212.575116][ T36] [ 212.575116][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 212.575116][ T36] [ 212.586330][ T112] [ 212.586330][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 212.586330][ T112] [ 212.596971][ T5827] [ 212.596971][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 212.596971][ T5827] [ 212.607846][ T5827] umount2("./178/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./178/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./178/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 212.607846][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 212.607846][ T5827] umount2("./178/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./178/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./178/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./178") = 0 mkdir("./179", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6027 attached , child_tidptr=0x55556c245750) = 6027 [pid 6027] set_robust_list(0x55556c245760, 24) = 0 [pid 6027] chdir("./179") = 0 [pid 6027] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6027] setpgid(0, 0) = 0 [pid 6027] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6027] write(3, "1000", 4) = 4 [pid 6027] close(3) = 0 [pid 6027] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6027] write(1, "executing program\n", 18executing program ) = 18 [pid 6027] memfd_create("syzkaller", 0) = 3 [pid 6027] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6027] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6027] munmap(0x7fac16400000, 138412032) = 0 [pid 6027] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6027] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6027] close(3) = 0 [pid 6027] close(4) = 0 [pid 6027] mkdir("./bus", 0777) = 0 [pid 6027] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6027] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6027] chdir("./bus") = 0 [pid 6027] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 213.137836][ T6027] loop0: detected capacity change from 0 to 32768 [ 213.173830][ T6027] [ 213.173830][ T6027] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 213.173830][ T6027] [pid 6027] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6027] exit_group(0) = ? [pid 6027] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6027, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=17 /* 0.17 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./179", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./179", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./179/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./179/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./179/binderfs") = 0 [ 213.355553][ T1088] [ 213.355553][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 213.355553][ T1088] [ 213.366220][ T1088] [ 213.366220][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 213.366220][ T1088] [ 213.377061][ T5827] [ 213.377061][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 213.377061][ T5827] [ 213.388000][ T112] [ 213.388000][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 213.388000][ T112] [ 213.398674][ T5827] umount2("./179/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./179/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./179/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 213.398674][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 213.398674][ T5827] umount2("./179/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./179/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./179/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./179") = 0 mkdir("./180", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6028 attached , child_tidptr=0x55556c245750) = 6028 [pid 6028] set_robust_list(0x55556c245760, 24) = 0 [pid 6028] chdir("./180") = 0 [pid 6028] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6028] setpgid(0, 0) = 0 [pid 6028] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6028] write(3, "1000", 4) = 4 [pid 6028] close(3) = 0 [pid 6028] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6028] write(1, "executing program\n", 18) = 18 [pid 6028] memfd_create("syzkaller", 0) = 3 [pid 6028] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6028] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6028] munmap(0x7fac16400000, 138412032) = 0 [pid 6028] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6028] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6028] close(3) = 0 [pid 6028] close(4) = 0 [pid 6028] mkdir("./bus", 0777) = 0 [ 213.905416][ T6028] loop0: detected capacity change from 0 to 32768 [ 213.945311][ T6028] [ 213.945311][ T6028] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 213.945311][ T6028] [pid 6028] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6028] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6028] chdir("./bus") = 0 [pid 6028] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6028] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6028] exit_group(0) = ? [pid 6028] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6028, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=17 /* 0.17 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./180", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./180", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./180/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./180/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./180/binderfs") = 0 [ 214.125445][ T1088] [ 214.125445][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 214.125445][ T1088] [ 214.136096][ T1088] [ 214.136096][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 214.136096][ T1088] [ 214.147120][ T113] [ 214.147120][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 214.147120][ T113] [ 214.157817][ T5827] [ 214.157817][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 214.157817][ T5827] [ 214.168655][ T5827] umount2("./180/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./180/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./180/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./180/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./180/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./180/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./180") = 0 mkdir("./181", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 214.168655][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 214.168655][ T5827] close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6029 attached , child_tidptr=0x55556c245750) = 6029 [pid 6029] set_robust_list(0x55556c245760, 24) = 0 [pid 6029] chdir("./181") = 0 [pid 6029] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6029] setpgid(0, 0) = 0 [pid 6029] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6029] write(3, "1000", 4) = 4 [pid 6029] close(3) = 0 [pid 6029] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6029] write(1, "executing program\n", 18) = 18 [pid 6029] memfd_create("syzkaller", 0) = 3 [pid 6029] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6029] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6029] munmap(0x7fac16400000, 138412032) = 0 [pid 6029] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6029] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6029] close(3) = 0 [pid 6029] close(4) = 0 [pid 6029] mkdir("./bus", 0777) = 0 [pid 6029] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6029] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6029] chdir("./bus") = 0 [pid 6029] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6029] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6029] exit_group(0) = ? [pid 6029] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6029, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=18 /* 0.18 s */} --- [ 214.612782][ T6029] loop0: detected capacity change from 0 to 32768 [ 214.643456][ T6029] [ 214.643456][ T6029] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 214.643456][ T6029] restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./181", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./181", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./181/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./181/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./181/binderfs") = 0 [ 214.758058][ T1088] [ 214.758058][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 214.758058][ T1088] [ 214.768634][ T1088] [ 214.768634][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 214.768634][ T1088] [ 214.779642][ T112] [ 214.779642][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 214.779642][ T112] [ 214.790220][ T5827] [ 214.790220][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 214.790220][ T5827] [ 214.801199][ T5827] umount2("./181/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./181/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./181/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 214.801199][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 214.801199][ T5827] umount2("./181/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./181/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./181/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./181") = 0 mkdir("./182", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6030 attached , child_tidptr=0x55556c245750) = 6030 [pid 6030] set_robust_list(0x55556c245760, 24) = 0 [pid 6030] chdir("./182") = 0 [pid 6030] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6030] setpgid(0, 0) = 0 [pid 6030] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6030] write(3, "1000", 4) = 4 [pid 6030] close(3) = 0 [pid 6030] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6030] write(1, "executing program\n", 18executing program ) = 18 [pid 6030] memfd_create("syzkaller", 0) = 3 [pid 6030] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6030] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6030] munmap(0x7fac16400000, 138412032) = 0 [pid 6030] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6030] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6030] close(3) = 0 [pid 6030] close(4) = 0 [pid 6030] mkdir("./bus", 0777) = 0 [pid 6030] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6030] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6030] chdir("./bus") = 0 [pid 6030] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6030] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6030] exit_group(0) = ? [pid 6030] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6030, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=13 /* 0.13 s */} --- [ 215.402284][ T6030] loop0: detected capacity change from 0 to 32768 [ 215.430230][ T6030] [ 215.430230][ T6030] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 215.430230][ T6030] restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./182", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./182", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./182/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./182/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./182/binderfs") = 0 [ 215.503857][ T1088] [ 215.503857][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 215.503857][ T1088] [ 215.514455][ T1088] [ 215.514455][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 215.514455][ T1088] [ 215.525604][ T5827] [ 215.525604][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 215.525604][ T5827] [ 215.537681][ T112] [ 215.537681][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 215.537681][ T112] [ 215.548573][ T5827] umount2("./182/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./182/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./182/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 215.548573][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 215.548573][ T5827] umount2("./182/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./182/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./182/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./182") = 0 mkdir("./183", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6031 attached , child_tidptr=0x55556c245750) = 6031 [pid 6031] set_robust_list(0x55556c245760, 24) = 0 [pid 6031] chdir("./183") = 0 [pid 6031] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6031] setpgid(0, 0) = 0 [pid 6031] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6031] write(3, "1000", 4) = 4 [pid 6031] close(3) = 0 [pid 6031] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6031] write(1, "executing program\n", 18) = 18 [pid 6031] memfd_create("syzkaller", 0) = 3 [pid 6031] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6031] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6031] munmap(0x7fac16400000, 138412032) = 0 [pid 6031] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6031] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6031] close(3) = 0 [pid 6031] close(4) = 0 [pid 6031] mkdir("./bus", 0777) = 0 [pid 6031] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6031] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6031] chdir("./bus") = 0 [ 216.146211][ T6031] loop0: detected capacity change from 0 to 32768 [ 216.179078][ T6031] [ 216.179078][ T6031] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 216.179078][ T6031] [pid 6031] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6031] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6031] exit_group(0) = ? [pid 6031] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6031, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./183", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./183", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./183/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./183/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./183/binderfs") = 0 [ 216.361004][ T1088] [ 216.361004][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 216.361004][ T1088] [ 216.371870][ T1088] [ 216.371870][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 216.371870][ T1088] [ 216.383098][ T113] [ 216.383098][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 216.383098][ T113] [ 216.393713][ T5827] [ 216.393713][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 216.393713][ T5827] [ 216.404493][ T5827] umount2("./183/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./183/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./183/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./183/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./183/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./183/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./183") = 0 mkdir("./184", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 216.404493][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 216.404493][ T5827] ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6032 attached [pid 6032] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 6032 [pid 6032] <... set_robust_list resumed>) = 0 [pid 6032] chdir("./184") = 0 [pid 6032] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6032] setpgid(0, 0) = 0 [pid 6032] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6032] write(3, "1000", 4) = 4 [pid 6032] close(3) = 0 [pid 6032] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6032] write(1, "executing program\n", 18) = 18 [pid 6032] memfd_create("syzkaller", 0) = 3 [pid 6032] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6032] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6032] munmap(0x7fac16400000, 138412032) = 0 [pid 6032] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6032] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6032] close(3) = 0 [pid 6032] close(4) = 0 [pid 6032] mkdir("./bus", 0777) = 0 [ 216.813569][ T6032] loop0: detected capacity change from 0 to 32768 [ 216.853382][ T6032] [ 216.853382][ T6032] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 216.853382][ T6032] [pid 6032] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6032] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6032] chdir("./bus") = 0 [pid 6032] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6032] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6032] exit_group(0) = ? [pid 6032] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6032, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./184", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./184", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./184/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./184/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./184/binderfs") = 0 [ 217.031692][ T36] [ 217.031692][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 217.031692][ T36] [ 217.042291][ T36] [ 217.042291][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 217.042291][ T36] [ 217.053444][ T112] [ 217.053444][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 217.053444][ T112] [ 217.064058][ T5827] [ 217.064058][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 217.064058][ T5827] [ 217.074953][ T5827] umount2("./184/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./184/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./184/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 217.074953][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 217.074953][ T5827] umount2("./184/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./184/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./184/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./184") = 0 mkdir("./185", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6033 attached , child_tidptr=0x55556c245750) = 6033 [pid 6033] set_robust_list(0x55556c245760, 24) = 0 [pid 6033] chdir("./185") = 0 [pid 6033] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6033] setpgid(0, 0) = 0 [pid 6033] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6033] write(3, "1000", 4) = 4 [pid 6033] close(3) = 0 [pid 6033] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6033] write(1, "executing program\n", 18) = 18 [pid 6033] memfd_create("syzkaller", 0) = 3 [pid 6033] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6033] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6033] munmap(0x7fac16400000, 138412032) = 0 [pid 6033] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6033] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6033] close(3) = 0 [pid 6033] close(4) = 0 [pid 6033] mkdir("./bus", 0777) = 0 [pid 6033] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6033] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6033] chdir("./bus") = 0 [pid 6033] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6033] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6033] exit_group(0) = ? [pid 6033] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6033, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=19 /* 0.19 s */} --- [ 217.652344][ T6033] loop0: detected capacity change from 0 to 32768 [ 217.691748][ T6033] [ 217.691748][ T6033] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 217.691748][ T6033] restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./185", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./185", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./185/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./185/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./185/binderfs") = 0 [ 217.820553][ T13] [ 217.820553][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 217.820553][ T13] [ 217.831086][ T13] [ 217.831086][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 217.831086][ T13] [ 217.842541][ T112] [ 217.842541][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 217.842541][ T112] [ 217.853185][ T5827] [ 217.853185][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 217.853185][ T5827] [ 217.863994][ T5827] umount2("./185/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./185/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./185/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 217.863994][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 217.863994][ T5827] umount2("./185/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./185/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./185/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./185") = 0 mkdir("./186", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6034 attached , child_tidptr=0x55556c245750) = 6034 [pid 6034] set_robust_list(0x55556c245760, 24) = 0 [pid 6034] chdir("./186") = 0 [pid 6034] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6034] setpgid(0, 0) = 0 [pid 6034] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6034] write(3, "1000", 4) = 4 [pid 6034] close(3) = 0 [pid 6034] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6034] write(1, "executing program\n", 18executing program ) = 18 [pid 6034] memfd_create("syzkaller", 0) = 3 [pid 6034] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6034] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6034] munmap(0x7fac16400000, 138412032) = 0 [pid 6034] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6034] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6034] close(3) = 0 [pid 6034] close(4) = 0 [pid 6034] mkdir("./bus", 0777) = 0 [pid 6034] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6034] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [ 218.414894][ T6034] loop0: detected capacity change from 0 to 32768 [ 218.446903][ T6034] [ 218.446903][ T6034] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 218.446903][ T6034] [pid 6034] chdir("./bus") = 0 [pid 6034] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6034] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6034] exit_group(0) = ? [pid 6034] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6034, si_uid=0, si_status=0, si_utime=0, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./186", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./186", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./186/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./186/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./186/binderfs") = 0 [ 218.658275][ T36] [ 218.658275][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 218.658275][ T36] [ 218.668811][ T36] [ 218.668811][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 218.668811][ T36] [ 218.680130][ T113] [ 218.680130][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 218.680130][ T113] [ 218.690807][ T5827] [ 218.690807][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 218.690807][ T5827] [ 218.701772][ T5827] umount2("./186/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./186/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./186/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 218.701772][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 218.701772][ T5827] umount2("./186/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./186/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./186/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./186") = 0 mkdir("./187", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6035 attached , child_tidptr=0x55556c245750) = 6035 [pid 6035] set_robust_list(0x55556c245760, 24) = 0 [pid 6035] chdir("./187") = 0 [pid 6035] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6035] setpgid(0, 0) = 0 [pid 6035] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6035] write(3, "1000", 4) = 4 [pid 6035] close(3) = 0 [pid 6035] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6035] write(1, "executing program\n", 18) = 18 [pid 6035] memfd_create("syzkaller", 0) = 3 [pid 6035] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6035] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6035] munmap(0x7fac16400000, 138412032) = 0 [pid 6035] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6035] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6035] close(3) = 0 [pid 6035] close(4) = 0 [pid 6035] mkdir("./bus", 0777) = 0 [pid 6035] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6035] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6035] chdir("./bus") = 0 [ 219.266390][ T6035] loop0: detected capacity change from 0 to 32768 [ 219.300677][ T6035] [ 219.300677][ T6035] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 219.300677][ T6035] [pid 6035] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6035] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6035] exit_group(0) = ? [pid 6035] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6035, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=18 /* 0.18 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./187", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./187", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./187/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./187/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./187/binderfs") = 0 [ 219.496668][ T36] [ 219.496668][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 219.496668][ T36] [ 219.507298][ T36] [ 219.507298][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 219.507298][ T36] [ 219.518023][ T5827] [ 219.518023][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 219.518023][ T5827] [ 219.529828][ T113] [ 219.529828][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 219.529828][ T113] [ 219.540498][ T5827] umount2("./187/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./187/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./187/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 219.540498][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 219.540498][ T5827] umount2("./187/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./187/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./187/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./187") = 0 mkdir("./188", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6036 attached , child_tidptr=0x55556c245750) = 6036 [pid 6036] set_robust_list(0x55556c245760, 24) = 0 [pid 6036] chdir("./188") = 0 [pid 6036] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6036] setpgid(0, 0) = 0 [pid 6036] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6036] write(3, "1000", 4) = 4 [pid 6036] close(3) = 0 [pid 6036] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6036] write(1, "executing program\n", 18executing program ) = 18 [pid 6036] memfd_create("syzkaller", 0) = 3 [pid 6036] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6036] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6036] munmap(0x7fac16400000, 138412032) = 0 [pid 6036] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6036] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6036] close(3) = 0 [pid 6036] close(4) = 0 [pid 6036] mkdir("./bus", 0777) = 0 [ 220.087296][ T6036] loop0: detected capacity change from 0 to 32768 [pid 6036] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6036] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6036] chdir("./bus") = 0 [pid 6036] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6036] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6036] exit_group(0) = ? [pid 6036] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6036, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 220.144760][ T6036] [ 220.144760][ T6036] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 220.144760][ T6036] umount2("./188", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./188", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./188/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./188/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./188/binderfs") = 0 [ 220.328646][ T13] [ 220.328646][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 220.328646][ T13] [ 220.339326][ T13] [ 220.339326][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 220.339326][ T13] [ 220.350936][ T112] [ 220.350936][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 220.350936][ T112] [ 220.361554][ T5827] [ 220.361554][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 220.361554][ T5827] [ 220.372416][ T5827] umount2("./188/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./188/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./188/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 220.372416][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 220.372416][ T5827] umount2("./188/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./188/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./188/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./188") = 0 mkdir("./189", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6037 attached [pid 6037] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 6037 [pid 6037] <... set_robust_list resumed>) = 0 [pid 6037] chdir("./189") = 0 [pid 6037] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6037] setpgid(0, 0) = 0 [pid 6037] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6037] write(3, "1000", 4) = 4 [pid 6037] close(3) = 0 [pid 6037] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6037] write(1, "executing program\n", 18executing program ) = 18 [pid 6037] memfd_create("syzkaller", 0) = 3 [pid 6037] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6037] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6037] munmap(0x7fac16400000, 138412032) = 0 [pid 6037] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6037] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6037] close(3) = 0 [pid 6037] close(4) = 0 [pid 6037] mkdir("./bus", 0777) = 0 [ 220.951359][ T6037] loop0: detected capacity change from 0 to 32768 [pid 6037] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6037] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6037] chdir("./bus") = 0 [pid 6037] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6037] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6037] exit_group(0) = ? [pid 6037] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6037, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 220.998677][ T6037] [ 220.998677][ T6037] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 220.998677][ T6037] umount2("./189", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./189", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./189/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./189/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./189/binderfs") = 0 [ 221.155647][ T36] [ 221.155647][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 221.155647][ T36] [ 221.166760][ T36] [ 221.166760][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 221.166760][ T36] [ 221.177704][ T5827] [ 221.177704][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 221.177704][ T5827] [ 221.188898][ T113] [ 221.188898][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 221.188898][ T113] [ 221.199911][ T5827] umount2("./189/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./189/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./189/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 221.199911][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 221.199911][ T5827] umount2("./189/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./189/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./189/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./189") = 0 mkdir("./190", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6038 attached , child_tidptr=0x55556c245750) = 6038 [pid 6038] set_robust_list(0x55556c245760, 24) = 0 [pid 6038] chdir("./190") = 0 [pid 6038] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6038] setpgid(0, 0) = 0 [pid 6038] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6038] write(3, "1000", 4) = 4 [pid 6038] close(3) = 0 [pid 6038] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6038] write(1, "executing program\n", 18) = 18 [pid 6038] memfd_create("syzkaller", 0) = 3 [pid 6038] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6038] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6038] munmap(0x7fac16400000, 138412032) = 0 [pid 6038] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6038] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6038] close(3) = 0 [pid 6038] close(4) = 0 [pid 6038] mkdir("./bus", 0777) = 0 [pid 6038] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6038] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6038] chdir("./bus") = 0 [pid 6038] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6038] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6038] exit_group(0) = ? [pid 6038] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6038, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=14 /* 0.14 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 221.787048][ T6038] loop0: detected capacity change from 0 to 32768 [ 221.805949][ T6038] [ 221.805949][ T6038] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 221.805949][ T6038] umount2("./190", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./190", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./190/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./190/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./190/binderfs") = 0 [ 221.982938][ T1088] [ 221.982938][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 221.982938][ T1088] [ 221.993491][ T1088] [ 221.993491][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 221.993491][ T1088] [ 222.004488][ T113] [ 222.004488][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 222.004488][ T113] [ 222.015110][ T5827] [ 222.015110][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 222.015110][ T5827] [ 222.026193][ T5827] umount2("./190/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./190/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./190/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 222.026193][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 222.026193][ T5827] umount2("./190/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./190/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./190/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./190") = 0 mkdir("./191", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6039 attached , child_tidptr=0x55556c245750) = 6039 [pid 6039] set_robust_list(0x55556c245760, 24) = 0 [pid 6039] chdir("./191") = 0 [pid 6039] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6039] setpgid(0, 0) = 0 [pid 6039] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6039] write(3, "1000", 4) = 4 [pid 6039] close(3) = 0 [pid 6039] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6039] write(1, "executing program\n", 18executing program ) = 18 [pid 6039] memfd_create("syzkaller", 0) = 3 [pid 6039] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6039] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6039] munmap(0x7fac16400000, 138412032) = 0 [pid 6039] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6039] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6039] close(3) = 0 [pid 6039] close(4) = 0 [pid 6039] mkdir("./bus", 0777) = 0 [pid 6039] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6039] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6039] chdir("./bus") = 0 [pid 6039] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6039] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6039] exit_group(0) = ? [pid 6039] +++ exited with 0 +++ [ 222.557044][ T6039] loop0: detected capacity change from 0 to 32768 [ 222.586336][ T6039] [ 222.586336][ T6039] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 222.586336][ T6039] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6039, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=17 /* 0.17 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./191", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./191", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./191/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./191/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./191/binderfs") = 0 [ 222.763795][ T13] [ 222.763795][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 222.763795][ T13] [ 222.774355][ T13] [ 222.774355][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 222.774355][ T13] [ 222.785109][ T5827] [ 222.785109][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 222.785109][ T5827] [ 222.795994][ T113] [ 222.795994][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 222.795994][ T113] [ 222.806624][ T5827] umount2("./191/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./191/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./191/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 222.806624][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 222.806624][ T5827] umount2("./191/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./191/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./191/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./191") = 0 mkdir("./192", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6040 attached , child_tidptr=0x55556c245750) = 6040 [pid 6040] set_robust_list(0x55556c245760, 24) = 0 [pid 6040] chdir("./192") = 0 [pid 6040] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6040] setpgid(0, 0) = 0 [pid 6040] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6040] write(3, "1000", 4) = 4 [pid 6040] close(3) = 0 [pid 6040] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6040] write(1, "executing program\n", 18executing program ) = 18 [pid 6040] memfd_create("syzkaller", 0) = 3 [pid 6040] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6040] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6040] munmap(0x7fac16400000, 138412032) = 0 [pid 6040] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6040] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6040] close(3) = 0 [pid 6040] close(4) = 0 [pid 6040] mkdir("./bus", 0777) = 0 [pid 6040] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6040] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6040] chdir("./bus") = 0 [ 223.363102][ T6040] loop0: detected capacity change from 0 to 32768 [ 223.388967][ T6040] [ 223.388967][ T6040] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 223.388967][ T6040] [pid 6040] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6040] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6040] exit_group(0) = ? [pid 6040] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6040, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=17 /* 0.17 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./192", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./192", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./192/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./192/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./192/binderfs") = 0 [ 223.587820][ T13] [ 223.587820][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 223.587820][ T13] [ 223.598391][ T13] [ 223.598391][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 223.598391][ T13] [ 223.609417][ T112] [ 223.609417][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 223.609417][ T112] [ 223.619977][ T5827] [ 223.619977][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 223.619977][ T5827] [ 223.630959][ T5827] umount2("./192/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./192/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./192/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./192/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 223.630959][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 223.630959][ T5827] openat(AT_FDCWD, "./192/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./192/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./192") = 0 mkdir("./193", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6041 attached , child_tidptr=0x55556c245750) = 6041 [pid 6041] set_robust_list(0x55556c245760, 24) = 0 [pid 6041] chdir("./193") = 0 [pid 6041] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6041] setpgid(0, 0) = 0 [pid 6041] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6041] write(3, "1000", 4) = 4 [pid 6041] close(3) = 0 [pid 6041] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6041] write(1, "executing program\n", 18) = 18 [pid 6041] memfd_create("syzkaller", 0) = 3 [pid 6041] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6041] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6041] munmap(0x7fac16400000, 138412032) = 0 [pid 6041] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6041] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6041] close(3) = 0 [pid 6041] close(4) = 0 [pid 6041] mkdir("./bus", 0777) = 0 [pid 6041] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6041] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6041] chdir("./bus") = 0 [pid 6041] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6041] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6041] exit_group(0) = ? [pid 6041] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6041, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=16 /* 0.16 s */} --- umount2("./193", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 224.195232][ T6041] loop0: detected capacity change from 0 to 32768 [ 224.225811][ T6041] [ 224.225811][ T6041] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 224.225811][ T6041] openat(AT_FDCWD, "./193", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./193/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./193/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./193/binderfs") = 0 [ 224.392272][ T1088] [ 224.392272][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 224.392272][ T1088] [ 224.402855][ T1088] [ 224.402855][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 224.402855][ T1088] [ 224.414016][ T112] [ 224.414016][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 224.414016][ T112] [ 224.424571][ T5827] [ 224.424571][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 224.424571][ T5827] [ 224.435751][ T5827] umount2("./193/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./193/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./193/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./193/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./193/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./193/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./193") = 0 mkdir("./194", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 224.435751][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 224.435751][ T5827] close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6042 attached , child_tidptr=0x55556c245750) = 6042 [pid 6042] set_robust_list(0x55556c245760, 24) = 0 [pid 6042] chdir("./194") = 0 [pid 6042] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6042] setpgid(0, 0) = 0 [pid 6042] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6042] write(3, "1000", 4) = 4 [pid 6042] close(3) = 0 [pid 6042] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6042] write(1, "executing program\n", 18) = 18 [pid 6042] memfd_create("syzkaller", 0) = 3 [pid 6042] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6042] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6042] munmap(0x7fac16400000, 138412032) = 0 [pid 6042] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6042] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6042] close(3) = 0 [pid 6042] close(4) = 0 [pid 6042] mkdir("./bus", 0777) = 0 [pid 6042] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6042] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6042] chdir("./bus") = 0 [pid 6042] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6042] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6042] exit_group(0) = ? [pid 6042] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6042, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=17 /* 0.17 s */} --- [ 224.834065][ T6042] loop0: detected capacity change from 0 to 32768 [ 224.862489][ T6042] [ 224.862489][ T6042] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 224.862489][ T6042] restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./194", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./194", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./194/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./194/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./194/binderfs") = 0 [ 225.041279][ T1088] [ 225.041279][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 225.041279][ T1088] [ 225.051903][ T1088] [ 225.051903][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 225.051903][ T1088] [ 225.063392][ T113] [ 225.063392][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 225.063392][ T113] [ 225.074574][ T5827] [ 225.074574][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 225.074574][ T5827] [ 225.085529][ T5827] umount2("./194/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./194/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 225.085529][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 225.085529][ T5827] newfstatat(AT_FDCWD, "./194/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./194/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./194/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./194/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./194") = 0 mkdir("./195", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6043 attached , child_tidptr=0x55556c245750) = 6043 [pid 6043] set_robust_list(0x55556c245760, 24) = 0 [pid 6043] chdir("./195") = 0 [pid 6043] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6043] setpgid(0, 0) = 0 [pid 6043] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6043] write(3, "1000", 4) = 4 [pid 6043] close(3) = 0 [pid 6043] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6043] write(1, "executing program\n", 18executing program ) = 18 [pid 6043] memfd_create("syzkaller", 0) = 3 [pid 6043] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6043] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6043] munmap(0x7fac16400000, 138412032) = 0 [pid 6043] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6043] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6043] close(3) = 0 [pid 6043] close(4) = 0 [pid 6043] mkdir("./bus", 0777) = 0 [ 225.639401][ T6043] loop0: detected capacity change from 0 to 32768 [pid 6043] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6043] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6043] chdir("./bus") = 0 [ 225.681112][ T6043] [ 225.681112][ T6043] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 225.681112][ T6043] [pid 6043] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6043] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6043] exit_group(0) = ? [pid 6043] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6043, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=15 /* 0.15 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./195", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./195", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./195/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./195/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./195/binderfs") = 0 [ 225.866846][ T13] [ 225.866846][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 225.866846][ T13] [ 225.877503][ T13] [ 225.877503][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 225.877503][ T13] [ 225.888654][ T112] [ 225.888654][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 225.888654][ T112] [ 225.899359][ T5827] [ 225.899359][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 225.899359][ T5827] [ 225.910609][ T5827] umount2("./195/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./195/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./195/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 225.910609][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 225.910609][ T5827] umount2("./195/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./195/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./195/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./195") = 0 mkdir("./196", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6044 attached , child_tidptr=0x55556c245750) = 6044 [pid 6044] set_robust_list(0x55556c245760, 24) = 0 [pid 6044] chdir("./196") = 0 [pid 6044] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6044] setpgid(0, 0) = 0 [pid 6044] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6044] write(3, "1000", 4) = 4 [pid 6044] close(3) = 0 [pid 6044] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6044] write(1, "executing program\n", 18executing program ) = 18 [pid 6044] memfd_create("syzkaller", 0) = 3 [pid 6044] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6044] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6044] munmap(0x7fac16400000, 138412032) = 0 [pid 6044] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6044] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6044] close(3) = 0 [pid 6044] close(4) = 0 [pid 6044] mkdir("./bus", 0777) = 0 [pid 6044] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6044] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6044] chdir("./bus") = 0 [pid 6044] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6044] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [ 226.486309][ T6044] loop0: detected capacity change from 0 to 32768 [ 226.517637][ T6044] [ 226.517637][ T6044] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 226.517637][ T6044] [pid 6044] exit_group(0) = ? [pid 6044] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6044, si_uid=0, si_status=0, si_utime=0, si_stime=21 /* 0.21 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./196", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./196", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./196/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./196/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./196/binderfs") = 0 [ 226.719639][ T1088] [ 226.719639][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 226.719639][ T1088] [ 226.730141][ T1088] [ 226.730141][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 226.730141][ T1088] [ 226.741159][ T113] [ 226.741159][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 226.741159][ T113] [ 226.751851][ T5827] [ 226.751851][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 226.751851][ T5827] [ 226.762613][ T5827] umount2("./196/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./196/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./196/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./196/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 226.762613][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 226.762613][ T5827] openat(AT_FDCWD, "./196/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./196/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./196") = 0 mkdir("./197", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6045 attached , child_tidptr=0x55556c245750) = 6045 [pid 6045] set_robust_list(0x55556c245760, 24) = 0 [pid 6045] chdir("./197") = 0 [pid 6045] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6045] setpgid(0, 0) = 0 [pid 6045] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6045] write(3, "1000", 4) = 4 [pid 6045] close(3) = 0 [pid 6045] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6045] write(1, "executing program\n", 18executing program ) = 18 [pid 6045] memfd_create("syzkaller", 0) = 3 [pid 6045] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6045] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6045] munmap(0x7fac16400000, 138412032) = 0 [pid 6045] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6045] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6045] close(3) = 0 [pid 6045] close(4) = 0 [pid 6045] mkdir("./bus", 0777) = 0 [ 227.331080][ T6045] loop0: detected capacity change from 0 to 32768 [pid 6045] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6045] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6045] chdir("./bus") = 0 [pid 6045] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6045] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6045] exit_group(0) = ? [pid 6045] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6045, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=15 /* 0.15 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 227.371320][ T6045] [ 227.371320][ T6045] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 227.371320][ T6045] umount2("./197", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./197", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./197/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./197/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./197/binderfs") = 0 [ 227.503722][ T13] [ 227.503722][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 227.503722][ T13] [ 227.514331][ T13] [ 227.514331][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 227.514331][ T13] [ 227.525170][ T5827] [ 227.525170][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 227.525170][ T5827] [ 227.536239][ T112] [ 227.536239][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 227.536239][ T112] [ 227.546975][ T5827] umount2("./197/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./197/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./197/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 227.546975][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 227.546975][ T5827] umount2("./197/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./197/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./197/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./197") = 0 mkdir("./198", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6046 attached , child_tidptr=0x55556c245750) = 6046 [pid 6046] set_robust_list(0x55556c245760, 24) = 0 [pid 6046] chdir("./198") = 0 [pid 6046] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6046] setpgid(0, 0) = 0 [pid 6046] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6046] write(3, "1000", 4) = 4 [pid 6046] close(3) = 0 [pid 6046] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6046] write(1, "executing program\n", 18) = 18 [pid 6046] memfd_create("syzkaller", 0) = 3 [pid 6046] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6046] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6046] munmap(0x7fac16400000, 138412032) = 0 [pid 6046] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6046] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6046] close(3) = 0 [pid 6046] close(4) = 0 [pid 6046] mkdir("./bus", 0777) = 0 [pid 6046] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6046] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6046] chdir("./bus") = 0 [pid 6046] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6046] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6046] exit_group(0) = ? [pid 6046] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6046, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=17 /* 0.17 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 228.108328][ T6046] loop0: detected capacity change from 0 to 32768 [ 228.139451][ T6046] [ 228.139451][ T6046] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 228.139451][ T6046] umount2("./198", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./198", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./198/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./198/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./198/binderfs") = 0 [ 228.319933][ T1088] [ 228.319933][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 228.319933][ T1088] [ 228.330505][ T1088] [ 228.330505][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 228.330505][ T1088] [ 228.341226][ T5827] [ 228.341226][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 228.341226][ T5827] [ 228.352248][ T113] [ 228.352248][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 228.352248][ T113] [ 228.362918][ T5827] umount2("./198/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./198/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./198/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./198/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./198/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./198/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./198") = 0 mkdir("./199", 0777) = 0 [ 228.362918][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 228.362918][ T5827] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6047 attached , child_tidptr=0x55556c245750) = 6047 [pid 6047] set_robust_list(0x55556c245760, 24) = 0 [pid 6047] chdir("./199") = 0 [pid 6047] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6047] setpgid(0, 0) = 0 [pid 6047] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6047] write(3, "1000", 4) = 4 [pid 6047] close(3) = 0 [pid 6047] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6047] write(1, "executing program\n", 18executing program ) = 18 [pid 6047] memfd_create("syzkaller", 0) = 3 [pid 6047] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6047] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6047] munmap(0x7fac16400000, 138412032) = 0 [pid 6047] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6047] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6047] close(3) = 0 [pid 6047] close(4) = 0 [pid 6047] mkdir("./bus", 0777) = 0 [ 228.779843][ T6047] loop0: detected capacity change from 0 to 32768 [pid 6047] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6047] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6047] chdir("./bus") = 0 [ 228.829890][ T6047] [ 228.829890][ T6047] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 228.829890][ T6047] [pid 6047] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6047] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6047] exit_group(0) = ? [pid 6047] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6047, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=17 /* 0.17 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./199", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./199", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./199/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./199/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./199/binderfs") = 0 [ 229.040391][ T1088] [ 229.040391][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 229.040391][ T1088] [ 229.050964][ T1088] [ 229.050964][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 229.050964][ T1088] [ 229.062139][ T112] [ 229.062139][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 229.062139][ T112] [ 229.072747][ T5827] [ 229.072747][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 229.072747][ T5827] [ 229.083687][ T5827] umount2("./199/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./199/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./199/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 229.083687][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 229.083687][ T5827] umount2("./199/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./199/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./199/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./199") = 0 mkdir("./200", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6048 attached [pid 6048] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 6048 [pid 6048] <... set_robust_list resumed>) = 0 [pid 6048] chdir("./200") = 0 [pid 6048] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6048] setpgid(0, 0) = 0 [pid 6048] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6048] write(3, "1000", 4) = 4 [pid 6048] close(3) = 0 [pid 6048] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6048] write(1, "executing program\n", 18) = 18 [pid 6048] memfd_create("syzkaller", 0) = 3 [pid 6048] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6048] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6048] munmap(0x7fac16400000, 138412032) = 0 [pid 6048] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6048] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6048] close(3) = 0 [pid 6048] close(4) = 0 [pid 6048] mkdir("./bus", 0777) = 0 [ 229.656522][ T6048] loop0: detected capacity change from 0 to 32768 [pid 6048] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6048] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6048] chdir("./bus") = 0 [pid 6048] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6048] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6048] exit_group(0) = ? [pid 6048] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6048, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=14 /* 0.14 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./200", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./200", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 [ 229.708316][ T6048] [ 229.708316][ T6048] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 229.708316][ T6048] umount2("./200/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./200/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./200/binderfs") = 0 [ 229.821108][ T13] [ 229.821108][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 229.821108][ T13] [ 229.831648][ T13] [ 229.831648][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 229.831648][ T13] [ 229.842650][ T113] [ 229.842650][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 229.842650][ T113] [ 229.853244][ T5827] [ 229.853244][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 229.853244][ T5827] [ 229.864444][ T5827] umount2("./200/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./200/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./200/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 229.864444][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 229.864444][ T5827] umount2("./200/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./200/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./200/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./200") = 0 mkdir("./201", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6049 attached , child_tidptr=0x55556c245750) = 6049 [pid 6049] set_robust_list(0x55556c245760, 24) = 0 [pid 6049] chdir("./201") = 0 [pid 6049] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6049] setpgid(0, 0) = 0 [pid 6049] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6049] write(3, "1000", 4) = 4 [pid 6049] close(3) = 0 [pid 6049] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6049] write(1, "executing program\n", 18executing program ) = 18 [pid 6049] memfd_create("syzkaller", 0) = 3 [pid 6049] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6049] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6049] munmap(0x7fac16400000, 138412032) = 0 [pid 6049] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6049] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6049] close(3) = 0 [pid 6049] close(4) = 0 [pid 6049] mkdir("./bus", 0777) = 0 [pid 6049] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6049] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6049] chdir("./bus") = 0 [pid 6049] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6049] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6049] exit_group(0) = ? [pid 6049] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6049, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./201", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./201", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./201/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./201/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./201/binderfs") = 0 [ 230.423447][ T6049] loop0: detected capacity change from 0 to 32768 [ 230.445055][ T6049] [ 230.445055][ T6049] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 230.445055][ T6049] [ 230.514134][ T13] [ 230.514134][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 230.514134][ T13] [ 230.524803][ T13] [ 230.524803][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 230.524803][ T13] [ 230.539058][ T113] [ 230.539058][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 230.539058][ T113] [ 230.549997][ T5827] [ 230.549997][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 230.549997][ T5827] [ 230.560879][ T5827] umount2("./201/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./201/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./201/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./201/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 230.560879][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 230.560879][ T5827] openat(AT_FDCWD, "./201/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./201/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./201") = 0 mkdir("./202", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6050 attached , child_tidptr=0x55556c245750) = 6050 [pid 6050] set_robust_list(0x55556c245760, 24) = 0 [pid 6050] chdir("./202") = 0 [pid 6050] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6050] setpgid(0, 0) = 0 [pid 6050] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6050] write(3, "1000", 4) = 4 [pid 6050] close(3) = 0 [pid 6050] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6050] write(1, "executing program\n", 18) = 18 [pid 6050] memfd_create("syzkaller", 0) = 3 [pid 6050] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6050] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6050] munmap(0x7fac16400000, 138412032) = 0 [pid 6050] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6050] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6050] close(3) = 0 [pid 6050] close(4) = 0 [pid 6050] mkdir("./bus", 0777) = 0 [pid 6050] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6050] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6050] chdir("./bus") = 0 [pid 6050] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6050] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [ 231.126068][ T6050] loop0: detected capacity change from 0 to 32768 [ 231.153398][ T6050] [ 231.153398][ T6050] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 231.153398][ T6050] [pid 6050] exit_group(0) = ? [pid 6050] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6050, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=18 /* 0.18 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./202", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./202", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./202/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./202/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./202/binderfs") = 0 [ 231.259187][ T1088] [ 231.259187][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 231.259187][ T1088] [ 231.272055][ T1088] [ 231.272055][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 231.272055][ T1088] [ 231.283597][ T112] [ 231.283597][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 231.283597][ T112] [ 231.294182][ T5827] [ 231.294182][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 231.294182][ T5827] [ 231.305028][ T5827] umount2("./202/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./202/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./202/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./202/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./202/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./202/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./202") = 0 mkdir("./203", 0777) = 0 [ 231.305028][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 231.305028][ T5827] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6051 attached [pid 6051] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 6051 [pid 6051] <... set_robust_list resumed>) = 0 [pid 6051] chdir("./203") = 0 [pid 6051] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6051] setpgid(0, 0) = 0 [pid 6051] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6051] write(3, "1000", 4) = 4 [pid 6051] close(3) = 0 [pid 6051] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6051] write(1, "executing program\n", 18) = 18 [pid 6051] memfd_create("syzkaller", 0) = 3 [pid 6051] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6051] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6051] munmap(0x7fac16400000, 138412032) = 0 [pid 6051] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6051] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6051] close(3) = 0 [pid 6051] close(4) = 0 [pid 6051] mkdir("./bus", 0777) = 0 [ 231.760083][ T6051] loop0: detected capacity change from 0 to 32768 [pid 6051] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6051] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6051] chdir("./bus") = 0 [pid 6051] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6051] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6051] exit_group(0) = ? [ 231.807856][ T6051] [ 231.807856][ T6051] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 231.807856][ T6051] [pid 6051] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6051, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=13 /* 0.13 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./203", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./203", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./203/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./203/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./203/binderfs") = 0 [ 231.978499][ T1088] [ 231.978499][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 231.978499][ T1088] [ 231.989088][ T1088] [ 231.989088][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 231.989088][ T1088] [ 232.000033][ T5827] [ 232.000033][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 232.000033][ T5827] [ 232.011071][ T112] [ 232.011071][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 232.011071][ T112] [ 232.021837][ T5827] umount2("./203/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./203/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./203/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 232.021837][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 232.021837][ T5827] umount2("./203/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./203/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./203/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./203") = 0 mkdir("./204", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6052 attached [pid 6052] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 6052 [pid 6052] <... set_robust_list resumed>) = 0 [pid 6052] chdir("./204") = 0 [pid 6052] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6052] setpgid(0, 0) = 0 [pid 6052] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6052] write(3, "1000", 4) = 4 [pid 6052] close(3) = 0 [pid 6052] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6052] write(1, "executing program\n", 18) = 18 [pid 6052] memfd_create("syzkaller", 0) = 3 [pid 6052] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6052] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6052] munmap(0x7fac16400000, 138412032) = 0 [pid 6052] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6052] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6052] close(3) = 0 [pid 6052] close(4) = 0 [pid 6052] mkdir("./bus", 0777) = 0 [pid 6052] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6052] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6052] chdir("./bus") = 0 [pid 6052] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6052] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6052] exit_group(0) = ? [pid 6052] +++ exited with 0 +++ [ 232.555247][ T6052] loop0: detected capacity change from 0 to 32768 [ 232.583639][ T6052] [ 232.583639][ T6052] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 232.583639][ T6052] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6052, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=13 /* 0.13 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./204", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./204", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./204/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./204/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./204/binderfs") = 0 [ 232.771906][ T1088] [ 232.771906][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 232.771906][ T1088] [ 232.782635][ T1088] [ 232.782635][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 232.782635][ T1088] [ 232.793581][ T112] [ 232.793581][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 232.793581][ T112] [ 232.804286][ T5827] [ 232.804286][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 232.804286][ T5827] [ 232.815287][ T5827] umount2("./204/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./204/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./204/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 232.815287][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 232.815287][ T5827] umount2("./204/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./204/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./204/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./204") = 0 mkdir("./205", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6053 attached [pid 6053] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 6053 [pid 6053] <... set_robust_list resumed>) = 0 [pid 6053] chdir("./205") = 0 [pid 6053] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6053] setpgid(0, 0) = 0 [pid 6053] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6053] write(3, "1000", 4) = 4 [pid 6053] close(3) = 0 [pid 6053] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6053] write(1, "executing program\n", 18executing program ) = 18 [pid 6053] memfd_create("syzkaller", 0) = 3 [pid 6053] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6053] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6053] munmap(0x7fac16400000, 138412032) = 0 [pid 6053] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6053] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6053] close(3) = 0 [pid 6053] close(4) = 0 [pid 6053] mkdir("./bus", 0777) = 0 [pid 6053] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6053] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6053] chdir("./bus") = 0 [pid 6053] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6053] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6053] exit_group(0) = ? [pid 6053] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6053, si_uid=0, si_status=0, si_utime=0, si_stime=17 /* 0.17 s */} --- [ 233.403246][ T6053] loop0: detected capacity change from 0 to 32768 [ 233.430514][ T6053] [ 233.430514][ T6053] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 233.430514][ T6053] umount2("./205", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./205", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./205/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./205/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./205/binderfs") = 0 [ 233.493003][ T36] [ 233.493003][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 233.493003][ T36] [ 233.504634][ T36] [ 233.504634][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 233.504634][ T36] [ 233.515985][ T113] [ 233.515985][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 233.515985][ T113] [ 233.527094][ T5827] [ 233.527094][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 233.527094][ T5827] [ 233.538541][ T5827] umount2("./205/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./205/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./205/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./205/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 233.538541][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 233.538541][ T5827] openat(AT_FDCWD, "./205/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./205/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./205") = 0 mkdir("./206", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6054 attached , child_tidptr=0x55556c245750) = 6054 [pid 6054] set_robust_list(0x55556c245760, 24) = 0 [pid 6054] chdir("./206") = 0 [pid 6054] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6054] setpgid(0, 0) = 0 [pid 6054] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6054] write(3, "1000", 4) = 4 [pid 6054] close(3) = 0 [pid 6054] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6054] write(1, "executing program\n", 18) = 18 [pid 6054] memfd_create("syzkaller", 0) = 3 [pid 6054] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6054] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6054] munmap(0x7fac16400000, 138412032) = 0 [pid 6054] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6054] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6054] close(3) = 0 [pid 6054] close(4) = 0 [pid 6054] mkdir("./bus", 0777) = 0 [pid 6054] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6054] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6054] chdir("./bus") = 0 [pid 6054] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6054] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6054] exit_group(0) = ? [pid 6054] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6054, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=17 /* 0.17 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 234.112732][ T6054] loop0: detected capacity change from 0 to 32768 [ 234.148220][ T6054] [ 234.148220][ T6054] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 234.148220][ T6054] umount2("./206", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./206", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./206/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./206/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./206/binderfs") = 0 [ 234.221962][ T1088] [ 234.221962][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 234.221962][ T1088] [ 234.233234][ T1088] [ 234.233234][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 234.233234][ T1088] [ 234.244298][ T112] [ 234.244298][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 234.244298][ T112] [ 234.255289][ T5827] [ 234.255289][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 234.255289][ T5827] [ 234.266206][ T5827] umount2("./206/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./206/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./206/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 234.266206][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 234.266206][ T5827] umount2("./206/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./206/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./206/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./206") = 0 mkdir("./207", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6055 attached , child_tidptr=0x55556c245750) = 6055 [pid 6055] set_robust_list(0x55556c245760, 24) = 0 [pid 6055] chdir("./207") = 0 [pid 6055] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6055] setpgid(0, 0) = 0 [pid 6055] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6055] write(3, "1000", 4) = 4 [pid 6055] close(3) = 0 [pid 6055] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6055] write(1, "executing program\n", 18executing program ) = 18 [pid 6055] memfd_create("syzkaller", 0) = 3 [pid 6055] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6055] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6055] munmap(0x7fac16400000, 138412032) = 0 [pid 6055] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6055] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6055] close(3) = 0 [pid 6055] close(4) = 0 [pid 6055] mkdir("./bus", 0777) = 0 [pid 6055] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6055] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6055] chdir("./bus") = 0 [pid 6055] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6055] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6055] exit_group(0) = ? [pid 6055] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6055, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=18 /* 0.18 s */} --- umount2("./207", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./207", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./207/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./207/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./207/binderfs") = 0 [ 234.853501][ T6055] loop0: detected capacity change from 0 to 32768 [ 234.880387][ T6055] [ 234.880387][ T6055] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 234.880387][ T6055] [ 234.913962][ T1088] [ 234.913962][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 234.913962][ T1088] [ 234.927349][ T1088] [ 234.927349][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 234.927349][ T1088] [ 234.940983][ T113] [ 234.940983][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 234.940983][ T113] [ 234.952685][ T5827] [ 234.952685][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 234.952685][ T5827] umount2("./207/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./207/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./207/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./207/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 234.963628][ T5827] [ 234.963628][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 234.963628][ T5827] openat(AT_FDCWD, "./207/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./207/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./207") = 0 mkdir("./208", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6056 attached , child_tidptr=0x55556c245750) = 6056 [pid 6056] set_robust_list(0x55556c245760, 24) = 0 [pid 6056] chdir("./208") = 0 [pid 6056] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6056] setpgid(0, 0) = 0 [pid 6056] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6056] write(3, "1000", 4) = 4 [pid 6056] close(3) = 0 [pid 6056] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6056] write(1, "executing program\n", 18executing program ) = 18 [pid 6056] memfd_create("syzkaller", 0) = 3 [pid 6056] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6056] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6056] munmap(0x7fac16400000, 138412032) = 0 [pid 6056] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6056] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6056] close(3) = 0 [pid 6056] close(4) = 0 [pid 6056] mkdir("./bus", 0777) = 0 [pid 6056] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6056] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6056] chdir("./bus") = 0 [pid 6056] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6056] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6056] exit_group(0) = ? [pid 6056] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6056, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=13 /* 0.13 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 235.520790][ T6056] loop0: detected capacity change from 0 to 32768 [ 235.549705][ T6056] [ 235.549705][ T6056] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 235.549705][ T6056] umount2("./208", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./208", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./208/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./208/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./208/binderfs") = 0 [ 235.708238][ T1088] [ 235.708238][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 235.708238][ T1088] [ 235.718845][ T1088] [ 235.718845][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 235.718845][ T1088] [ 235.729889][ T5827] [ 235.729889][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 235.729889][ T5827] [ 235.740876][ T112] [ 235.740876][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 235.740876][ T112] [ 235.751549][ T5827] umount2("./208/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./208/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./208/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 235.751549][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 235.751549][ T5827] umount2("./208/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./208/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./208/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./208") = 0 mkdir("./209", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6057 attached , child_tidptr=0x55556c245750) = 6057 [pid 6057] set_robust_list(0x55556c245760, 24) = 0 [pid 6057] chdir("./209") = 0 [pid 6057] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6057] setpgid(0, 0) = 0 [pid 6057] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6057] write(3, "1000", 4) = 4 [pid 6057] close(3) = 0 [pid 6057] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6057] write(1, "executing program\n", 18executing program ) = 18 [pid 6057] memfd_create("syzkaller", 0) = 3 [pid 6057] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6057] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6057] munmap(0x7fac16400000, 138412032) = 0 [pid 6057] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6057] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6057] close(3) = 0 [pid 6057] close(4) = 0 [pid 6057] mkdir("./bus", 0777) = 0 [pid 6057] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6057] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6057] chdir("./bus") = 0 [pid 6057] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6057] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6057] exit_group(0) = ? [pid 6057] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6057, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=18 /* 0.18 s */} --- umount2("./209", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./209", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 [ 236.371879][ T6057] loop0: detected capacity change from 0 to 32768 [ 236.410141][ T6057] [ 236.410141][ T6057] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 236.410141][ T6057] umount2("./209/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./209/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./209/binderfs") = 0 [ 236.473292][ T36] [ 236.473292][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 236.473292][ T36] [ 236.485049][ T36] [ 236.485049][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 236.485049][ T36] [ 236.496317][ T112] [ 236.496317][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 236.496317][ T112] [ 236.506949][ T5827] [ 236.506949][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 236.506949][ T5827] [ 236.517817][ T5827] umount2("./209/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./209/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./209/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 236.517817][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 236.517817][ T5827] umount2("./209/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./209/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./209/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./209") = 0 mkdir("./210", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6058 attached [pid 6058] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 6058 [pid 6058] <... set_robust_list resumed>) = 0 [pid 6058] chdir("./210") = 0 [pid 6058] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6058] setpgid(0, 0) = 0 [pid 6058] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6058] write(3, "1000", 4) = 4 [pid 6058] close(3) = 0 [pid 6058] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6058] write(1, "executing program\n", 18) = 18 [pid 6058] memfd_create("syzkaller", 0) = 3 [pid 6058] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6058] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6058] munmap(0x7fac16400000, 138412032) = 0 [pid 6058] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6058] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6058] close(3) = 0 [pid 6058] close(4) = 0 [pid 6058] mkdir("./bus", 0777) = 0 [pid 6058] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6058] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6058] chdir("./bus") = 0 [pid 6058] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6058] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6058] exit_group(0) = ? [pid 6058] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6058, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=16 /* 0.16 s */} --- [ 237.071773][ T6058] loop0: detected capacity change from 0 to 32768 [ 237.091495][ T6058] [ 237.091495][ T6058] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 237.091495][ T6058] restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./210", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./210", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./210/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./210/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./210/binderfs") = 0 [ 237.252160][ T36] [ 237.252160][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 237.252160][ T36] [ 237.263386][ T36] [ 237.263386][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 237.263386][ T36] [ 237.274475][ T113] [ 237.274475][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 237.274475][ T113] [ 237.285229][ T5827] [ 237.285229][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 237.285229][ T5827] [ 237.296011][ T5827] umount2("./210/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./210/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./210/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./210/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./210/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./210/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./210") = 0 mkdir("./211", 0777) = 0 [ 237.296011][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 237.296011][ T5827] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6059 attached [pid 6059] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 6059 [pid 6059] <... set_robust_list resumed>) = 0 [pid 6059] chdir("./211") = 0 [pid 6059] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6059] setpgid(0, 0) = 0 [pid 6059] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6059] write(3, "1000", 4) = 4 [pid 6059] close(3) = 0 [pid 6059] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6059] write(1, "executing program\n", 18) = 18 [pid 6059] memfd_create("syzkaller", 0) = 3 [pid 6059] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6059] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6059] munmap(0x7fac16400000, 138412032) = 0 [pid 6059] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6059] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6059] close(3) = 0 [pid 6059] close(4) = 0 [pid 6059] mkdir("./bus", 0777) = 0 [ 237.755719][ T6059] loop0: detected capacity change from 0 to 32768 [pid 6059] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6059] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6059] chdir("./bus") = 0 [pid 6059] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 237.813472][ T6059] [ 237.813472][ T6059] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 237.813472][ T6059] [pid 6059] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6059] exit_group(0) = ? [pid 6059] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6059, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=16 /* 0.16 s */} --- umount2("./211", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./211", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./211/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./211/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./211/binderfs") = 0 [ 237.987907][ T36] [ 237.987907][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 237.987907][ T36] [ 237.998475][ T36] [ 237.998475][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 237.998475][ T36] [ 238.009269][ T5827] [ 238.009269][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 238.009269][ T5827] [ 238.020298][ T113] [ 238.020298][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 238.020298][ T113] [ 238.031018][ T5827] umount2("./211/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./211/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./211/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./211/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./211/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 [ 238.031018][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 238.031018][ T5827] getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./211/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./211") = 0 mkdir("./212", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6060 attached , child_tidptr=0x55556c245750) = 6060 [pid 6060] set_robust_list(0x55556c245760, 24) = 0 [pid 6060] chdir("./212") = 0 [pid 6060] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6060] setpgid(0, 0) = 0 [pid 6060] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6060] write(3, "1000", 4) = 4 [pid 6060] close(3) = 0 [pid 6060] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6060] write(1, "executing program\n", 18) = 18 [pid 6060] memfd_create("syzkaller", 0) = 3 [pid 6060] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6060] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6060] munmap(0x7fac16400000, 138412032) = 0 [pid 6060] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6060] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6060] close(3) = 0 [pid 6060] close(4) = 0 [pid 6060] mkdir("./bus", 0777) = 0 [pid 6060] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6060] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6060] chdir("./bus") = 0 [ 238.525458][ T6060] loop0: detected capacity change from 0 to 32768 [ 238.553646][ T6060] [ 238.553646][ T6060] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 238.553646][ T6060] [pid 6060] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6060] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6060] exit_group(0) = ? [pid 6060] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6060, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./212", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./212", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./212/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./212/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./212/binderfs") = 0 [ 238.741442][ T13] [ 238.741442][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 238.741442][ T13] [ 238.752053][ T13] [ 238.752053][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 238.752053][ T13] [ 238.763922][ T5827] [ 238.763922][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 238.763922][ T5827] [ 238.774930][ T112] [ 238.774930][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 238.774930][ T112] [ 238.785574][ T5827] umount2("./212/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./212/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./212/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./212/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./212/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 [ 238.785574][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 238.785574][ T5827] close(4) = 0 rmdir("./212/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./212") = 0 mkdir("./213", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6061 attached [pid 6061] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 6061 [pid 6061] <... set_robust_list resumed>) = 0 [pid 6061] chdir("./213") = 0 [pid 6061] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6061] setpgid(0, 0) = 0 [pid 6061] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6061] write(3, "1000", 4) = 4 [pid 6061] close(3) = 0 [pid 6061] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6061] write(1, "executing program\n", 18) = 18 [pid 6061] memfd_create("syzkaller", 0) = 3 [pid 6061] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6061] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6061] munmap(0x7fac16400000, 138412032) = 0 [pid 6061] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6061] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6061] close(3) = 0 [pid 6061] close(4) = 0 [pid 6061] mkdir("./bus", 0777) = 0 [pid 6061] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6061] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6061] chdir("./bus") = 0 [pid 6061] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6061] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [ 239.302922][ T6061] loop0: detected capacity change from 0 to 32768 [ 239.335928][ T6061] [ 239.335928][ T6061] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 239.335928][ T6061] [pid 6061] exit_group(0) = ? [pid 6061] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6061, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./213", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./213", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./213/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./213/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./213/binderfs") = 0 [ 239.523901][ T13] [ 239.523901][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 239.523901][ T13] [ 239.534584][ T13] [ 239.534584][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 239.534584][ T13] [ 239.545888][ T113] [ 239.545888][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 239.545888][ T113] [ 239.556985][ T5827] [ 239.556985][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 239.556985][ T5827] [ 239.568268][ T5827] umount2("./213/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./213/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./213/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 239.568268][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 239.568268][ T5827] umount2("./213/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./213/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./213/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./213") = 0 mkdir("./214", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6062 attached [pid 6062] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 6062 [pid 6062] <... set_robust_list resumed>) = 0 [pid 6062] chdir("./214") = 0 [pid 6062] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6062] setpgid(0, 0) = 0 [pid 6062] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6062] write(3, "1000", 4) = 4 [pid 6062] close(3) = 0 [pid 6062] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6062] write(1, "executing program\n", 18executing program ) = 18 [pid 6062] memfd_create("syzkaller", 0) = 3 [pid 6062] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6062] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6062] munmap(0x7fac16400000, 138412032) = 0 [pid 6062] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6062] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6062] close(3) = 0 [pid 6062] close(4) = 0 [pid 6062] mkdir("./bus", 0777) = 0 [pid 6062] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6062] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6062] chdir("./bus") = 0 [pid 6062] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6062] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6062] exit_group(0) = ? [pid 6062] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6062, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=14 /* 0.14 s */} --- [ 240.172252][ T6062] loop0: detected capacity change from 0 to 32768 [ 240.200116][ T6062] [ 240.200116][ T6062] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 240.200116][ T6062] restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./214", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./214", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./214/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./214/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./214/binderfs") = 0 [ 240.379530][ T1088] [ 240.379530][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 240.379530][ T1088] [ 240.390156][ T1088] [ 240.390156][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 240.390156][ T1088] [ 240.401085][ T112] [ 240.401085][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 240.401085][ T112] [ 240.411743][ T5827] [ 240.411743][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 240.411743][ T5827] [ 240.422881][ T5827] umount2("./214/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./214/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./214/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 240.422881][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 240.422881][ T5827] umount2("./214/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./214/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./214/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./214") = 0 mkdir("./215", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6063 attached [pid 6063] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 6063 [pid 6063] <... set_robust_list resumed>) = 0 [pid 6063] chdir("./215") = 0 [pid 6063] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6063] setpgid(0, 0) = 0 [pid 6063] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6063] write(3, "1000", 4) = 4 [pid 6063] close(3) = 0 [pid 6063] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6063] write(1, "executing program\n", 18) = 18 [pid 6063] memfd_create("syzkaller", 0) = 3 [pid 6063] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6063] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6063] munmap(0x7fac16400000, 138412032) = 0 [pid 6063] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6063] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6063] close(3) = 0 [pid 6063] close(4) = 0 [pid 6063] mkdir("./bus", 0777) = 0 [pid 6063] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6063] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6063] chdir("./bus") = 0 [pid 6063] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 240.997232][ T6063] loop0: detected capacity change from 0 to 32768 [ 241.024335][ T6063] [ 241.024335][ T6063] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 241.024335][ T6063] [pid 6063] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6063] exit_group(0) = ? [pid 6063] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6063, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=17 /* 0.17 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./215", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./215", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./215/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./215/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./215/binderfs") = 0 [ 241.133179][ T1088] [ 241.133179][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 241.133179][ T1088] [ 241.143810][ T1088] [ 241.143810][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 241.143810][ T1088] [ 241.154719][ T113] [ 241.154719][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 241.154719][ T113] [ 241.165371][ T5827] [ 241.165371][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 241.165371][ T5827] [ 241.176476][ T5827] umount2("./215/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./215/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./215/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 241.176476][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 241.176476][ T5827] umount2("./215/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./215/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./215/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./215") = 0 mkdir("./216", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6064 attached , child_tidptr=0x55556c245750) = 6064 [pid 6064] set_robust_list(0x55556c245760, 24) = 0 [pid 6064] chdir("./216") = 0 [pid 6064] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6064] setpgid(0, 0) = 0 [pid 6064] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6064] write(3, "1000", 4) = 4 [pid 6064] close(3) = 0 [pid 6064] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6064] write(1, "executing program\n", 18) = 18 [pid 6064] memfd_create("syzkaller", 0) = 3 [pid 6064] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6064] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6064] munmap(0x7fac16400000, 138412032) = 0 [pid 6064] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6064] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6064] close(3) = 0 [pid 6064] close(4) = 0 [pid 6064] mkdir("./bus", 0777) = 0 [pid 6064] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6064] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6064] chdir("./bus") = 0 [pid 6064] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6064] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6064] exit_group(0) = ? [pid 6064] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6064, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=17 /* 0.17 s */} --- umount2("./216", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./216", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./216/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 241.768277][ T6064] loop0: detected capacity change from 0 to 32768 [ 241.792320][ T6064] [ 241.792320][ T6064] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 241.792320][ T6064] newfstatat(AT_FDCWD, "./216/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./216/binderfs") = 0 [ 241.872143][ T1088] [ 241.872143][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 241.872143][ T1088] [ 241.882740][ T1088] [ 241.882740][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 241.882740][ T1088] [ 241.893555][ T5827] [ 241.893555][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 241.893555][ T5827] [ 241.904901][ T112] [ 241.904901][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 241.904901][ T112] [ 241.915507][ T5827] umount2("./216/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./216/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./216/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 241.915507][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 241.915507][ T5827] umount2("./216/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./216/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./216/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./216") = 0 mkdir("./217", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6065 attached [pid 6065] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 6065 [pid 6065] <... set_robust_list resumed>) = 0 [pid 6065] chdir("./217") = 0 [pid 6065] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6065] setpgid(0, 0) = 0 [pid 6065] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6065] write(3, "1000", 4) = 4 [pid 6065] close(3) = 0 [pid 6065] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6065] write(1, "executing program\n", 18executing program ) = 18 [pid 6065] memfd_create("syzkaller", 0) = 3 [pid 6065] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6065] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6065] munmap(0x7fac16400000, 138412032) = 0 [pid 6065] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6065] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6065] close(3) = 0 [pid 6065] close(4) = 0 [pid 6065] mkdir("./bus", 0777) = 0 [ 242.490685][ T6065] loop0: detected capacity change from 0 to 32768 [pid 6065] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6065] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6065] chdir("./bus") = 0 [pid 6065] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6065] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6065] exit_group(0) = ? [pid 6065] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6065, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./217", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 242.536132][ T6065] [ 242.536132][ T6065] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 242.536132][ T6065] openat(AT_FDCWD, "./217", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./217/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./217/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./217/binderfs") = 0 [ 242.688374][ T1088] [ 242.688374][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 242.688374][ T1088] [ 242.698995][ T1088] [ 242.698995][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 242.698995][ T1088] [ 242.709881][ T5827] [ 242.709881][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 242.709881][ T5827] [ 242.721451][ T112] [ 242.721451][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 242.721451][ T112] [ 242.732023][ T5827] umount2("./217/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./217/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./217/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./217/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 242.732023][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 242.732023][ T5827] openat(AT_FDCWD, "./217/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./217/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./217") = 0 mkdir("./218", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6066 attached , child_tidptr=0x55556c245750) = 6066 [pid 6066] set_robust_list(0x55556c245760, 24) = 0 [pid 6066] chdir("./218") = 0 [pid 6066] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6066] setpgid(0, 0) = 0 [pid 6066] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6066] write(3, "1000", 4) = 4 [pid 6066] close(3) = 0 [pid 6066] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6066] write(1, "executing program\n", 18) = 18 [pid 6066] memfd_create("syzkaller", 0) = 3 [pid 6066] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6066] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6066] munmap(0x7fac16400000, 138412032) = 0 [pid 6066] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6066] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6066] close(3) = 0 [pid 6066] close(4) = 0 [pid 6066] mkdir("./bus", 0777) = 0 [pid 6066] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6066] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6066] chdir("./bus") = 0 [pid 6066] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 243.204386][ T6066] loop0: detected capacity change from 0 to 32768 [ 243.242676][ T6066] [ 243.242676][ T6066] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 243.242676][ T6066] [pid 6066] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6066] exit_group(0) = ? [pid 6066] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6066, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=17 /* 0.17 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./218", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./218", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./218/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./218/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./218/binderfs") = 0 [ 243.422155][ T1088] [ 243.422155][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 243.422155][ T1088] [ 243.432689][ T1088] [ 243.432689][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 243.432689][ T1088] [ 243.443480][ T5827] [ 243.443480][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 243.443480][ T5827] [ 243.454545][ T112] [ 243.454545][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 243.454545][ T112] [ 243.465125][ T5827] umount2("./218/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./218/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./218/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 243.465125][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 243.465125][ T5827] umount2("./218/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./218/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./218/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./218") = 0 mkdir("./219", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6067 attached , child_tidptr=0x55556c245750) = 6067 [pid 6067] set_robust_list(0x55556c245760, 24) = 0 [pid 6067] chdir("./219") = 0 [pid 6067] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6067] setpgid(0, 0) = 0 [pid 6067] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6067] write(3, "1000", 4) = 4 [pid 6067] close(3) = 0 [pid 6067] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6067] write(1, "executing program\n", 18) = 18 [pid 6067] memfd_create("syzkaller", 0) = 3 [pid 6067] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6067] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6067] munmap(0x7fac16400000, 138412032) = 0 [pid 6067] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6067] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6067] close(3) = 0 [pid 6067] close(4) = 0 [pid 6067] mkdir("./bus", 0777) = 0 [ 244.004688][ T6067] loop0: detected capacity change from 0 to 32768 [pid 6067] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6067] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6067] chdir("./bus") = 0 [pid 6067] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6067] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6067] exit_group(0) = ? [pid 6067] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6067, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=17 /* 0.17 s */} --- [ 244.045130][ T6067] [ 244.045130][ T6067] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 244.045130][ T6067] restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./219", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./219", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./219/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./219/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./219/binderfs") = 0 [ 244.228244][ T13] [ 244.228244][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 244.228244][ T13] [ 244.238789][ T13] [ 244.238789][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 244.238789][ T13] [ 244.250563][ T113] [ 244.250563][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 244.250563][ T113] [ 244.261148][ T5827] [ 244.261148][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 244.261148][ T5827] [ 244.272156][ T5827] umount2("./219/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./219/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./219/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./219/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 244.272156][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 244.272156][ T5827] openat(AT_FDCWD, "./219/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./219/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./219") = 0 mkdir("./220", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6068 attached [pid 6068] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 6068 [pid 6068] <... set_robust_list resumed>) = 0 [pid 6068] chdir("./220") = 0 [pid 6068] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6068] setpgid(0, 0) = 0 [pid 6068] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6068] write(3, "1000", 4) = 4 [pid 6068] close(3) = 0 [pid 6068] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6068] write(1, "executing program\n", 18) = 18 [pid 6068] memfd_create("syzkaller", 0) = 3 [pid 6068] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6068] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6068] munmap(0x7fac16400000, 138412032) = 0 [pid 6068] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6068] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6068] close(3) = 0 [pid 6068] close(4) = 0 [pid 6068] mkdir("./bus", 0777) = 0 [ 244.859678][ T6068] loop0: detected capacity change from 0 to 32768 [pid 6068] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6068] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6068] chdir("./bus") = 0 [pid 6068] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6068] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6068] exit_group(0) = ? [pid 6068] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6068, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=14 /* 0.14 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 244.908564][ T6068] [ 244.908564][ T6068] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 244.908564][ T6068] umount2("./220", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./220", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./220/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./220/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./220/binderfs") = 0 [ 245.055253][ T36] [ 245.055253][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 245.055253][ T36] [ 245.066002][ T36] [ 245.066002][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 245.066002][ T36] [ 245.077389][ T112] [ 245.077389][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 245.077389][ T112] [ 245.088153][ T5827] [ 245.088153][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 245.088153][ T5827] [ 245.099292][ T5827] umount2("./220/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./220/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./220/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 245.099292][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 245.099292][ T5827] umount2("./220/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./220/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./220/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./220") = 0 mkdir("./221", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6069 attached [pid 6069] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 6069 [pid 6069] <... set_robust_list resumed>) = 0 [pid 6069] chdir("./221") = 0 [pid 6069] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6069] setpgid(0, 0) = 0 [pid 6069] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6069] write(3, "1000", 4) = 4 [pid 6069] close(3) = 0 [pid 6069] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6069] write(1, "executing program\n", 18) = 18 [pid 6069] memfd_create("syzkaller", 0) = 3 [pid 6069] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6069] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6069] munmap(0x7fac16400000, 138412032) = 0 [pid 6069] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6069] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6069] close(3) = 0 [pid 6069] close(4) = 0 [pid 6069] mkdir("./bus", 0777) = 0 [pid 6069] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6069] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6069] chdir("./bus") = 0 [pid 6069] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6069] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6069] exit_group(0) = ? [ 245.635604][ T6069] loop0: detected capacity change from 0 to 32768 [ 245.654761][ T6069] [ 245.654761][ T6069] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 245.654761][ T6069] [pid 6069] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6069, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=15 /* 0.15 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./221", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./221", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./221/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./221/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./221/binderfs") = 0 [ 245.823801][ T36] [ 245.823801][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 245.823801][ T36] [ 245.834426][ T36] [ 245.834426][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 245.834426][ T36] [ 245.845912][ T112] [ 245.845912][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 245.845912][ T112] [ 245.856467][ T5827] [ 245.856467][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 245.856467][ T5827] [ 245.867508][ T5827] umount2("./221/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./221/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./221/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 245.867508][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 245.867508][ T5827] umount2("./221/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./221/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./221/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./221") = 0 mkdir("./222", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6070 attached , child_tidptr=0x55556c245750) = 6070 [pid 6070] set_robust_list(0x55556c245760, 24) = 0 [pid 6070] chdir("./222") = 0 [pid 6070] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6070] setpgid(0, 0) = 0 [pid 6070] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6070] write(3, "1000", 4) = 4 [pid 6070] close(3) = 0 [pid 6070] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6070] write(1, "executing program\n", 18) = 18 [pid 6070] memfd_create("syzkaller", 0) = 3 [pid 6070] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6070] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6070] munmap(0x7fac16400000, 138412032) = 0 [pid 6070] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6070] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6070] close(3) = 0 [pid 6070] close(4) = 0 [pid 6070] mkdir("./bus", 0777) = 0 [pid 6070] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6070] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6070] chdir("./bus") = 0 [pid 6070] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 246.435854][ T6070] loop0: detected capacity change from 0 to 32768 [ 246.454638][ T6070] [ 246.454638][ T6070] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 246.454638][ T6070] [pid 6070] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6070] exit_group(0) = ? [pid 6070] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6070, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=15 /* 0.15 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./222", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./222", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./222/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./222/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./222/binderfs") = 0 [ 246.656439][ T36] [ 246.656439][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 246.656439][ T36] [ 246.667029][ T36] [ 246.667029][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 246.667029][ T36] [ 246.678049][ T113] [ 246.678049][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 246.678049][ T113] [ 246.688666][ T5827] [ 246.688666][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 246.688666][ T5827] [ 246.699688][ T5827] umount2("./222/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./222/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./222/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 246.699688][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 246.699688][ T5827] umount2("./222/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./222/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./222/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./222") = 0 mkdir("./223", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6071 attached , child_tidptr=0x55556c245750) = 6071 [pid 6071] set_robust_list(0x55556c245760, 24) = 0 [pid 6071] chdir("./223") = 0 [pid 6071] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6071] setpgid(0, 0) = 0 [pid 6071] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6071] write(3, "1000", 4) = 4 [pid 6071] close(3) = 0 [pid 6071] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6071] write(1, "executing program\n", 18executing program ) = 18 [pid 6071] memfd_create("syzkaller", 0) = 3 [pid 6071] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6071] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6071] munmap(0x7fac16400000, 138412032) = 0 [pid 6071] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6071] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6071] close(3) = 0 [pid 6071] close(4) = 0 [pid 6071] mkdir("./bus", 0777) = 0 [pid 6071] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6071] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6071] chdir("./bus") = 0 [pid 6071] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6071] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [ 247.240579][ T6071] loop0: detected capacity change from 0 to 32768 [ 247.271394][ T6071] [ 247.271394][ T6071] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 247.271394][ T6071] [pid 6071] exit_group(0) = ? [pid 6071] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6071, si_uid=0, si_status=0, si_utime=0, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./223", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./223", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./223/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./223/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./223/binderfs") = 0 [ 247.449429][ T36] [ 247.449429][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 247.449429][ T36] [ 247.460049][ T36] [ 247.460049][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 247.460049][ T36] [ 247.471144][ T112] [ 247.471144][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 247.471144][ T112] [ 247.481714][ T5827] [ 247.481714][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 247.481714][ T5827] [ 247.492651][ T5827] umount2("./223/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./223/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./223/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 247.492651][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 247.492651][ T5827] umount2("./223/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./223/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./223/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./223") = 0 mkdir("./224", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6072 attached , child_tidptr=0x55556c245750) = 6072 [pid 6072] set_robust_list(0x55556c245760, 24) = 0 [pid 6072] chdir("./224") = 0 [pid 6072] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6072] setpgid(0, 0) = 0 [pid 6072] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6072] write(3, "1000", 4) = 4 [pid 6072] close(3) = 0 [pid 6072] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6072] write(1, "executing program\n", 18) = 18 [pid 6072] memfd_create("syzkaller", 0) = 3 [pid 6072] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6072] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6072] munmap(0x7fac16400000, 138412032) = 0 [pid 6072] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6072] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6072] close(3) = 0 [pid 6072] close(4) = 0 [pid 6072] mkdir("./bus", 0777) = 0 [pid 6072] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6072] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6072] chdir("./bus") = 0 [pid 6072] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6072] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6072] exit_group(0) = ? [pid 6072] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6072, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./224", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./224", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./224/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 248.074817][ T6072] loop0: detected capacity change from 0 to 32768 [ 248.106384][ T6072] [ 248.106384][ T6072] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 248.106384][ T6072] newfstatat(AT_FDCWD, "./224/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./224/binderfs") = 0 [ 248.185963][ T1088] [ 248.185963][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 248.185963][ T1088] [ 248.198613][ T1088] [ 248.198613][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 248.198613][ T1088] [ 248.210050][ T113] [ 248.210050][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 248.210050][ T113] [ 248.220637][ T5827] [ 248.220637][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 248.220637][ T5827] [ 248.231593][ T5827] umount2("./224/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./224/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./224/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./224/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 248.231593][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 248.231593][ T5827] openat(AT_FDCWD, "./224/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./224/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./224") = 0 mkdir("./225", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6073 attached [pid 6073] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 6073 [pid 6073] <... set_robust_list resumed>) = 0 [pid 6073] chdir("./225") = 0 [pid 6073] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6073] setpgid(0, 0) = 0 [pid 6073] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6073] write(3, "1000", 4) = 4 [pid 6073] close(3) = 0 [pid 6073] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6073] write(1, "executing program\n", 18) = 18 [pid 6073] memfd_create("syzkaller", 0) = 3 [pid 6073] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6073] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6073] munmap(0x7fac16400000, 138412032) = 0 [pid 6073] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6073] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6073] close(3) = 0 [pid 6073] close(4) = 0 [pid 6073] mkdir("./bus", 0777) = 0 [ 248.833448][ T6073] loop0: detected capacity change from 0 to 32768 [pid 6073] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6073] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6073] chdir("./bus") = 0 [pid 6073] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6073] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6073] exit_group(0) = ? [pid 6073] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6073, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=18 /* 0.18 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 248.880208][ T6073] [ 248.880208][ T6073] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 248.880208][ T6073] umount2("./225", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./225", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./225/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./225/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./225/binderfs") = 0 [ 249.059689][ T36] [ 249.059689][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 249.059689][ T36] [ 249.070330][ T36] [ 249.070330][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 249.070330][ T36] [ 249.081326][ T112] [ 249.081326][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 249.081326][ T112] [ 249.092036][ T5827] [ 249.092036][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 249.092036][ T5827] [ 249.103177][ T5827] umount2("./225/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./225/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./225/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 249.103177][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 249.103177][ T5827] umount2("./225/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./225/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./225/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./225") = 0 mkdir("./226", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6074 attached [pid 6074] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 6074 [pid 6074] <... set_robust_list resumed>) = 0 [pid 6074] chdir("./226") = 0 [pid 6074] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6074] setpgid(0, 0) = 0 [pid 6074] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6074] write(3, "1000", 4) = 4 [pid 6074] close(3) = 0 [pid 6074] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6074] write(1, "executing program\n", 18) = 18 [pid 6074] memfd_create("syzkaller", 0) = 3 [pid 6074] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6074] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6074] munmap(0x7fac16400000, 138412032) = 0 [pid 6074] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6074] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6074] close(3) = 0 [pid 6074] close(4) = 0 [pid 6074] mkdir("./bus", 0777) = 0 [ 249.711519][ T6074] loop0: detected capacity change from 0 to 32768 [pid 6074] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6074] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6074] chdir("./bus") = 0 [pid 6074] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6074] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6074] exit_group(0) = ? [ 249.752078][ T6074] [ 249.752078][ T6074] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 249.752078][ T6074] [pid 6074] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6074, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=16 /* 0.16 s */} --- umount2("./226", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./226", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./226/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./226/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./226/binderfs") = 0 [ 249.928695][ T1088] [ 249.928695][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 249.928695][ T1088] [ 249.939258][ T1088] [ 249.939258][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 249.939258][ T1088] [ 249.950133][ T5827] [ 249.950133][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 249.950133][ T5827] [ 249.961301][ T112] [ 249.961301][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 249.961301][ T112] [ 249.972048][ T5827] umount2("./226/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./226/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./226/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 249.972048][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 249.972048][ T5827] umount2("./226/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./226/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./226/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./226") = 0 mkdir("./227", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6075 attached , child_tidptr=0x55556c245750) = 6075 [pid 6075] set_robust_list(0x55556c245760, 24) = 0 [pid 6075] chdir("./227") = 0 [pid 6075] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6075] setpgid(0, 0) = 0 [pid 6075] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6075] write(3, "1000", 4) = 4 [pid 6075] close(3) = 0 [pid 6075] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6075] write(1, "executing program\n", 18) = 18 [pid 6075] memfd_create("syzkaller", 0) = 3 [pid 6075] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6075] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6075] munmap(0x7fac16400000, 138412032) = 0 [pid 6075] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6075] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6075] close(3) = 0 [pid 6075] close(4) = 0 [pid 6075] mkdir("./bus", 0777) = 0 [pid 6075] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6075] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6075] chdir("./bus") = 0 [pid 6075] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6075] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6075] exit_group(0) = ? [pid 6075] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6075, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./227", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./227", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 250.508626][ T6075] loop0: detected capacity change from 0 to 32768 [ 250.539607][ T6075] [ 250.539607][ T6075] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 250.539607][ T6075] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./227/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./227/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./227/binderfs") = 0 [ 250.651425][ T1088] [ 250.651425][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 250.651425][ T1088] [ 250.661962][ T1088] [ 250.661962][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 250.661962][ T1088] [ 250.672989][ T5827] [ 250.672989][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 250.672989][ T5827] [ 250.683919][ T112] [ 250.683919][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 250.683919][ T112] [ 250.694558][ T5827] umount2("./227/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./227/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./227/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 250.694558][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 250.694558][ T5827] umount2("./227/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./227/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./227/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./227") = 0 mkdir("./228", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6076 attached [pid 6076] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 6076 [pid 6076] <... set_robust_list resumed>) = 0 [pid 6076] chdir("./228") = 0 [pid 6076] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6076] setpgid(0, 0) = 0 [pid 6076] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6076] write(3, "1000", 4) = 4 [pid 6076] close(3) = 0 [pid 6076] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6076] write(1, "executing program\n", 18executing program ) = 18 [pid 6076] memfd_create("syzkaller", 0) = 3 [pid 6076] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6076] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6076] munmap(0x7fac16400000, 138412032) = 0 [pid 6076] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6076] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6076] close(3) = 0 [pid 6076] close(4) = 0 [pid 6076] mkdir("./bus", 0777) = 0 [ 251.184210][ T6076] loop0: detected capacity change from 0 to 32768 [pid 6076] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6076] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6076] chdir("./bus") = 0 [pid 6076] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6076] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6076] exit_group(0) = ? [pid 6076] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6076, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=15 /* 0.15 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 251.227957][ T6076] [ 251.227957][ T6076] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 251.227957][ T6076] umount2("./228", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./228", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./228/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./228/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./228/binderfs") = 0 [ 251.386489][ T36] [ 251.386489][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 251.386489][ T36] [ 251.397115][ T36] [ 251.397115][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 251.397115][ T36] [ 251.408153][ T113] [ 251.408153][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 251.408153][ T113] [ 251.418848][ T5827] [ 251.418848][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 251.418848][ T5827] [ 251.430061][ T5827] umount2("./228/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./228/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./228/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 251.430061][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 251.430061][ T5827] umount2("./228/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./228/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./228/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./228") = 0 mkdir("./229", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6077 attached , child_tidptr=0x55556c245750) = 6077 [pid 6077] set_robust_list(0x55556c245760, 24) = 0 [pid 6077] chdir("./229") = 0 [pid 6077] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6077] setpgid(0, 0) = 0 [pid 6077] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6077] write(3, "1000", 4) = 4 [pid 6077] close(3) = 0 [pid 6077] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6077] write(1, "executing program\n", 18) = 18 [pid 6077] memfd_create("syzkaller", 0) = 3 [pid 6077] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6077] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6077] munmap(0x7fac16400000, 138412032) = 0 [pid 6077] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6077] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6077] close(3) = 0 [pid 6077] close(4) = 0 [pid 6077] mkdir("./bus", 0777) = 0 [pid 6077] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6077] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6077] chdir("./bus") = 0 [ 251.995939][ T6077] loop0: detected capacity change from 0 to 32768 [ 252.035128][ T6077] [ 252.035128][ T6077] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 252.035128][ T6077] [pid 6077] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6077] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6077] exit_group(0) = ? [pid 6077] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6077, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./229", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./229", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./229/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./229/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./229/binderfs") = 0 [ 252.227465][ T1088] [ 252.227465][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 252.227465][ T1088] [ 252.238048][ T1088] [ 252.238048][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 252.238048][ T1088] [ 252.249261][ T112] [ 252.249261][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 252.249261][ T112] [ 252.259819][ T5827] [ 252.259819][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 252.259819][ T5827] [ 252.270575][ T5827] umount2("./229/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./229/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./229/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 252.270575][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 252.270575][ T5827] umount2("./229/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./229/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./229/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./229") = 0 mkdir("./230", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6078 attached [pid 6078] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 6078 [pid 6078] <... set_robust_list resumed>) = 0 [pid 6078] chdir("./230") = 0 [pid 6078] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6078] setpgid(0, 0) = 0 [pid 6078] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6078] write(3, "1000", 4) = 4 [pid 6078] close(3) = 0 [pid 6078] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6078] write(1, "executing program\n", 18executing program ) = 18 [pid 6078] memfd_create("syzkaller", 0) = 3 [pid 6078] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6078] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6078] munmap(0x7fac16400000, 138412032) = 0 [pid 6078] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6078] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6078] close(3) = 0 [pid 6078] close(4) = 0 [pid 6078] mkdir("./bus", 0777) = 0 [pid 6078] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6078] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6078] chdir("./bus") = 0 [pid 6078] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6078] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6078] exit_group(0) = ? [pid 6078] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6078, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=17 /* 0.17 s */} --- [ 252.855597][ T6078] loop0: detected capacity change from 0 to 32768 [ 252.891717][ T6078] [ 252.891717][ T6078] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 252.891717][ T6078] restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./230", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./230", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./230/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./230/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./230/binderfs") = 0 [ 253.050592][ T36] [ 253.050592][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 253.050592][ T36] [ 253.061339][ T36] [ 253.061339][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 253.061339][ T36] [ 253.072290][ T113] [ 253.072290][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 253.072290][ T113] [ 253.082916][ T5827] [ 253.082916][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 253.082916][ T5827] [ 253.093709][ T5827] umount2("./230/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./230/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./230/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 253.093709][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 253.093709][ T5827] umount2("./230/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./230/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./230/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./230") = 0 mkdir("./231", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6079 attached [pid 6079] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 6079 [pid 6079] <... set_robust_list resumed>) = 0 [pid 6079] chdir("./231") = 0 [pid 6079] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6079] setpgid(0, 0) = 0 [pid 6079] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6079] write(3, "1000", 4) = 4 [pid 6079] close(3) = 0 [pid 6079] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6079] write(1, "executing program\n", 18executing program ) = 18 [pid 6079] memfd_create("syzkaller", 0) = 3 [pid 6079] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6079] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6079] munmap(0x7fac16400000, 138412032) = 0 [pid 6079] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6079] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6079] close(3) = 0 [pid 6079] close(4) = 0 [pid 6079] mkdir("./bus", 0777) = 0 [pid 6079] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6079] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6079] chdir("./bus") = 0 [pid 6079] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6079] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6079] exit_group(0) = ? [pid 6079] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6079, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=16 /* 0.16 s */} --- [ 253.694587][ T6079] loop0: detected capacity change from 0 to 32768 [ 253.721688][ T6079] [ 253.721688][ T6079] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 253.721688][ T6079] umount2("./231", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./231", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./231/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./231/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./231/binderfs") = 0 [ 253.875953][ T1088] [ 253.875953][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 253.875953][ T1088] [ 253.886765][ T1088] [ 253.886765][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 253.886765][ T1088] [ 253.897964][ T112] [ 253.897964][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 253.897964][ T112] [ 253.908561][ T5827] [ 253.908561][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 253.908561][ T5827] [ 253.919499][ T5827] umount2("./231/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./231/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./231/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 253.919499][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 253.919499][ T5827] umount2("./231/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./231/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./231/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./231") = 0 mkdir("./232", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6081 attached , child_tidptr=0x55556c245750) = 6081 [pid 6081] set_robust_list(0x55556c245760, 24) = 0 [pid 6081] chdir("./232") = 0 [pid 6081] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6081] setpgid(0, 0) = 0 [pid 6081] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6081] write(3, "1000", 4) = 4 [pid 6081] close(3) = 0 [pid 6081] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6081] write(1, "executing program\n", 18) = 18 [pid 6081] memfd_create("syzkaller", 0) = 3 [pid 6081] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6081] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6081] munmap(0x7fac16400000, 138412032) = 0 [pid 6081] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6081] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6081] close(3) = 0 [pid 6081] close(4) = 0 [pid 6081] mkdir("./bus", 0777) = 0 [pid 6081] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6081] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6081] chdir("./bus") = 0 [pid 6081] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6081] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6081] exit_group(0) = ? [pid 6081] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6081, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=18 /* 0.18 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 254.467549][ T6081] loop0: detected capacity change from 0 to 32768 [ 254.493994][ T6081] [ 254.493994][ T6081] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 254.493994][ T6081] umount2("./232", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./232", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./232/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./232/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./232/binderfs") = 0 [ 254.670188][ T13] [ 254.670188][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 254.670188][ T13] [ 254.681040][ T13] [ 254.681040][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 254.681040][ T13] [ 254.691861][ T5827] [ 254.691861][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 254.691861][ T5827] [ 254.702828][ T112] [ 254.702828][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 254.702828][ T112] [ 254.713577][ T5827] umount2("./232/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./232/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 254.713577][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 254.713577][ T5827] newfstatat(AT_FDCWD, "./232/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./232/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./232/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./232/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./232") = 0 mkdir("./233", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6084 attached , child_tidptr=0x55556c245750) = 6084 [pid 6084] set_robust_list(0x55556c245760, 24) = 0 [pid 6084] chdir("./233") = 0 [pid 6084] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6084] setpgid(0, 0) = 0 [pid 6084] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6084] write(3, "1000", 4) = 4 [pid 6084] close(3) = 0 [pid 6084] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6084] write(1, "executing program\n", 18) = 18 [pid 6084] memfd_create("syzkaller", 0) = 3 [pid 6084] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6084] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6084] munmap(0x7fac16400000, 138412032) = 0 [pid 6084] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6084] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6084] close(3) = 0 [pid 6084] close(4) = 0 [pid 6084] mkdir("./bus", 0777) = 0 [ 255.317317][ T6084] loop0: detected capacity change from 0 to 32768 [pid 6084] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6084] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6084] chdir("./bus") = 0 [pid 6084] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6084] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6084] exit_group(0) = ? [pid 6084] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6084, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=17 /* 0.17 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./233", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 255.359577][ T6084] [ 255.359577][ T6084] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 255.359577][ T6084] openat(AT_FDCWD, "./233", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./233/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./233/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./233/binderfs") = 0 [ 255.516570][ T1088] [ 255.516570][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 255.516570][ T1088] [ 255.527125][ T1088] [ 255.527125][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 255.527125][ T1088] [ 255.538612][ T112] [ 255.538612][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 255.538612][ T112] [ 255.549312][ T5827] [ 255.549312][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 255.549312][ T5827] umount2("./233/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./233/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./233/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./233/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./233/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./233/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./233") = 0 mkdir("./234", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 255.565659][ T5827] [ 255.565659][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 255.565659][ T5827] close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6087 attached , child_tidptr=0x55556c245750) = 6087 [pid 6087] set_robust_list(0x55556c245760, 24) = 0 [pid 6087] chdir("./234") = 0 [pid 6087] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6087] setpgid(0, 0) = 0 [pid 6087] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6087] write(3, "1000", 4) = 4 [pid 6087] close(3) = 0 [pid 6087] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6087] write(1, "executing program\n", 18executing program ) = 18 [pid 6087] memfd_create("syzkaller", 0) = 3 [pid 6087] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6087] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6087] munmap(0x7fac16400000, 138412032) = 0 [pid 6087] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6087] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6087] close(3) = 0 [pid 6087] close(4) = 0 [pid 6087] mkdir("./bus", 0777) = 0 [pid 6087] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6087] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6087] chdir("./bus") = 0 [ 255.975750][ T6087] loop0: detected capacity change from 0 to 32768 [ 256.007212][ T6087] [ 256.007212][ T6087] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 256.007212][ T6087] [pid 6087] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6087] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6087] exit_group(0) = ? [pid 6087] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6087, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=18 /* 0.18 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./234", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./234", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./234/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./234/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./234/binderfs") = 0 [ 256.177929][ T1088] [ 256.177929][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 256.177929][ T1088] [ 256.188483][ T1088] [ 256.188483][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 256.188483][ T1088] [ 256.199725][ T113] [ 256.199725][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 256.199725][ T113] [ 256.210643][ T5827] [ 256.210643][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 256.210643][ T5827] [ 256.221706][ T5827] umount2("./234/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./234/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./234/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./234/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 256.221706][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 256.221706][ T5827] openat(AT_FDCWD, "./234/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./234/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./234") = 0 mkdir("./235", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6089 attached , child_tidptr=0x55556c245750) = 6089 [pid 6089] set_robust_list(0x55556c245760, 24) = 0 [pid 6089] chdir("./235") = 0 [pid 6089] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6089] setpgid(0, 0) = 0 [pid 6089] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6089] write(3, "1000", 4) = 4 [pid 6089] close(3) = 0 [pid 6089] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6089] write(1, "executing program\n", 18) = 18 [pid 6089] memfd_create("syzkaller", 0) = 3 [pid 6089] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6089] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6089] munmap(0x7fac16400000, 138412032) = 0 [pid 6089] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6089] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6089] close(3) = 0 [pid 6089] close(4) = 0 [pid 6089] mkdir("./bus", 0777) = 0 [pid 6089] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6089] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6089] chdir("./bus") = 0 [pid 6089] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 256.783016][ T6089] loop0: detected capacity change from 0 to 32768 [ 256.812318][ T6089] [ 256.812318][ T6089] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 256.812318][ T6089] [pid 6089] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6089] exit_group(0) = ? [pid 6089] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6089, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./235", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./235", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./235/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./235/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./235/binderfs") = 0 [ 257.010406][ T1088] [ 257.010406][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 257.010406][ T1088] [ 257.020918][ T1088] [ 257.020918][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 257.020918][ T1088] [ 257.031944][ T112] [ 257.031944][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 257.031944][ T112] [ 257.042891][ T5827] [ 257.042891][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 257.042891][ T5827] [ 257.053998][ T5827] umount2("./235/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./235/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./235/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 257.053998][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 257.053998][ T5827] umount2("./235/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./235/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./235/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./235") = 0 mkdir("./236", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6090 attached [pid 6090] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 6090 [pid 6090] <... set_robust_list resumed>) = 0 [pid 6090] chdir("./236") = 0 [pid 6090] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6090] setpgid(0, 0) = 0 [pid 6090] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6090] write(3, "1000", 4) = 4 [pid 6090] close(3) = 0 [pid 6090] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6090] write(1, "executing program\n", 18) = 18 [pid 6090] memfd_create("syzkaller", 0) = 3 [pid 6090] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6090] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6090] munmap(0x7fac16400000, 138412032) = 0 [pid 6090] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6090] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6090] close(3) = 0 [pid 6090] close(4) = 0 [pid 6090] mkdir("./bus", 0777) = 0 [ 257.651315][ T6090] loop0: detected capacity change from 0 to 32768 [pid 6090] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6090] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6090] chdir("./bus") = 0 [pid 6090] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6090] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6090] exit_group(0) = ? [pid 6090] +++ exited with 0 +++ [ 257.697017][ T6090] [ 257.697017][ T6090] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 257.697017][ T6090] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6090, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./236", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./236", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./236/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./236/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./236/binderfs") = 0 [ 257.887720][ T13] [ 257.887720][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 257.887720][ T13] [ 257.898280][ T13] [ 257.898280][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 257.898280][ T13] [ 257.909494][ T113] [ 257.909494][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 257.909494][ T113] [ 257.920054][ T5827] [ 257.920054][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 257.920054][ T5827] [ 257.931071][ T5827] umount2("./236/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./236/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./236/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 257.931071][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 257.931071][ T5827] umount2("./236/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./236/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./236/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./236") = 0 mkdir("./237", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6091 attached , child_tidptr=0x55556c245750) = 6091 [pid 6091] set_robust_list(0x55556c245760, 24) = 0 [pid 6091] chdir("./237") = 0 [pid 6091] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6091] setpgid(0, 0) = 0 [pid 6091] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6091] write(3, "1000", 4) = 4 [pid 6091] close(3) = 0 [pid 6091] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6091] write(1, "executing program\n", 18) = 18 [pid 6091] memfd_create("syzkaller", 0) = 3 [pid 6091] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6091] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6091] munmap(0x7fac16400000, 138412032) = 0 [pid 6091] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6091] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6091] close(3) = 0 [pid 6091] close(4) = 0 [pid 6091] mkdir("./bus", 0777) = 0 [ 258.495915][ T6091] loop0: detected capacity change from 0 to 32768 [pid 6091] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6091] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6091] chdir("./bus") = 0 [pid 6091] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6091] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6091] exit_group(0) = ? [pid 6091] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6091, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=17 /* 0.17 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./237", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./237", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./237/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./237/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./237/binderfs") = 0 [ 258.544493][ T6091] [ 258.544493][ T6091] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 258.544493][ T6091] [ 258.578419][ T13] [ 258.578419][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 258.578419][ T13] [ 258.589247][ T13] umount2("./237/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./237/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./237/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 258.589247][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 258.589247][ T13] [ 258.600271][ T113] [ 258.600271][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 258.600271][ T113] [ 258.610920][ T5827] [ 258.610920][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 258.610920][ T5827] [ 258.622674][ T5827] [ 258.622674][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 258.622674][ T5827] umount2("./237/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./237/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./237/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./237") = 0 mkdir("./238", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6092 attached , child_tidptr=0x55556c245750) = 6092 [pid 6092] set_robust_list(0x55556c245760, 24) = 0 [pid 6092] chdir("./238") = 0 [pid 6092] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6092] setpgid(0, 0) = 0 [pid 6092] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6092] write(3, "1000", 4) = 4 [pid 6092] close(3) = 0 [pid 6092] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6092] write(1, "executing program\n", 18executing program ) = 18 [pid 6092] memfd_create("syzkaller", 0) = 3 [pid 6092] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6092] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6092] munmap(0x7fac16400000, 138412032) = 0 [pid 6092] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6092] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6092] close(3) = 0 [pid 6092] close(4) = 0 [pid 6092] mkdir("./bus", 0777) = 0 [pid 6092] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6092] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6092] chdir("./bus") = 0 [pid 6092] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6092] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6092] exit_group(0) = ? [pid 6092] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6092, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=16 /* 0.16 s */} --- umount2("./238", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./238", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 259.239532][ T6092] loop0: detected capacity change from 0 to 32768 [ 259.272203][ T6092] [ 259.272203][ T6092] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 259.272203][ T6092] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./238/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./238/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./238/binderfs") = 0 [ 259.412612][ T13] [ 259.412612][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 259.412612][ T13] [ 259.423181][ T13] [ 259.423181][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 259.423181][ T13] [ 259.434655][ T112] [ 259.434655][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 259.434655][ T112] [ 259.445376][ T5827] [ 259.445376][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 259.445376][ T5827] [ 259.456209][ T5827] umount2("./238/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./238/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./238/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 259.456209][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 259.456209][ T5827] umount2("./238/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./238/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./238/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./238") = 0 mkdir("./239", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6093 attached [pid 6093] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 6093 [pid 6093] <... set_robust_list resumed>) = 0 [pid 6093] chdir("./239") = 0 [pid 6093] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6093] setpgid(0, 0) = 0 [pid 6093] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6093] write(3, "1000", 4) = 4 [pid 6093] close(3) = 0 [pid 6093] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6093] write(1, "executing program\n", 18executing program ) = 18 [pid 6093] memfd_create("syzkaller", 0) = 3 [pid 6093] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6093] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6093] munmap(0x7fac16400000, 138412032) = 0 [pid 6093] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6093] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6093] close(3) = 0 [pid 6093] close(4) = 0 [pid 6093] mkdir("./bus", 0777) = 0 [pid 6093] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6093] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6093] chdir("./bus") = 0 [pid 6093] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6093] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6093] exit_group(0) = ? [ 260.037838][ T6093] loop0: detected capacity change from 0 to 32768 [ 260.069646][ T6093] [ 260.069646][ T6093] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 260.069646][ T6093] [pid 6093] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6093, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=18 /* 0.18 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./239", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./239", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./239/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./239/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./239/binderfs") = 0 [ 260.268480][ T13] [ 260.268480][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 260.268480][ T13] [ 260.279135][ T13] [ 260.279135][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 260.279135][ T13] [ 260.290286][ T113] [ 260.290286][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 260.290286][ T113] [ 260.300894][ T5827] [ 260.300894][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 260.300894][ T5827] [ 260.312099][ T5827] umount2("./239/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./239/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./239/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./239/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./239/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./239/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./239") = 0 mkdir("./240", 0777) = 0 [ 260.312099][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 260.312099][ T5827] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6094 attached [pid 6094] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 6094 [pid 6094] <... set_robust_list resumed>) = 0 [pid 6094] chdir("./240") = 0 [pid 6094] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6094] setpgid(0, 0) = 0 [pid 6094] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6094] write(3, "1000", 4) = 4 [pid 6094] close(3) = 0 [pid 6094] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6094] write(1, "executing program\n", 18) = 18 [pid 6094] memfd_create("syzkaller", 0) = 3 [pid 6094] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6094] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6094] munmap(0x7fac16400000, 138412032) = 0 [pid 6094] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6094] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6094] close(3) = 0 [pid 6094] close(4) = 0 [pid 6094] mkdir("./bus", 0777) = 0 [pid 6094] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6094] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6094] chdir("./bus") = 0 [pid 6094] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6094] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [ 260.768673][ T6094] loop0: detected capacity change from 0 to 32768 [ 260.801104][ T6094] [ 260.801104][ T6094] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 260.801104][ T6094] [pid 6094] exit_group(0) = ? [pid 6094] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6094, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=15 /* 0.15 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./240", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./240", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./240/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./240/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./240/binderfs") = 0 [ 260.974327][ T36] [ 260.974327][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 260.974327][ T36] [ 260.984881][ T36] [ 260.984881][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 260.984881][ T36] [ 260.995953][ T112] [ 260.995953][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 260.995953][ T112] [ 261.006634][ T5827] [ 261.006634][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 261.006634][ T5827] [ 261.017419][ T5827] umount2("./240/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./240/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./240/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 261.017419][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 261.017419][ T5827] umount2("./240/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./240/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./240/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./240") = 0 mkdir("./241", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6095 attached [pid 6095] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 6095 [pid 6095] <... set_robust_list resumed>) = 0 [pid 6095] chdir("./241") = 0 [pid 6095] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6095] setpgid(0, 0) = 0 [pid 6095] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6095] write(3, "1000", 4) = 4 [pid 6095] close(3) = 0 [pid 6095] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6095] write(1, "executing program\n", 18) = 18 [pid 6095] memfd_create("syzkaller", 0) = 3 [pid 6095] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6095] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6095] munmap(0x7fac16400000, 138412032) = 0 [pid 6095] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6095] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6095] close(3) = 0 [pid 6095] close(4) = 0 [pid 6095] mkdir("./bus", 0777) = 0 [ 261.557830][ T6095] loop0: detected capacity change from 0 to 32768 [pid 6095] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6095] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6095] chdir("./bus") = 0 [pid 6095] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6095] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6095] exit_group(0) = ? [pid 6095] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6095, si_uid=0, si_status=0, si_utime=0, si_stime=19 /* 0.19 s */} --- [ 261.613145][ T6095] [ 261.613145][ T6095] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 261.613145][ T6095] restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./241", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./241", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./241/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./241/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./241/binderfs") = 0 [ 261.762647][ T36] [ 261.762647][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 261.762647][ T36] [ 261.773211][ T36] [ 261.773211][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 261.773211][ T36] [ 261.784291][ T5827] [ 261.784291][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 261.784291][ T5827] [ 261.795176][ T112] [ 261.795176][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 261.795176][ T112] [ 261.805795][ T5827] umount2("./241/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./241/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./241/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./241/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 261.805795][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 261.805795][ T5827] openat(AT_FDCWD, "./241/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./241/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./241") = 0 mkdir("./242", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556c245750) = 6096 ./strace-static-x86_64: Process 6096 attached [pid 6096] set_robust_list(0x55556c245760, 24) = 0 [pid 6096] chdir("./242") = 0 [pid 6096] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6096] setpgid(0, 0) = 0 [pid 6096] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6096] write(3, "1000", 4) = 4 [pid 6096] close(3) = 0 [pid 6096] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6096] write(1, "executing program\n", 18executing program ) = 18 [pid 6096] memfd_create("syzkaller", 0) = 3 [pid 6096] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6096] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6096] munmap(0x7fac16400000, 138412032) = 0 [pid 6096] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6096] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6096] close(3) = 0 [pid 6096] close(4) = 0 [pid 6096] mkdir("./bus", 0777) = 0 [pid 6096] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6096] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6096] chdir("./bus") = 0 [pid 6096] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6096] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6096] exit_group(0) = ? [pid 6096] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6096, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=15 /* 0.15 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./242", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./242", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./242/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./242/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./242/binderfs") = 0 [ 262.335528][ T6096] loop0: detected capacity change from 0 to 32768 [ 262.366442][ T6096] [ 262.366442][ T6096] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 262.366442][ T6096] [ 262.407696][ T1088] [ 262.407696][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 262.407696][ T1088] [ 262.418868][ T1088] [ 262.418868][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 262.418868][ T1088] [ 262.430760][ T112] [ 262.430760][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 262.430760][ T112] [ 262.441646][ T5827] [ 262.441646][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 262.441646][ T5827] [ 262.452673][ T5827] umount2("./242/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./242/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./242/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 262.452673][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 262.452673][ T5827] umount2("./242/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./242/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./242/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./242") = 0 mkdir("./243", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6097 attached [pid 6097] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 6097 [pid 6097] <... set_robust_list resumed>) = 0 [pid 6097] chdir("./243") = 0 [pid 6097] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6097] setpgid(0, 0) = 0 [pid 6097] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6097] write(3, "1000", 4) = 4 [pid 6097] close(3) = 0 [pid 6097] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6097] write(1, "executing program\n", 18executing program ) = 18 [pid 6097] memfd_create("syzkaller", 0) = 3 [pid 6097] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6097] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6097] munmap(0x7fac16400000, 138412032) = 0 [pid 6097] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6097] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6097] close(3) = 0 [pid 6097] close(4) = 0 [pid 6097] mkdir("./bus", 0777) = 0 [pid 6097] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6097] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6097] chdir("./bus") = 0 [pid 6097] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6097] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6097] exit_group(0) = ? [pid 6097] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6097, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=16 /* 0.16 s */} --- umount2("./243", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./243", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./243/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./243/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./243/binderfs") = 0 [ 263.028264][ T6097] loop0: detected capacity change from 0 to 32768 [ 263.058887][ T6097] [ 263.058887][ T6097] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 263.058887][ T6097] [ 263.094440][ T36] [ 263.094440][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 263.094440][ T36] [ 263.105074][ T36] [ 263.105074][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 263.105074][ T36] [ 263.117650][ T113] [ 263.117650][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 263.117650][ T113] [ 263.130213][ T5827] [ 263.130213][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 263.130213][ T5827] [ 263.141185][ T5827] umount2("./243/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./243/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./243/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./243/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./243/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 263.141185][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 263.141185][ T5827] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./243/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./243") = 0 mkdir("./244", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6098 attached , child_tidptr=0x55556c245750) = 6098 [pid 6098] set_robust_list(0x55556c245760, 24) = 0 [pid 6098] chdir("./244") = 0 [pid 6098] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6098] setpgid(0, 0) = 0 [pid 6098] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6098] write(3, "1000", 4) = 4 [pid 6098] close(3) = 0 [pid 6098] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6098] write(1, "executing program\n", 18) = 18 [pid 6098] memfd_create("syzkaller", 0) = 3 [pid 6098] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6098] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6098] munmap(0x7fac16400000, 138412032) = 0 [pid 6098] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6098] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6098] close(3) = 0 [pid 6098] close(4) = 0 [pid 6098] mkdir("./bus", 0777) = 0 [ 263.673350][ T6098] loop0: detected capacity change from 0 to 32768 [pid 6098] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6098] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6098] chdir("./bus") = 0 [pid 6098] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6098] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6098] exit_group(0) = ? [ 263.721572][ T6098] [ 263.721572][ T6098] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 263.721572][ T6098] [pid 6098] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6098, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=14 /* 0.14 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./244", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./244", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./244/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./244/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./244/binderfs") = 0 [ 263.910345][ T1088] [ 263.910345][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 263.910345][ T1088] [ 263.920933][ T1088] [ 263.920933][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 263.920933][ T1088] [ 263.932273][ T112] [ 263.932273][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 263.932273][ T112] [ 263.942886][ T5827] [ 263.942886][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 263.942886][ T5827] [ 263.953716][ T5827] umount2("./244/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./244/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./244/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./244/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./244/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 263.953716][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 263.953716][ T5827] getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./244/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./244") = 0 mkdir("./245", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6099 attached [pid 6099] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 6099 [pid 6099] <... set_robust_list resumed>) = 0 [pid 6099] chdir("./245") = 0 [pid 6099] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6099] setpgid(0, 0) = 0 [pid 6099] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6099] write(3, "1000", 4) = 4 [pid 6099] close(3) = 0 [pid 6099] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6099] write(1, "executing program\n", 18executing program ) = 18 [pid 6099] memfd_create("syzkaller", 0) = 3 [pid 6099] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6099] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6099] munmap(0x7fac16400000, 138412032) = 0 [pid 6099] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6099] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6099] close(3) = 0 [pid 6099] close(4) = 0 [pid 6099] mkdir("./bus", 0777) = 0 [pid 6099] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6099] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6099] chdir("./bus") = 0 [pid 6099] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 264.471974][ T6099] loop0: detected capacity change from 0 to 32768 [ 264.502650][ T6099] [ 264.502650][ T6099] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 264.502650][ T6099] [pid 6099] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6099] exit_group(0) = ? [pid 6099] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6099, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./245", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./245", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./245/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./245/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./245/binderfs") = 0 [ 264.662176][ T36] [ 264.662176][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 264.662176][ T36] [ 264.672758][ T36] [ 264.672758][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 264.672758][ T36] [ 264.684424][ T112] [ 264.684424][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 264.684424][ T112] [ 264.695133][ T5827] [ 264.695133][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 264.695133][ T5827] [ 264.705981][ T5827] umount2("./245/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./245/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 264.705981][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 264.705981][ T5827] newfstatat(AT_FDCWD, "./245/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./245/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./245/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./245/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./245") = 0 mkdir("./246", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6100 attached [pid 6100] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 6100 [pid 6100] <... set_robust_list resumed>) = 0 [pid 6100] chdir("./246") = 0 [pid 6100] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6100] setpgid(0, 0) = 0 [pid 6100] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6100] write(3, "1000", 4) = 4 [pid 6100] close(3) = 0 [pid 6100] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6100] write(1, "executing program\n", 18) = 18 [pid 6100] memfd_create("syzkaller", 0) = 3 [pid 6100] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6100] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6100] munmap(0x7fac16400000, 138412032) = 0 [pid 6100] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6100] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6100] close(3) = 0 [pid 6100] close(4) = 0 [pid 6100] mkdir("./bus", 0777) = 0 [pid 6100] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6100] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6100] chdir("./bus") = 0 [pid 6100] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 265.285179][ T6100] loop0: detected capacity change from 0 to 32768 [ 265.314548][ T6100] [ 265.314548][ T6100] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 265.314548][ T6100] [pid 6100] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6100] exit_group(0) = ? [pid 6100] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6100, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=15 /* 0.15 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./246", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./246", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./246/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./246/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./246/binderfs") = 0 [ 265.509069][ T13] [ 265.509069][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 265.509069][ T13] [ 265.519775][ T13] [ 265.519775][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 265.519775][ T13] [ 265.530968][ T113] [ 265.530968][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 265.530968][ T113] [ 265.541559][ T5827] [ 265.541559][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 265.541559][ T5827] [ 265.552468][ T5827] umount2("./246/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./246/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./246/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 265.552468][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 265.552468][ T5827] umount2("./246/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./246/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./246/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./246") = 0 mkdir("./247", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6101 attached [pid 6101] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 6101 [pid 6101] <... set_robust_list resumed>) = 0 [pid 6101] chdir("./247") = 0 [pid 6101] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6101] setpgid(0, 0) = 0 [pid 6101] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6101] write(3, "1000", 4) = 4 [pid 6101] close(3) = 0 [pid 6101] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6101] write(1, "executing program\n", 18) = 18 [pid 6101] memfd_create("syzkaller", 0) = 3 [pid 6101] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6101] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6101] munmap(0x7fac16400000, 138412032) = 0 [pid 6101] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6101] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6101] close(3) = 0 [pid 6101] close(4) = 0 [pid 6101] mkdir("./bus", 0777) = 0 [pid 6101] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6101] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6101] chdir("./bus") = 0 [pid 6101] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6101] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6101] exit_group(0) = ? [pid 6101] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6101, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=15 /* 0.15 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./247", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./247", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./247/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./247/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./247/binderfs") = 0 [ 266.173924][ T6101] loop0: detected capacity change from 0 to 32768 [ 266.212668][ T6101] [ 266.212668][ T6101] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 266.212668][ T6101] [ 266.243614][ T13] [ 266.243614][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 266.243614][ T13] [ 266.254697][ T13] [ 266.254697][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 266.254697][ T13] [ 266.267305][ T5827] [ 266.267305][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 266.267305][ T5827] [ 266.278183][ T113] [ 266.278183][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 266.278183][ T113] [ 266.289867][ T5827] umount2("./247/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./247/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./247/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./247/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 266.289867][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 266.289867][ T5827] openat(AT_FDCWD, "./247/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./247/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./247") = 0 mkdir("./248", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6102 attached [pid 6102] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 6102 [pid 6102] <... set_robust_list resumed>) = 0 [pid 6102] chdir("./248") = 0 [pid 6102] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6102] setpgid(0, 0) = 0 [pid 6102] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6102] write(3, "1000", 4) = 4 [pid 6102] close(3) = 0 [pid 6102] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6102] write(1, "executing program\n", 18) = 18 [pid 6102] memfd_create("syzkaller", 0) = 3 [pid 6102] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6102] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6102] munmap(0x7fac16400000, 138412032) = 0 [pid 6102] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6102] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6102] close(3) = 0 [pid 6102] close(4) = 0 [pid 6102] mkdir("./bus", 0777) = 0 [ 266.839332][ T6102] loop0: detected capacity change from 0 to 32768 [pid 6102] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6102] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6102] chdir("./bus") = 0 [pid 6102] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6102] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6102] exit_group(0) = ? [pid 6102] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6102, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=17 /* 0.17 s */} --- [ 266.884878][ T6102] [ 266.884878][ T6102] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 266.884878][ T6102] restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./248", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./248", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./248/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./248/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./248/binderfs") = 0 [ 267.074412][ T13] [ 267.074412][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 267.074412][ T13] [ 267.085009][ T13] [ 267.085009][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 267.085009][ T13] [ 267.096266][ T113] [ 267.096266][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 267.096266][ T113] [ 267.107037][ T5827] [ 267.107037][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 267.107037][ T5827] [ 267.118069][ T5827] umount2("./248/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./248/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./248/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./248/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./248/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./248/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./248") = 0 [ 267.118069][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 267.118069][ T5827] mkdir("./249", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6103 attached , child_tidptr=0x55556c245750) = 6103 [pid 6103] set_robust_list(0x55556c245760, 24) = 0 [pid 6103] chdir("./249") = 0 [pid 6103] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6103] setpgid(0, 0) = 0 [pid 6103] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6103] write(3, "1000", 4) = 4 [pid 6103] close(3) = 0 [pid 6103] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 6103] write(1, "executing program\n", 18) = 18 [pid 6103] memfd_create("syzkaller", 0) = 3 [pid 6103] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6103] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6103] munmap(0x7fac16400000, 138412032) = 0 [pid 6103] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6103] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6103] close(3) = 0 [pid 6103] close(4) = 0 [pid 6103] mkdir("./bus", 0777) = 0 [pid 6103] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6103] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6103] chdir("./bus") = 0 [pid 6103] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6103] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [ 267.572214][ T6103] loop0: detected capacity change from 0 to 32768 [ 267.592296][ T6103] [ 267.592296][ T6103] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 267.592296][ T6103] [pid 6103] exit_group(0) = ? [pid 6103] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6103, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=15 /* 0.15 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./249", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./249", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./249/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./249/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./249/binderfs") = 0 [ 267.741850][ T1088] [ 267.741850][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 267.741850][ T1088] [ 267.752387][ T1088] [ 267.752387][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 267.752387][ T1088] [ 267.763687][ T113] [ 267.763687][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 267.763687][ T113] [ 267.774324][ T5827] [ 267.774324][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 267.774324][ T5827] [ 267.785289][ T5827] umount2("./249/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./249/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./249/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./249/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./249/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./249/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./249") = 0 mkdir("./250", 0777) = 0 [ 267.785289][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 267.785289][ T5827] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6104 attached , child_tidptr=0x55556c245750) = 6104 [pid 6104] set_robust_list(0x55556c245760, 24) = 0 [pid 6104] chdir("./250") = 0 [pid 6104] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6104] setpgid(0, 0) = 0 [pid 6104] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6104] write(3, "1000", 4) = 4 [pid 6104] close(3) = 0 [pid 6104] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6104] write(1, "executing program\n", 18) = 18 [pid 6104] memfd_create("syzkaller", 0) = 3 [pid 6104] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6104] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6104] munmap(0x7fac16400000, 138412032) = 0 [pid 6104] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6104] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6104] close(3) = 0 [pid 6104] close(4) = 0 [pid 6104] mkdir("./bus", 0777) = 0 [pid 6104] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6104] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6104] chdir("./bus") = 0 [pid 6104] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6104] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6104] exit_group(0) = ? [pid 6104] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6104, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=16 /* 0.16 s */} --- [ 268.218681][ T6104] loop0: detected capacity change from 0 to 32768 [ 268.255896][ T6104] [ 268.255896][ T6104] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 268.255896][ T6104] umount2("./250", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./250", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./250/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./250/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./250/binderfs") = 0 [ 268.416899][ T13] [ 268.416899][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 268.416899][ T13] [ 268.427461][ T13] [ 268.427461][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 268.427461][ T13] [ 268.438238][ T5827] [ 268.438238][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 268.438238][ T5827] [ 268.449460][ T113] [ 268.449460][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 268.449460][ T113] [ 268.459980][ T5827] umount2("./250/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./250/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./250/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 268.459980][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 268.459980][ T5827] umount2("./250/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./250/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./250/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./250") = 0 mkdir("./251", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6105 attached , child_tidptr=0x55556c245750) = 6105 [pid 6105] set_robust_list(0x55556c245760, 24) = 0 [pid 6105] chdir("./251") = 0 [pid 6105] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6105] setpgid(0, 0) = 0 [pid 6105] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6105] write(3, "1000", 4) = 4 [pid 6105] close(3) = 0 [pid 6105] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6105] write(1, "executing program\n", 18) = 18 [pid 6105] memfd_create("syzkaller", 0) = 3 [pid 6105] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6105] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6105] munmap(0x7fac16400000, 138412032) = 0 [pid 6105] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6105] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6105] close(3) = 0 [pid 6105] close(4) = 0 [pid 6105] mkdir("./bus", 0777) = 0 [pid 6105] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6105] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6105] chdir("./bus") = 0 [pid 6105] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6105] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6105] exit_group(0) = ? [ 269.016016][ T6105] loop0: detected capacity change from 0 to 32768 [ 269.055751][ T6105] [ 269.055751][ T6105] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 269.055751][ T6105] [pid 6105] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6105, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./251", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./251", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./251/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./251/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./251/binderfs") = 0 [ 269.231888][ T13] [ 269.231888][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 269.231888][ T13] [ 269.242431][ T13] [ 269.242431][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 269.242431][ T13] [ 269.253188][ T5827] [ 269.253188][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 269.253188][ T5827] [ 269.264185][ T112] [ 269.264185][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 269.264185][ T112] [ 269.274814][ T5827] umount2("./251/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./251/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./251/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./251/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./251/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./251/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./251") = 0 mkdir("./252", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 269.274814][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 269.274814][ T5827] close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6106 attached , child_tidptr=0x55556c245750) = 6106 [pid 6106] set_robust_list(0x55556c245760, 24) = 0 [pid 6106] chdir("./252") = 0 [pid 6106] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6106] setpgid(0, 0) = 0 [pid 6106] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6106] write(3, "1000", 4) = 4 [pid 6106] close(3) = 0 [pid 6106] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6106] write(1, "executing program\n", 18executing program ) = 18 [pid 6106] memfd_create("syzkaller", 0) = 3 [pid 6106] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6106] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6106] munmap(0x7fac16400000, 138412032) = 0 [pid 6106] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6106] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6106] close(3) = 0 [pid 6106] close(4) = 0 [pid 6106] mkdir("./bus", 0777) = 0 [pid 6106] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6106] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6106] chdir("./bus") = 0 [pid 6106] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 269.691880][ T6106] loop0: detected capacity change from 0 to 32768 [ 269.715892][ T6106] [ 269.715892][ T6106] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 269.715892][ T6106] [pid 6106] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6106] exit_group(0) = ? [pid 6106] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6106, si_uid=0, si_status=0, si_utime=0, si_stime=17 /* 0.17 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./252", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./252", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./252/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./252/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./252/binderfs") = 0 [ 269.903998][ T13] [ 269.903998][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 269.903998][ T13] [ 269.914571][ T13] [ 269.914571][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 269.914571][ T13] [ 269.925937][ T112] [ 269.925937][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 269.925937][ T112] [ 269.936503][ T5827] [ 269.936503][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 269.936503][ T5827] [ 269.947676][ T5827] umount2("./252/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./252/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./252/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 269.947676][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 269.947676][ T5827] umount2("./252/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./252/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./252/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./252") = 0 mkdir("./253", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6107 attached , child_tidptr=0x55556c245750) = 6107 [pid 6107] set_robust_list(0x55556c245760, 24) = 0 [pid 6107] chdir("./253") = 0 [pid 6107] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6107] setpgid(0, 0) = 0 [pid 6107] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6107] write(3, "1000", 4) = 4 [pid 6107] close(3) = 0 [pid 6107] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6107] write(1, "executing program\n", 18) = 18 [pid 6107] memfd_create("syzkaller", 0) = 3 [pid 6107] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6107] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6107] munmap(0x7fac16400000, 138412032) = 0 [pid 6107] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6107] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6107] close(3) = 0 [pid 6107] close(4) = 0 [pid 6107] mkdir("./bus", 0777) = 0 [pid 6107] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6107] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6107] chdir("./bus") = 0 [pid 6107] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6107] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6107] exit_group(0) = ? [pid 6107] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6107, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=17 /* 0.17 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./253", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./253", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./253/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./253/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./253/binderfs") = 0 [ 270.505480][ T6107] loop0: detected capacity change from 0 to 32768 [ 270.534881][ T6107] [ 270.534881][ T6107] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 270.534881][ T6107] [ 270.567565][ T13] [ 270.567565][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 270.567565][ T13] [ 270.578198][ T13] [ 270.578198][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 270.578198][ T13] [ 270.593679][ T112] [ 270.593679][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 270.593679][ T112] [ 270.604347][ T5827] [ 270.604347][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 270.604347][ T5827] [ 270.615136][ T5827] umount2("./253/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./253/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./253/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./253/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 270.615136][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 270.615136][ T5827] openat(AT_FDCWD, "./253/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./253/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./253") = 0 mkdir("./254", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6108 attached [pid 6108] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 6108 [pid 6108] <... set_robust_list resumed>) = 0 [pid 6108] chdir("./254") = 0 [pid 6108] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6108] setpgid(0, 0) = 0 [pid 6108] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6108] write(3, "1000", 4) = 4 [pid 6108] close(3) = 0 [pid 6108] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6108] write(1, "executing program\n", 18) = 18 [pid 6108] memfd_create("syzkaller", 0) = 3 [pid 6108] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6108] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6108] munmap(0x7fac16400000, 138412032) = 0 [pid 6108] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6108] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6108] close(3) = 0 [pid 6108] close(4) = 0 [pid 6108] mkdir("./bus", 0777) = 0 [pid 6108] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6108] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6108] chdir("./bus") = 0 [pid 6108] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6108] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6108] exit_group(0) = ? [pid 6108] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6108, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=17 /* 0.17 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./254", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./254", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 271.222650][ T6108] loop0: detected capacity change from 0 to 32768 [ 271.241945][ T6108] [ 271.241945][ T6108] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 271.241945][ T6108] getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./254/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./254/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./254/binderfs") = 0 [ 271.347177][ T13] [ 271.347177][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 271.347177][ T13] [ 271.359313][ T13] [ 271.359313][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 271.359313][ T13] [ 271.370590][ T113] [ 271.370590][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 271.370590][ T113] [ 271.381991][ T5827] [ 271.381991][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 271.381991][ T5827] [ 271.393009][ T5827] umount2("./254/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./254/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./254/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./254/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./254/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 [ 271.393009][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 271.393009][ T5827] close(4) = 0 rmdir("./254/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./254") = 0 mkdir("./255", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6109 attached , child_tidptr=0x55556c245750) = 6109 [pid 6109] set_robust_list(0x55556c245760, 24) = 0 [pid 6109] chdir("./255") = 0 [pid 6109] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6109] setpgid(0, 0) = 0 [pid 6109] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6109] write(3, "1000", 4) = 4 [pid 6109] close(3) = 0 [pid 6109] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6109] write(1, "executing program\n", 18executing program ) = 18 [pid 6109] memfd_create("syzkaller", 0) = 3 [pid 6109] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6109] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6109] munmap(0x7fac16400000, 138412032) = 0 [pid 6109] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6109] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6109] close(3) = 0 [pid 6109] close(4) = 0 [pid 6109] mkdir("./bus", 0777) = 0 [pid 6109] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6109] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [ 271.949413][ T6109] loop0: detected capacity change from 0 to 32768 [ 271.989201][ T6109] [ 271.989201][ T6109] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 271.989201][ T6109] [pid 6109] chdir("./bus") = 0 [pid 6109] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6109] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6109] exit_group(0) = ? [pid 6109] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6109, si_uid=0, si_status=0, si_utime=0, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./255", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./255", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./255/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./255/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./255/binderfs") = 0 [ 272.119018][ T13] [ 272.119018][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 272.119018][ T13] [ 272.129713][ T13] [ 272.129713][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 272.129713][ T13] [ 272.141750][ T112] [ 272.141750][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 272.141750][ T112] [ 272.152448][ T5827] [ 272.152448][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 272.152448][ T5827] [ 272.163249][ T5827] umount2("./255/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./255/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./255/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 272.163249][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 272.163249][ T5827] umount2("./255/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./255/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./255/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./255") = 0 mkdir("./256", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6110 attached , child_tidptr=0x55556c245750) = 6110 [pid 6110] set_robust_list(0x55556c245760, 24) = 0 [pid 6110] chdir("./256") = 0 [pid 6110] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6110] setpgid(0, 0) = 0 [pid 6110] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6110] write(3, "1000", 4) = 4 [pid 6110] close(3) = 0 [pid 6110] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6110] write(1, "executing program\n", 18) = 18 [pid 6110] memfd_create("syzkaller", 0) = 3 [pid 6110] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6110] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6110] munmap(0x7fac16400000, 138412032) = 0 [pid 6110] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6110] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6110] close(3) = 0 [pid 6110] close(4) = 0 [pid 6110] mkdir("./bus", 0777) = 0 [pid 6110] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6110] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6110] chdir("./bus") = 0 [pid 6110] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6110] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [ 272.753953][ T6110] loop0: detected capacity change from 0 to 32768 [ 272.789185][ T6110] [ 272.789185][ T6110] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 272.789185][ T6110] [pid 6110] exit_group(0) = ? [pid 6110] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6110, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=14 /* 0.14 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./256", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./256", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./256/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./256/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./256/binderfs") = 0 [ 272.939811][ T36] [ 272.939811][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 272.939811][ T36] [ 272.950317][ T36] [ 272.950317][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 272.950317][ T36] [ 272.961245][ T5827] [ 272.961245][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 272.961245][ T5827] [ 272.972358][ T112] [ 272.972358][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 272.972358][ T112] [ 272.983071][ T5827] umount2("./256/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./256/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./256/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./256/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./256/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./256/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 [ 272.983071][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 272.983071][ T5827] rmdir("./256") = 0 mkdir("./257", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6111 attached [pid 6111] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 6111 [pid 6111] <... set_robust_list resumed>) = 0 [pid 6111] chdir("./257") = 0 [pid 6111] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6111] setpgid(0, 0) = 0 [pid 6111] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6111] write(3, "1000", 4) = 4 [pid 6111] close(3) = 0 [pid 6111] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6111] write(1, "executing program\n", 18executing program ) = 18 [pid 6111] memfd_create("syzkaller", 0) = 3 [pid 6111] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6111] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6111] munmap(0x7fac16400000, 138412032) = 0 [pid 6111] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6111] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6111] close(3) = 0 [pid 6111] close(4) = 0 [pid 6111] mkdir("./bus", 0777) = 0 [ 273.458918][ T6111] loop0: detected capacity change from 0 to 32768 [pid 6111] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6111] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6111] chdir("./bus") = 0 [pid 6111] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6111] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6111] exit_group(0) = ? [pid 6111] +++ exited with 0 +++ [ 273.500648][ T6111] [ 273.500648][ T6111] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 273.500648][ T6111] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6111, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=18 /* 0.18 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./257", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./257", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./257/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./257/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./257/binderfs") = 0 [ 273.707618][ T13] [ 273.707618][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 273.707618][ T13] [ 273.718467][ T13] [ 273.718467][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 273.718467][ T13] [ 273.729386][ T5827] [ 273.729386][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 273.729386][ T5827] [ 273.740298][ T113] [ 273.740298][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 273.740298][ T113] [ 273.750954][ T5827] umount2("./257/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./257/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./257/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 273.750954][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 273.750954][ T5827] umount2("./257/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./257/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./257/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./257") = 0 mkdir("./258", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6112 attached , child_tidptr=0x55556c245750) = 6112 [pid 6112] set_robust_list(0x55556c245760, 24) = 0 [pid 6112] chdir("./258") = 0 [pid 6112] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6112] setpgid(0, 0) = 0 [pid 6112] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6112] write(3, "1000", 4) = 4 [pid 6112] close(3) = 0 [pid 6112] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6112] write(1, "executing program\n", 18) = 18 [pid 6112] memfd_create("syzkaller", 0) = 3 [pid 6112] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6112] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6112] munmap(0x7fac16400000, 138412032) = 0 [pid 6112] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6112] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6112] close(3) = 0 [pid 6112] close(4) = 0 [pid 6112] mkdir("./bus", 0777) = 0 [pid 6112] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6112] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6112] chdir("./bus") = 0 [pid 6112] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6112] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6112] exit_group(0) = ? [pid 6112] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6112, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=14 /* 0.14 s */} --- [ 274.293457][ T6112] loop0: detected capacity change from 0 to 32768 [ 274.325038][ T6112] [ 274.325038][ T6112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 274.325038][ T6112] restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./258", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./258", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./258/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./258/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./258/binderfs") = 0 [ 274.477703][ T36] [ 274.477703][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 274.477703][ T36] [ 274.488257][ T36] [ 274.488257][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 274.488257][ T36] [ 274.499257][ T112] [ 274.499257][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 274.499257][ T112] [ 274.509902][ T5827] [ 274.509902][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 274.509902][ T5827] [ 274.520852][ T5827] umount2("./258/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./258/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./258/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 274.520852][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 274.520852][ T5827] umount2("./258/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./258/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./258/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./258") = 0 mkdir("./259", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6113 attached , child_tidptr=0x55556c245750) = 6113 [pid 6113] set_robust_list(0x55556c245760, 24) = 0 [pid 6113] chdir("./259") = 0 [pid 6113] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6113] setpgid(0, 0) = 0 [pid 6113] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6113] write(3, "1000", 4) = 4 [pid 6113] close(3) = 0 [pid 6113] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6113] write(1, "executing program\n", 18executing program ) = 18 [pid 6113] memfd_create("syzkaller", 0) = 3 [pid 6113] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6113] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6113] munmap(0x7fac16400000, 138412032) = 0 [pid 6113] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6113] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6113] close(3) = 0 [pid 6113] close(4) = 0 [pid 6113] mkdir("./bus", 0777) = 0 [ 275.095618][ T6113] loop0: detected capacity change from 0 to 32768 [pid 6113] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6113] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6113] chdir("./bus") = 0 [pid 6113] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6113] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6113] exit_group(0) = ? [pid 6113] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6113, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=18 /* 0.18 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 275.141866][ T6113] [ 275.141866][ T6113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 275.141866][ T6113] umount2("./259", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./259", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./259/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./259/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./259/binderfs") = 0 [ 275.329766][ T36] [ 275.329766][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 275.329766][ T36] [ 275.340358][ T36] [ 275.340358][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 275.340358][ T36] [ 275.351504][ T113] [ 275.351504][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 275.351504][ T113] [ 275.362526][ T5827] [ 275.362526][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 275.362526][ T5827] [ 275.373379][ T5827] umount2("./259/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./259/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./259/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./259/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./259/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 275.373379][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 275.373379][ T5827] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./259/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./259") = 0 mkdir("./260", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6114 attached , child_tidptr=0x55556c245750) = 6114 [pid 6114] set_robust_list(0x55556c245760, 24) = 0 [pid 6114] chdir("./260") = 0 [pid 6114] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6114] setpgid(0, 0) = 0 [pid 6114] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6114] write(3, "1000", 4) = 4 [pid 6114] close(3) = 0 [pid 6114] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6114] write(1, "executing program\n", 18) = 18 [pid 6114] memfd_create("syzkaller", 0) = 3 [pid 6114] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6114] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6114] munmap(0x7fac16400000, 138412032) = 0 [pid 6114] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6114] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6114] close(3) = 0 [pid 6114] close(4) = 0 [pid 6114] mkdir("./bus", 0777) = 0 [pid 6114] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6114] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6114] chdir("./bus") = 0 [pid 6114] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6114] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6114] exit_group(0) = ? [pid 6114] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6114, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=15 /* 0.15 s */} --- [ 275.877040][ T6114] loop0: detected capacity change from 0 to 32768 [ 275.907642][ T6114] [ 275.907642][ T6114] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 275.907642][ T6114] restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./260", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./260", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./260/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./260/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./260/binderfs") = 0 [ 276.069399][ T36] [ 276.069399][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 276.069399][ T36] [ 276.080110][ T36] [ 276.080110][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 276.080110][ T36] [ 276.091082][ T112] [ 276.091082][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 276.091082][ T112] [ 276.101684][ T5827] [ 276.101684][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 276.101684][ T5827] [ 276.112501][ T5827] umount2("./260/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./260/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./260/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 276.112501][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 276.112501][ T5827] umount2("./260/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./260/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./260/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./260") = 0 mkdir("./261", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6115 attached [pid 6115] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 6115 [pid 6115] <... set_robust_list resumed>) = 0 [pid 6115] chdir("./261") = 0 [pid 6115] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6115] setpgid(0, 0) = 0 [pid 6115] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6115] write(3, "1000", 4) = 4 [pid 6115] close(3) = 0 [pid 6115] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6115] write(1, "executing program\n", 18executing program ) = 18 [pid 6115] memfd_create("syzkaller", 0) = 3 [pid 6115] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6115] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6115] munmap(0x7fac16400000, 138412032) = 0 [pid 6115] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6115] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6115] close(3) = 0 [pid 6115] close(4) = 0 [pid 6115] mkdir("./bus", 0777) = 0 [ 276.682533][ T6115] loop0: detected capacity change from 0 to 32768 [pid 6115] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6115] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6115] chdir("./bus") = 0 [pid 6115] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6115] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6115] exit_group(0) = ? [pid 6115] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6115, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=18 /* 0.18 s */} --- [ 276.726635][ T6115] [ 276.726635][ T6115] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 276.726635][ T6115] restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./261", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./261", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./261/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./261/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./261/binderfs") = 0 [ 276.905397][ T13] [ 276.905397][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 276.905397][ T13] [ 276.916027][ T13] [ 276.916027][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 276.916027][ T13] [ 276.926914][ T5827] [ 276.926914][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 276.926914][ T5827] [ 276.937812][ T112] [ 276.937812][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 276.937812][ T112] [ 276.948454][ T5827] umount2("./261/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./261/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./261/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 276.948454][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 276.948454][ T5827] umount2("./261/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./261/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./261/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./261") = 0 mkdir("./262", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6116 attached , child_tidptr=0x55556c245750) = 6116 [pid 6116] set_robust_list(0x55556c245760, 24) = 0 [pid 6116] chdir("./262") = 0 [pid 6116] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6116] setpgid(0, 0) = 0 [pid 6116] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6116] write(3, "1000", 4) = 4 [pid 6116] close(3) = 0 [pid 6116] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6116] write(1, "executing program\n", 18) = 18 [pid 6116] memfd_create("syzkaller", 0) = 3 [pid 6116] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6116] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6116] munmap(0x7fac16400000, 138412032) = 0 [pid 6116] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6116] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6116] close(3) = 0 [pid 6116] close(4) = 0 [pid 6116] mkdir("./bus", 0777) = 0 [pid 6116] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6116] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6116] chdir("./bus") = 0 [pid 6116] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6116] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6116] exit_group(0) = ? [pid 6116] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6116, si_uid=0, si_status=0, si_utime=0, si_stime=17 /* 0.17 s */} --- [ 277.510851][ T6116] loop0: detected capacity change from 0 to 32768 [ 277.547302][ T6116] [ 277.547302][ T6116] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 277.547302][ T6116] restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./262", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./262", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./262/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./262/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./262/binderfs") = 0 [ 277.689154][ T13] [ 277.689154][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 277.689154][ T13] [ 277.699706][ T13] [ 277.699706][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 277.699706][ T13] [ 277.710677][ T113] [ 277.710677][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 277.710677][ T113] [ 277.721426][ T5827] [ 277.721426][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 277.721426][ T5827] [ 277.732317][ T5827] umount2("./262/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./262/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./262/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 277.732317][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 277.732317][ T5827] umount2("./262/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./262/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./262/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./262") = 0 mkdir("./263", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6117 attached , child_tidptr=0x55556c245750) = 6117 [pid 6117] set_robust_list(0x55556c245760, 24) = 0 [pid 6117] chdir("./263") = 0 [pid 6117] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6117] setpgid(0, 0) = 0 [pid 6117] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6117] write(3, "1000", 4) = 4 [pid 6117] close(3) = 0 [pid 6117] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6117] write(1, "executing program\n", 18executing program ) = 18 [pid 6117] memfd_create("syzkaller", 0) = 3 [pid 6117] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6117] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6117] munmap(0x7fac16400000, 138412032) = 0 [pid 6117] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6117] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6117] close(3) = 0 [pid 6117] close(4) = 0 [pid 6117] mkdir("./bus", 0777) = 0 [pid 6117] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6117] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6117] chdir("./bus") = 0 [pid 6117] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6117] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6117] exit_group(0) = ? [ 278.310618][ T6117] loop0: detected capacity change from 0 to 32768 [ 278.336715][ T6117] [ 278.336715][ T6117] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 278.336715][ T6117] [pid 6117] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6117, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=14 /* 0.14 s */} --- umount2("./263", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./263", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./263/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./263/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./263/binderfs") = 0 [ 278.512052][ T13] [ 278.512052][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 278.512052][ T13] [ 278.522607][ T13] [ 278.522607][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 278.522607][ T13] [ 278.533516][ T112] [ 278.533516][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 278.533516][ T112] [ 278.544132][ T5827] [ 278.544132][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 278.544132][ T5827] [ 278.555072][ T5827] umount2("./263/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./263/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./263/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 278.555072][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 278.555072][ T5827] umount2("./263/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./263/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./263/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./263") = 0 mkdir("./264", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6118 attached [pid 6118] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 6118 [pid 6118] <... set_robust_list resumed>) = 0 [pid 6118] chdir("./264") = 0 [pid 6118] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6118] setpgid(0, 0) = 0 [pid 6118] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6118] write(3, "1000", 4) = 4 [pid 6118] close(3) = 0 [pid 6118] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6118] write(1, "executing program\n", 18executing program ) = 18 [pid 6118] memfd_create("syzkaller", 0) = 3 [pid 6118] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6118] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6118] munmap(0x7fac16400000, 138412032) = 0 [pid 6118] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6118] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6118] close(3) = 0 [pid 6118] close(4) = 0 [pid 6118] mkdir("./bus", 0777) = 0 [pid 6118] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6118] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6118] chdir("./bus") = 0 [pid 6118] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 279.052122][ T6118] loop0: detected capacity change from 0 to 32768 [ 279.090380][ T6118] [ 279.090380][ T6118] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 279.090380][ T6118] [pid 6118] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6118] exit_group(0) = ? [pid 6118] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6118, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=15 /* 0.15 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./264", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./264", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./264/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./264/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./264/binderfs") = 0 [ 279.265529][ T36] [ 279.265529][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 279.265529][ T36] [ 279.276164][ T36] [ 279.276164][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 279.276164][ T36] [ 279.286866][ T5827] [ 279.286866][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 279.286866][ T5827] [ 279.297788][ T113] [ 279.297788][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 279.297788][ T113] [ 279.308431][ T5827] umount2("./264/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./264/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./264/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 279.308431][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 279.308431][ T5827] umount2("./264/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./264/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./264/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./264") = 0 mkdir("./265", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6119 attached [pid 6119] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 6119 [pid 6119] <... set_robust_list resumed>) = 0 [pid 6119] chdir("./265") = 0 [pid 6119] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6119] setpgid(0, 0) = 0 [pid 6119] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6119] write(3, "1000", 4) = 4 [pid 6119] close(3) = 0 [pid 6119] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6119] write(1, "executing program\n", 18executing program ) = 18 [pid 6119] memfd_create("syzkaller", 0) = 3 [pid 6119] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6119] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6119] munmap(0x7fac16400000, 138412032) = 0 [pid 6119] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6119] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6119] close(3) = 0 [pid 6119] close(4) = 0 [pid 6119] mkdir("./bus", 0777) = 0 [pid 6119] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6119] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6119] chdir("./bus") = 0 [pid 6119] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6119] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6119] exit_group(0) = ? [pid 6119] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6119, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=17 /* 0.17 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./265", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./265", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./265/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./265/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./265/binderfs") = 0 [ 279.909372][ T6119] loop0: detected capacity change from 0 to 32768 [ 279.948835][ T6119] [ 279.948835][ T6119] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 279.948835][ T6119] [ 279.975626][ T36] [ 279.975626][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 279.975626][ T36] [ 279.989230][ T36] [ 279.989230][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 279.989230][ T36] [ 280.000830][ T113] [ 280.000830][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 280.000830][ T113] [ 280.011410][ T5827] [ 280.011410][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 280.011410][ T5827] [ 280.022847][ T5827] umount2("./265/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./265/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./265/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./265/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./265/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 280.022847][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 280.022847][ T5827] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./265/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./265") = 0 mkdir("./266", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6120 attached , child_tidptr=0x55556c245750) = 6120 [pid 6120] set_robust_list(0x55556c245760, 24) = 0 [pid 6120] chdir("./266") = 0 [pid 6120] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6120] setpgid(0, 0) = 0 [pid 6120] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6120] write(3, "1000", 4) = 4 [pid 6120] close(3) = 0 [pid 6120] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6120] write(1, "executing program\n", 18executing program ) = 18 [pid 6120] memfd_create("syzkaller", 0) = 3 [pid 6120] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6120] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6120] munmap(0x7fac16400000, 138412032) = 0 [pid 6120] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6120] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6120] close(3) = 0 [pid 6120] close(4) = 0 [pid 6120] mkdir("./bus", 0777) = 0 [pid 6120] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6120] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6120] chdir("./bus") = 0 [ 280.553133][ T6120] loop0: detected capacity change from 0 to 32768 [ 280.590811][ T6120] [ 280.590811][ T6120] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 280.590811][ T6120] [pid 6120] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6120] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6120] exit_group(0) = ? [pid 6120] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6120, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=17 /* 0.17 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./266", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./266", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./266/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./266/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./266/binderfs") = 0 [ 280.778164][ T13] [ 280.778164][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 280.778164][ T13] [ 280.788887][ T13] [ 280.788887][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 280.788887][ T13] [ 280.800478][ T112] [ 280.800478][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 280.800478][ T112] [ 280.811052][ T5827] [ 280.811052][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 280.811052][ T5827] [ 280.821813][ T5827] umount2("./266/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./266/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./266/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 280.821813][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 280.821813][ T5827] umount2("./266/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./266/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./266/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./266") = 0 mkdir("./267", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6121 attached [pid 6121] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 6121 [pid 6121] <... set_robust_list resumed>) = 0 [pid 6121] chdir("./267") = 0 [pid 6121] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6121] setpgid(0, 0) = 0 [pid 6121] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6121] write(3, "1000", 4) = 4 [pid 6121] close(3) = 0 [pid 6121] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6121] write(1, "executing program\n", 18) = 18 [pid 6121] memfd_create("syzkaller", 0) = 3 [pid 6121] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6121] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6121] munmap(0x7fac16400000, 138412032) = 0 [pid 6121] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6121] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6121] close(3) = 0 [pid 6121] close(4) = 0 [pid 6121] mkdir("./bus", 0777) = 0 [pid 6121] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6121] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [ 281.398689][ T6121] loop0: detected capacity change from 0 to 32768 [ 281.437307][ T6121] [ 281.437307][ T6121] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 281.437307][ T6121] [pid 6121] chdir("./bus") = 0 [pid 6121] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6121] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6121] exit_group(0) = ? [pid 6121] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6121, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=13 /* 0.13 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./267", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./267", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./267/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./267/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./267/binderfs") = 0 [ 281.587806][ T36] [ 281.587806][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 281.587806][ T36] [ 281.598428][ T36] [ 281.598428][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 281.598428][ T36] [ 281.609619][ T113] [ 281.609619][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 281.609619][ T113] [ 281.620284][ T5827] [ 281.620284][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 281.620284][ T5827] [ 281.631191][ T5827] umount2("./267/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./267/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./267/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./267/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./267/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 281.631191][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 281.631191][ T5827] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./267/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./267") = 0 mkdir("./268", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6122 attached , child_tidptr=0x55556c245750) = 6122 [pid 6122] set_robust_list(0x55556c245760, 24) = 0 [pid 6122] chdir("./268") = 0 [pid 6122] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6122] setpgid(0, 0) = 0 [pid 6122] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6122] write(3, "1000", 4) = 4 [pid 6122] close(3) = 0 [pid 6122] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6122] write(1, "executing program\n", 18executing program ) = 18 [pid 6122] memfd_create("syzkaller", 0) = 3 [pid 6122] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6122] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6122] munmap(0x7fac16400000, 138412032) = 0 [pid 6122] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6122] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6122] close(3) = 0 [pid 6122] close(4) = 0 [pid 6122] mkdir("./bus", 0777) = 0 [pid 6122] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6122] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6122] chdir("./bus") = 0 [pid 6122] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6122] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6122] exit_group(0) = ? [pid 6122] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6122, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=17 /* 0.17 s */} --- umount2("./268", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./268", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./268/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./268/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 282.173339][ T6122] loop0: detected capacity change from 0 to 32768 [ 282.195125][ T6122] [ 282.195125][ T6122] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 282.195125][ T6122] unlink("./268/binderfs") = 0 [ 282.232052][ T13] [ 282.232052][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 282.232052][ T13] [ 282.243117][ T13] [ 282.243117][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 282.243117][ T13] [ 282.254159][ T5827] [ 282.254159][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 282.254159][ T5827] [ 282.265512][ T113] [ 282.265512][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 282.265512][ T113] [ 282.276712][ T5827] umount2("./268/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./268/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./268/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 282.276712][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 282.276712][ T5827] umount2("./268/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./268/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./268/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./268") = 0 mkdir("./269", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6123 attached , child_tidptr=0x55556c245750) = 6123 [pid 6123] set_robust_list(0x55556c245760, 24) = 0 [pid 6123] chdir("./269") = 0 [pid 6123] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6123] setpgid(0, 0) = 0 [pid 6123] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6123] write(3, "1000", 4) = 4 [pid 6123] close(3) = 0 [pid 6123] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6123] write(1, "executing program\n", 18) = 18 [pid 6123] memfd_create("syzkaller", 0) = 3 [pid 6123] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6123] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6123] munmap(0x7fac16400000, 138412032) = 0 [pid 6123] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6123] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6123] close(3) = 0 [pid 6123] close(4) = 0 [pid 6123] mkdir("./bus", 0777) = 0 [pid 6123] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6123] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6123] chdir("./bus") = 0 [pid 6123] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 282.832515][ T6123] loop0: detected capacity change from 0 to 32768 [ 282.855803][ T6123] [ 282.855803][ T6123] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 282.855803][ T6123] [pid 6123] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6123] exit_group(0) = ? [pid 6123] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6123, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=15 /* 0.15 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./269", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./269", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./269/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./269/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./269/binderfs") = 0 [ 283.014200][ T1088] [ 283.014200][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 283.014200][ T1088] [ 283.024894][ T1088] [ 283.024894][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 283.024894][ T1088] [ 283.036198][ T112] [ 283.036198][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 283.036198][ T112] [ 283.046964][ T5827] [ 283.046964][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 283.046964][ T5827] [ 283.057894][ T5827] umount2("./269/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./269/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./269/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./269/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 283.057894][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 283.057894][ T5827] openat(AT_FDCWD, "./269/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./269/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./269") = 0 mkdir("./270", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6124 attached , child_tidptr=0x55556c245750) = 6124 [pid 6124] set_robust_list(0x55556c245760, 24) = 0 [pid 6124] chdir("./270") = 0 [pid 6124] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6124] setpgid(0, 0) = 0 [pid 6124] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6124] write(3, "1000", 4) = 4 [pid 6124] close(3) = 0 [pid 6124] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6124] write(1, "executing program\n", 18executing program ) = 18 [pid 6124] memfd_create("syzkaller", 0) = 3 [pid 6124] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6124] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6124] munmap(0x7fac16400000, 138412032) = 0 [pid 6124] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6124] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6124] close(3) = 0 [pid 6124] close(4) = 0 [pid 6124] mkdir("./bus", 0777) = 0 [pid 6124] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6124] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6124] chdir("./bus") = 0 [pid 6124] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6124] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6124] exit_group(0) = ? [pid 6124] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6124, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=17 /* 0.17 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./270", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 283.587628][ T6124] loop0: detected capacity change from 0 to 32768 [ 283.619390][ T6124] [ 283.619390][ T6124] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 283.619390][ T6124] openat(AT_FDCWD, "./270", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./270/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./270/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./270/binderfs") = 0 [ 283.747044][ T1088] [ 283.747044][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 283.747044][ T1088] [ 283.757761][ T1088] [ 283.757761][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 283.757761][ T1088] [ 283.768765][ T5827] [ 283.768765][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 283.768765][ T5827] [ 283.779825][ T113] [ 283.779825][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 283.779825][ T113] [ 283.790329][ T5827] umount2("./270/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./270/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./270/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./270/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./270/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./270/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./270") = 0 mkdir("./271", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 283.790329][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 283.790329][ T5827] ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6125 attached [pid 6125] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 6125 [pid 6125] <... set_robust_list resumed>) = 0 [pid 6125] chdir("./271") = 0 [pid 6125] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6125] setpgid(0, 0) = 0 [pid 6125] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6125] write(3, "1000", 4) = 4 [pid 6125] close(3) = 0 [pid 6125] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6125] write(1, "executing program\n", 18executing program ) = 18 [pid 6125] memfd_create("syzkaller", 0) = 3 [pid 6125] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6125] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6125] munmap(0x7fac16400000, 138412032) = 0 [pid 6125] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6125] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6125] close(3) = 0 [pid 6125] close(4) = 0 [pid 6125] mkdir("./bus", 0777) = 0 [ 284.234176][ T6125] loop0: detected capacity change from 0 to 32768 [pid 6125] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6125] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6125] chdir("./bus") = 0 [pid 6125] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6125] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6125] exit_group(0) = ? [pid 6125] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6125, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=17 /* 0.17 s */} --- [ 284.277786][ T6125] [ 284.277786][ T6125] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 284.277786][ T6125] restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./271", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./271", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./271/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./271/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./271/binderfs") = 0 [ 284.468083][ T36] [ 284.468083][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 284.468083][ T36] [ 284.478666][ T36] [ 284.478666][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 284.478666][ T36] [ 284.489708][ T112] [ 284.489708][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 284.489708][ T112] [ 284.500282][ T5827] [ 284.500282][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 284.500282][ T5827] [ 284.511159][ T5827] umount2("./271/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./271/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./271/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 284.511159][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 284.511159][ T5827] umount2("./271/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./271/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./271/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./271") = 0 mkdir("./272", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6126 attached , child_tidptr=0x55556c245750) = 6126 [pid 6126] set_robust_list(0x55556c245760, 24) = 0 [pid 6126] chdir("./272") = 0 [pid 6126] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6126] setpgid(0, 0) = 0 [pid 6126] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6126] write(3, "1000", 4) = 4 [pid 6126] close(3) = 0 [pid 6126] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6126] write(1, "executing program\n", 18executing program ) = 18 [pid 6126] memfd_create("syzkaller", 0) = 3 [pid 6126] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6126] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6126] munmap(0x7fac16400000, 138412032) = 0 [pid 6126] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6126] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6126] close(3) = 0 [pid 6126] close(4) = 0 [pid 6126] mkdir("./bus", 0777) = 0 [pid 6126] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6126] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6126] chdir("./bus") = 0 [pid 6126] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6126] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6126] exit_group(0) = ? [pid 6126] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6126, si_uid=0, si_status=0, si_utime=0, si_stime=20 /* 0.20 s */} --- [ 285.126804][ T6126] loop0: detected capacity change from 0 to 32768 [ 285.165507][ T6126] [ 285.165507][ T6126] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 285.165507][ T6126] restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./272", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./272", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./272/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./272/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./272/binderfs") = 0 [ 285.321514][ T36] [ 285.321514][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 285.321514][ T36] [ 285.332051][ T36] [ 285.332051][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 285.332051][ T36] [ 285.342811][ T5827] [ 285.342811][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 285.342811][ T5827] [ 285.353754][ T113] [ 285.353754][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 285.353754][ T113] [ 285.364599][ T5827] umount2("./272/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./272/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./272/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./272/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./272/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./272/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./272") = 0 mkdir("./273", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 285.364599][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 285.364599][ T5827] close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6127 attached , child_tidptr=0x55556c245750) = 6127 [pid 6127] set_robust_list(0x55556c245760, 24) = 0 [pid 6127] chdir("./273") = 0 [pid 6127] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6127] setpgid(0, 0) = 0 [pid 6127] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6127] write(3, "1000", 4) = 4 [pid 6127] close(3) = 0 [pid 6127] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6127] write(1, "executing program\n", 18executing program ) = 18 [pid 6127] memfd_create("syzkaller", 0) = 3 [pid 6127] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6127] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6127] munmap(0x7fac16400000, 138412032) = 0 [pid 6127] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6127] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6127] close(3) = 0 [pid 6127] close(4) = 0 [pid 6127] mkdir("./bus", 0777) = 0 [pid 6127] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6127] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6127] chdir("./bus") = 0 [pid 6127] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6127] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6127] exit_group(0) = ? [pid 6127] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6127, si_uid=0, si_status=0, si_utime=0, si_stime=19 /* 0.19 s */} --- [ 285.755087][ T6127] loop0: detected capacity change from 0 to 32768 [ 285.788448][ T6127] [ 285.788448][ T6127] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 285.788448][ T6127] restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./273", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./273", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./273/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./273/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./273/binderfs") = 0 [ 285.968599][ T36] [ 285.968599][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 285.968599][ T36] [ 285.979174][ T36] [ 285.979174][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 285.979174][ T36] [ 285.990205][ T113] [ 285.990205][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 285.990205][ T113] [ 286.000772][ T5827] [ 286.000772][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 286.000772][ T5827] [ 286.011546][ T5827] umount2("./273/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./273/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./273/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./273/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./273/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./273/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./273") = 0 mkdir("./274", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 286.011546][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 286.011546][ T5827] close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6128 attached [pid 6128] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 6128 [pid 6128] <... set_robust_list resumed>) = 0 [pid 6128] chdir("./274") = 0 [pid 6128] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6128] setpgid(0, 0) = 0 [pid 6128] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6128] write(3, "1000", 4) = 4 [pid 6128] close(3) = 0 [pid 6128] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6128] write(1, "executing program\n", 18executing program ) = 18 [pid 6128] memfd_create("syzkaller", 0) = 3 [pid 6128] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6128] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6128] munmap(0x7fac16400000, 138412032) = 0 [pid 6128] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6128] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6128] close(3) = 0 [pid 6128] close(4) = 0 [pid 6128] mkdir("./bus", 0777) = 0 [pid 6128] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6128] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6128] chdir("./bus") = 0 [pid 6128] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6128] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6128] exit_group(0) = ? [pid 6128] +++ exited with 0 +++ [ 286.415353][ T6128] loop0: detected capacity change from 0 to 32768 [ 286.440866][ T6128] [ 286.440866][ T6128] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 286.440866][ T6128] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6128, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=18 /* 0.18 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./274", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./274", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./274/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./274/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./274/binderfs") = 0 [ 286.620428][ T36] [ 286.620428][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 286.620428][ T36] [ 286.630946][ T36] [ 286.630946][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 286.630946][ T36] [ 286.641730][ T5827] [ 286.641730][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 286.641730][ T5827] [ 286.652805][ T113] [ 286.652805][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 286.652805][ T113] [ 286.663601][ T5827] umount2("./274/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./274/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./274/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 286.663601][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 286.663601][ T5827] umount2("./274/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./274/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./274/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./274") = 0 mkdir("./275", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6129 attached , child_tidptr=0x55556c245750) = 6129 [pid 6129] set_robust_list(0x55556c245760, 24) = 0 [pid 6129] chdir("./275") = 0 [pid 6129] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6129] setpgid(0, 0) = 0 [pid 6129] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6129] write(3, "1000", 4) = 4 [pid 6129] close(3) = 0 [pid 6129] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6129] write(1, "executing program\n", 18executing program ) = 18 [pid 6129] memfd_create("syzkaller", 0) = 3 [pid 6129] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6129] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6129] munmap(0x7fac16400000, 138412032) = 0 [pid 6129] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6129] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6129] close(3) = 0 [pid 6129] close(4) = 0 [pid 6129] mkdir("./bus", 0777) = 0 [ 287.239387][ T6129] loop0: detected capacity change from 0 to 32768 [pid 6129] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6129] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6129] chdir("./bus") = 0 [pid 6129] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6129] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6129] exit_group(0) = ? [pid 6129] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6129, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 287.298512][ T6129] [ 287.298512][ T6129] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 287.298512][ T6129] umount2("./275", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./275", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./275/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./275/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./275/binderfs") = 0 [ 287.475105][ T1088] [ 287.475105][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 287.475105][ T1088] [ 287.485768][ T1088] [ 287.485768][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 287.485768][ T1088] [ 287.496799][ T5827] [ 287.496799][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 287.496799][ T5827] [ 287.507624][ T113] [ 287.507624][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 287.507624][ T113] [ 287.518507][ T5827] umount2("./275/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./275/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./275/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 287.518507][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 287.518507][ T5827] umount2("./275/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./275/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./275/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./275") = 0 mkdir("./276", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6130 attached , child_tidptr=0x55556c245750) = 6130 [pid 6130] set_robust_list(0x55556c245760, 24) = 0 [pid 6130] chdir("./276") = 0 [pid 6130] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6130] setpgid(0, 0) = 0 [pid 6130] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6130] write(3, "1000", 4) = 4 [pid 6130] close(3) = 0 [pid 6130] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6130] write(1, "executing program\n", 18) = 18 [pid 6130] memfd_create("syzkaller", 0) = 3 [pid 6130] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6130] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6130] munmap(0x7fac16400000, 138412032) = 0 [pid 6130] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6130] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6130] close(3) = 0 [pid 6130] close(4) = 0 [pid 6130] mkdir("./bus", 0777) = 0 [pid 6130] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6130] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6130] chdir("./bus") = 0 [pid 6130] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6130] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6130] exit_group(0) = ? [pid 6130] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6130, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=19 /* 0.19 s */} --- [ 288.075314][ T6130] loop0: detected capacity change from 0 to 32768 [ 288.101867][ T6130] [ 288.101867][ T6130] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 288.101867][ T6130] restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./276", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./276", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./276/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./276/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./276/binderfs") = 0 umount2("./276/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [ 288.284052][ T36] [ 288.284052][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 288.284052][ T36] [ 288.294662][ T36] [ 288.294662][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 288.294662][ T36] [ 288.305408][ T5827] [ 288.305408][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 288.305408][ T5827] [ 288.316508][ T113] [ 288.316508][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 288.316508][ T113] [ 288.327139][ T5827] umount2("./276/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./276/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 288.327139][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 288.327139][ T5827] umount2("./276/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./276/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./276/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./276") = 0 mkdir("./277", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6131 attached [pid 6131] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 6131 [pid 6131] <... set_robust_list resumed>) = 0 [pid 6131] chdir("./277") = 0 [pid 6131] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6131] setpgid(0, 0) = 0 [pid 6131] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6131] write(3, "1000", 4) = 4 [pid 6131] close(3) = 0 [pid 6131] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6131] write(1, "executing program\n", 18) = 18 [pid 6131] memfd_create("syzkaller", 0) = 3 [pid 6131] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6131] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6131] munmap(0x7fac16400000, 138412032) = 0 [pid 6131] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6131] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6131] close(3) = 0 [pid 6131] close(4) = 0 [pid 6131] mkdir("./bus", 0777) = 0 [pid 6131] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6131] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6131] chdir("./bus") = 0 [pid 6131] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6131] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [ 288.854366][ T6131] loop0: detected capacity change from 0 to 32768 [ 288.884873][ T6131] [ 288.884873][ T6131] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 288.884873][ T6131] [pid 6131] exit_group(0) = ? [pid 6131] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6131, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=14 /* 0.14 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./277", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./277", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./277/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./277/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./277/binderfs") = 0 [ 289.093709][ T36] [ 289.093709][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 289.093709][ T36] [ 289.104309][ T36] [ 289.104309][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 289.104309][ T36] [ 289.115265][ T112] [ 289.115265][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 289.115265][ T112] [ 289.126313][ T5827] [ 289.126313][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 289.126313][ T5827] [ 289.137182][ T5827] umount2("./277/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./277/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./277/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 289.137182][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 289.137182][ T5827] umount2("./277/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./277/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./277/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./277") = 0 mkdir("./278", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6132 attached [pid 6132] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 6132 [pid 6132] <... set_robust_list resumed>) = 0 [pid 6132] chdir("./278") = 0 [pid 6132] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6132] setpgid(0, 0) = 0 [pid 6132] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6132] write(3, "1000", 4) = 4 [pid 6132] close(3) = 0 [pid 6132] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6132] write(1, "executing program\n", 18) = 18 [pid 6132] memfd_create("syzkaller", 0) = 3 [pid 6132] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6132] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6132] munmap(0x7fac16400000, 138412032) = 0 [pid 6132] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6132] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6132] close(3) = 0 [pid 6132] close(4) = 0 [pid 6132] mkdir("./bus", 0777) = 0 [pid 6132] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6132] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6132] chdir("./bus") = 0 [pid 6132] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6132] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6132] exit_group(0) = ? [pid 6132] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6132, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=17 /* 0.17 s */} --- [ 289.692685][ T6132] loop0: detected capacity change from 0 to 32768 [ 289.728175][ T6132] [ 289.728175][ T6132] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 289.728175][ T6132] restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./278", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./278", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./278/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./278/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./278/binderfs") = 0 [ 289.908365][ T1088] [ 289.908365][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 289.908365][ T1088] [ 289.919130][ T1088] [ 289.919130][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 289.919130][ T1088] [ 289.929908][ T5827] [ 289.929908][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 289.929908][ T5827] [ 289.940868][ T113] [ 289.940868][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 289.940868][ T113] [ 289.951447][ T5827] umount2("./278/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./278/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./278/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 289.951447][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 289.951447][ T5827] umount2("./278/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./278/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./278/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./278") = 0 mkdir("./279", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6133 attached , child_tidptr=0x55556c245750) = 6133 [pid 6133] set_robust_list(0x55556c245760, 24) = 0 [pid 6133] chdir("./279") = 0 [pid 6133] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6133] setpgid(0, 0) = 0 [pid 6133] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6133] write(3, "1000", 4) = 4 [pid 6133] close(3) = 0 [pid 6133] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6133] write(1, "executing program\n", 18) = 18 [pid 6133] memfd_create("syzkaller", 0) = 3 [pid 6133] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6133] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6133] munmap(0x7fac16400000, 138412032) = 0 [pid 6133] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6133] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6133] close(3) = 0 [pid 6133] close(4) = 0 [pid 6133] mkdir("./bus", 0777) = 0 [ 290.568067][ T6133] loop0: detected capacity change from 0 to 32768 [ 290.608069][ T6133] [ 290.608069][ T6133] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 290.608069][ T6133] [pid 6133] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6133] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6133] chdir("./bus") = 0 [pid 6133] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6133] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6133] exit_group(0) = ? [pid 6133] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6133, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./279", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./279", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./279/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./279/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./279/binderfs") = 0 [ 290.732528][ T1088] [ 290.732528][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 290.732528][ T1088] [ 290.743069][ T1088] [ 290.743069][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 290.743069][ T1088] [ 290.754357][ T112] [ 290.754357][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 290.754357][ T112] [ 290.764961][ T5827] [ 290.764961][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 290.764961][ T5827] [ 290.775716][ T5827] umount2("./279/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./279/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./279/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./279/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 290.775716][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 290.775716][ T5827] openat(AT_FDCWD, "./279/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./279/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./279") = 0 mkdir("./280", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6134 attached , child_tidptr=0x55556c245750) = 6134 [pid 6134] set_robust_list(0x55556c245760, 24) = 0 [pid 6134] chdir("./280") = 0 [pid 6134] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6134] setpgid(0, 0) = 0 [pid 6134] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6134] write(3, "1000", 4) = 4 [pid 6134] close(3) = 0 [pid 6134] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6134] write(1, "executing program\n", 18executing program ) = 18 [pid 6134] memfd_create("syzkaller", 0) = 3 [pid 6134] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6134] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6134] munmap(0x7fac16400000, 138412032) = 0 [pid 6134] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6134] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6134] close(3) = 0 [pid 6134] close(4) = 0 [pid 6134] mkdir("./bus", 0777) = 0 [ 291.343425][ T6134] loop0: detected capacity change from 0 to 32768 [pid 6134] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6134] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6134] chdir("./bus") = 0 [pid 6134] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6134] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6134] exit_group(0) = ? [pid 6134] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6134, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=19 /* 0.19 s */} --- [ 291.400836][ T6134] [ 291.400836][ T6134] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 291.400836][ T6134] restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./280", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./280", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./280/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./280/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./280/binderfs") = 0 [ 291.586430][ T1088] [ 291.586430][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 291.586430][ T1088] [ 291.596987][ T1088] [ 291.596987][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 291.596987][ T1088] [ 291.607988][ T113] [ 291.607988][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 291.607988][ T113] [ 291.618671][ T5827] [ 291.618671][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 291.618671][ T5827] [ 291.629657][ T5827] umount2("./280/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./280/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./280/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 291.629657][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 291.629657][ T5827] umount2("./280/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./280/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./280/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./280") = 0 mkdir("./281", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6135 attached , child_tidptr=0x55556c245750) = 6135 [pid 6135] set_robust_list(0x55556c245760, 24) = 0 [pid 6135] chdir("./281") = 0 [pid 6135] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6135] setpgid(0, 0) = 0 [pid 6135] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6135] write(3, "1000", 4) = 4 [pid 6135] close(3) = 0 [pid 6135] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6135] write(1, "executing program\n", 18executing program ) = 18 [pid 6135] memfd_create("syzkaller", 0) = 3 [pid 6135] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6135] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6135] munmap(0x7fac16400000, 138412032) = 0 [pid 6135] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6135] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6135] close(3) = 0 [pid 6135] close(4) = 0 [pid 6135] mkdir("./bus", 0777) = 0 [pid 6135] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6135] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6135] chdir("./bus") = 0 [pid 6135] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 292.176166][ T6135] loop0: detected capacity change from 0 to 32768 [ 292.207797][ T6135] [ 292.207797][ T6135] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 292.207797][ T6135] [pid 6135] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6135] exit_group(0) = ? [pid 6135] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6135, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./281", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./281", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./281/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./281/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./281/binderfs") = 0 [ 292.407349][ T36] [ 292.407349][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 292.407349][ T36] [ 292.418749][ T36] [ 292.418749][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 292.418749][ T36] [ 292.430061][ T112] [ 292.430061][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 292.430061][ T112] [ 292.441132][ T5827] [ 292.441132][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 292.441132][ T5827] [ 292.452056][ T5827] umount2("./281/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./281/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./281/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 292.452056][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 292.452056][ T5827] umount2("./281/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./281/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./281/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./281") = 0 mkdir("./282", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6136 attached , child_tidptr=0x55556c245750) = 6136 [pid 6136] set_robust_list(0x55556c245760, 24) = 0 [pid 6136] chdir("./282") = 0 [pid 6136] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6136] setpgid(0, 0) = 0 [pid 6136] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6136] write(3, "1000", 4) = 4 [pid 6136] close(3) = 0 [pid 6136] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6136] write(1, "executing program\n", 18executing program ) = 18 [pid 6136] memfd_create("syzkaller", 0) = 3 [pid 6136] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6136] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6136] munmap(0x7fac16400000, 138412032) = 0 [pid 6136] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6136] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6136] close(3) = 0 [pid 6136] close(4) = 0 [pid 6136] mkdir("./bus", 0777) = 0 [pid 6136] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6136] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6136] chdir("./bus") = 0 [pid 6136] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6136] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6136] exit_group(0) = ? [pid 6136] +++ exited with 0 +++ [ 293.091317][ T6136] loop0: detected capacity change from 0 to 32768 [ 293.123493][ T6136] [ 293.123493][ T6136] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 293.123493][ T6136] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6136, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=17 /* 0.17 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./282", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./282", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./282/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./282/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./282/binderfs") = 0 [ 293.313857][ T13] [ 293.313857][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 293.313857][ T13] [ 293.324538][ T13] [ 293.324538][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 293.324538][ T13] [ 293.335309][ T5827] [ 293.335309][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 293.335309][ T5827] [ 293.346315][ T112] [ 293.346315][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 293.346315][ T112] [ 293.357179][ T5827] umount2("./282/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./282/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./282/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 293.357179][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 293.357179][ T5827] umount2("./282/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./282/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./282/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./282") = 0 mkdir("./283", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6137 attached [pid 6137] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 6137 [pid 6137] <... set_robust_list resumed>) = 0 [pid 6137] chdir("./283") = 0 [pid 6137] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6137] setpgid(0, 0) = 0 [pid 6137] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6137] write(3, "1000", 4) = 4 [pid 6137] close(3) = 0 [pid 6137] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6137] write(1, "executing program\n", 18executing program ) = 18 [pid 6137] memfd_create("syzkaller", 0) = 3 [pid 6137] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6137] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6137] munmap(0x7fac16400000, 138412032) = 0 [pid 6137] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6137] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6137] close(3) = 0 [pid 6137] close(4) = 0 [pid 6137] mkdir("./bus", 0777) = 0 [ 293.955431][ T6137] loop0: detected capacity change from 0 to 32768 [pid 6137] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6137] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6137] chdir("./bus") = 0 [pid 6137] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6137] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6137] exit_group(0) = ? [pid 6137] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6137, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=18 /* 0.18 s */} --- [ 294.004743][ T6137] [ 294.004743][ T6137] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 294.004743][ T6137] restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./283", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./283", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./283/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./283/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./283/binderfs") = 0 [ 294.202336][ T13] [ 294.202336][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 294.202336][ T13] [ 294.213085][ T13] [ 294.213085][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 294.213085][ T13] [ 294.224327][ T113] [ 294.224327][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 294.224327][ T113] [ 294.234967][ T5827] [ 294.234967][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 294.234967][ T5827] [ 294.246055][ T5827] umount2("./283/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./283/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./283/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 294.246055][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 294.246055][ T5827] umount2("./283/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./283/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./283/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./283") = 0 mkdir("./284", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6138 attached [pid 6138] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 6138 [pid 6138] <... set_robust_list resumed>) = 0 [pid 6138] chdir("./284") = 0 [pid 6138] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6138] setpgid(0, 0) = 0 [pid 6138] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6138] write(3, "1000", 4) = 4 [pid 6138] close(3) = 0 [pid 6138] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6138] write(1, "executing program\n", 18executing program ) = 18 [pid 6138] memfd_create("syzkaller", 0) = 3 [pid 6138] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6138] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6138] munmap(0x7fac16400000, 138412032) = 0 [pid 6138] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6138] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6138] close(3) = 0 [pid 6138] close(4) = 0 [pid 6138] mkdir("./bus", 0777) = 0 [pid 6138] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6138] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6138] chdir("./bus") = 0 [pid 6138] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6138] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [ 294.797767][ T6138] loop0: detected capacity change from 0 to 32768 [ 294.829180][ T6138] [ 294.829180][ T6138] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 294.829180][ T6138] [pid 6138] exit_group(0) = ? [pid 6138] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6138, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./284", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./284", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./284/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./284/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./284/binderfs") = 0 [ 294.993519][ T36] [ 294.993519][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 294.993519][ T36] [ 295.004060][ T36] [ 295.004060][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 295.004060][ T36] [ 295.014768][ T5827] [ 295.014768][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 295.014768][ T5827] [ 295.025574][ T112] [ 295.025574][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 295.025574][ T112] [ 295.036213][ T5827] umount2("./284/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./284/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./284/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 295.036213][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 295.036213][ T5827] umount2("./284/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./284/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./284/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./284") = 0 mkdir("./285", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6139 attached , child_tidptr=0x55556c245750) = 6139 [pid 6139] set_robust_list(0x55556c245760, 24) = 0 [pid 6139] chdir("./285") = 0 [pid 6139] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6139] setpgid(0, 0) = 0 [pid 6139] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6139] write(3, "1000", 4) = 4 [pid 6139] close(3) = 0 [pid 6139] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6139] write(1, "executing program\n", 18) = 18 [pid 6139] memfd_create("syzkaller", 0) = 3 [pid 6139] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6139] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6139] munmap(0x7fac16400000, 138412032) = 0 [pid 6139] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6139] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6139] close(3) = 0 [pid 6139] close(4) = 0 [pid 6139] mkdir("./bus", 0777) = 0 [pid 6139] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6139] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [ 295.604726][ T6139] loop0: detected capacity change from 0 to 32768 [ 295.643260][ T6139] [ 295.643260][ T6139] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 295.643260][ T6139] [pid 6139] chdir("./bus") = 0 [pid 6139] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6139] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6139] exit_group(0) = ? [pid 6139] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6139, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=20 /* 0.20 s */} --- umount2("./285", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./285", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./285/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./285/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./285/binderfs") = 0 [ 295.858511][ T13] [ 295.858511][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 295.858511][ T13] [ 295.869193][ T13] [ 295.869193][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 295.869193][ T13] [ 295.880411][ T112] [ 295.880411][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 295.880411][ T112] [ 295.890962][ T5827] [ 295.890962][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 295.890962][ T5827] [ 295.901853][ T5827] umount2("./285/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./285/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./285/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./285/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 295.901853][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 295.901853][ T5827] openat(AT_FDCWD, "./285/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./285/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./285") = 0 mkdir("./286", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6140 attached [pid 6140] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 6140 [pid 6140] <... set_robust_list resumed>) = 0 [pid 6140] chdir("./286") = 0 [pid 6140] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6140] setpgid(0, 0) = 0 [pid 6140] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6140] write(3, "1000", 4) = 4 [pid 6140] close(3) = 0 [pid 6140] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6140] write(1, "executing program\n", 18executing program ) = 18 [pid 6140] memfd_create("syzkaller", 0) = 3 [pid 6140] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6140] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6140] munmap(0x7fac16400000, 138412032) = 0 [pid 6140] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6140] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6140] close(3) = 0 [pid 6140] close(4) = 0 [pid 6140] mkdir("./bus", 0777) = 0 [pid 6140] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6140] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6140] chdir("./bus") = 0 [pid 6140] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 296.452683][ T6140] loop0: detected capacity change from 0 to 32768 [ 296.478499][ T6140] [ 296.478499][ T6140] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 296.478499][ T6140] [pid 6140] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6140] exit_group(0) = ? [pid 6140] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6140, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=15 /* 0.15 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./286", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./286", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./286/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./286/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./286/binderfs") = 0 [ 296.664887][ T13] [ 296.664887][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 296.664887][ T13] [ 296.675557][ T13] [ 296.675557][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 296.675557][ T13] [ 296.686622][ T113] [ 296.686622][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 296.686622][ T113] [ 296.697398][ T5827] [ 296.697398][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 296.697398][ T5827] [ 296.708278][ T5827] umount2("./286/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./286/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./286/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 296.708278][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 296.708278][ T5827] umount2("./286/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./286/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./286/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./286") = 0 mkdir("./287", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6141 attached , child_tidptr=0x55556c245750) = 6141 [pid 6141] set_robust_list(0x55556c245760, 24) = 0 [pid 6141] chdir("./287") = 0 [pid 6141] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6141] setpgid(0, 0) = 0 [pid 6141] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6141] write(3, "1000", 4) = 4 [pid 6141] close(3) = 0 [pid 6141] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6141] write(1, "executing program\n", 18executing program ) = 18 [pid 6141] memfd_create("syzkaller", 0) = 3 [pid 6141] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6141] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6141] munmap(0x7fac16400000, 138412032) = 0 [pid 6141] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6141] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6141] close(3) = 0 [pid 6141] close(4) = 0 [pid 6141] mkdir("./bus", 0777) = 0 [pid 6141] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6141] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6141] chdir("./bus") = 0 [pid 6141] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6141] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6141] exit_group(0) = ? [pid 6141] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6141, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./287", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./287", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./287/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 297.227024][ T6141] loop0: detected capacity change from 0 to 32768 [ 297.253030][ T6141] [ 297.253030][ T6141] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 297.253030][ T6141] newfstatat(AT_FDCWD, "./287/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./287/binderfs") = 0 [ 297.330284][ T13] [ 297.330284][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 297.330284][ T13] [ 297.341920][ T13] [ 297.341920][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 297.341920][ T13] [ 297.353492][ T112] [ 297.353492][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 297.353492][ T112] [ 297.365305][ T5827] [ 297.365305][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 297.365305][ T5827] [ 297.376212][ T5827] umount2("./287/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./287/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./287/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./287/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 297.376212][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 297.376212][ T5827] openat(AT_FDCWD, "./287/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./287/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./287") = 0 mkdir("./288", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6142 attached , child_tidptr=0x55556c245750) = 6142 [pid 6142] set_robust_list(0x55556c245760, 24) = 0 [pid 6142] chdir("./288") = 0 [pid 6142] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6142] setpgid(0, 0) = 0 [pid 6142] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6142] write(3, "1000", 4) = 4 [pid 6142] close(3) = 0 [pid 6142] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6142] write(1, "executing program\n", 18) = 18 [pid 6142] memfd_create("syzkaller", 0) = 3 [pid 6142] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6142] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6142] munmap(0x7fac16400000, 138412032) = 0 [pid 6142] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6142] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6142] close(3) = 0 [pid 6142] close(4) = 0 [pid 6142] mkdir("./bus", 0777) = 0 [pid 6142] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6142] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6142] chdir("./bus") = 0 [pid 6142] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6142] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6142] exit_group(0) = ? [pid 6142] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6142, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=17 /* 0.17 s */} --- [ 297.975472][ T6142] loop0: detected capacity change from 0 to 32768 [ 298.007253][ T6142] [ 298.007253][ T6142] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 298.007253][ T6142] restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./288", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./288", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./288/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./288/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./288/binderfs") = 0 [ 298.179565][ T13] [ 298.179565][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 298.179565][ T13] [ 298.190109][ T13] [ 298.190109][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 298.190109][ T13] [ 298.200909][ T5827] [ 298.200909][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 298.200909][ T5827] [ 298.211680][ T113] [ 298.211680][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 298.211680][ T113] [ 298.222304][ T5827] umount2("./288/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./288/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./288/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 298.222304][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 298.222304][ T5827] umount2("./288/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./288/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./288/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./288") = 0 mkdir("./289", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6143 attached , child_tidptr=0x55556c245750) = 6143 [pid 6143] set_robust_list(0x55556c245760, 24) = 0 [pid 6143] chdir("./289") = 0 [pid 6143] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6143] setpgid(0, 0) = 0 [pid 6143] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6143] write(3, "1000", 4) = 4 [pid 6143] close(3) = 0 [pid 6143] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6143] write(1, "executing program\n", 18executing program ) = 18 [pid 6143] memfd_create("syzkaller", 0) = 3 [pid 6143] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6143] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6143] munmap(0x7fac16400000, 138412032) = 0 [pid 6143] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6143] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6143] close(3) = 0 [pid 6143] close(4) = 0 [pid 6143] mkdir("./bus", 0777) = 0 [pid 6143] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6143] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6143] chdir("./bus") = 0 [pid 6143] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6143] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6143] exit_group(0) = ? [pid 6143] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6143, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./289", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 298.756987][ T6143] loop0: detected capacity change from 0 to 32768 [ 298.786112][ T6143] [ 298.786112][ T6143] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 298.786112][ T6143] openat(AT_FDCWD, "./289", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./289/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./289/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./289/binderfs") = 0 [ 298.949150][ T1088] [ 298.949150][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 298.949150][ T1088] [ 298.959807][ T1088] [ 298.959807][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 298.959807][ T1088] [ 298.970914][ T112] [ 298.970914][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 298.970914][ T112] [ 298.981580][ T5827] [ 298.981580][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 298.981580][ T5827] [ 298.992454][ T5827] umount2("./289/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./289/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./289/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 298.992454][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 298.992454][ T5827] umount2("./289/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./289/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./289/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./289") = 0 mkdir("./290", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6144 attached [pid 6144] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 6144 [pid 6144] <... set_robust_list resumed>) = 0 [pid 6144] chdir("./290") = 0 [pid 6144] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6144] setpgid(0, 0) = 0 [pid 6144] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6144] write(3, "1000", 4) = 4 [pid 6144] close(3) = 0 [pid 6144] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6144] write(1, "executing program\n", 18executing program ) = 18 [pid 6144] memfd_create("syzkaller", 0) = 3 [pid 6144] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6144] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6144] munmap(0x7fac16400000, 138412032) = 0 [pid 6144] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6144] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6144] close(3) = 0 [pid 6144] close(4) = 0 [pid 6144] mkdir("./bus", 0777) = 0 [pid 6144] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6144] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6144] chdir("./bus") = 0 [pid 6144] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 299.540984][ T6144] loop0: detected capacity change from 0 to 32768 [ 299.578938][ T6144] [ 299.578938][ T6144] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 299.578938][ T6144] [pid 6144] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6144] exit_group(0) = ? [pid 6144] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6144, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=13 /* 0.13 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./290", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./290", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./290/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./290/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./290/binderfs") = 0 [ 299.756142][ T1088] [ 299.756142][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 299.756142][ T1088] [ 299.766983][ T1088] [ 299.766983][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 299.766983][ T1088] [ 299.778281][ T113] [ 299.778281][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 299.778281][ T113] [ 299.789169][ T5827] [ 299.789169][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 299.789169][ T5827] [ 299.799978][ T5827] umount2("./290/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./290/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./290/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 299.799978][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 299.799978][ T5827] umount2("./290/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./290/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./290/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./290") = 0 mkdir("./291", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6145 attached , child_tidptr=0x55556c245750) = 6145 [pid 6145] set_robust_list(0x55556c245760, 24) = 0 [pid 6145] chdir("./291") = 0 [pid 6145] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6145] setpgid(0, 0) = 0 [pid 6145] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6145] write(3, "1000", 4) = 4 [pid 6145] close(3) = 0 [pid 6145] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6145] write(1, "executing program\n", 18) = 18 [pid 6145] memfd_create("syzkaller", 0) = 3 [pid 6145] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6145] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6145] munmap(0x7fac16400000, 138412032) = 0 [pid 6145] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6145] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6145] close(3) = 0 [pid 6145] close(4) = 0 [pid 6145] mkdir("./bus", 0777) = 0 [pid 6145] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6145] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6145] chdir("./bus") = 0 [pid 6145] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6145] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6145] exit_group(0) = ? [pid 6145] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6145, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=18 /* 0.18 s */} --- umount2("./291", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./291", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./291/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./291/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./291/binderfs") = 0 [ 300.356695][ T6145] loop0: detected capacity change from 0 to 32768 [ 300.394698][ T6145] [ 300.394698][ T6145] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 300.394698][ T6145] [ 300.428548][ T13] [ 300.428548][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 300.428548][ T13] [ 300.439395][ T13] [ 300.439395][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 300.439395][ T13] [ 300.450707][ T5827] [ 300.450707][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 300.450707][ T5827] [ 300.462183][ T113] [ 300.462183][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 300.462183][ T113] [ 300.473422][ T5827] umount2("./291/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./291/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./291/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 300.473422][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 300.473422][ T5827] umount2("./291/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./291/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./291/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./291") = 0 mkdir("./292", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6146 attached [pid 6146] set_robust_list(0x55556c245760, 24) = 0 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 6146 [pid 6146] chdir("./292") = 0 [pid 6146] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6146] setpgid(0, 0) = 0 [pid 6146] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6146] write(3, "1000", 4) = 4 [pid 6146] close(3) = 0 [pid 6146] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6146] write(1, "executing program\n", 18) = 18 [pid 6146] memfd_create("syzkaller", 0) = 3 [pid 6146] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6146] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6146] munmap(0x7fac16400000, 138412032) = 0 [pid 6146] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6146] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6146] close(3) = 0 [pid 6146] close(4) = 0 [pid 6146] mkdir("./bus", 0777) = 0 [ 301.036310][ T6146] loop0: detected capacity change from 0 to 32768 [pid 6146] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6146] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6146] chdir("./bus") = 0 [pid 6146] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 301.077145][ T6146] [ 301.077145][ T6146] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 301.077145][ T6146] [pid 6146] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6146] exit_group(0) = ? [pid 6146] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6146, si_uid=0, si_status=0, si_utime=0, si_stime=21 /* 0.21 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./292", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./292", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./292/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./292/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./292/binderfs") = 0 [ 301.253736][ T13] [ 301.253736][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 301.253736][ T13] [ 301.264359][ T13] [ 301.264359][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 301.264359][ T13] [ 301.275264][ T5827] [ 301.275264][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 301.275264][ T5827] [ 301.286524][ T113] [ 301.286524][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 301.286524][ T113] [ 301.297113][ T5827] umount2("./292/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./292/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./292/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 301.297113][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 301.297113][ T5827] umount2("./292/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./292/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./292/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./292") = 0 mkdir("./293", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6147 attached , child_tidptr=0x55556c245750) = 6147 [pid 6147] set_robust_list(0x55556c245760, 24) = 0 [pid 6147] chdir("./293") = 0 [pid 6147] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6147] setpgid(0, 0) = 0 [pid 6147] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6147] write(3, "1000", 4) = 4 [pid 6147] close(3) = 0 [pid 6147] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6147] write(1, "executing program\n", 18) = 18 [pid 6147] memfd_create("syzkaller", 0) = 3 [pid 6147] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6147] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6147] munmap(0x7fac16400000, 138412032) = 0 [pid 6147] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6147] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6147] close(3) = 0 [pid 6147] close(4) = 0 [pid 6147] mkdir("./bus", 0777) = 0 [ 301.888048][ T6147] loop0: detected capacity change from 0 to 32768 [pid 6147] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6147] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6147] chdir("./bus") = 0 [pid 6147] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6147] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6147] exit_group(0) = ? [pid 6147] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6147, si_uid=0, si_status=0, si_utime=0, si_stime=21 /* 0.21 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 301.940370][ T6147] [ 301.940370][ T6147] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 301.940370][ T6147] umount2("./293", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./293", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./293/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./293/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./293/binderfs") = 0 [ 302.048193][ T1088] [ 302.048193][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 302.048193][ T1088] [ 302.058979][ T1088] [ 302.058979][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 302.058979][ T1088] [ 302.070190][ T112] [ 302.070190][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 302.070190][ T112] [ 302.080864][ T5827] [ 302.080864][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 302.080864][ T5827] [ 302.091665][ T5827] umount2("./293/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./293/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./293/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 302.091665][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 302.091665][ T5827] umount2("./293/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./293/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./293/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./293") = 0 mkdir("./294", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6148 attached , child_tidptr=0x55556c245750) = 6148 [pid 6148] set_robust_list(0x55556c245760, 24) = 0 [pid 6148] chdir("./294") = 0 [pid 6148] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6148] setpgid(0, 0) = 0 [pid 6148] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6148] write(3, "1000", 4) = 4 [pid 6148] close(3) = 0 [pid 6148] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6148] write(1, "executing program\n", 18) = 18 [pid 6148] memfd_create("syzkaller", 0) = 3 [pid 6148] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6148] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6148] munmap(0x7fac16400000, 138412032) = 0 [pid 6148] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6148] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6148] close(3) = 0 [pid 6148] close(4) = 0 [pid 6148] mkdir("./bus", 0777) = 0 [pid 6148] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6148] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6148] chdir("./bus") = 0 [pid 6148] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6148] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6148] exit_group(0) = ? [pid 6148] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6148, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=15 /* 0.15 s */} --- [ 302.674536][ T6148] loop0: detected capacity change from 0 to 32768 [ 302.714349][ T6148] [ 302.714349][ T6148] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 302.714349][ T6148] restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./294", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./294", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./294/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./294/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./294/binderfs") = 0 [ 302.835518][ T13] [ 302.835518][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 302.835518][ T13] [ 302.846098][ T13] [ 302.846098][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 302.846098][ T13] [ 302.857343][ T112] [ 302.857343][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 302.857343][ T112] [ 302.867856][ T5827] [ 302.867856][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 302.867856][ T5827] [ 302.878724][ T5827] umount2("./294/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./294/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./294/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 302.878724][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 302.878724][ T5827] umount2("./294/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./294/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./294/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./294") = 0 mkdir("./295", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556c245750) = 6149 ./strace-static-x86_64: Process 6149 attached [pid 6149] set_robust_list(0x55556c245760, 24) = 0 [pid 6149] chdir("./295") = 0 [pid 6149] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6149] setpgid(0, 0) = 0 [pid 6149] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6149] write(3, "1000", 4) = 4 [pid 6149] close(3) = 0 [pid 6149] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6149] write(1, "executing program\n", 18) = 18 [pid 6149] memfd_create("syzkaller", 0) = 3 [pid 6149] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6149] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6149] munmap(0x7fac16400000, 138412032) = 0 [pid 6149] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6149] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6149] close(3) = 0 [pid 6149] close(4) = 0 [pid 6149] mkdir("./bus", 0777) = 0 [pid 6149] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6149] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6149] chdir("./bus") = 0 [pid 6149] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6149] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6149] exit_group(0) = ? [pid 6149] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6149, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=13 /* 0.13 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./295", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 303.460477][ T6149] loop0: detected capacity change from 0 to 32768 [ 303.492302][ T6149] [ 303.492302][ T6149] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 303.492302][ T6149] openat(AT_FDCWD, "./295", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./295/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./295/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./295/binderfs") = 0 [ 303.634573][ T1088] [ 303.634573][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 303.634573][ T1088] [ 303.645102][ T1088] [ 303.645102][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 303.645102][ T1088] [ 303.656823][ T113] [ 303.656823][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 303.656823][ T113] [ 303.667413][ T5827] [ 303.667413][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 303.667413][ T5827] [ 303.678416][ T5827] umount2("./295/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./295/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./295/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 303.678416][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 303.678416][ T5827] umount2("./295/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./295/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./295/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./295") = 0 mkdir("./296", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6150 attached , child_tidptr=0x55556c245750) = 6150 [pid 6150] set_robust_list(0x55556c245760, 24) = 0 [pid 6150] chdir("./296") = 0 [pid 6150] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6150] setpgid(0, 0) = 0 [pid 6150] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6150] write(3, "1000", 4) = 4 [pid 6150] close(3) = 0 [pid 6150] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6150] write(1, "executing program\n", 18executing program ) = 18 [pid 6150] memfd_create("syzkaller", 0) = 3 [pid 6150] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6150] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6150] munmap(0x7fac16400000, 138412032) = 0 [pid 6150] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6150] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6150] close(3) = 0 [pid 6150] close(4) = 0 [pid 6150] mkdir("./bus", 0777) = 0 [pid 6150] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6150] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6150] chdir("./bus") = 0 [pid 6150] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6150] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6150] exit_group(0) = ? [ 304.236593][ T6150] loop0: detected capacity change from 0 to 32768 [ 304.262007][ T6150] [ 304.262007][ T6150] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 304.262007][ T6150] [pid 6150] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6150, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=17 /* 0.17 s */} --- umount2("./296", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./296", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./296/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./296/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./296/binderfs") = 0 [ 304.459899][ T13] [ 304.459899][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 304.459899][ T13] [ 304.470448][ T13] [ 304.470448][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 304.470448][ T13] [ 304.481893][ T112] [ 304.481893][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 304.481893][ T112] [ 304.492457][ T5827] [ 304.492457][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 304.492457][ T5827] [ 304.503201][ T5827] umount2("./296/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./296/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./296/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./296/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./296/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 [ 304.503201][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 304.503201][ T5827] rmdir("./296/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./296") = 0 mkdir("./297", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6151 attached [pid 6151] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 6151 [pid 6151] <... set_robust_list resumed>) = 0 [pid 6151] chdir("./297") = 0 [pid 6151] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6151] setpgid(0, 0) = 0 [pid 6151] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6151] write(3, "1000", 4) = 4 [pid 6151] close(3) = 0 [pid 6151] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6151] write(1, "executing program\n", 18executing program ) = 18 [pid 6151] memfd_create("syzkaller", 0) = 3 [pid 6151] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6151] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6151] munmap(0x7fac16400000, 138412032) = 0 [pid 6151] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6151] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6151] close(3) = 0 [pid 6151] close(4) = 0 [pid 6151] mkdir("./bus", 0777) = 0 [ 305.007846][ T6151] loop0: detected capacity change from 0 to 32768 [pid 6151] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6151] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6151] chdir("./bus") = 0 [pid 6151] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6151] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6151] exit_group(0) = ? [pid 6151] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6151, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=17 /* 0.17 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 305.061133][ T6151] [ 305.061133][ T6151] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 305.061133][ T6151] umount2("./297", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./297", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./297/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./297/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./297/binderfs") = 0 [ 305.208398][ T1088] [ 305.208398][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 305.208398][ T1088] [ 305.219132][ T1088] [ 305.219132][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 305.219132][ T1088] [ 305.230345][ T113] [ 305.230345][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 305.230345][ T113] [ 305.240965][ T5827] [ 305.240965][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 305.240965][ T5827] [ 305.251936][ T5827] umount2("./297/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./297/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./297/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 305.251936][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 305.251936][ T5827] umount2("./297/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./297/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./297/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./297") = 0 mkdir("./298", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6152 attached , child_tidptr=0x55556c245750) = 6152 [pid 6152] set_robust_list(0x55556c245760, 24) = 0 [pid 6152] chdir("./298") = 0 [pid 6152] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6152] setpgid(0, 0) = 0 [pid 6152] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6152] write(3, "1000", 4) = 4 [pid 6152] close(3) = 0 [pid 6152] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6152] write(1, "executing program\n", 18) = 18 [pid 6152] memfd_create("syzkaller", 0) = 3 [pid 6152] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6152] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6152] munmap(0x7fac16400000, 138412032) = 0 [pid 6152] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6152] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6152] close(3) = 0 [pid 6152] close(4) = 0 [pid 6152] mkdir("./bus", 0777) = 0 [pid 6152] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6152] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6152] chdir("./bus") = 0 [ 305.889006][ T6152] loop0: detected capacity change from 0 to 32768 [ 305.927399][ T6152] [ 305.927399][ T6152] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 305.927399][ T6152] [pid 6152] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6152] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6152] exit_group(0) = ? [pid 6152] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6152, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./298", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./298", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./298/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./298/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./298/binderfs") = 0 [ 306.123303][ T36] [ 306.123303][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 306.123303][ T36] [ 306.133923][ T36] [ 306.133923][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 306.133923][ T36] [ 306.144797][ T5827] [ 306.144797][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 306.144797][ T5827] [ 306.155677][ T113] [ 306.155677][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 306.155677][ T113] [ 306.166513][ T5827] umount2("./298/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./298/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./298/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 306.166513][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 306.166513][ T5827] umount2("./298/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./298/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./298/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./298") = 0 mkdir("./299", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6153 attached , child_tidptr=0x55556c245750) = 6153 [pid 6153] set_robust_list(0x55556c245760, 24) = 0 [pid 6153] chdir("./299") = 0 [pid 6153] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6153] setpgid(0, 0) = 0 [pid 6153] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6153] write(3, "1000", 4) = 4 [pid 6153] close(3) = 0 [pid 6153] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6153] write(1, "executing program\n", 18) = 18 [pid 6153] memfd_create("syzkaller", 0) = 3 [pid 6153] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6153] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6153] munmap(0x7fac16400000, 138412032) = 0 [pid 6153] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6153] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6153] close(3) = 0 [pid 6153] close(4) = 0 [pid 6153] mkdir("./bus", 0777) = 0 [pid 6153] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6153] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6153] chdir("./bus") = 0 [ 306.774842][ T6153] loop0: detected capacity change from 0 to 32768 [ 306.809804][ T6153] [ 306.809804][ T6153] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 306.809804][ T6153] [pid 6153] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6153] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6153] exit_group(0) = ? [pid 6153] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6153, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=18 /* 0.18 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./299", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./299", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./299/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./299/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./299/binderfs") = 0 [ 306.998412][ T1088] [ 306.998412][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 306.998412][ T1088] [ 307.008963][ T1088] [ 307.008963][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 307.008963][ T1088] [ 307.019957][ T112] [ 307.019957][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 307.019957][ T112] [ 307.030598][ T5827] [ 307.030598][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 307.030598][ T5827] [ 307.041521][ T5827] umount2("./299/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./299/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./299/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 307.041521][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 307.041521][ T5827] umount2("./299/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./299/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./299/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./299") = 0 mkdir("./300", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6154 attached , child_tidptr=0x55556c245750) = 6154 [pid 6154] set_robust_list(0x55556c245760, 24) = 0 [pid 6154] chdir("./300") = 0 [pid 6154] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6154] setpgid(0, 0) = 0 [pid 6154] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6154] write(3, "1000", 4) = 4 [pid 6154] close(3) = 0 [pid 6154] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6154] write(1, "executing program\n", 18) = 18 [pid 6154] memfd_create("syzkaller", 0) = 3 [pid 6154] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6154] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6154] munmap(0x7fac16400000, 138412032) = 0 [pid 6154] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6154] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6154] close(3) = 0 [pid 6154] close(4) = 0 [pid 6154] mkdir("./bus", 0777) = 0 [pid 6154] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6154] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6154] chdir("./bus") = 0 [pid 6154] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6154] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6154] exit_group(0) = ? [pid 6154] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6154, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=15 /* 0.15 s */} --- [ 307.618450][ T6154] loop0: detected capacity change from 0 to 32768 [ 307.646540][ T6154] [ 307.646540][ T6154] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 307.646540][ T6154] umount2("./300", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./300", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./300/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./300/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./300/binderfs") = 0 [ 307.795968][ T1088] [ 307.795968][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 307.795968][ T1088] [ 307.806486][ T1088] [ 307.806486][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 307.806486][ T1088] [ 307.817423][ T113] [ 307.817423][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 307.817423][ T113] [ 307.828063][ T5827] [ 307.828063][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 307.828063][ T5827] [ 307.839482][ T5827] umount2("./300/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./300/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./300/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 307.839482][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 307.839482][ T5827] umount2("./300/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./300/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./300/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./300") = 0 mkdir("./301", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6155 attached , child_tidptr=0x55556c245750) = 6155 [pid 6155] set_robust_list(0x55556c245760, 24) = 0 [pid 6155] chdir("./301") = 0 [pid 6155] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6155] setpgid(0, 0) = 0 [pid 6155] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6155] write(3, "1000", 4) = 4 [pid 6155] close(3) = 0 [pid 6155] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6155] write(1, "executing program\n", 18executing program ) = 18 [pid 6155] memfd_create("syzkaller", 0) = 3 [pid 6155] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6155] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6155] munmap(0x7fac16400000, 138412032) = 0 [pid 6155] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6155] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6155] close(3) = 0 [pid 6155] close(4) = 0 [pid 6155] mkdir("./bus", 0777) = 0 [pid 6155] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6155] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6155] chdir("./bus") = 0 [pid 6155] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6155] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6155] exit_group(0) = ? [pid 6155] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6155, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=20 /* 0.20 s */} --- [ 308.375465][ T6155] loop0: detected capacity change from 0 to 32768 [ 308.403030][ T6155] [ 308.403030][ T6155] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 308.403030][ T6155] umount2("./301", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./301", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./301/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./301/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./301/binderfs") = 0 [ 308.529551][ T36] [ 308.529551][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 308.529551][ T36] [ 308.540364][ T36] [ 308.540364][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 308.540364][ T36] [ 308.551133][ T5827] [ 308.551133][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 308.551133][ T5827] [ 308.562001][ T112] [ 308.562001][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 308.562001][ T112] [ 308.572767][ T5827] umount2("./301/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./301/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./301/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 308.572767][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 308.572767][ T5827] umount2("./301/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./301/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./301/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./301") = 0 mkdir("./302", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6156 attached , child_tidptr=0x55556c245750) = 6156 [pid 6156] set_robust_list(0x55556c245760, 24) = 0 [pid 6156] chdir("./302") = 0 [pid 6156] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6156] setpgid(0, 0) = 0 [pid 6156] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6156] write(3, "1000", 4) = 4 [pid 6156] close(3) = 0 [pid 6156] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6156] write(1, "executing program\n", 18) = 18 [pid 6156] memfd_create("syzkaller", 0) = 3 [pid 6156] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6156] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6156] munmap(0x7fac16400000, 138412032) = 0 [pid 6156] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6156] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6156] close(3) = 0 [pid 6156] close(4) = 0 [pid 6156] mkdir("./bus", 0777) = 0 [pid 6156] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6156] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6156] chdir("./bus") = 0 [pid 6156] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6156] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6156] exit_group(0) = ? [pid 6156] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6156, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 309.122994][ T6156] loop0: detected capacity change from 0 to 32768 [ 309.146874][ T6156] [ 309.146874][ T6156] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 309.146874][ T6156] umount2("./302", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./302", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./302/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./302/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./302/binderfs") = 0 [ 309.241442][ T1088] [ 309.241442][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 309.241442][ T1088] [ 309.252195][ T1088] [ 309.252195][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 309.252195][ T1088] [ 309.263406][ T113] [ 309.263406][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 309.263406][ T113] [ 309.274102][ T5827] [ 309.274102][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 309.274102][ T5827] [ 309.285029][ T5827] umount2("./302/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./302/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./302/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 309.285029][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 309.285029][ T5827] umount2("./302/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./302/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./302/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./302") = 0 mkdir("./303", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6157 attached , child_tidptr=0x55556c245750) = 6157 [pid 6157] set_robust_list(0x55556c245760, 24) = 0 [pid 6157] chdir("./303") = 0 [pid 6157] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6157] setpgid(0, 0) = 0 [pid 6157] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6157] write(3, "1000", 4) = 4 [pid 6157] close(3) = 0 [pid 6157] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6157] write(1, "executing program\n", 18) = 18 [pid 6157] memfd_create("syzkaller", 0) = 3 [pid 6157] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6157] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6157] munmap(0x7fac16400000, 138412032) = 0 [pid 6157] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6157] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6157] close(3) = 0 [pid 6157] close(4) = 0 [pid 6157] mkdir("./bus", 0777) = 0 [pid 6157] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6157] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6157] chdir("./bus") = 0 [pid 6157] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6157] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6157] exit_group(0) = ? [ 309.835788][ T6157] loop0: detected capacity change from 0 to 32768 [ 309.862564][ T6157] [ 309.862564][ T6157] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 309.862564][ T6157] [pid 6157] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6157, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=17 /* 0.17 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./303", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./303", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./303/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./303/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./303/binderfs") = 0 [ 309.981880][ T1088] [ 309.981880][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 309.981880][ T1088] [ 309.992542][ T1088] [ 309.992542][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 309.992542][ T1088] [ 310.005219][ T5827] [ 310.005219][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 310.005219][ T5827] [ 310.016259][ T113] [ 310.016259][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 310.016259][ T113] [ 310.026858][ T5827] umount2("./303/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./303/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./303/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 310.026858][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 310.026858][ T5827] umount2("./303/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./303/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./303/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./303") = 0 mkdir("./304", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6158 attached [pid 6158] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 6158 [pid 6158] <... set_robust_list resumed>) = 0 [pid 6158] chdir("./304") = 0 [pid 6158] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6158] setpgid(0, 0) = 0 [pid 6158] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6158] write(3, "1000", 4) = 4 [pid 6158] close(3) = 0 [pid 6158] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6158] write(1, "executing program\n", 18executing program ) = 18 [pid 6158] memfd_create("syzkaller", 0) = 3 [pid 6158] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6158] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6158] munmap(0x7fac16400000, 138412032) = 0 [pid 6158] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6158] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6158] close(3) = 0 [pid 6158] close(4) = 0 [pid 6158] mkdir("./bus", 0777) = 0 [pid 6158] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6158] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6158] chdir("./bus") = 0 [pid 6158] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6158] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6158] exit_group(0) = ? [ 310.536590][ T6158] loop0: detected capacity change from 0 to 32768 [ 310.556052][ T6158] [ 310.556052][ T6158] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 310.556052][ T6158] [pid 6158] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6158, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./304", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./304", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./304/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./304/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./304/binderfs") = 0 [ 310.697245][ T13] [ 310.697245][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 310.697245][ T13] [ 310.707907][ T13] [ 310.707907][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 310.707907][ T13] [ 310.718653][ T5827] [ 310.718653][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 310.718653][ T5827] [ 310.729666][ T113] [ 310.729666][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 310.729666][ T113] [ 310.740342][ T5827] umount2("./304/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./304/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./304/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 310.740342][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 310.740342][ T5827] umount2("./304/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./304/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./304/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./304") = 0 mkdir("./305", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6159 attached , child_tidptr=0x55556c245750) = 6159 [pid 6159] set_robust_list(0x55556c245760, 24) = 0 [pid 6159] chdir("./305") = 0 [pid 6159] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6159] setpgid(0, 0) = 0 [pid 6159] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6159] write(3, "1000", 4) = 4 [pid 6159] close(3) = 0 [pid 6159] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6159] write(1, "executing program\n", 18) = 18 [pid 6159] memfd_create("syzkaller", 0) = 3 [pid 6159] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6159] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6159] munmap(0x7fac16400000, 138412032) = 0 [pid 6159] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6159] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6159] close(3) = 0 [pid 6159] close(4) = 0 [pid 6159] mkdir("./bus", 0777) = 0 [ 311.309750][ T6159] loop0: detected capacity change from 0 to 32768 [pid 6159] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6159] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6159] chdir("./bus") = 0 [pid 6159] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6159] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6159] exit_group(0) = ? [pid 6159] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6159, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=18 /* 0.18 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./305", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./305", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 311.357118][ T6159] [ 311.357118][ T6159] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 311.357118][ T6159] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./305/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./305/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./305/binderfs") = 0 [ 311.518951][ T1088] [ 311.518951][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 311.518951][ T1088] [ 311.529529][ T1088] [ 311.529529][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 311.529529][ T1088] [ 311.540331][ T5827] [ 311.540331][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 311.540331][ T5827] [ 311.551340][ T113] [ 311.551340][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 311.551340][ T113] [ 311.561972][ T5827] umount2("./305/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./305/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./305/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 311.561972][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 311.561972][ T5827] umount2("./305/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./305/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./305/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./305") = 0 mkdir("./306", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6160 attached , child_tidptr=0x55556c245750) = 6160 [pid 6160] set_robust_list(0x55556c245760, 24) = 0 [pid 6160] chdir("./306") = 0 [pid 6160] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6160] setpgid(0, 0) = 0 [pid 6160] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6160] write(3, "1000", 4) = 4 [pid 6160] close(3) = 0 [pid 6160] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6160] write(1, "executing program\n", 18) = 18 [pid 6160] memfd_create("syzkaller", 0) = 3 [pid 6160] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6160] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6160] munmap(0x7fac16400000, 138412032) = 0 [pid 6160] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6160] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6160] close(3) = 0 [pid 6160] close(4) = 0 [pid 6160] mkdir("./bus", 0777) = 0 [pid 6160] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6160] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6160] chdir("./bus") = 0 [pid 6160] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6160] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6160] exit_group(0) = ? [pid 6160] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6160, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./306", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./306", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./306/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./306/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./306/binderfs") = 0 [ 312.110504][ T6160] loop0: detected capacity change from 0 to 32768 [ 312.136754][ T6160] [ 312.136754][ T6160] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 312.136754][ T6160] [ 312.172265][ T13] [ 312.172265][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 312.172265][ T13] [ 312.184637][ T13] [ 312.184637][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 312.184637][ T13] [ 312.196387][ T112] [ 312.196387][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 312.196387][ T112] [ 312.207026][ T5827] [ 312.207026][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 312.207026][ T5827] [ 312.218917][ T5827] umount2("./306/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./306/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./306/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./306/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 312.218917][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 312.218917][ T5827] openat(AT_FDCWD, "./306/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./306/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./306") = 0 mkdir("./307", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6161 attached , child_tidptr=0x55556c245750) = 6161 [pid 6161] set_robust_list(0x55556c245760, 24) = 0 [pid 6161] chdir("./307") = 0 [pid 6161] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6161] setpgid(0, 0) = 0 [pid 6161] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6161] write(3, "1000", 4) = 4 [pid 6161] close(3) = 0 [pid 6161] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6161] write(1, "executing program\n", 18) = 18 [pid 6161] memfd_create("syzkaller", 0) = 3 [pid 6161] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6161] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6161] munmap(0x7fac16400000, 138412032) = 0 [pid 6161] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6161] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6161] close(3) = 0 [pid 6161] close(4) = 0 [pid 6161] mkdir("./bus", 0777) = 0 [pid 6161] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6161] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6161] chdir("./bus") = 0 [pid 6161] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 312.783983][ T6161] loop0: detected capacity change from 0 to 32768 [ 312.816508][ T6161] [ 312.816508][ T6161] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 312.816508][ T6161] [pid 6161] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6161] exit_group(0) = ? [pid 6161] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6161, si_uid=0, si_status=0, si_utime=0, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./307", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./307", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./307/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./307/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./307/binderfs") = 0 [ 313.006822][ T1088] [ 313.006822][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 313.006822][ T1088] [ 313.017390][ T1088] [ 313.017390][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 313.017390][ T1088] [ 313.028403][ T5827] [ 313.028403][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 313.028403][ T5827] [ 313.039652][ T112] [ 313.039652][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 313.039652][ T112] [ 313.050287][ T5827] umount2("./307/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./307/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 313.050287][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 313.050287][ T5827] newfstatat(AT_FDCWD, "./307/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./307/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./307/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./307/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./307") = 0 mkdir("./308", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6162 attached , child_tidptr=0x55556c245750) = 6162 [pid 6162] set_robust_list(0x55556c245760, 24) = 0 [pid 6162] chdir("./308") = 0 [pid 6162] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6162] setpgid(0, 0) = 0 [pid 6162] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6162] write(3, "1000", 4) = 4 [pid 6162] close(3) = 0 [pid 6162] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6162] write(1, "executing program\n", 18) = 18 [pid 6162] memfd_create("syzkaller", 0) = 3 [pid 6162] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6162] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6162] munmap(0x7fac16400000, 138412032) = 0 [pid 6162] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6162] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6162] close(3) = 0 [pid 6162] close(4) = 0 [pid 6162] mkdir("./bus", 0777) = 0 [pid 6162] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6162] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6162] chdir("./bus") = 0 [pid 6162] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6162] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6162] exit_group(0) = ? [ 313.581854][ T6162] loop0: detected capacity change from 0 to 32768 [ 313.620388][ T6162] [ 313.620388][ T6162] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 313.620388][ T6162] [pid 6162] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6162, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=16 /* 0.16 s */} --- umount2("./308", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./308", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./308/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./308/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./308/binderfs") = 0 [ 313.749730][ T1088] [ 313.749730][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 313.749730][ T1088] [ 313.760300][ T1088] [ 313.760300][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 313.760300][ T1088] [ 313.771408][ T113] [ 313.771408][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 313.771408][ T113] [ 313.782032][ T5827] [ 313.782032][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 313.782032][ T5827] [ 313.792808][ T5827] umount2("./308/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./308/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./308/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./308/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 313.792808][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 313.792808][ T5827] openat(AT_FDCWD, "./308/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./308/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./308") = 0 mkdir("./309", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556c245750) = 6163 ./strace-static-x86_64: Process 6163 attached [pid 6163] set_robust_list(0x55556c245760, 24) = 0 [pid 6163] chdir("./309") = 0 [pid 6163] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6163] setpgid(0, 0) = 0 [pid 6163] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6163] write(3, "1000", 4) = 4 [pid 6163] close(3) = 0 [pid 6163] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6163] write(1, "executing program\n", 18) = 18 [pid 6163] memfd_create("syzkaller", 0) = 3 [pid 6163] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6163] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6163] munmap(0x7fac16400000, 138412032) = 0 [pid 6163] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6163] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6163] close(3) = 0 [pid 6163] close(4) = 0 [pid 6163] mkdir("./bus", 0777) = 0 [pid 6163] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6163] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6163] chdir("./bus") = 0 [pid 6163] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6163] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6163] exit_group(0) = ? [pid 6163] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6163, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=17 /* 0.17 s */} --- umount2("./309", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./309", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 314.436859][ T6163] loop0: detected capacity change from 0 to 32768 [ 314.465861][ T6163] [ 314.465861][ T6163] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 314.465861][ T6163] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./309/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./309/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./309/binderfs") = 0 [ 314.612228][ T1088] [ 314.612228][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 314.612228][ T1088] [ 314.622803][ T1088] [ 314.622803][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 314.622803][ T1088] [ 314.633586][ T5827] [ 314.633586][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 314.633586][ T5827] [ 314.644978][ T112] [ 314.644978][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 314.644978][ T112] [ 314.655590][ T5827] umount2("./309/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./309/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./309/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 314.655590][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 314.655590][ T5827] umount2("./309/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./309/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./309/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./309") = 0 mkdir("./310", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6164 attached , child_tidptr=0x55556c245750) = 6164 [pid 6164] set_robust_list(0x55556c245760, 24) = 0 [pid 6164] chdir("./310") = 0 [pid 6164] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6164] setpgid(0, 0) = 0 [pid 6164] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6164] write(3, "1000", 4) = 4 [pid 6164] close(3) = 0 [pid 6164] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6164] write(1, "executing program\n", 18) = 18 [pid 6164] memfd_create("syzkaller", 0) = 3 [pid 6164] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6164] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6164] munmap(0x7fac16400000, 138412032) = 0 [pid 6164] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6164] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6164] close(3) = 0 [pid 6164] close(4) = 0 [pid 6164] mkdir("./bus", 0777) = 0 [pid 6164] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6164] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6164] chdir("./bus") = 0 [pid 6164] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6164] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6164] exit_group(0) = ? [pid 6164] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6164, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=15 /* 0.15 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./310", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./310", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 315.281259][ T6164] loop0: detected capacity change from 0 to 32768 [ 315.308043][ T6164] [ 315.308043][ T6164] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 315.308043][ T6164] getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./310/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./310/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./310/binderfs") = 0 [ 315.366537][ T36] [ 315.366537][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 315.366537][ T36] [ 315.378830][ T36] [ 315.378830][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 315.378830][ T36] [ 315.389684][ T5827] [ 315.389684][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 315.389684][ T5827] [ 315.400968][ T112] [ 315.400968][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 315.400968][ T112] [ 315.411802][ T5827] umount2("./310/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./310/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./310/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./310/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./310/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 315.411802][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 315.411802][ T5827] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./310/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./310") = 0 mkdir("./311", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6165 attached , child_tidptr=0x55556c245750) = 6165 [pid 6165] set_robust_list(0x55556c245760, 24) = 0 [pid 6165] chdir("./311") = 0 [pid 6165] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6165] setpgid(0, 0) = 0 [pid 6165] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6165] write(3, "1000", 4) = 4 [pid 6165] close(3) = 0 [pid 6165] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6165] write(1, "executing program\n", 18executing program ) = 18 [pid 6165] memfd_create("syzkaller", 0) = 3 [pid 6165] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6165] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6165] munmap(0x7fac16400000, 138412032) = 0 [pid 6165] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6165] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6165] close(3) = 0 [pid 6165] close(4) = 0 [pid 6165] mkdir("./bus", 0777) = 0 [ 315.938847][ T6165] loop0: detected capacity change from 0 to 32768 [ 315.978866][ T6165] [ 315.978866][ T6165] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 315.978866][ T6165] [pid 6165] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6165] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6165] chdir("./bus") = 0 [pid 6165] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6165] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6165] exit_group(0) = ? [pid 6165] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6165, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=14 /* 0.14 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./311", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./311", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./311/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./311/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./311/binderfs") = 0 [ 316.128896][ T1088] [ 316.128896][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 316.128896][ T1088] [ 316.139455][ T1088] [ 316.139455][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 316.139455][ T1088] [ 316.150227][ T5827] [ 316.150227][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 316.150227][ T5827] [ 316.161041][ T113] [ 316.161041][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 316.161041][ T113] [ 316.171606][ T5827] umount2("./311/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./311/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./311/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 316.171606][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 316.171606][ T5827] umount2("./311/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./311/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./311/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./311") = 0 mkdir("./312", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6166 attached , child_tidptr=0x55556c245750) = 6166 [pid 6166] set_robust_list(0x55556c245760, 24) = 0 [pid 6166] chdir("./312") = 0 [pid 6166] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6166] setpgid(0, 0) = 0 [pid 6166] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6166] write(3, "1000", 4) = 4 [pid 6166] close(3) = 0 [pid 6166] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6166] write(1, "executing program\n", 18) = 18 [pid 6166] memfd_create("syzkaller", 0) = 3 [pid 6166] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6166] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6166] munmap(0x7fac16400000, 138412032) = 0 [pid 6166] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6166] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6166] close(3) = 0 [pid 6166] close(4) = 0 [pid 6166] mkdir("./bus", 0777) = 0 [pid 6166] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6166] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6166] chdir("./bus") = 0 [pid 6166] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 316.714907][ T6166] loop0: detected capacity change from 0 to 32768 [ 316.735158][ T6166] [ 316.735158][ T6166] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 316.735158][ T6166] [pid 6166] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6166] exit_group(0) = ? [pid 6166] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6166, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=17 /* 0.17 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./312", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./312", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./312/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./312/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./312/binderfs") = 0 [ 316.963234][ T13] [ 316.963234][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 316.963234][ T13] [ 316.973783][ T13] [ 316.973783][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 316.973783][ T13] [ 316.984833][ T112] [ 316.984833][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 316.984833][ T112] [ 316.995427][ T5827] [ 316.995427][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 316.995427][ T5827] [ 317.006477][ T5827] umount2("./312/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./312/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./312/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 317.006477][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 317.006477][ T5827] umount2("./312/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./312/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./312/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./312") = 0 mkdir("./313", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6167 attached [pid 6167] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 6167 [pid 6167] <... set_robust_list resumed>) = 0 [pid 6167] chdir("./313") = 0 [pid 6167] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6167] setpgid(0, 0) = 0 [pid 6167] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6167] write(3, "1000", 4) = 4 [pid 6167] close(3) = 0 [pid 6167] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6167] write(1, "executing program\n", 18executing program ) = 18 [pid 6167] memfd_create("syzkaller", 0) = 3 [pid 6167] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6167] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6167] munmap(0x7fac16400000, 138412032) = 0 [pid 6167] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6167] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6167] close(3) = 0 [pid 6167] close(4) = 0 [pid 6167] mkdir("./bus", 0777) = 0 [pid 6167] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6167] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6167] chdir("./bus") = 0 [pid 6167] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6167] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6167] exit_group(0) = ? [pid 6167] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6167, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=16 /* 0.16 s */} --- umount2("./313", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./313", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 [ 317.603462][ T6167] loop0: detected capacity change from 0 to 32768 [ 317.633214][ T6167] [ 317.633214][ T6167] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 317.633214][ T6167] umount2("./313/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./313/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./313/binderfs") = 0 [ 317.711198][ T13] [ 317.711198][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 317.711198][ T13] [ 317.721912][ T13] [ 317.721912][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 317.721912][ T13] [ 317.733697][ T112] [ 317.733697][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 317.733697][ T112] [ 317.745207][ T5827] [ 317.745207][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 317.745207][ T5827] [ 317.756816][ T5827] umount2("./313/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./313/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./313/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./313/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 317.756816][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 317.756816][ T5827] openat(AT_FDCWD, "./313/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./313/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./313") = 0 mkdir("./314", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6170 attached , child_tidptr=0x55556c245750) = 6170 [pid 6170] set_robust_list(0x55556c245760, 24) = 0 [pid 6170] chdir("./314") = 0 [pid 6170] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6170] setpgid(0, 0) = 0 [pid 6170] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6170] write(3, "1000", 4) = 4 [pid 6170] close(3) = 0 [pid 6170] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6170] write(1, "executing program\n", 18) = 18 [pid 6170] memfd_create("syzkaller", 0) = 3 [pid 6170] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6170] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6170] munmap(0x7fac16400000, 138412032) = 0 [pid 6170] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6170] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6170] close(3) = 0 [pid 6170] close(4) = 0 [pid 6170] mkdir("./bus", 0777) = 0 [pid 6170] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6170] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6170] chdir("./bus") = 0 [pid 6170] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6170] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6170] exit_group(0) = ? [pid 6170] +++ exited with 0 +++ [ 318.344493][ T6170] loop0: detected capacity change from 0 to 32768 [ 318.373361][ T6170] [ 318.373361][ T6170] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 318.373361][ T6170] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6170, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=15 /* 0.15 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./314", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./314", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./314/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./314/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./314/binderfs") = 0 [ 318.570433][ T13] [ 318.570433][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 318.570433][ T13] [ 318.581128][ T13] [ 318.581128][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 318.581128][ T13] [ 318.592359][ T113] [ 318.592359][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 318.592359][ T113] [ 318.602948][ T5827] [ 318.602948][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 318.602948][ T5827] [ 318.613749][ T5827] umount2("./314/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./314/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./314/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./314/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./314/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./314/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./314") = 0 mkdir("./315", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 318.613749][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 318.613749][ T5827] close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6171 attached , child_tidptr=0x55556c245750) = 6171 [pid 6171] set_robust_list(0x55556c245760, 24) = 0 [pid 6171] chdir("./315") = 0 [pid 6171] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6171] setpgid(0, 0) = 0 [pid 6171] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6171] write(3, "1000", 4) = 4 [pid 6171] close(3) = 0 [pid 6171] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6171] write(1, "executing program\n", 18) = 18 [pid 6171] memfd_create("syzkaller", 0) = 3 [pid 6171] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6171] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6171] munmap(0x7fac16400000, 138412032) = 0 [pid 6171] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6171] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6171] close(3) = 0 [pid 6171] close(4) = 0 [pid 6171] mkdir("./bus", 0777) = 0 [pid 6171] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6171] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6171] chdir("./bus") = 0 [ 319.021612][ T6171] loop0: detected capacity change from 0 to 32768 [ 319.048233][ T6171] [ 319.048233][ T6171] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 319.048233][ T6171] [pid 6171] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6171] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6171] exit_group(0) = ? [pid 6171] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6171, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=13 /* 0.13 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./315", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./315", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./315/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./315/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./315/binderfs") = 0 [ 319.196114][ T36] [ 319.196114][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 319.196114][ T36] [ 319.206713][ T36] [ 319.206713][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 319.206713][ T36] [ 319.217753][ T5827] [ 319.217753][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 319.217753][ T5827] [ 319.228326][ T112] [ 319.228326][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 319.228326][ T112] [ 319.238929][ T5827] umount2("./315/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./315/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./315/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 319.238929][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 319.238929][ T5827] umount2("./315/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./315/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./315/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./315") = 0 mkdir("./316", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6172 attached , child_tidptr=0x55556c245750) = 6172 [pid 6172] set_robust_list(0x55556c245760, 24) = 0 [pid 6172] chdir("./316") = 0 [pid 6172] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6172] setpgid(0, 0) = 0 [pid 6172] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6172] write(3, "1000", 4) = 4 [pid 6172] close(3) = 0 [pid 6172] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6172] write(1, "executing program\n", 18executing program ) = 18 [pid 6172] memfd_create("syzkaller", 0) = 3 [pid 6172] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6172] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6172] munmap(0x7fac16400000, 138412032) = 0 [pid 6172] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6172] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6172] close(3) = 0 [pid 6172] close(4) = 0 [pid 6172] mkdir("./bus", 0777) = 0 [pid 6172] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6172] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6172] chdir("./bus") = 0 [pid 6172] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6172] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [ 319.820079][ T6172] loop0: detected capacity change from 0 to 32768 [ 319.844143][ T6172] [ 319.844143][ T6172] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 319.844143][ T6172] [pid 6172] exit_group(0) = ? [pid 6172] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6172, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=15 /* 0.15 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./316", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./316", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./316/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./316/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./316/binderfs") = 0 [ 320.005043][ T1088] [ 320.005043][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 320.005043][ T1088] [ 320.015694][ T1088] [ 320.015694][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 320.015694][ T1088] [ 320.026448][ T5827] [ 320.026448][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 320.026448][ T5827] [ 320.037310][ T113] [ 320.037310][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 320.037310][ T113] [ 320.048084][ T5827] umount2("./316/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./316/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./316/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./316/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./316/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 320.048084][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 320.048084][ T5827] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./316/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./316") = 0 mkdir("./317", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6175 attached , child_tidptr=0x55556c245750) = 6175 [pid 6175] set_robust_list(0x55556c245760, 24) = 0 [pid 6175] chdir("./317") = 0 [pid 6175] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6175] setpgid(0, 0) = 0 [pid 6175] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6175] write(3, "1000", 4) = 4 [pid 6175] close(3) = 0 [pid 6175] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6175] write(1, "executing program\n", 18executing program ) = 18 [pid 6175] memfd_create("syzkaller", 0) = 3 [pid 6175] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6175] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6175] munmap(0x7fac16400000, 138412032) = 0 [pid 6175] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6175] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6175] close(3) = 0 [pid 6175] close(4) = 0 [pid 6175] mkdir("./bus", 0777) = 0 [pid 6175] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6175] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6175] chdir("./bus") = 0 [pid 6175] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6175] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6175] exit_group(0) = ? [pid 6175] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6175, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./317", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./317", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 320.567457][ T6175] loop0: detected capacity change from 0 to 32768 [ 320.586254][ T6175] [ 320.586254][ T6175] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 320.586254][ T6175] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./317/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./317/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./317/binderfs") = 0 [ 320.715928][ T13] [ 320.715928][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 320.715928][ T13] [ 320.726931][ T13] [ 320.726931][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 320.726931][ T13] [ 320.737814][ T5827] [ 320.737814][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 320.737814][ T5827] [ 320.749230][ T113] [ 320.749230][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 320.749230][ T113] [ 320.759870][ T5827] umount2("./317/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./317/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./317/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 320.759870][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 320.759870][ T5827] umount2("./317/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./317/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./317/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./317") = 0 mkdir("./318", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6178 attached [pid 6178] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 6178 [pid 6178] <... set_robust_list resumed>) = 0 [pid 6178] chdir("./318") = 0 [pid 6178] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6178] setpgid(0, 0) = 0 [pid 6178] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6178] write(3, "1000", 4) = 4 [pid 6178] close(3) = 0 [pid 6178] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6178] write(1, "executing program\n", 18executing program ) = 18 [pid 6178] memfd_create("syzkaller", 0) = 3 [pid 6178] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6178] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6178] munmap(0x7fac16400000, 138412032) = 0 [pid 6178] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6178] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6178] close(3) = 0 [pid 6178] close(4) = 0 [pid 6178] mkdir("./bus", 0777) = 0 [pid 6178] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6178] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6178] chdir("./bus") = 0 [pid 6178] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6178] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6178] exit_group(0) = ? [pid 6178] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6178, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=18 /* 0.18 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./318", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./318", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./318/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./318/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./318/binderfs") = 0 [ 321.334643][ T6178] loop0: detected capacity change from 0 to 32768 [ 321.371730][ T6178] [ 321.371730][ T6178] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 321.371730][ T6178] [ 321.409900][ T1088] [ 321.409900][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 321.409900][ T1088] [ 321.420975][ T1088] [ 321.420975][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 321.420975][ T1088] [ 321.433374][ T5827] [ 321.433374][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 321.433374][ T5827] [ 321.444506][ T113] [ 321.444506][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 321.444506][ T113] [ 321.455039][ T5827] umount2("./318/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./318/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./318/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 321.455039][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 321.455039][ T5827] umount2("./318/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./318/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./318/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./318") = 0 mkdir("./319", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6179 attached , child_tidptr=0x55556c245750) = 6179 [pid 6179] set_robust_list(0x55556c245760, 24) = 0 [pid 6179] chdir("./319") = 0 [pid 6179] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6179] setpgid(0, 0) = 0 [pid 6179] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6179] write(3, "1000", 4) = 4 [pid 6179] close(3) = 0 [pid 6179] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6179] write(1, "executing program\n", 18) = 18 [pid 6179] memfd_create("syzkaller", 0) = 3 [pid 6179] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6179] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6179] munmap(0x7fac16400000, 138412032) = 0 [pid 6179] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6179] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6179] close(3) = 0 [pid 6179] close(4) = 0 [pid 6179] mkdir("./bus", 0777) = 0 [pid 6179] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6179] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6179] chdir("./bus") = 0 [pid 6179] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6179] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [ 322.088579][ T6179] loop0: detected capacity change from 0 to 32768 [ 322.120374][ T6179] [ 322.120374][ T6179] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 322.120374][ T6179] [pid 6179] exit_group(0) = ? [pid 6179] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6179, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./319", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./319", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./319/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./319/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./319/binderfs") = 0 [ 322.304584][ T1088] [ 322.304584][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 322.304584][ T1088] [ 322.315348][ T1088] [ 322.315348][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 322.315348][ T1088] [ 322.326386][ T112] [ 322.326386][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 322.326386][ T112] [ 322.337163][ T5827] [ 322.337163][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 322.337163][ T5827] [ 322.348122][ T5827] umount2("./319/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./319/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./319/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 322.348122][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 322.348122][ T5827] umount2("./319/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./319/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./319/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./319") = 0 mkdir("./320", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6180 attached [pid 6180] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 6180 [pid 6180] <... set_robust_list resumed>) = 0 [pid 6180] chdir("./320") = 0 [pid 6180] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6180] setpgid(0, 0) = 0 [pid 6180] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6180] write(3, "1000", 4) = 4 [pid 6180] close(3) = 0 [pid 6180] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6180] write(1, "executing program\n", 18executing program ) = 18 [pid 6180] memfd_create("syzkaller", 0) = 3 [pid 6180] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6180] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6180] munmap(0x7fac16400000, 138412032) = 0 [pid 6180] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6180] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6180] close(3) = 0 [pid 6180] close(4) = 0 [pid 6180] mkdir("./bus", 0777) = 0 [pid 6180] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6180] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6180] chdir("./bus") = 0 [pid 6180] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6180] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6180] exit_group(0) = ? [pid 6180] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6180, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=15 /* 0.15 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./320", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./320", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./320/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./320/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./320/binderfs") = 0 [ 322.906426][ T6180] loop0: detected capacity change from 0 to 32768 [ 322.944463][ T6180] [ 322.944463][ T6180] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 322.944463][ T6180] [ 322.979474][ T13] [ 322.979474][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 322.979474][ T13] [ 322.991729][ T13] [ 322.991729][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 322.991729][ T13] [ 323.004513][ T113] [ 323.004513][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 323.004513][ T113] [ 323.015148][ T5827] [ 323.015148][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 323.015148][ T5827] [ 323.026003][ T5827] umount2("./320/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./320/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./320/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./320/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 323.026003][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 323.026003][ T5827] openat(AT_FDCWD, "./320/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./320/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./320") = 0 mkdir("./321", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6181 attached , child_tidptr=0x55556c245750) = 6181 [pid 6181] set_robust_list(0x55556c245760, 24) = 0 [pid 6181] chdir("./321") = 0 [pid 6181] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6181] setpgid(0, 0) = 0 [pid 6181] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6181] write(3, "1000", 4) = 4 [pid 6181] close(3) = 0 [pid 6181] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6181] write(1, "executing program\n", 18executing program ) = 18 [pid 6181] memfd_create("syzkaller", 0) = 3 [pid 6181] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6181] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6181] munmap(0x7fac16400000, 138412032) = 0 [pid 6181] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6181] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6181] close(3) = 0 [pid 6181] close(4) = 0 [pid 6181] mkdir("./bus", 0777) = 0 [pid 6181] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6181] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6181] chdir("./bus") = 0 [pid 6181] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6181] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6181] exit_group(0) = ? [pid 6181] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6181, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 323.605769][ T6181] loop0: detected capacity change from 0 to 32768 [ 323.631993][ T6181] [ 323.631993][ T6181] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 323.631993][ T6181] umount2("./321", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./321", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./321/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./321/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./321/binderfs") = 0 [ 323.783484][ T13] [ 323.783484][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 323.783484][ T13] [ 323.794085][ T13] [ 323.794085][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 323.794085][ T13] [ 323.805037][ T112] [ 323.805037][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 323.805037][ T112] [ 323.815661][ T5827] [ 323.815661][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 323.815661][ T5827] [ 323.826419][ T5827] umount2("./321/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./321/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./321/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 323.826419][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 323.826419][ T5827] umount2("./321/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./321/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./321/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./321") = 0 mkdir("./322", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6182 attached , child_tidptr=0x55556c245750) = 6182 [pid 6182] set_robust_list(0x55556c245760, 24) = 0 [pid 6182] chdir("./322") = 0 [pid 6182] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6182] setpgid(0, 0) = 0 [pid 6182] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6182] write(3, "1000", 4) = 4 [pid 6182] close(3) = 0 [pid 6182] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6182] write(1, "executing program\n", 18) = 18 [pid 6182] memfd_create("syzkaller", 0) = 3 [pid 6182] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6182] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6182] munmap(0x7fac16400000, 138412032) = 0 [pid 6182] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6182] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6182] close(3) = 0 [pid 6182] close(4) = 0 [pid 6182] mkdir("./bus", 0777) = 0 [pid 6182] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6182] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6182] chdir("./bus") = 0 [pid 6182] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6182] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6182] exit_group(0) = ? [pid 6182] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6182, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=15 /* 0.15 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 324.401788][ T6182] loop0: detected capacity change from 0 to 32768 [ 324.432486][ T6182] [ 324.432486][ T6182] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 324.432486][ T6182] umount2("./322", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./322", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./322/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./322/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./322/binderfs") = 0 [ 324.575090][ T13] [ 324.575090][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 324.575090][ T13] [ 324.585668][ T13] [ 324.585668][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 324.585668][ T13] [ 324.597220][ T113] [ 324.597220][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 324.597220][ T113] [ 324.607858][ T5827] [ 324.607858][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 324.607858][ T5827] [ 324.618900][ T5827] umount2("./322/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./322/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./322/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 324.618900][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 324.618900][ T5827] umount2("./322/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./322/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./322/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./322") = 0 mkdir("./323", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6183 attached [pid 6183] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 6183 [pid 6183] <... set_robust_list resumed>) = 0 [pid 6183] chdir("./323") = 0 [pid 6183] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6183] setpgid(0, 0) = 0 [pid 6183] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6183] write(3, "1000", 4) = 4 [pid 6183] close(3) = 0 [pid 6183] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6183] write(1, "executing program\n", 18) = 18 [pid 6183] memfd_create("syzkaller", 0) = 3 [pid 6183] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6183] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6183] munmap(0x7fac16400000, 138412032) = 0 [pid 6183] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6183] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6183] close(3) = 0 [pid 6183] close(4) = 0 [pid 6183] mkdir("./bus", 0777) = 0 [pid 6183] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6183] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6183] chdir("./bus") = 0 [pid 6183] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6183] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6183] exit_group(0) = ? [pid 6183] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6183, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=18 /* 0.18 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 325.163472][ T6183] loop0: detected capacity change from 0 to 32768 [ 325.182094][ T6183] [ 325.182094][ T6183] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 325.182094][ T6183] umount2("./323", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./323", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./323/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./323/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./323/binderfs") = 0 [ 325.359693][ T13] [ 325.359693][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 325.359693][ T13] [ 325.370427][ T13] [ 325.370427][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 325.370427][ T13] [ 325.381489][ T112] [ 325.381489][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 325.381489][ T112] [ 325.392155][ T5827] [ 325.392155][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 325.392155][ T5827] [ 325.403236][ T5827] umount2("./323/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./323/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./323/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 325.403236][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 325.403236][ T5827] umount2("./323/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./323/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./323/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./323") = 0 mkdir("./324", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6184 attached , child_tidptr=0x55556c245750) = 6184 [pid 6184] set_robust_list(0x55556c245760, 24) = 0 [pid 6184] chdir("./324") = 0 [pid 6184] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6184] setpgid(0, 0) = 0 [pid 6184] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6184] write(3, "1000", 4) = 4 [pid 6184] close(3) = 0 [pid 6184] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6184] write(1, "executing program\n", 18) = 18 [pid 6184] memfd_create("syzkaller", 0) = 3 [pid 6184] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6184] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6184] munmap(0x7fac16400000, 138412032) = 0 [pid 6184] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6184] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6184] close(3) = 0 [pid 6184] close(4) = 0 [pid 6184] mkdir("./bus", 0777) = 0 [ 325.925172][ T6184] loop0: detected capacity change from 0 to 32768 [pid 6184] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6184] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6184] chdir("./bus") = 0 [pid 6184] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6184] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6184] exit_group(0) = ? [ 325.970742][ T6184] [ 325.970742][ T6184] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 325.970742][ T6184] [pid 6184] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6184, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=16 /* 0.16 s */} --- umount2("./324", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./324", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./324/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./324/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./324/binderfs") = 0 [ 326.125334][ T13] [ 326.125334][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 326.125334][ T13] [ 326.135975][ T13] [ 326.135975][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 326.135975][ T13] [ 326.147181][ T112] [ 326.147181][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 326.147181][ T112] [ 326.157802][ T5827] [ 326.157802][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 326.157802][ T5827] [ 326.168822][ T5827] umount2("./324/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./324/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./324/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 326.168822][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 326.168822][ T5827] umount2("./324/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./324/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./324/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./324") = 0 mkdir("./325", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6185 attached , child_tidptr=0x55556c245750) = 6185 [pid 6185] set_robust_list(0x55556c245760, 24) = 0 [pid 6185] chdir("./325") = 0 [pid 6185] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6185] setpgid(0, 0) = 0 [pid 6185] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6185] write(3, "1000", 4) = 4 [pid 6185] close(3) = 0 [pid 6185] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6185] write(1, "executing program\n", 18executing program ) = 18 [pid 6185] memfd_create("syzkaller", 0) = 3 [pid 6185] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6185] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6185] munmap(0x7fac16400000, 138412032) = 0 [pid 6185] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6185] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6185] close(3) = 0 [pid 6185] close(4) = 0 [pid 6185] mkdir("./bus", 0777) = 0 [pid 6185] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6185] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6185] chdir("./bus") = 0 [pid 6185] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6185] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [ 326.691091][ T6185] loop0: detected capacity change from 0 to 32768 [ 326.717419][ T6185] [ 326.717419][ T6185] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 326.717419][ T6185] [pid 6185] exit_group(0) = ? [pid 6185] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6185, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=14 /* 0.14 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./325", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./325", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./325/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./325/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./325/binderfs") = 0 [ 326.907676][ T13] [ 326.907676][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 326.907676][ T13] [ 326.918338][ T13] [ 326.918338][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 326.918338][ T13] [ 326.929430][ T112] [ 326.929430][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 326.929430][ T112] [ 326.940025][ T5827] [ 326.940025][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 326.940025][ T5827] [ 326.951276][ T5827] umount2("./325/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./325/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./325/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 326.951276][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 326.951276][ T5827] umount2("./325/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./325/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./325/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./325") = 0 mkdir("./326", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6186 attached , child_tidptr=0x55556c245750) = 6186 [pid 6186] set_robust_list(0x55556c245760, 24) = 0 [pid 6186] chdir("./326") = 0 [pid 6186] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6186] setpgid(0, 0) = 0 [pid 6186] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6186] write(3, "1000", 4) = 4 [pid 6186] close(3) = 0 [pid 6186] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6186] write(1, "executing program\n", 18) = 18 [pid 6186] memfd_create("syzkaller", 0) = 3 [pid 6186] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6186] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6186] munmap(0x7fac16400000, 138412032) = 0 [pid 6186] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6186] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6186] close(3) = 0 [pid 6186] close(4) = 0 [pid 6186] mkdir("./bus", 0777) = 0 [pid 6186] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6186] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6186] chdir("./bus") = 0 [pid 6186] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6186] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6186] exit_group(0) = ? [ 327.525190][ T6186] loop0: detected capacity change from 0 to 32768 [ 327.560327][ T6186] [ 327.560327][ T6186] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 327.560327][ T6186] [pid 6186] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6186, si_uid=0, si_status=0, si_utime=0, si_stime=19 /* 0.19 s */} --- umount2("./326", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./326", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./326/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./326/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./326/binderfs") = 0 [ 327.754525][ T36] [ 327.754525][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 327.754525][ T36] [ 327.765072][ T36] [ 327.765072][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 327.765072][ T36] [ 327.776010][ T113] [ 327.776010][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 327.776010][ T113] [ 327.786683][ T5827] [ 327.786683][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 327.786683][ T5827] [ 327.797667][ T5827] umount2("./326/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./326/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./326/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 327.797667][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 327.797667][ T5827] umount2("./326/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./326/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./326/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./326") = 0 mkdir("./327", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6187 attached , child_tidptr=0x55556c245750) = 6187 [pid 6187] set_robust_list(0x55556c245760, 24) = 0 [pid 6187] chdir("./327") = 0 [pid 6187] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6187] setpgid(0, 0) = 0 [pid 6187] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6187] write(3, "1000", 4) = 4 [pid 6187] close(3) = 0 [pid 6187] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6187] write(1, "executing program\n", 18) = 18 [pid 6187] memfd_create("syzkaller", 0) = 3 [pid 6187] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6187] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6187] munmap(0x7fac16400000, 138412032) = 0 [pid 6187] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6187] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6187] close(3) = 0 [pid 6187] close(4) = 0 [pid 6187] mkdir("./bus", 0777) = 0 [ 328.407127][ T6187] loop0: detected capacity change from 0 to 32768 [pid 6187] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6187] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6187] chdir("./bus") = 0 [pid 6187] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 328.458414][ T6187] [ 328.458414][ T6187] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 328.458414][ T6187] [pid 6187] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6187] exit_group(0) = ? [pid 6187] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6187, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./327", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./327", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./327/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./327/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./327/binderfs") = 0 [ 328.667729][ T13] [ 328.667729][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 328.667729][ T13] [ 328.678290][ T13] [ 328.678290][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 328.678290][ T13] [ 328.689488][ T112] [ 328.689488][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 328.689488][ T112] [ 328.700122][ T5827] [ 328.700122][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 328.700122][ T5827] [ 328.710908][ T5827] umount2("./327/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./327/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./327/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 328.710908][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 328.710908][ T5827] umount2("./327/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./327/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./327/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./327") = 0 mkdir("./328", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6188 attached , child_tidptr=0x55556c245750) = 6188 [pid 6188] set_robust_list(0x55556c245760, 24) = 0 [pid 6188] chdir("./328") = 0 [pid 6188] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6188] setpgid(0, 0) = 0 [pid 6188] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6188] write(3, "1000", 4) = 4 [pid 6188] close(3) = 0 [pid 6188] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6188] write(1, "executing program\n", 18) = 18 [pid 6188] memfd_create("syzkaller", 0) = 3 [pid 6188] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6188] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6188] munmap(0x7fac16400000, 138412032) = 0 [pid 6188] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6188] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6188] close(3) = 0 [pid 6188] close(4) = 0 [pid 6188] mkdir("./bus", 0777) = 0 [ 329.241928][ T6188] loop0: detected capacity change from 0 to 32768 [pid 6188] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6188] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6188] chdir("./bus") = 0 [pid 6188] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6188] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6188] exit_group(0) = ? [pid 6188] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6188, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=16 /* 0.16 s */} --- [ 329.287107][ T6188] [ 329.287107][ T6188] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 329.287107][ T6188] restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./328", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./328", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./328/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./328/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./328/binderfs") = 0 [ 329.446177][ T36] [ 329.446177][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 329.446177][ T36] [ 329.456766][ T36] [ 329.456766][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 329.456766][ T36] [ 329.467688][ T5827] [ 329.467688][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 329.467688][ T5827] [ 329.479016][ T112] [ 329.479016][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 329.479016][ T112] [ 329.489595][ T5827] umount2("./328/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./328/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./328/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 329.489595][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 329.489595][ T5827] umount2("./328/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./328/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./328/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./328") = 0 mkdir("./329", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6189 attached , child_tidptr=0x55556c245750) = 6189 [pid 6189] set_robust_list(0x55556c245760, 24) = 0 [pid 6189] chdir("./329") = 0 [pid 6189] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6189] setpgid(0, 0) = 0 [pid 6189] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6189] write(3, "1000", 4) = 4 [pid 6189] close(3) = 0 [pid 6189] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6189] write(1, "executing program\n", 18executing program ) = 18 [pid 6189] memfd_create("syzkaller", 0) = 3 [pid 6189] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6189] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6189] munmap(0x7fac16400000, 138412032) = 0 [pid 6189] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6189] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6189] close(3) = 0 [pid 6189] close(4) = 0 [pid 6189] mkdir("./bus", 0777) = 0 [pid 6189] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6189] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6189] chdir("./bus") = 0 [pid 6189] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 330.041616][ T6189] loop0: detected capacity change from 0 to 32768 [ 330.068613][ T6189] [ 330.068613][ T6189] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 330.068613][ T6189] [pid 6189] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6189] exit_group(0) = ? [pid 6189] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6189, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./329", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./329", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./329/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./329/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./329/binderfs") = 0 [ 330.238041][ T13] [ 330.238041][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 330.238041][ T13] [ 330.248570][ T13] [ 330.248570][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 330.248570][ T13] [ 330.259672][ T113] [ 330.259672][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 330.259672][ T113] [ 330.270231][ T5827] [ 330.270231][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 330.270231][ T5827] [ 330.281156][ T5827] umount2("./329/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./329/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./329/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 330.281156][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 330.281156][ T5827] umount2("./329/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./329/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./329/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./329") = 0 mkdir("./330", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6190 attached , child_tidptr=0x55556c245750) = 6190 [pid 6190] set_robust_list(0x55556c245760, 24) = 0 [pid 6190] chdir("./330") = 0 [pid 6190] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6190] setpgid(0, 0) = 0 [pid 6190] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6190] write(3, "1000", 4) = 4 [pid 6190] close(3) = 0 [pid 6190] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6190] write(1, "executing program\n", 18) = 18 [pid 6190] memfd_create("syzkaller", 0) = 3 [pid 6190] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6190] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6190] munmap(0x7fac16400000, 138412032) = 0 [pid 6190] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6190] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6190] close(3) = 0 [pid 6190] close(4) = 0 [pid 6190] mkdir("./bus", 0777) = 0 [pid 6190] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6190] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6190] chdir("./bus") = 0 [pid 6190] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6190] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6190] exit_group(0) = ? [pid 6190] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6190, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=18 /* 0.18 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./330", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./330", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./330/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./330/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./330/binderfs") = 0 [ 330.842090][ T6190] loop0: detected capacity change from 0 to 32768 [ 330.861377][ T6190] [ 330.861377][ T6190] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 330.861377][ T6190] [ 330.914288][ T36] [ 330.914288][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 330.914288][ T36] [ 330.924879][ T36] [ 330.924879][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 330.924879][ T36] [ 330.936406][ T112] [ 330.936406][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 330.936406][ T112] [ 330.947037][ T5827] [ 330.947037][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 330.947037][ T5827] [ 330.958109][ T5827] umount2("./330/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./330/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./330/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./330/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./330/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./330/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./330") = 0 mkdir("./331", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 330.958109][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 330.958109][ T5827] close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6191 attached , child_tidptr=0x55556c245750) = 6191 [pid 6191] set_robust_list(0x55556c245760, 24) = 0 [pid 6191] chdir("./331") = 0 [pid 6191] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6191] setpgid(0, 0) = 0 [pid 6191] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6191] write(3, "1000", 4) = 4 [pid 6191] close(3) = 0 [pid 6191] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6191] write(1, "executing program\n", 18) = 18 [pid 6191] memfd_create("syzkaller", 0) = 3 [pid 6191] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6191] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6191] munmap(0x7fac16400000, 138412032) = 0 [pid 6191] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6191] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6191] close(3) = 0 [pid 6191] close(4) = 0 [pid 6191] mkdir("./bus", 0777) = 0 [ 331.370117][ T6191] loop0: detected capacity change from 0 to 32768 [pid 6191] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6191] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6191] chdir("./bus") = 0 [pid 6191] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 331.414192][ T6191] [ 331.414192][ T6191] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 331.414192][ T6191] [pid 6191] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6191] exit_group(0) = ? [pid 6191] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6191, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./331", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./331", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./331/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./331/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./331/binderfs") = 0 [ 331.622596][ T36] [ 331.622596][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 331.622596][ T36] [ 331.633340][ T36] [ 331.633340][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 331.633340][ T36] [ 331.644105][ T5827] [ 331.644105][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 331.644105][ T5827] [ 331.654940][ T113] [ 331.654940][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 331.654940][ T113] [ 331.665530][ T5827] umount2("./331/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./331/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./331/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 331.665530][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 331.665530][ T5827] umount2("./331/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./331/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./331/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./331") = 0 mkdir("./332", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6192 attached , child_tidptr=0x55556c245750) = 6192 [pid 6192] set_robust_list(0x55556c245760, 24) = 0 [pid 6192] chdir("./332") = 0 [pid 6192] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6192] setpgid(0, 0) = 0 [pid 6192] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6192] write(3, "1000", 4) = 4 [pid 6192] close(3) = 0 [pid 6192] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6192] write(1, "executing program\n", 18) = 18 [pid 6192] memfd_create("syzkaller", 0) = 3 [pid 6192] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6192] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6192] munmap(0x7fac16400000, 138412032) = 0 [pid 6192] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6192] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6192] close(3) = 0 [pid 6192] close(4) = 0 [pid 6192] mkdir("./bus", 0777) = 0 [pid 6192] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6192] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6192] chdir("./bus") = 0 [pid 6192] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6192] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6192] exit_group(0) = ? [pid 6192] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6192, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=17 /* 0.17 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 332.177404][ T6192] loop0: detected capacity change from 0 to 32768 [ 332.206591][ T6192] [ 332.206591][ T6192] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 332.206591][ T6192] umount2("./332", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./332", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./332/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./332/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./332/binderfs") = 0 [ 332.330555][ T13] [ 332.330555][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 332.330555][ T13] [ 332.341276][ T13] [ 332.341276][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 332.341276][ T13] [ 332.351949][ T5827] [ 332.351949][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 332.351949][ T5827] [ 332.362806][ T113] [ 332.362806][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 332.362806][ T113] [ 332.373490][ T5827] umount2("./332/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./332/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./332/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 332.373490][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 332.373490][ T5827] umount2("./332/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./332/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./332/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./332") = 0 mkdir("./333", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6193 attached , child_tidptr=0x55556c245750) = 6193 [pid 6193] set_robust_list(0x55556c245760, 24) = 0 [pid 6193] chdir("./333") = 0 [pid 6193] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6193] setpgid(0, 0) = 0 [pid 6193] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6193] write(3, "1000", 4) = 4 [pid 6193] close(3) = 0 [pid 6193] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6193] write(1, "executing program\n", 18) = 18 [pid 6193] memfd_create("syzkaller", 0) = 3 [pid 6193] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6193] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6193] munmap(0x7fac16400000, 138412032) = 0 [pid 6193] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6193] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6193] close(3) = 0 [pid 6193] close(4) = 0 [pid 6193] mkdir("./bus", 0777) = 0 [pid 6193] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6193] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6193] chdir("./bus") = 0 [pid 6193] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6193] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6193] exit_group(0) = ? [ 333.050484][ T6193] loop0: detected capacity change from 0 to 32768 [ 333.080597][ T6193] [ 333.080597][ T6193] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 333.080597][ T6193] [pid 6193] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6193, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=23 /* 0.23 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./333", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./333", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./333/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./333/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./333/binderfs") = 0 [ 333.270889][ T36] [ 333.270889][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 333.270889][ T36] [ 333.281640][ T36] [ 333.281640][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 333.281640][ T36] [ 333.292649][ T5827] [ 333.292649][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 333.292649][ T5827] [ 333.303997][ T112] [ 333.303997][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 333.303997][ T112] [ 333.314592][ T5827] umount2("./333/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./333/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./333/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./333/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 333.314592][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 333.314592][ T5827] openat(AT_FDCWD, "./333/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./333/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./333") = 0 mkdir("./334", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6194 attached [pid 6194] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 6194 [pid 6194] <... set_robust_list resumed>) = 0 [pid 6194] chdir("./334") = 0 [pid 6194] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6194] setpgid(0, 0) = 0 [pid 6194] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6194] write(3, "1000", 4) = 4 [pid 6194] close(3) = 0 [pid 6194] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6194] write(1, "executing program\n", 18executing program ) = 18 [pid 6194] memfd_create("syzkaller", 0) = 3 [pid 6194] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6194] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6194] munmap(0x7fac16400000, 138412032) = 0 [pid 6194] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6194] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6194] close(3) = 0 [pid 6194] close(4) = 0 [pid 6194] mkdir("./bus", 0777) = 0 [ 333.872798][ T6194] loop0: detected capacity change from 0 to 32768 [pid 6194] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6194] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6194] chdir("./bus") = 0 [pid 6194] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6194] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6194] exit_group(0) = ? [pid 6194] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6194, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=15 /* 0.15 s */} --- umount2("./334", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./334", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 333.931146][ T6194] [ 333.931146][ T6194] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 333.931146][ T6194] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./334/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./334/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./334/binderfs") = 0 [ 334.048956][ T36] [ 334.048956][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 334.048956][ T36] [ 334.059529][ T36] [ 334.059529][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 334.059529][ T36] [ 334.070537][ T113] [ 334.070537][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 334.070537][ T113] [ 334.081219][ T5827] [ 334.081219][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 334.081219][ T5827] [ 334.092099][ T5827] umount2("./334/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./334/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./334/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 334.092099][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 334.092099][ T5827] umount2("./334/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./334/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./334/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./334") = 0 mkdir("./335", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6195 attached , child_tidptr=0x55556c245750) = 6195 [pid 6195] set_robust_list(0x55556c245760, 24) = 0 [pid 6195] chdir("./335") = 0 [pid 6195] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6195] setpgid(0, 0) = 0 [pid 6195] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6195] write(3, "1000", 4) = 4 [pid 6195] close(3) = 0 [pid 6195] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6195] write(1, "executing program\n", 18) = 18 [pid 6195] memfd_create("syzkaller", 0) = 3 [pid 6195] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6195] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6195] munmap(0x7fac16400000, 138412032) = 0 [pid 6195] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6195] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6195] close(3) = 0 [pid 6195] close(4) = 0 [pid 6195] mkdir("./bus", 0777) = 0 [pid 6195] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6195] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6195] chdir("./bus") = 0 [ 334.670407][ T6195] loop0: detected capacity change from 0 to 32768 [ 334.709998][ T6195] [ 334.709998][ T6195] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 334.709998][ T6195] [pid 6195] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6195] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6195] exit_group(0) = ? [pid 6195] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6195, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./335", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./335", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./335/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./335/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./335/binderfs") = 0 [ 334.880551][ T36] [ 334.880551][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 334.880551][ T36] [ 334.891126][ T36] [ 334.891126][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 334.891126][ T36] [ 334.901956][ T5827] [ 334.901956][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 334.901956][ T5827] [ 334.913357][ T112] [ 334.913357][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 334.913357][ T112] [ 334.923943][ T5827] umount2("./335/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./335/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./335/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 334.923943][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 334.923943][ T5827] umount2("./335/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./335/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./335/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./335") = 0 mkdir("./336", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6196 attached , child_tidptr=0x55556c245750) = 6196 [pid 6196] set_robust_list(0x55556c245760, 24) = 0 [pid 6196] chdir("./336") = 0 [pid 6196] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6196] setpgid(0, 0) = 0 [pid 6196] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6196] write(3, "1000", 4) = 4 [pid 6196] close(3) = 0 [pid 6196] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6196] write(1, "executing program\n", 18) = 18 [pid 6196] memfd_create("syzkaller", 0) = 3 [pid 6196] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6196] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6196] munmap(0x7fac16400000, 138412032) = 0 [pid 6196] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6196] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6196] close(3) = 0 [pid 6196] close(4) = 0 [pid 6196] mkdir("./bus", 0777) = 0 [pid 6196] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6196] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6196] chdir("./bus") = 0 [pid 6196] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6196] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6196] exit_group(0) = ? [ 335.508154][ T6196] loop0: detected capacity change from 0 to 32768 [ 335.538075][ T6196] [ 335.538075][ T6196] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 335.538075][ T6196] [pid 6196] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6196, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=16 /* 0.16 s */} --- umount2("./336", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./336", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./336/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./336/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./336/binderfs") = 0 [ 335.716433][ T13] [ 335.716433][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 335.716433][ T13] [ 335.727024][ T13] [ 335.727024][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 335.727024][ T13] [ 335.737774][ T5827] [ 335.737774][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 335.737774][ T5827] [ 335.749254][ T112] [ 335.749254][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 335.749254][ T112] [ 335.760000][ T5827] umount2("./336/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./336/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./336/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 335.760000][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 335.760000][ T5827] umount2("./336/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./336/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./336/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./336") = 0 mkdir("./337", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6197 attached , child_tidptr=0x55556c245750) = 6197 [pid 6197] set_robust_list(0x55556c245760, 24) = 0 [pid 6197] chdir("./337") = 0 [pid 6197] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6197] setpgid(0, 0) = 0 [pid 6197] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6197] write(3, "1000", 4) = 4 [pid 6197] close(3) = 0 [pid 6197] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6197] write(1, "executing program\n", 18executing program ) = 18 [pid 6197] memfd_create("syzkaller", 0) = 3 [pid 6197] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6197] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6197] munmap(0x7fac16400000, 138412032) = 0 [pid 6197] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6197] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6197] close(3) = 0 [pid 6197] close(4) = 0 [pid 6197] mkdir("./bus", 0777) = 0 [pid 6197] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6197] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6197] chdir("./bus") = 0 [pid 6197] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6197] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6197] exit_group(0) = ? [pid 6197] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6197, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=17 /* 0.17 s */} --- [ 336.346089][ T6197] loop0: detected capacity change from 0 to 32768 [ 336.372049][ T6197] [ 336.372049][ T6197] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 336.372049][ T6197] restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./337", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./337", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./337/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./337/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./337/binderfs") = 0 [ 336.541906][ T36] [ 336.541906][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 336.541906][ T36] [ 336.552459][ T36] [ 336.552459][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 336.552459][ T36] [ 336.563266][ T5827] [ 336.563266][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 336.563266][ T5827] [ 336.574245][ T112] [ 336.574245][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 336.574245][ T112] [ 336.584872][ T5827] umount2("./337/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./337/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./337/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./337/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./337/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 336.584872][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 336.584872][ T5827] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./337/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./337") = 0 mkdir("./338", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6198 attached , child_tidptr=0x55556c245750) = 6198 [pid 6198] set_robust_list(0x55556c245760, 24) = 0 [pid 6198] chdir("./338") = 0 [pid 6198] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6198] setpgid(0, 0) = 0 [pid 6198] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6198] write(3, "1000", 4) = 4 [pid 6198] close(3) = 0 [pid 6198] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6198] write(1, "executing program\n", 18) = 18 [pid 6198] memfd_create("syzkaller", 0) = 3 [pid 6198] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6198] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6198] munmap(0x7fac16400000, 138412032) = 0 [pid 6198] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6198] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6198] close(3) = 0 [pid 6198] close(4) = 0 [pid 6198] mkdir("./bus", 0777) = 0 [pid 6198] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6198] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6198] chdir("./bus") = 0 [pid 6198] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6198] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6198] exit_group(0) = ? [ 337.135961][ T6198] loop0: detected capacity change from 0 to 32768 [ 337.173076][ T6198] [ 337.173076][ T6198] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 337.173076][ T6198] [pid 6198] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6198, si_uid=0, si_status=0, si_utime=0, si_stime=18 /* 0.18 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./338", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./338", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./338/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./338/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./338/binderfs") = 0 [ 337.277547][ T13] [ 337.277547][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 337.277547][ T13] [ 337.288187][ T13] [ 337.288187][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 337.288187][ T13] [ 337.299228][ T113] [ 337.299228][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 337.299228][ T113] [ 337.309800][ T5827] [ 337.309800][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 337.309800][ T5827] [ 337.320567][ T5827] umount2("./338/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./338/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./338/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 337.320567][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 337.320567][ T5827] umount2("./338/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./338/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./338/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./338") = 0 mkdir("./339", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6199 attached , child_tidptr=0x55556c245750) = 6199 [pid 6199] set_robust_list(0x55556c245760, 24) = 0 [pid 6199] chdir("./339") = 0 [pid 6199] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6199] setpgid(0, 0) = 0 [pid 6199] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6199] write(3, "1000", 4) = 4 [pid 6199] close(3) = 0 [pid 6199] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6199] write(1, "executing program\n", 18executing program ) = 18 [pid 6199] memfd_create("syzkaller", 0) = 3 [pid 6199] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6199] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6199] munmap(0x7fac16400000, 138412032) = 0 [pid 6199] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6199] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6199] close(3) = 0 [pid 6199] close(4) = 0 [pid 6199] mkdir("./bus", 0777) = 0 [pid 6199] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6199] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6199] chdir("./bus") = 0 [pid 6199] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 337.918802][ T6199] loop0: detected capacity change from 0 to 32768 [ 337.947384][ T6199] [ 337.947384][ T6199] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 337.947384][ T6199] [pid 6199] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6199] exit_group(0) = ? [pid 6199] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6199, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=15 /* 0.15 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./339", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./339", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./339/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./339/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./339/binderfs") = 0 [ 338.146249][ T13] [ 338.146249][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 338.146249][ T13] [ 338.157222][ T13] [ 338.157222][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 338.157222][ T13] [ 338.168469][ T5827] [ 338.168469][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 338.168469][ T5827] [ 338.179641][ T112] [ 338.179641][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 338.179641][ T112] [ 338.190213][ T5827] umount2("./339/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./339/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./339/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 338.190213][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 338.190213][ T5827] umount2("./339/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./339/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./339/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./339") = 0 mkdir("./340", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6200 attached , child_tidptr=0x55556c245750) = 6200 [pid 6200] set_robust_list(0x55556c245760, 24) = 0 [pid 6200] chdir("./340") = 0 [pid 6200] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6200] setpgid(0, 0) = 0 [pid 6200] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6200] write(3, "1000", 4) = 4 [pid 6200] close(3) = 0 [pid 6200] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6200] write(1, "executing program\n", 18) = 18 [pid 6200] memfd_create("syzkaller", 0) = 3 [pid 6200] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6200] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6200] munmap(0x7fac16400000, 138412032) = 0 [pid 6200] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6200] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6200] close(3) = 0 [pid 6200] close(4) = 0 [pid 6200] mkdir("./bus", 0777) = 0 [pid 6200] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6200] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6200] chdir("./bus") = 0 [pid 6200] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6200] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6200] exit_group(0) = ? [ 338.750057][ T6200] loop0: detected capacity change from 0 to 32768 [ 338.782054][ T6200] [ 338.782054][ T6200] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 338.782054][ T6200] [pid 6200] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6200, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=14 /* 0.14 s */} --- umount2("./340", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./340", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./340/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./340/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./340/binderfs") = 0 [ 338.939575][ T13] [ 338.939575][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 338.939575][ T13] [ 338.950185][ T13] [ 338.950185][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 338.950185][ T13] [ 338.961289][ T5827] [ 338.961289][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 338.961289][ T5827] [ 338.972345][ T112] [ 338.972345][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 338.972345][ T112] [ 338.982933][ T5827] umount2("./340/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./340/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./340/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./340/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 338.982933][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 338.982933][ T5827] openat(AT_FDCWD, "./340/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./340/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./340") = 0 mkdir("./341", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6201 attached , child_tidptr=0x55556c245750) = 6201 [pid 6201] set_robust_list(0x55556c245760, 24) = 0 [pid 6201] chdir("./341") = 0 [pid 6201] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6201] setpgid(0, 0) = 0 [pid 6201] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6201] write(3, "1000", 4) = 4 [pid 6201] close(3) = 0 [pid 6201] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6201] write(1, "executing program\n", 18executing program ) = 18 [pid 6201] memfd_create("syzkaller", 0) = 3 [pid 6201] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6201] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6201] munmap(0x7fac16400000, 138412032) = 0 [pid 6201] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6201] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6201] close(3) = 0 [pid 6201] close(4) = 0 [pid 6201] mkdir("./bus", 0777) = 0 [pid 6201] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6201] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6201] chdir("./bus") = 0 [pid 6201] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6201] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6201] exit_group(0) = ? [pid 6201] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6201, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=17 /* 0.17 s */} --- umount2("./341", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 339.496728][ T6201] loop0: detected capacity change from 0 to 32768 [ 339.516926][ T6201] [ 339.516926][ T6201] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 339.516926][ T6201] openat(AT_FDCWD, "./341", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./341/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./341/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./341/binderfs") = 0 [ 339.686951][ T1088] [ 339.686951][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 339.686951][ T1088] [ 339.697485][ T1088] [ 339.697485][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 339.697485][ T1088] [ 339.708414][ T113] [ 339.708414][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 339.708414][ T113] [ 339.719035][ T5827] [ 339.719035][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 339.719035][ T5827] [ 339.730142][ T5827] umount2("./341/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./341/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./341/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 339.730142][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 339.730142][ T5827] umount2("./341/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./341/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./341/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./341") = 0 mkdir("./342", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6202 attached , child_tidptr=0x55556c245750) = 6202 [pid 6202] set_robust_list(0x55556c245760, 24) = 0 [pid 6202] chdir("./342") = 0 [pid 6202] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6202] setpgid(0, 0) = 0 [pid 6202] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6202] write(3, "1000", 4) = 4 [pid 6202] close(3) = 0 [pid 6202] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6202] write(1, "executing program\n", 18executing program ) = 18 [pid 6202] memfd_create("syzkaller", 0) = 3 [pid 6202] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6202] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6202] munmap(0x7fac16400000, 138412032) = 0 [pid 6202] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6202] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6202] close(3) = 0 [pid 6202] close(4) = 0 [pid 6202] mkdir("./bus", 0777) = 0 [ 340.338449][ T6202] loop0: detected capacity change from 0 to 32768 [pid 6202] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6202] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6202] chdir("./bus") = 0 [pid 6202] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6202] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6202] exit_group(0) = ? [pid 6202] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6202, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=18 /* 0.18 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./342", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 340.378851][ T6202] [ 340.378851][ T6202] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 340.378851][ T6202] openat(AT_FDCWD, "./342", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./342/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./342/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./342/binderfs") = 0 [ 340.541225][ T1088] [ 340.541225][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 340.541225][ T1088] [ 340.551831][ T1088] [ 340.551831][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 340.551831][ T1088] [ 340.563234][ T112] [ 340.563234][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 340.563234][ T112] [ 340.573928][ T5827] [ 340.573928][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 340.573928][ T5827] [ 340.584933][ T5827] umount2("./342/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./342/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./342/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 340.584933][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 340.584933][ T5827] umount2("./342/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./342/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./342/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./342") = 0 mkdir("./343", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6203 attached [pid 6203] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 6203 [pid 6203] <... set_robust_list resumed>) = 0 [pid 6203] chdir("./343") = 0 [pid 6203] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6203] setpgid(0, 0) = 0 [pid 6203] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6203] write(3, "1000", 4) = 4 [pid 6203] close(3) = 0 [pid 6203] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6203] write(1, "executing program\n", 18) = 18 [pid 6203] memfd_create("syzkaller", 0) = 3 [pid 6203] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6203] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6203] munmap(0x7fac16400000, 138412032) = 0 [pid 6203] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6203] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6203] close(3) = 0 [pid 6203] close(4) = 0 [pid 6203] mkdir("./bus", 0777) = 0 [pid 6203] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6203] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6203] chdir("./bus") = 0 [pid 6203] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6203] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6203] exit_group(0) = ? [pid 6203] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6203, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=17 /* 0.17 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./343", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 341.165479][ T6203] loop0: detected capacity change from 0 to 32768 [ 341.198326][ T6203] [ 341.198326][ T6203] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 341.198326][ T6203] openat(AT_FDCWD, "./343", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./343/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./343/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./343/binderfs") = 0 [ 341.299197][ T13] [ 341.299197][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 341.299197][ T13] [ 341.309788][ T13] [ 341.309788][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 341.309788][ T13] [ 341.321387][ T113] [ 341.321387][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 341.321387][ T113] [ 341.332131][ T5827] [ 341.332131][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 341.332131][ T5827] [ 341.342870][ T5827] umount2("./343/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./343/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./343/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 341.342870][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 341.342870][ T5827] umount2("./343/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./343/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./343/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./343") = 0 mkdir("./344", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6204 attached [pid 6204] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 6204 [pid 6204] <... set_robust_list resumed>) = 0 [pid 6204] chdir("./344") = 0 [pid 6204] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6204] setpgid(0, 0) = 0 [pid 6204] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6204] write(3, "1000", 4) = 4 [pid 6204] close(3) = 0 [pid 6204] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6204] write(1, "executing program\n", 18) = 18 [pid 6204] memfd_create("syzkaller", 0) = 3 [pid 6204] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6204] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6204] munmap(0x7fac16400000, 138412032) = 0 [pid 6204] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6204] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6204] close(3) = 0 [pid 6204] close(4) = 0 [pid 6204] mkdir("./bus", 0777) = 0 [pid 6204] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6204] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6204] chdir("./bus") = 0 [pid 6204] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6204] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6204] exit_group(0) = ? [pid 6204] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6204, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=15 /* 0.15 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./344", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./344", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./344/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./344/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./344/binderfs") = 0 [ 341.984943][ T6204] loop0: detected capacity change from 0 to 32768 [ 342.019853][ T6204] [ 342.019853][ T6204] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 342.019853][ T6204] [ 342.060735][ T13] [ 342.060735][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 342.060735][ T13] [ 342.072547][ T13] [ 342.072547][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 342.072547][ T13] [ 342.083538][ T5827] [ 342.083538][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 342.083538][ T5827] [ 342.094560][ T112] [ 342.094560][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 342.094560][ T112] [ 342.105208][ T5827] umount2("./344/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./344/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./344/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./344/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./344/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./344/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 [ 342.105208][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 342.105208][ T5827] rmdir("./344") = 0 mkdir("./345", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6205 attached , child_tidptr=0x55556c245750) = 6205 [pid 6205] set_robust_list(0x55556c245760, 24) = 0 [pid 6205] chdir("./345") = 0 [pid 6205] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6205] setpgid(0, 0) = 0 [pid 6205] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6205] write(3, "1000", 4) = 4 [pid 6205] close(3) = 0 [pid 6205] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6205] write(1, "executing program\n", 18) = 18 [pid 6205] memfd_create("syzkaller", 0) = 3 [pid 6205] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6205] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6205] munmap(0x7fac16400000, 138412032) = 0 [pid 6205] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6205] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6205] close(3) = 0 [pid 6205] close(4) = 0 [pid 6205] mkdir("./bus", 0777) = 0 [ 342.551722][ T6205] loop0: detected capacity change from 0 to 32768 [pid 6205] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6205] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6205] chdir("./bus") = 0 [pid 6205] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6205] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6205] exit_group(0) = ? [pid 6205] +++ exited with 0 +++ [ 342.602012][ T6205] [ 342.602012][ T6205] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 342.602012][ T6205] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6205, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=12 /* 0.12 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./345", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./345", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./345/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./345/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./345/binderfs") = 0 [ 342.779960][ T1088] [ 342.779960][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 342.779960][ T1088] [ 342.790553][ T1088] [ 342.790553][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 342.790553][ T1088] [ 342.801899][ T112] [ 342.801899][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 342.801899][ T112] [ 342.812544][ T5827] [ 342.812544][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 342.812544][ T5827] [ 342.823504][ T5827] umount2("./345/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./345/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./345/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 342.823504][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 342.823504][ T5827] umount2("./345/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./345/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./345/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./345") = 0 mkdir("./346", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6206 attached [pid 6206] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 6206 [pid 6206] <... set_robust_list resumed>) = 0 [pid 6206] chdir("./346") = 0 [pid 6206] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6206] setpgid(0, 0) = 0 [pid 6206] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6206] write(3, "1000", 4) = 4 [pid 6206] close(3) = 0 [pid 6206] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6206] write(1, "executing program\n", 18) = 18 [pid 6206] memfd_create("syzkaller", 0) = 3 [pid 6206] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6206] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6206] munmap(0x7fac16400000, 138412032) = 0 [pid 6206] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6206] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6206] close(3) = 0 [pid 6206] close(4) = 0 [pid 6206] mkdir("./bus", 0777) = 0 [pid 6206] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6206] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6206] chdir("./bus") = 0 [pid 6206] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6206] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6206] exit_group(0) = ? [ 343.432089][ T6206] loop0: detected capacity change from 0 to 32768 [ 343.461800][ T6206] [ 343.461800][ T6206] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 343.461800][ T6206] [pid 6206] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6206, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=17 /* 0.17 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./346", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./346", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./346/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./346/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./346/binderfs") = 0 [ 343.593324][ T13] [ 343.593324][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 343.593324][ T13] [ 343.603919][ T13] [ 343.603919][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 343.603919][ T13] [ 343.615021][ T113] [ 343.615021][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 343.615021][ T113] [ 343.625663][ T5827] [ 343.625663][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 343.625663][ T5827] [ 343.636516][ T5827] umount2("./346/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./346/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./346/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 343.636516][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 343.636516][ T5827] umount2("./346/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./346/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./346/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./346") = 0 mkdir("./347", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6207 attached , child_tidptr=0x55556c245750) = 6207 [pid 6207] set_robust_list(0x55556c245760, 24) = 0 [pid 6207] chdir("./347") = 0 [pid 6207] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6207] setpgid(0, 0) = 0 [pid 6207] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6207] write(3, "1000", 4) = 4 [pid 6207] close(3) = 0 [pid 6207] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6207] write(1, "executing program\n", 18) = 18 [pid 6207] memfd_create("syzkaller", 0) = 3 [pid 6207] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6207] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6207] munmap(0x7fac16400000, 138412032) = 0 [pid 6207] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6207] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6207] close(3) = 0 [pid 6207] close(4) = 0 [pid 6207] mkdir("./bus", 0777) = 0 [ 344.177478][ T6207] loop0: detected capacity change from 0 to 32768 [pid 6207] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6207] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6207] chdir("./bus") = 0 [ 344.241680][ T6207] [ 344.241680][ T6207] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 344.241680][ T6207] [pid 6207] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6207] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6207] exit_group(0) = ? [pid 6207] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6207, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=17 /* 0.17 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./347", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./347", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./347/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./347/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./347/binderfs") = 0 [ 344.418758][ T36] [ 344.418758][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 344.418758][ T36] [ 344.429291][ T36] [ 344.429291][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 344.429291][ T36] [ 344.440354][ T112] [ 344.440354][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 344.440354][ T112] [ 344.450992][ T5827] [ 344.450992][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 344.450992][ T5827] [ 344.461992][ T5827] umount2("./347/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./347/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./347/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 344.461992][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 344.461992][ T5827] umount2("./347/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./347/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./347/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./347") = 0 mkdir("./348", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6208 attached , child_tidptr=0x55556c245750) = 6208 [pid 6208] set_robust_list(0x55556c245760, 24) = 0 [pid 6208] chdir("./348") = 0 [pid 6208] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6208] setpgid(0, 0) = 0 [pid 6208] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6208] write(3, "1000", 4) = 4 [pid 6208] close(3) = 0 [pid 6208] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6208] write(1, "executing program\n", 18) = 18 [pid 6208] memfd_create("syzkaller", 0) = 3 [pid 6208] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6208] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6208] munmap(0x7fac16400000, 138412032) = 0 [pid 6208] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6208] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6208] close(3) = 0 [pid 6208] close(4) = 0 [pid 6208] mkdir("./bus", 0777) = 0 [pid 6208] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6208] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6208] chdir("./bus") = 0 [pid 6208] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6208] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6208] exit_group(0) = ? [pid 6208] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6208, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=14 /* 0.14 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./348", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./348", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./348/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./348/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./348/binderfs") = 0 [ 345.055586][ T6208] loop0: detected capacity change from 0 to 32768 [ 345.094139][ T6208] [ 345.094139][ T6208] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 345.094139][ T6208] [ 345.125142][ T1088] [ 345.125142][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 345.125142][ T1088] [ 345.136753][ T1088] [ 345.136753][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 345.136753][ T1088] [ 345.148488][ T112] [ 345.148488][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 345.148488][ T112] [ 345.159397][ T5827] [ 345.159397][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 345.159397][ T5827] [ 345.170766][ T5827] umount2("./348/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./348/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./348/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./348/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 345.170766][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 345.170766][ T5827] openat(AT_FDCWD, "./348/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./348/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./348") = 0 mkdir("./349", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6209 attached , child_tidptr=0x55556c245750) = 6209 [pid 6209] set_robust_list(0x55556c245760, 24) = 0 [pid 6209] chdir("./349") = 0 [pid 6209] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6209] setpgid(0, 0) = 0 [pid 6209] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6209] write(3, "1000", 4) = 4 [pid 6209] close(3) = 0 [pid 6209] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6209] write(1, "executing program\n", 18executing program ) = 18 [pid 6209] memfd_create("syzkaller", 0) = 3 [pid 6209] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6209] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6209] munmap(0x7fac16400000, 138412032) = 0 [pid 6209] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6209] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6209] close(3) = 0 [pid 6209] close(4) = 0 [pid 6209] mkdir("./bus", 0777) = 0 [pid 6209] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6209] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6209] chdir("./bus") = 0 [pid 6209] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6209] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [ 345.767968][ T6209] loop0: detected capacity change from 0 to 32768 [ 345.787602][ T6209] [ 345.787602][ T6209] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 345.787602][ T6209] [pid 6209] exit_group(0) = ? [pid 6209] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6209, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=17 /* 0.17 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./349", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./349", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./349/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./349/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./349/binderfs") = 0 [ 345.980319][ T13] [ 345.980319][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 345.980319][ T13] [ 345.990885][ T13] [ 345.990885][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 345.990885][ T13] [ 346.001594][ T5827] [ 346.001594][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 346.001594][ T5827] [ 346.012626][ T112] [ 346.012626][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 346.012626][ T112] [ 346.023224][ T5827] umount2("./349/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./349/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./349/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 346.023224][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 346.023224][ T5827] umount2("./349/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./349/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./349/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./349") = 0 mkdir("./350", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6210 attached , child_tidptr=0x55556c245750) = 6210 [pid 6210] set_robust_list(0x55556c245760, 24) = 0 [pid 6210] chdir("./350") = 0 [pid 6210] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6210] setpgid(0, 0) = 0 [pid 6210] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6210] write(3, "1000", 4) = 4 [pid 6210] close(3) = 0 [pid 6210] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6210] write(1, "executing program\n", 18executing program ) = 18 [pid 6210] memfd_create("syzkaller", 0) = 3 [pid 6210] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6210] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6210] munmap(0x7fac16400000, 138412032) = 0 [pid 6210] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6210] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6210] close(3) = 0 [pid 6210] close(4) = 0 [pid 6210] mkdir("./bus", 0777) = 0 [pid 6210] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6210] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6210] chdir("./bus") = 0 [ 346.578057][ T6210] loop0: detected capacity change from 0 to 32768 [ 346.609862][ T6210] [ 346.609862][ T6210] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 346.609862][ T6210] [pid 6210] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6210] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6210] exit_group(0) = ? [pid 6210] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6210, si_uid=0, si_status=0, si_utime=0, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./350", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./350", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./350/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./350/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./350/binderfs") = 0 [ 346.798360][ T1088] [ 346.798360][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 346.798360][ T1088] [ 346.809096][ T1088] [ 346.809096][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 346.809096][ T1088] [ 346.819792][ T5827] [ 346.819792][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 346.819792][ T5827] [ 346.830771][ T112] [ 346.830771][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 346.830771][ T112] [ 346.841404][ T5827] umount2("./350/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./350/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./350/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 346.841404][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 346.841404][ T5827] umount2("./350/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./350/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./350/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./350") = 0 mkdir("./351", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6211 attached , child_tidptr=0x55556c245750) = 6211 [pid 6211] set_robust_list(0x55556c245760, 24) = 0 [pid 6211] chdir("./351") = 0 [pid 6211] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6211] setpgid(0, 0) = 0 [pid 6211] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6211] write(3, "1000", 4) = 4 [pid 6211] close(3) = 0 [pid 6211] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6211] write(1, "executing program\n", 18) = 18 [pid 6211] memfd_create("syzkaller", 0) = 3 [pid 6211] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6211] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6211] munmap(0x7fac16400000, 138412032) = 0 [pid 6211] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6211] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6211] close(3) = 0 [pid 6211] close(4) = 0 [pid 6211] mkdir("./bus", 0777) = 0 [pid 6211] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6211] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6211] chdir("./bus") = 0 [pid 6211] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6211] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6211] exit_group(0) = ? [pid 6211] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6211, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=18 /* 0.18 s */} --- [ 347.388943][ T6211] loop0: detected capacity change from 0 to 32768 [ 347.408434][ T6211] [ 347.408434][ T6211] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 347.408434][ T6211] umount2("./351", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./351", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./351/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./351/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./351/binderfs") = 0 [ 347.566416][ T13] [ 347.566416][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 347.566416][ T13] [ 347.577059][ T13] [ 347.577059][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 347.577059][ T13] [ 347.588383][ T112] [ 347.588383][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 347.588383][ T112] [ 347.599031][ T5827] [ 347.599031][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 347.599031][ T5827] [ 347.609913][ T5827] umount2("./351/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./351/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./351/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 347.609913][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 347.609913][ T5827] umount2("./351/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./351/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./351/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./351") = 0 mkdir("./352", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6212 attached , child_tidptr=0x55556c245750) = 6212 [pid 6212] set_robust_list(0x55556c245760, 24) = 0 [pid 6212] chdir("./352") = 0 [pid 6212] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6212] setpgid(0, 0) = 0 [pid 6212] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6212] write(3, "1000", 4) = 4 [pid 6212] close(3) = 0 [pid 6212] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6212] write(1, "executing program\n", 18) = 18 [pid 6212] memfd_create("syzkaller", 0) = 3 [pid 6212] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6212] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6212] munmap(0x7fac16400000, 138412032) = 0 [pid 6212] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6212] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6212] close(3) = 0 [pid 6212] close(4) = 0 [pid 6212] mkdir("./bus", 0777) = 0 [pid 6212] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6212] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6212] chdir("./bus") = 0 [pid 6212] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6212] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6212] exit_group(0) = ? [pid 6212] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6212, si_uid=0, si_status=0, si_utime=0, si_stime=18 /* 0.18 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 348.185695][ T6212] loop0: detected capacity change from 0 to 32768 [ 348.217656][ T6212] [ 348.217656][ T6212] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 348.217656][ T6212] umount2("./352", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./352", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./352/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./352/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./352/binderfs") = 0 [ 348.389413][ T1088] [ 348.389413][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 348.389413][ T1088] [ 348.399964][ T1088] [ 348.399964][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 348.399964][ T1088] [ 348.411024][ T5827] [ 348.411024][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 348.411024][ T5827] [ 348.421737][ T112] [ 348.421737][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 348.421737][ T112] [ 348.432351][ T5827] umount2("./352/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./352/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./352/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 348.432351][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 348.432351][ T5827] umount2("./352/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./352/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./352/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./352") = 0 mkdir("./353", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6213 attached , child_tidptr=0x55556c245750) = 6213 [pid 6213] set_robust_list(0x55556c245760, 24) = 0 [pid 6213] chdir("./353") = 0 [pid 6213] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6213] setpgid(0, 0) = 0 [pid 6213] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6213] write(3, "1000", 4) = 4 [pid 6213] close(3) = 0 [pid 6213] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6213] write(1, "executing program\n", 18) = 18 [pid 6213] memfd_create("syzkaller", 0) = 3 [pid 6213] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6213] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6213] munmap(0x7fac16400000, 138412032) = 0 [pid 6213] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6213] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6213] close(3) = 0 [pid 6213] close(4) = 0 [pid 6213] mkdir("./bus", 0777) = 0 [pid 6213] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6213] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6213] chdir("./bus") = 0 [pid 6213] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6213] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6213] exit_group(0) = ? [pid 6213] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6213, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=14 /* 0.14 s */} --- [ 349.023725][ T6213] loop0: detected capacity change from 0 to 32768 [ 349.046800][ T6213] [ 349.046800][ T6213] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 349.046800][ T6213] umount2("./353", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./353", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./353/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./353/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./353/binderfs") = 0 [ 349.232113][ T1088] [ 349.232113][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 349.232113][ T1088] [ 349.242694][ T1088] [ 349.242694][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 349.242694][ T1088] [ 349.253692][ T113] [ 349.253692][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 349.253692][ T113] [ 349.264312][ T5827] [ 349.264312][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 349.264312][ T5827] [ 349.275074][ T5827] umount2("./353/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./353/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./353/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 349.275074][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 349.275074][ T5827] umount2("./353/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./353/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./353/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./353") = 0 mkdir("./354", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6214 attached [pid 6214] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 6214 [pid 6214] <... set_robust_list resumed>) = 0 [pid 6214] chdir("./354") = 0 [pid 6214] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6214] setpgid(0, 0) = 0 [pid 6214] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6214] write(3, "1000", 4) = 4 [pid 6214] close(3) = 0 [pid 6214] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6214] write(1, "executing program\n", 18) = 18 [pid 6214] memfd_create("syzkaller", 0) = 3 [pid 6214] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6214] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6214] munmap(0x7fac16400000, 138412032) = 0 [pid 6214] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6214] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6214] close(3) = 0 [pid 6214] close(4) = 0 [pid 6214] mkdir("./bus", 0777) = 0 [pid 6214] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6214] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6214] chdir("./bus") = 0 [ 349.876038][ T6214] loop0: detected capacity change from 0 to 32768 [ 349.913148][ T6214] [ 349.913148][ T6214] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 349.913148][ T6214] [pid 6214] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6214] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6214] exit_group(0) = ? [pid 6214] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6214, si_uid=0, si_status=0, si_utime=0, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./354", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./354", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./354/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./354/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./354/binderfs") = 0 [ 350.100035][ T13] [ 350.100035][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 350.100035][ T13] [ 350.110642][ T13] [ 350.110642][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 350.110642][ T13] [ 350.121642][ T113] [ 350.121642][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 350.121642][ T113] [ 350.132230][ T5827] [ 350.132230][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 350.132230][ T5827] [ 350.143085][ T5827] umount2("./354/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./354/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./354/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./354/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 350.143085][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 350.143085][ T5827] openat(AT_FDCWD, "./354/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./354/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./354") = 0 mkdir("./355", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6215 attached , child_tidptr=0x55556c245750) = 6215 [pid 6215] set_robust_list(0x55556c245760, 24) = 0 [pid 6215] chdir("./355") = 0 [pid 6215] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6215] setpgid(0, 0) = 0 [pid 6215] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6215] write(3, "1000", 4) = 4 [pid 6215] close(3) = 0 [pid 6215] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6215] write(1, "executing program\n", 18) = 18 [pid 6215] memfd_create("syzkaller", 0) = 3 [pid 6215] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6215] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6215] munmap(0x7fac16400000, 138412032) = 0 [pid 6215] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6215] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6215] close(3) = 0 [pid 6215] close(4) = 0 [pid 6215] mkdir("./bus", 0777) = 0 [pid 6215] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6215] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6215] chdir("./bus") = 0 [pid 6215] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6215] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [ 350.708945][ T6215] loop0: detected capacity change from 0 to 32768 [ 350.738503][ T6215] [ 350.738503][ T6215] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 350.738503][ T6215] [pid 6215] exit_group(0) = ? [pid 6215] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6215, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=18 /* 0.18 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./355", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./355", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./355/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./355/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./355/binderfs") = 0 [ 350.938122][ T1088] [ 350.938122][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 350.938122][ T1088] [ 350.948687][ T1088] [ 350.948687][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 350.948687][ T1088] [ 350.959459][ T5827] [ 350.959459][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 350.959459][ T5827] [ 350.970716][ T113] [ 350.970716][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 350.970716][ T113] [ 350.981475][ T5827] umount2("./355/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./355/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./355/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 350.981475][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 350.981475][ T5827] umount2("./355/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./355/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./355/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./355") = 0 mkdir("./356", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6216 attached [pid 6216] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 6216 [pid 6216] <... set_robust_list resumed>) = 0 [pid 6216] chdir("./356") = 0 [pid 6216] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6216] setpgid(0, 0) = 0 [pid 6216] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6216] write(3, "1000", 4) = 4 [pid 6216] close(3) = 0 [pid 6216] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6216] write(1, "executing program\n", 18) = 18 [pid 6216] memfd_create("syzkaller", 0) = 3 [pid 6216] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6216] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6216] munmap(0x7fac16400000, 138412032) = 0 [pid 6216] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6216] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6216] close(3) = 0 [pid 6216] close(4) = 0 [pid 6216] mkdir("./bus", 0777) = 0 [pid 6216] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6216] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6216] chdir("./bus") = 0 [pid 6216] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6216] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6216] exit_group(0) = ? [ 351.565196][ T6216] loop0: detected capacity change from 0 to 32768 [ 351.594513][ T6216] [ 351.594513][ T6216] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 351.594513][ T6216] [pid 6216] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6216, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=17 /* 0.17 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./356", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./356", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./356/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./356/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./356/binderfs") = 0 [ 351.763561][ T13] [ 351.763561][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 351.763561][ T13] [ 351.774116][ T13] [ 351.774116][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 351.774116][ T13] [ 351.785265][ T112] [ 351.785265][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 351.785265][ T112] [ 351.795960][ T5827] [ 351.795960][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 351.795960][ T5827] [ 351.806845][ T5827] umount2("./356/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./356/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./356/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 351.806845][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 351.806845][ T5827] umount2("./356/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./356/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./356/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./356") = 0 mkdir("./357", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6217 attached , child_tidptr=0x55556c245750) = 6217 [pid 6217] set_robust_list(0x55556c245760, 24) = 0 [pid 6217] chdir("./357") = 0 [pid 6217] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6217] setpgid(0, 0) = 0 [pid 6217] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6217] write(3, "1000", 4) = 4 [pid 6217] close(3) = 0 [pid 6217] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6217] write(1, "executing program\n", 18) = 18 [pid 6217] memfd_create("syzkaller", 0) = 3 [pid 6217] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6217] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6217] munmap(0x7fac16400000, 138412032) = 0 [pid 6217] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6217] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6217] close(3) = 0 [pid 6217] close(4) = 0 [pid 6217] mkdir("./bus", 0777) = 0 [ 352.404990][ T6217] loop0: detected capacity change from 0 to 32768 [pid 6217] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6217] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6217] chdir("./bus") = 0 [pid 6217] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6217] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6217] exit_group(0) = ? [pid 6217] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6217, si_uid=0, si_status=0, si_utime=0, si_stime=18 /* 0.18 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./357", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./357", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 352.453644][ T6217] [ 352.453644][ T6217] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 352.453644][ T6217] getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./357/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./357/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./357/binderfs") = 0 [ 352.589825][ T13] [ 352.589825][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 352.589825][ T13] [ 352.600375][ T13] [ 352.600375][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 352.600375][ T13] [ 352.611218][ T5827] [ 352.611218][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 352.611218][ T5827] [ 352.622332][ T113] [ 352.622332][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 352.622332][ T113] [ 352.632897][ T5827] umount2("./357/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./357/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./357/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./357/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 352.632897][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 352.632897][ T5827] openat(AT_FDCWD, "./357/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./357/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./357") = 0 mkdir("./358", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6218 attached , child_tidptr=0x55556c245750) = 6218 [pid 6218] set_robust_list(0x55556c245760, 24) = 0 [pid 6218] chdir("./358") = 0 [pid 6218] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6218] setpgid(0, 0) = 0 [pid 6218] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6218] write(3, "1000", 4) = 4 [pid 6218] close(3) = 0 [pid 6218] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6218] write(1, "executing program\n", 18) = 18 [pid 6218] memfd_create("syzkaller", 0) = 3 [pid 6218] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6218] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6218] munmap(0x7fac16400000, 138412032) = 0 [pid 6218] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6218] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6218] close(3) = 0 [pid 6218] close(4) = 0 [pid 6218] mkdir("./bus", 0777) = 0 [pid 6218] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6218] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6218] chdir("./bus") = 0 [pid 6218] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 353.166798][ T6218] loop0: detected capacity change from 0 to 32768 [ 353.202705][ T6218] [ 353.202705][ T6218] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 353.202705][ T6218] [pid 6218] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6218] exit_group(0) = ? [pid 6218] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6218, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=18 /* 0.18 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./358", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./358", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./358/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./358/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./358/binderfs") = 0 [ 353.279859][ T1088] [ 353.279859][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 353.279859][ T1088] [ 353.292226][ T1088] [ 353.292226][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 353.292226][ T1088] [ 353.303348][ T5827] [ 353.303348][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 353.303348][ T5827] [ 353.314219][ T112] [ 353.314219][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 353.314219][ T112] [ 353.325029][ T5827] umount2("./358/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./358/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./358/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./358/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./358/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./358/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./358") = 0 mkdir("./359", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 353.325029][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 353.325029][ T5827] ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6219 attached [pid 6219] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 6219 [pid 6219] <... set_robust_list resumed>) = 0 [pid 6219] chdir("./359") = 0 [pid 6219] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6219] setpgid(0, 0) = 0 [pid 6219] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6219] write(3, "1000", 4) = 4 [pid 6219] close(3) = 0 [pid 6219] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6219] write(1, "executing program\n", 18) = 18 [pid 6219] memfd_create("syzkaller", 0) = 3 [pid 6219] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6219] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6219] munmap(0x7fac16400000, 138412032) = 0 [pid 6219] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6219] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6219] close(3) = 0 [pid 6219] close(4) = 0 [pid 6219] mkdir("./bus", 0777) = 0 [ 353.751423][ T6219] loop0: detected capacity change from 0 to 32768 [pid 6219] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6219] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6219] chdir("./bus") = 0 [pid 6219] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6219] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6219] exit_group(0) = ? [ 353.791811][ T6219] [ 353.791811][ T6219] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 353.791811][ T6219] [pid 6219] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6219, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./359", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./359", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./359/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./359/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./359/binderfs") = 0 [ 353.972549][ T36] [ 353.972549][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 353.972549][ T36] [ 353.983155][ T36] [ 353.983155][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 353.983155][ T36] [ 353.993900][ T5827] [ 353.993900][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 353.993900][ T5827] [ 354.004818][ T113] [ 354.004818][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 354.004818][ T113] [ 354.015420][ T5827] umount2("./359/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./359/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./359/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 354.015420][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 354.015420][ T5827] umount2("./359/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./359/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./359/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./359") = 0 mkdir("./360", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6220 attached , child_tidptr=0x55556c245750) = 6220 [pid 6220] set_robust_list(0x55556c245760, 24) = 0 [pid 6220] chdir("./360") = 0 [pid 6220] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6220] setpgid(0, 0) = 0 [pid 6220] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6220] write(3, "1000", 4) = 4 [pid 6220] close(3) = 0 [pid 6220] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6220] write(1, "executing program\n", 18) = 18 [pid 6220] memfd_create("syzkaller", 0) = 3 [pid 6220] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6220] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6220] munmap(0x7fac16400000, 138412032) = 0 [pid 6220] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6220] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6220] close(3) = 0 [pid 6220] close(4) = 0 [pid 6220] mkdir("./bus", 0777) = 0 [ 354.556107][ T6220] loop0: detected capacity change from 0 to 32768 [pid 6220] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6220] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6220] chdir("./bus") = 0 [pid 6220] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6220] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6220] exit_group(0) = ? [pid 6220] +++ exited with 0 +++ [ 354.621886][ T6220] [ 354.621886][ T6220] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 354.621886][ T6220] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6220, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=15 /* 0.15 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./360", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./360", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./360/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./360/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./360/binderfs") = 0 [ 354.772384][ T1088] [ 354.772384][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 354.772384][ T1088] [ 354.782960][ T1088] [ 354.782960][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 354.782960][ T1088] [ 354.794047][ T112] [ 354.794047][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 354.794047][ T112] [ 354.804655][ T5827] [ 354.804655][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 354.804655][ T5827] [ 354.815443][ T5827] umount2("./360/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./360/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./360/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 354.815443][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 354.815443][ T5827] umount2("./360/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./360/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./360/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./360") = 0 mkdir("./361", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6221 attached [pid 6221] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 6221 [pid 6221] <... set_robust_list resumed>) = 0 [pid 6221] chdir("./361") = 0 [pid 6221] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6221] setpgid(0, 0) = 0 [pid 6221] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6221] write(3, "1000", 4) = 4 [pid 6221] close(3) = 0 [pid 6221] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6221] write(1, "executing program\n", 18executing program ) = 18 [pid 6221] memfd_create("syzkaller", 0) = 3 [pid 6221] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6221] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6221] munmap(0x7fac16400000, 138412032) = 0 [pid 6221] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6221] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6221] close(3) = 0 [pid 6221] close(4) = 0 [pid 6221] mkdir("./bus", 0777) = 0 [pid 6221] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6221] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6221] chdir("./bus") = 0 [pid 6221] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 355.401197][ T6221] loop0: detected capacity change from 0 to 32768 [ 355.437784][ T6221] [ 355.437784][ T6221] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 355.437784][ T6221] [pid 6221] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6221] exit_group(0) = ? [pid 6221] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6221, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=14 /* 0.14 s */} --- umount2("./361", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./361", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./361/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./361/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./361/binderfs") = 0 [ 355.536238][ T13] [ 355.536238][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 355.536238][ T13] [ 355.546772][ T13] [ 355.546772][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 355.546772][ T13] [ 355.557921][ T112] [ 355.557921][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 355.557921][ T112] [ 355.568550][ T5827] [ 355.568550][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 355.568550][ T5827] [ 355.579414][ T5827] umount2("./361/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./361/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./361/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 355.579414][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 355.579414][ T5827] umount2("./361/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./361/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./361/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./361") = 0 mkdir("./362", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6222 attached , child_tidptr=0x55556c245750) = 6222 [pid 6222] set_robust_list(0x55556c245760, 24) = 0 [pid 6222] chdir("./362") = 0 [pid 6222] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6222] setpgid(0, 0) = 0 [pid 6222] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6222] write(3, "1000", 4) = 4 [pid 6222] close(3) = 0 [pid 6222] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6222] write(1, "executing program\n", 18) = 18 [pid 6222] memfd_create("syzkaller", 0) = 3 [pid 6222] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6222] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6222] munmap(0x7fac16400000, 138412032) = 0 [pid 6222] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6222] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6222] close(3) = 0 [pid 6222] close(4) = 0 [pid 6222] mkdir("./bus", 0777) = 0 [ 356.194783][ T6222] loop0: detected capacity change from 0 to 32768 [pid 6222] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6222] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6222] chdir("./bus") = 0 [pid 6222] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6222] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6222] exit_group(0) = ? [pid 6222] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6222, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=16 /* 0.16 s */} --- [ 356.240793][ T6222] [ 356.240793][ T6222] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 356.240793][ T6222] restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./362", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./362", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./362/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./362/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./362/binderfs") = 0 [ 356.429247][ T13] [ 356.429247][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 356.429247][ T13] [ 356.439868][ T13] [ 356.439868][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 356.439868][ T13] [ 356.450709][ T5827] [ 356.450709][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 356.450709][ T5827] [ 356.461487][ T113] [ 356.461487][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 356.461487][ T113] [ 356.472095][ T5827] umount2("./362/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./362/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./362/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./362/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./362/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./362/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./362") = 0 [ 356.472095][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 356.472095][ T5827] mkdir("./363", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6223 attached , child_tidptr=0x55556c245750) = 6223 [pid 6223] set_robust_list(0x55556c245760, 24) = 0 [pid 6223] chdir("./363") = 0 [pid 6223] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6223] setpgid(0, 0) = 0 [pid 6223] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6223] write(3, "1000", 4) = 4 [pid 6223] close(3) = 0 [pid 6223] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6223] write(1, "executing program\n", 18executing program ) = 18 [pid 6223] memfd_create("syzkaller", 0) = 3 [pid 6223] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6223] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6223] munmap(0x7fac16400000, 138412032) = 0 [pid 6223] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6223] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6223] close(3) = 0 [pid 6223] close(4) = 0 [pid 6223] mkdir("./bus", 0777) = 0 [pid 6223] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6223] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6223] chdir("./bus") = 0 [pid 6223] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6223] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6223] exit_group(0) = ? [pid 6223] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6223, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=13 /* 0.13 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 356.890518][ T6223] loop0: detected capacity change from 0 to 32768 [ 356.922616][ T6223] [ 356.922616][ T6223] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 356.922616][ T6223] umount2("./363", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./363", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./363/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./363/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./363/binderfs") = 0 [ 357.063211][ T1088] [ 357.063211][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 357.063211][ T1088] [ 357.073921][ T1088] [ 357.073921][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 357.073921][ T1088] [ 357.085293][ T112] [ 357.085293][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 357.085293][ T112] [ 357.096105][ T5827] [ 357.096105][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 357.096105][ T5827] [ 357.107288][ T5827] umount2("./363/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./363/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./363/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 357.107288][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 357.107288][ T5827] umount2("./363/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./363/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./363/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./363") = 0 mkdir("./364", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6224 attached [pid 6224] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 6224 [pid 6224] <... set_robust_list resumed>) = 0 [pid 6224] chdir("./364") = 0 [pid 6224] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6224] setpgid(0, 0) = 0 [pid 6224] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6224] write(3, "1000", 4) = 4 [pid 6224] close(3) = 0 [pid 6224] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6224] write(1, "executing program\n", 18) = 18 [pid 6224] memfd_create("syzkaller", 0) = 3 [pid 6224] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6224] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6224] munmap(0x7fac16400000, 138412032) = 0 [pid 6224] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6224] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6224] close(3) = 0 [pid 6224] close(4) = 0 [pid 6224] mkdir("./bus", 0777) = 0 [pid 6224] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6224] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6224] chdir("./bus") = 0 [pid 6224] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6224] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6224] exit_group(0) = ? [pid 6224] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6224, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=16 /* 0.16 s */} --- [ 357.665657][ T6224] loop0: detected capacity change from 0 to 32768 [ 357.692089][ T6224] [ 357.692089][ T6224] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 357.692089][ T6224] restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./364", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./364", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./364/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./364/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./364/binderfs") = 0 [ 357.860691][ T1088] [ 357.860691][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 357.860691][ T1088] [ 357.871277][ T1088] [ 357.871277][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 357.871277][ T1088] [ 357.881984][ T5827] [ 357.881984][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 357.881984][ T5827] [ 357.892865][ T112] [ 357.892865][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 357.892865][ T112] [ 357.903462][ T5827] umount2("./364/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./364/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./364/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./364/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 357.903462][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 357.903462][ T5827] openat(AT_FDCWD, "./364/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./364/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./364") = 0 mkdir("./365", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6225 attached , child_tidptr=0x55556c245750) = 6225 [pid 6225] set_robust_list(0x55556c245760, 24) = 0 [pid 6225] chdir("./365") = 0 [pid 6225] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6225] setpgid(0, 0) = 0 [pid 6225] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6225] write(3, "1000", 4) = 4 [pid 6225] close(3) = 0 [pid 6225] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6225] write(1, "executing program\n", 18executing program ) = 18 [pid 6225] memfd_create("syzkaller", 0) = 3 [pid 6225] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6225] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6225] munmap(0x7fac16400000, 138412032) = 0 [pid 6225] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6225] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6225] close(3) = 0 [pid 6225] close(4) = 0 [pid 6225] mkdir("./bus", 0777) = 0 [pid 6225] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6225] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [ 358.523584][ T6225] loop0: detected capacity change from 0 to 32768 [ 358.563085][ T6225] [ 358.563085][ T6225] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 358.563085][ T6225] [pid 6225] chdir("./bus") = 0 [pid 6225] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6225] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6225] exit_group(0) = ? [pid 6225] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6225, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=14 /* 0.14 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./365", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./365", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./365/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./365/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./365/binderfs") = 0 [ 358.751507][ T1088] [ 358.751507][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 358.751507][ T1088] [ 358.762132][ T1088] [ 358.762132][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 358.762132][ T1088] [ 358.773359][ T112] [ 358.773359][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 358.773359][ T112] [ 358.784051][ T5827] [ 358.784051][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 358.784051][ T5827] [ 358.795119][ T5827] umount2("./365/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./365/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./365/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./365/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./365/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 358.795119][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 358.795119][ T5827] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./365/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./365") = 0 mkdir("./366", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6226 attached , child_tidptr=0x55556c245750) = 6226 [pid 6226] set_robust_list(0x55556c245760, 24) = 0 [pid 6226] chdir("./366") = 0 [pid 6226] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6226] setpgid(0, 0) = 0 [pid 6226] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6226] write(3, "1000", 4) = 4 [pid 6226] close(3) = 0 [pid 6226] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6226] write(1, "executing program\n", 18) = 18 [pid 6226] memfd_create("syzkaller", 0) = 3 [pid 6226] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6226] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6226] munmap(0x7fac16400000, 138412032) = 0 [pid 6226] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6226] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6226] close(3) = 0 [pid 6226] close(4) = 0 [pid 6226] mkdir("./bus", 0777) = 0 [pid 6226] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6226] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [ 359.324346][ T6226] loop0: detected capacity change from 0 to 32768 [ 359.360520][ T6226] [ 359.360520][ T6226] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 359.360520][ T6226] [pid 6226] chdir("./bus") = 0 [pid 6226] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6226] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6226] exit_group(0) = ? [pid 6226] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6226, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./366", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./366", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./366/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./366/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./366/binderfs") = 0 [ 359.570232][ T36] [ 359.570232][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 359.570232][ T36] [ 359.580835][ T36] [ 359.580835][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 359.580835][ T36] [ 359.591540][ T5827] [ 359.591540][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 359.591540][ T5827] [ 359.603051][ T112] [ 359.603051][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 359.603051][ T112] [ 359.613725][ T5827] umount2("./366/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./366/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./366/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 359.613725][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 359.613725][ T5827] umount2("./366/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./366/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./366/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./366") = 0 mkdir("./367", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6227 attached , child_tidptr=0x55556c245750) = 6227 [pid 6227] set_robust_list(0x55556c245760, 24) = 0 [pid 6227] chdir("./367") = 0 [pid 6227] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6227] setpgid(0, 0) = 0 [pid 6227] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6227] write(3, "1000", 4) = 4 [pid 6227] close(3) = 0 [pid 6227] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6227] write(1, "executing program\n", 18) = 18 [pid 6227] memfd_create("syzkaller", 0) = 3 [pid 6227] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6227] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6227] munmap(0x7fac16400000, 138412032) = 0 [pid 6227] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6227] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6227] close(3) = 0 [pid 6227] close(4) = 0 [pid 6227] mkdir("./bus", 0777) = 0 [pid 6227] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6227] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6227] chdir("./bus") = 0 [pid 6227] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6227] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6227] exit_group(0) = ? [pid 6227] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6227, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=18 /* 0.18 s */} --- [ 360.227529][ T6227] loop0: detected capacity change from 0 to 32768 [ 360.256410][ T6227] [ 360.256410][ T6227] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 360.256410][ T6227] restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./367", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./367", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./367/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./367/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./367/binderfs") = 0 [ 360.446420][ T36] [ 360.446420][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 360.446420][ T36] [ 360.457094][ T36] [ 360.457094][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 360.457094][ T36] [ 360.468793][ T112] [ 360.468793][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 360.468793][ T112] [ 360.479440][ T5827] [ 360.479440][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 360.479440][ T5827] [ 360.490201][ T5827] umount2("./367/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./367/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./367/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 360.490201][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 360.490201][ T5827] umount2("./367/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./367/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./367/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./367") = 0 mkdir("./368", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6228 attached , child_tidptr=0x55556c245750) = 6228 [pid 6228] set_robust_list(0x55556c245760, 24) = 0 [pid 6228] chdir("./368") = 0 [pid 6228] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6228] setpgid(0, 0) = 0 [pid 6228] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6228] write(3, "1000", 4) = 4 [pid 6228] close(3) = 0 [pid 6228] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6228] write(1, "executing program\n", 18executing program ) = 18 [pid 6228] memfd_create("syzkaller", 0) = 3 [pid 6228] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6228] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6228] munmap(0x7fac16400000, 138412032) = 0 [pid 6228] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6228] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6228] close(3) = 0 [pid 6228] close(4) = 0 [pid 6228] mkdir("./bus", 0777) = 0 [ 361.094819][ T6228] loop0: detected capacity change from 0 to 32768 [pid 6228] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6228] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6228] chdir("./bus") = 0 [pid 6228] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 361.142008][ T6228] [ 361.142008][ T6228] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 361.142008][ T6228] [pid 6228] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6228] exit_group(0) = ? [pid 6228] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6228, si_uid=0, si_status=0, si_utime=0, si_stime=20 /* 0.20 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./368", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./368", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./368/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./368/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./368/binderfs") = 0 [ 361.350975][ T36] [ 361.350975][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 361.350975][ T36] [ 361.361738][ T36] [ 361.361738][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 361.361738][ T36] [ 361.373117][ T113] [ 361.373117][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 361.373117][ T113] [ 361.383709][ T5827] [ 361.383709][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 361.383709][ T5827] [ 361.394481][ T5827] umount2("./368/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./368/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./368/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./368/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 361.394481][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 361.394481][ T5827] openat(AT_FDCWD, "./368/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./368/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./368") = 0 mkdir("./369", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6229 attached , child_tidptr=0x55556c245750) = 6229 [pid 6229] set_robust_list(0x55556c245760, 24) = 0 [pid 6229] chdir("./369") = 0 [pid 6229] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6229] setpgid(0, 0) = 0 [pid 6229] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6229] write(3, "1000", 4) = 4 [pid 6229] close(3) = 0 [pid 6229] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6229] write(1, "executing program\n", 18executing program ) = 18 [pid 6229] memfd_create("syzkaller", 0) = 3 [pid 6229] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6229] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6229] munmap(0x7fac16400000, 138412032) = 0 [pid 6229] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6229] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6229] close(3) = 0 [pid 6229] close(4) = 0 [pid 6229] mkdir("./bus", 0777) = 0 [pid 6229] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6229] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6229] chdir("./bus") = 0 [pid 6229] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6229] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [ 361.918945][ T6229] loop0: detected capacity change from 0 to 32768 [ 361.954834][ T6229] [ 361.954834][ T6229] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 361.954834][ T6229] [pid 6229] exit_group(0) = ? [pid 6229] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6229, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=14 /* 0.14 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./369", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./369", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./369/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./369/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./369/binderfs") = 0 [ 362.144810][ T1088] [ 362.144810][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 362.144810][ T1088] [ 362.155527][ T1088] [ 362.155527][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 362.155527][ T1088] [ 362.166310][ T5827] [ 362.166310][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 362.166310][ T5827] [ 362.177337][ T113] [ 362.177337][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 362.177337][ T113] [ 362.187945][ T5827] umount2("./369/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./369/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./369/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 362.187945][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 362.187945][ T5827] umount2("./369/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./369/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./369/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./369") = 0 mkdir("./370", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6230 attached [pid 6230] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 6230 [pid 6230] <... set_robust_list resumed>) = 0 [pid 6230] chdir("./370") = 0 [pid 6230] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6230] setpgid(0, 0) = 0 [pid 6230] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6230] write(3, "1000", 4) = 4 [pid 6230] close(3) = 0 [pid 6230] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6230] write(1, "executing program\n", 18executing program ) = 18 [pid 6230] memfd_create("syzkaller", 0) = 3 [pid 6230] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6230] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6230] munmap(0x7fac16400000, 138412032) = 0 [pid 6230] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6230] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6230] close(3) = 0 [pid 6230] close(4) = 0 [pid 6230] mkdir("./bus", 0777) = 0 [ 362.721470][ T6230] loop0: detected capacity change from 0 to 32768 [pid 6230] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6230] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6230] chdir("./bus") = 0 [pid 6230] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6230] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6230] exit_group(0) = ? [pid 6230] +++ exited with 0 +++ [ 362.767379][ T6230] [ 362.767379][ T6230] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 362.767379][ T6230] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6230, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=17 /* 0.17 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./370", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./370", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./370/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./370/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./370/binderfs") = 0 [ 362.964565][ T1088] [ 362.964565][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 362.964565][ T1088] [ 362.975442][ T1088] [ 362.975442][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 362.975442][ T1088] [ 362.986746][ T112] [ 362.986746][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 362.986746][ T112] [ 362.997329][ T5827] [ 362.997329][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 362.997329][ T5827] [ 363.008155][ T5827] umount2("./370/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./370/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./370/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 363.008155][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 363.008155][ T5827] umount2("./370/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./370/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./370/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./370") = 0 mkdir("./371", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6231 attached , child_tidptr=0x55556c245750) = 6231 [pid 6231] set_robust_list(0x55556c245760, 24) = 0 [pid 6231] chdir("./371") = 0 [pid 6231] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6231] setpgid(0, 0) = 0 [pid 6231] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6231] write(3, "1000", 4) = 4 [pid 6231] close(3) = 0 [pid 6231] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6231] write(1, "executing program\n", 18) = 18 [pid 6231] memfd_create("syzkaller", 0) = 3 [pid 6231] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6231] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6231] munmap(0x7fac16400000, 138412032) = 0 [pid 6231] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6231] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6231] close(3) = 0 [pid 6231] close(4) = 0 [pid 6231] mkdir("./bus", 0777) = 0 [ 363.569966][ T6231] loop0: detected capacity change from 0 to 32768 [pid 6231] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6231] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6231] chdir("./bus") = 0 [pid 6231] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6231] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6231] exit_group(0) = ? [pid 6231] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6231, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=18 /* 0.18 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./371", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./371", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 363.620028][ T6231] [ 363.620028][ T6231] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 363.620028][ T6231] getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./371/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./371/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./371/binderfs") = 0 [ 363.750464][ T1088] [ 363.750464][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 363.750464][ T1088] [ 363.761069][ T1088] [ 363.761069][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 363.761069][ T1088] [ 363.772657][ T113] [ 363.772657][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 363.772657][ T113] [ 363.783583][ T5827] [ 363.783583][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 363.783583][ T5827] [ 363.794497][ T5827] umount2("./371/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./371/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./371/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./371/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 363.794497][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 363.794497][ T5827] openat(AT_FDCWD, "./371/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./371/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./371") = 0 mkdir("./372", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6232 attached , child_tidptr=0x55556c245750) = 6232 [pid 6232] set_robust_list(0x55556c245760, 24) = 0 [pid 6232] chdir("./372") = 0 [pid 6232] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6232] setpgid(0, 0) = 0 [pid 6232] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6232] write(3, "1000", 4) = 4 [pid 6232] close(3) = 0 [pid 6232] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6232] write(1, "executing program\n", 18executing program ) = 18 [pid 6232] memfd_create("syzkaller", 0) = 3 [pid 6232] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6232] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6232] munmap(0x7fac16400000, 138412032) = 0 [pid 6232] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6232] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6232] close(3) = 0 [pid 6232] close(4) = 0 [pid 6232] mkdir("./bus", 0777) = 0 [pid 6232] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6232] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6232] chdir("./bus") = 0 [pid 6232] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6232] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [ 364.316045][ T6232] loop0: detected capacity change from 0 to 32768 [ 364.346684][ T6232] [ 364.346684][ T6232] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 364.346684][ T6232] [pid 6232] exit_group(0) = ? [pid 6232] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6232, si_uid=0, si_status=0, si_utime=0, si_stime=18 /* 0.18 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./372", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./372", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./372/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./372/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./372/binderfs") = 0 [ 364.537763][ T36] [ 364.537763][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 364.537763][ T36] [ 364.548375][ T36] [ 364.548375][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 364.548375][ T36] [ 364.559890][ T113] [ 364.559890][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 364.559890][ T113] [ 364.570686][ T5827] [ 364.570686][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 364.570686][ T5827] [ 364.581611][ T5827] umount2("./372/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./372/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./372/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 364.581611][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 364.581611][ T5827] umount2("./372/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./372/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./372/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./372") = 0 mkdir("./373", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6233 attached , child_tidptr=0x55556c245750) = 6233 [pid 6233] set_robust_list(0x55556c245760, 24) = 0 [pid 6233] chdir("./373") = 0 [pid 6233] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6233] setpgid(0, 0) = 0 [pid 6233] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6233] write(3, "1000", 4) = 4 [pid 6233] close(3) = 0 [pid 6233] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6233] write(1, "executing program\n", 18executing program ) = 18 [pid 6233] memfd_create("syzkaller", 0) = 3 [pid 6233] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6233] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6233] munmap(0x7fac16400000, 138412032) = 0 [pid 6233] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6233] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6233] close(3) = 0 [pid 6233] close(4) = 0 [pid 6233] mkdir("./bus", 0777) = 0 [ 365.209622][ T6233] loop0: detected capacity change from 0 to 32768 [pid 6233] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6233] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6233] chdir("./bus") = 0 [pid 6233] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6233] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6233] exit_group(0) = ? [pid 6233] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6233, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=14 /* 0.14 s */} --- [ 365.254007][ T6233] [ 365.254007][ T6233] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 365.254007][ T6233] restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./373", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./373", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./373/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./373/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./373/binderfs") = 0 [ 365.452253][ T36] [ 365.452253][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 365.452253][ T36] [ 365.462833][ T36] [ 365.462833][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 365.462833][ T36] [ 365.473679][ T5827] [ 365.473679][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 365.473679][ T5827] [ 365.484584][ T112] [ 365.484584][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 365.484584][ T112] [ 365.495351][ T5827] umount2("./373/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./373/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./373/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./373/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./373/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 [ 365.495351][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 365.495351][ T5827] rmdir("./373/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./373") = 0 mkdir("./374", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6234 attached , child_tidptr=0x55556c245750) = 6234 [pid 6234] set_robust_list(0x55556c245760, 24) = 0 [pid 6234] chdir("./374") = 0 [pid 6234] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6234] setpgid(0, 0) = 0 [pid 6234] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6234] write(3, "1000", 4) = 4 [pid 6234] close(3) = 0 [pid 6234] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6234] write(1, "executing program\n", 18) = 18 [pid 6234] memfd_create("syzkaller", 0) = 3 [pid 6234] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6234] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6234] munmap(0x7fac16400000, 138412032) = 0 [pid 6234] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6234] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6234] close(3) = 0 [pid 6234] close(4) = 0 [pid 6234] mkdir("./bus", 0777) = 0 [ 366.015251][ T6234] loop0: detected capacity change from 0 to 32768 [pid 6234] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6234] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6234] chdir("./bus") = 0 [pid 6234] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6234] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6234] exit_group(0) = ? [pid 6234] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6234, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=18 /* 0.18 s */} --- [ 366.061555][ T6234] [ 366.061555][ T6234] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 366.061555][ T6234] restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./374", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./374", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./374/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./374/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./374/binderfs") = 0 [ 366.249413][ T36] [ 366.249413][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 366.249413][ T36] [ 366.260076][ T36] [ 366.260076][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 366.260076][ T36] [ 366.270831][ T5827] [ 366.270831][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 366.270831][ T5827] [ 366.281590][ T113] [ 366.281590][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 366.281590][ T113] [ 366.292277][ T5827] umount2("./374/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./374/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./374/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./374/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 366.292277][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 366.292277][ T5827] openat(AT_FDCWD, "./374/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./374/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./374") = 0 mkdir("./375", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6235 attached , child_tidptr=0x55556c245750) = 6235 [pid 6235] set_robust_list(0x55556c245760, 24) = 0 [pid 6235] chdir("./375") = 0 [pid 6235] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6235] setpgid(0, 0) = 0 [pid 6235] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6235] write(3, "1000", 4) = 4 [pid 6235] close(3) = 0 [pid 6235] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6235] write(1, "executing program\n", 18executing program ) = 18 [pid 6235] memfd_create("syzkaller", 0) = 3 [pid 6235] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6235] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6235] munmap(0x7fac16400000, 138412032) = 0 [pid 6235] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6235] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6235] close(3) = 0 [pid 6235] close(4) = 0 [pid 6235] mkdir("./bus", 0777) = 0 [pid 6235] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6235] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6235] chdir("./bus") = 0 [pid 6235] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6235] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6235] exit_group(0) = ? [pid 6235] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6235, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=17 /* 0.17 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 366.890808][ T6235] loop0: detected capacity change from 0 to 32768 [ 366.920737][ T6235] [ 366.920737][ T6235] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 366.920737][ T6235] umount2("./375", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./375", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./375/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./375/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./375/binderfs") = 0 [ 367.076196][ T1088] [ 367.076196][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 367.076196][ T1088] [ 367.086766][ T1088] [ 367.086766][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 367.086766][ T1088] [ 367.097937][ T112] [ 367.097937][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 367.097937][ T112] [ 367.108892][ T5827] [ 367.108892][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 367.108892][ T5827] [ 367.119747][ T5827] umount2("./375/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./375/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./375/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 367.119747][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 367.119747][ T5827] umount2("./375/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./375/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./375/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./375") = 0 mkdir("./376", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6236 attached , child_tidptr=0x55556c245750) = 6236 [pid 6236] set_robust_list(0x55556c245760, 24) = 0 [pid 6236] chdir("./376") = 0 [pid 6236] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6236] setpgid(0, 0) = 0 [pid 6236] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6236] write(3, "1000", 4) = 4 [pid 6236] close(3) = 0 [pid 6236] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6236] write(1, "executing program\n", 18) = 18 [pid 6236] memfd_create("syzkaller", 0) = 3 [pid 6236] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6236] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6236] munmap(0x7fac16400000, 138412032) = 0 [pid 6236] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6236] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6236] close(3) = 0 [pid 6236] close(4) = 0 [pid 6236] mkdir("./bus", 0777) = 0 [ 367.695432][ T6236] loop0: detected capacity change from 0 to 32768 [pid 6236] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6236] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6236] chdir("./bus") = 0 [pid 6236] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6236] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6236] exit_group(0) = ? [pid 6236] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6236, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=16 /* 0.16 s */} --- [ 367.745527][ T6236] [ 367.745527][ T6236] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 367.745527][ T6236] restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./376", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./376", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./376/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./376/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./376/binderfs") = 0 [ 367.926314][ T1088] [ 367.926314][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 367.926314][ T1088] [ 367.936885][ T1088] [ 367.936885][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 367.936885][ T1088] [ 367.947935][ T5827] [ 367.947935][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 367.947935][ T5827] [ 367.958971][ T112] [ 367.958971][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 367.958971][ T112] [ 367.969627][ T5827] umount2("./376/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./376/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./376/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./376/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./376/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 [ 367.969627][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 367.969627][ T5827] rmdir("./376/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./376") = 0 mkdir("./377", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6237 attached [pid 6237] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 6237 [pid 6237] <... set_robust_list resumed>) = 0 [pid 6237] chdir("./377") = 0 [pid 6237] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6237] setpgid(0, 0) = 0 [pid 6237] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6237] write(3, "1000", 4) = 4 [pid 6237] close(3) = 0 [pid 6237] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6237] write(1, "executing program\n", 18executing program ) = 18 [pid 6237] memfd_create("syzkaller", 0) = 3 [pid 6237] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6237] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6237] munmap(0x7fac16400000, 138412032) = 0 [pid 6237] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6237] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6237] close(3) = 0 [pid 6237] close(4) = 0 [pid 6237] mkdir("./bus", 0777) = 0 [pid 6237] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6237] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6237] chdir("./bus") = 0 [pid 6237] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6237] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6237] exit_group(0) = ? [pid 6237] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6237, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=17 /* 0.17 s */} --- [ 368.493484][ T6237] loop0: detected capacity change from 0 to 32768 [ 368.531827][ T6237] [ 368.531827][ T6237] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 368.531827][ T6237] restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./377", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./377", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./377/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./377/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./377/binderfs") = 0 [ 368.711357][ T1088] [ 368.711357][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 368.711357][ T1088] [ 368.721925][ T1088] [ 368.721925][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 368.721925][ T1088] [ 368.732956][ T5827] [ 368.732956][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 368.732956][ T5827] [ 368.743874][ T113] [ 368.743874][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 368.743874][ T113] [ 368.754706][ T5827] umount2("./377/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./377/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./377/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 368.754706][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 368.754706][ T5827] umount2("./377/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./377/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./377/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./377") = 0 mkdir("./378", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6238 attached , child_tidptr=0x55556c245750) = 6238 [pid 6238] set_robust_list(0x55556c245760, 24) = 0 [pid 6238] chdir("./378") = 0 [pid 6238] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6238] setpgid(0, 0) = 0 [pid 6238] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6238] write(3, "1000", 4) = 4 [pid 6238] close(3) = 0 [pid 6238] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6238] write(1, "executing program\n", 18) = 18 [pid 6238] memfd_create("syzkaller", 0) = 3 [pid 6238] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6238] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6238] munmap(0x7fac16400000, 138412032) = 0 [pid 6238] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6238] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6238] close(3) = 0 [pid 6238] close(4) = 0 [pid 6238] mkdir("./bus", 0777) = 0 [pid 6238] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6238] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6238] chdir("./bus") = 0 [pid 6238] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 369.336297][ T6238] loop0: detected capacity change from 0 to 32768 [ 369.369578][ T6238] [ 369.369578][ T6238] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 369.369578][ T6238] [pid 6238] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6238] exit_group(0) = ? [pid 6238] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6238, si_uid=0, si_status=0, si_utime=0, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./378", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./378", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./378/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./378/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./378/binderfs") = 0 [ 369.547763][ T1088] [ 369.547763][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 369.547763][ T1088] [ 369.558344][ T1088] [ 369.558344][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 369.558344][ T1088] [ 369.569320][ T112] [ 369.569320][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 369.569320][ T112] [ 369.579909][ T5827] [ 369.579909][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 369.579909][ T5827] [ 369.590852][ T5827] umount2("./378/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./378/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./378/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 369.590852][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 369.590852][ T5827] umount2("./378/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./378/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./378/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./378") = 0 mkdir("./379", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6239 attached , child_tidptr=0x55556c245750) = 6239 [pid 6239] set_robust_list(0x55556c245760, 24) = 0 [pid 6239] chdir("./379") = 0 [pid 6239] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6239] setpgid(0, 0) = 0 [pid 6239] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6239] write(3, "1000", 4) = 4 [pid 6239] close(3) = 0 [pid 6239] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6239] write(1, "executing program\n", 18executing program ) = 18 [pid 6239] memfd_create("syzkaller", 0) = 3 [pid 6239] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6239] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6239] munmap(0x7fac16400000, 138412032) = 0 [pid 6239] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6239] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6239] close(3) = 0 [pid 6239] close(4) = 0 [pid 6239] mkdir("./bus", 0777) = 0 [pid 6239] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6239] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6239] chdir("./bus") = 0 [pid 6239] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6239] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [ 370.092706][ T6239] loop0: detected capacity change from 0 to 32768 [ 370.130377][ T6239] [ 370.130377][ T6239] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 370.130377][ T6239] [pid 6239] exit_group(0) = ? [pid 6239] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6239, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=18 /* 0.18 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./379", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./379", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./379/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./379/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./379/binderfs") = 0 [ 370.312421][ T36] [ 370.312421][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 370.312421][ T36] [ 370.323485][ T36] [ 370.323485][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 370.323485][ T36] [ 370.334542][ T113] [ 370.334542][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 370.334542][ T113] [ 370.345262][ T5827] [ 370.345262][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 370.345262][ T5827] [ 370.356886][ T5827] umount2("./379/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./379/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./379/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./379/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 370.356886][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 370.356886][ T5827] openat(AT_FDCWD, "./379/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./379/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./379") = 0 mkdir("./380", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6240 attached , child_tidptr=0x55556c245750) = 6240 [pid 6240] set_robust_list(0x55556c245760, 24) = 0 [pid 6240] chdir("./380") = 0 [pid 6240] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6240] setpgid(0, 0) = 0 [pid 6240] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6240] write(3, "1000", 4) = 4 [pid 6240] close(3) = 0 [pid 6240] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6240] write(1, "executing program\n", 18executing program ) = 18 [pid 6240] memfd_create("syzkaller", 0) = 3 [pid 6240] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6240] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6240] munmap(0x7fac16400000, 138412032) = 0 [pid 6240] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6240] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6240] close(3) = 0 [pid 6240] close(4) = 0 [pid 6240] mkdir("./bus", 0777) = 0 [pid 6240] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6240] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6240] chdir("./bus") = 0 [pid 6240] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6240] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6240] exit_group(0) = ? [pid 6240] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6240, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=14 /* 0.14 s */} --- umount2("./380", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./380", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./380/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./380/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./380/binderfs") = 0 [ 370.920943][ T6240] loop0: detected capacity change from 0 to 32768 [ 370.941161][ T6240] [ 370.941161][ T6240] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 370.941161][ T6240] [ 370.983882][ T36] [ 370.983882][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 370.983882][ T36] [ 370.995649][ T36] [ 370.995649][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 370.995649][ T36] [ 371.007290][ T5827] [ 371.007290][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 371.007290][ T5827] [ 371.018532][ T113] [ 371.018532][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 371.018532][ T113] [ 371.029237][ T5827] umount2("./380/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./380/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./380/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./380/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 371.029237][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 371.029237][ T5827] openat(AT_FDCWD, "./380/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./380/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./380") = 0 mkdir("./381", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6241 attached , child_tidptr=0x55556c245750) = 6241 [pid 6241] set_robust_list(0x55556c245760, 24) = 0 [pid 6241] chdir("./381") = 0 [pid 6241] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6241] setpgid(0, 0) = 0 [pid 6241] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6241] write(3, "1000", 4) = 4 [pid 6241] close(3) = 0 [pid 6241] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6241] write(1, "executing program\n", 18) = 18 [pid 6241] memfd_create("syzkaller", 0) = 3 [pid 6241] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6241] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6241] munmap(0x7fac16400000, 138412032) = 0 [pid 6241] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6241] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6241] close(3) = 0 [pid 6241] close(4) = 0 [pid 6241] mkdir("./bus", 0777) = 0 [ 371.555647][ T6241] loop0: detected capacity change from 0 to 32768 [pid 6241] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6241] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6241] chdir("./bus") = 0 [pid 6241] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6241] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6241] exit_group(0) = ? [pid 6241] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6241, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=13 /* 0.13 s */} --- [ 371.598055][ T6241] [ 371.598055][ T6241] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 371.598055][ T6241] restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./381", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./381", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./381/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./381/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./381/binderfs") = 0 [ 371.776516][ T36] [ 371.776516][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 371.776516][ T36] [ 371.787110][ T36] [ 371.787110][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 371.787110][ T36] [ 371.797872][ T5827] [ 371.797872][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 371.797872][ T5827] [ 371.808900][ T113] [ 371.808900][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 371.808900][ T113] [ 371.819535][ T5827] umount2("./381/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./381/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./381/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 371.819535][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 371.819535][ T5827] umount2("./381/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./381/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./381/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./381") = 0 mkdir("./382", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6242 attached , child_tidptr=0x55556c245750) = 6242 [pid 6242] set_robust_list(0x55556c245760, 24) = 0 [pid 6242] chdir("./382") = 0 [pid 6242] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6242] setpgid(0, 0) = 0 [pid 6242] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6242] write(3, "1000", 4) = 4 [pid 6242] close(3) = 0 [pid 6242] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6242] write(1, "executing program\n", 18) = 18 [pid 6242] memfd_create("syzkaller", 0) = 3 [pid 6242] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6242] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6242] munmap(0x7fac16400000, 138412032) = 0 [pid 6242] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6242] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6242] close(3) = 0 [pid 6242] close(4) = 0 [pid 6242] mkdir("./bus", 0777) = 0 [ 372.397023][ T6242] loop0: detected capacity change from 0 to 32768 [pid 6242] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6242] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6242] chdir("./bus") = 0 [pid 6242] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6242] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6242] exit_group(0) = ? [pid 6242] +++ exited with 0 +++ [ 372.437402][ T6242] [ 372.437402][ T6242] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 372.437402][ T6242] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6242, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./382", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./382", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./382/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./382/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./382/binderfs") = 0 [ 372.666477][ T1088] [ 372.666477][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 372.666477][ T1088] [ 372.677056][ T1088] [ 372.677056][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 372.677056][ T1088] [ 372.687895][ T5827] [ 372.687895][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 372.687895][ T5827] [ 372.699526][ T112] [ 372.699526][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 372.699526][ T112] [ 372.710074][ T5827] umount2("./382/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./382/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./382/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 372.710074][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 372.710074][ T5827] umount2("./382/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./382/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./382/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./382") = 0 mkdir("./383", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6243 attached , child_tidptr=0x55556c245750) = 6243 [pid 6243] set_robust_list(0x55556c245760, 24) = 0 [pid 6243] chdir("./383") = 0 [pid 6243] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6243] setpgid(0, 0) = 0 [pid 6243] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6243] write(3, "1000", 4) = 4 [pid 6243] close(3) = 0 [pid 6243] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6243] write(1, "executing program\n", 18) = 18 [pid 6243] memfd_create("syzkaller", 0) = 3 [pid 6243] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6243] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6243] munmap(0x7fac16400000, 138412032) = 0 [pid 6243] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6243] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6243] close(3) = 0 [pid 6243] close(4) = 0 [pid 6243] mkdir("./bus", 0777) = 0 [pid 6243] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6243] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6243] chdir("./bus") = 0 [pid 6243] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6243] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6243] exit_group(0) = ? [pid 6243] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6243, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=14 /* 0.14 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 373.324643][ T6243] loop0: detected capacity change from 0 to 32768 [ 373.357888][ T6243] [ 373.357888][ T6243] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 373.357888][ T6243] umount2("./383", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./383", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./383/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./383/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./383/binderfs") = 0 [ 373.540049][ T1088] [ 373.540049][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 373.540049][ T1088] [ 373.550663][ T1088] [ 373.550663][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 373.550663][ T1088] [ 373.561407][ T5827] [ 373.561407][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 373.561407][ T5827] [ 373.572526][ T112] [ 373.572526][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 373.572526][ T112] [ 373.583287][ T5827] umount2("./383/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./383/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./383/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 373.583287][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 373.583287][ T5827] umount2("./383/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./383/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./383/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./383") = 0 mkdir("./384", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6244 attached [pid 6244] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 6244 [pid 6244] <... set_robust_list resumed>) = 0 [pid 6244] chdir("./384") = 0 [pid 6244] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6244] setpgid(0, 0) = 0 [pid 6244] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6244] write(3, "1000", 4) = 4 [pid 6244] close(3) = 0 [pid 6244] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6244] write(1, "executing program\n", 18) = 18 [pid 6244] memfd_create("syzkaller", 0) = 3 [pid 6244] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6244] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6244] munmap(0x7fac16400000, 138412032) = 0 [pid 6244] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6244] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6244] close(3) = 0 [pid 6244] close(4) = 0 [pid 6244] mkdir("./bus", 0777) = 0 [pid 6244] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6244] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6244] chdir("./bus") = 0 [pid 6244] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6244] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6244] exit_group(0) = ? [pid 6244] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6244, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=15 /* 0.15 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./384", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./384", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./384/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./384/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./384/binderfs") = 0 [ 374.128764][ T6244] loop0: detected capacity change from 0 to 32768 [ 374.157614][ T6244] [ 374.157614][ T6244] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 374.157614][ T6244] [ 374.187068][ T1088] [ 374.187068][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 374.187068][ T1088] [ 374.199245][ T1088] [ 374.199245][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 374.199245][ T1088] [ 374.211975][ T113] [ 374.211975][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 374.211975][ T113] [ 374.222677][ T5827] [ 374.222677][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 374.222677][ T5827] [ 374.233783][ T5827] umount2("./384/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./384/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./384/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./384/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./384/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./384/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./384") = 0 mkdir("./385", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 374.233783][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 374.233783][ T5827] close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6245 attached [pid 6245] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 6245 [pid 6245] <... set_robust_list resumed>) = 0 [pid 6245] chdir("./385") = 0 [pid 6245] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6245] setpgid(0, 0) = 0 [pid 6245] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6245] write(3, "1000", 4) = 4 [pid 6245] close(3) = 0 [pid 6245] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6245] write(1, "executing program\n", 18) = 18 [pid 6245] memfd_create("syzkaller", 0) = 3 [pid 6245] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6245] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6245] munmap(0x7fac16400000, 138412032) = 0 [pid 6245] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6245] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6245] close(3) = 0 [pid 6245] close(4) = 0 [pid 6245] mkdir("./bus", 0777) = 0 [pid 6245] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6245] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6245] chdir("./bus") = 0 [pid 6245] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6245] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6245] exit_group(0) = ? [pid 6245] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6245, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 374.633273][ T6245] loop0: detected capacity change from 0 to 32768 [ 374.656437][ T6245] [ 374.656437][ T6245] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 374.656437][ T6245] umount2("./385", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./385", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./385/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./385/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./385/binderfs") = 0 [ 374.831793][ T13] [ 374.831793][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 374.831793][ T13] [ 374.842480][ T13] [ 374.842480][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 374.842480][ T13] [ 374.853982][ T112] [ 374.853982][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 374.853982][ T112] [ 374.864571][ T5827] [ 374.864571][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 374.864571][ T5827] [ 374.875663][ T5827] umount2("./385/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./385/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./385/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./385/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./385/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 374.875663][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 374.875663][ T5827] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./385/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./385") = 0 mkdir("./386", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6246 attached , child_tidptr=0x55556c245750) = 6246 [pid 6246] set_robust_list(0x55556c245760, 24) = 0 [pid 6246] chdir("./386") = 0 [pid 6246] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6246] setpgid(0, 0) = 0 [pid 6246] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6246] write(3, "1000", 4) = 4 [pid 6246] close(3) = 0 [pid 6246] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6246] write(1, "executing program\n", 18executing program ) = 18 [pid 6246] memfd_create("syzkaller", 0) = 3 [pid 6246] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6246] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6246] munmap(0x7fac16400000, 138412032) = 0 [pid 6246] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6246] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6246] close(3) = 0 [pid 6246] close(4) = 0 [pid 6246] mkdir("./bus", 0777) = 0 [pid 6246] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6246] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6246] chdir("./bus") = 0 [pid 6246] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6246] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6246] exit_group(0) = ? [ 375.417764][ T6246] loop0: detected capacity change from 0 to 32768 [ 375.436911][ T6246] [ 375.436911][ T6246] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 375.436911][ T6246] [pid 6246] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6246, si_uid=0, si_status=0, si_utime=0, si_stime=21 /* 0.21 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./386", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./386", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./386/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./386/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./386/binderfs") = 0 [ 375.649469][ T1088] [ 375.649469][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 375.649469][ T1088] [ 375.660055][ T1088] [ 375.660055][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 375.660055][ T1088] [ 375.671128][ T112] [ 375.671128][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 375.671128][ T112] [ 375.681730][ T5827] [ 375.681730][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 375.681730][ T5827] [ 375.692726][ T5827] umount2("./386/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./386/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./386/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 375.692726][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 375.692726][ T5827] umount2("./386/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./386/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./386/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./386") = 0 mkdir("./387", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6247 attached [pid 6247] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 6247 [pid 6247] <... set_robust_list resumed>) = 0 [pid 6247] chdir("./387") = 0 [pid 6247] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6247] setpgid(0, 0) = 0 [pid 6247] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6247] write(3, "1000", 4) = 4 [pid 6247] close(3) = 0 [pid 6247] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6247] write(1, "executing program\n", 18executing program ) = 18 [pid 6247] memfd_create("syzkaller", 0) = 3 [pid 6247] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6247] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6247] munmap(0x7fac16400000, 138412032) = 0 [pid 6247] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6247] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6247] close(3) = 0 [pid 6247] close(4) = 0 [pid 6247] mkdir("./bus", 0777) = 0 [pid 6247] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6247] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6247] chdir("./bus") = 0 [pid 6247] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6247] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6247] exit_group(0) = ? [pid 6247] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6247, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=14 /* 0.14 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./387", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 376.235526][ T6247] loop0: detected capacity change from 0 to 32768 [ 376.266096][ T6247] [ 376.266096][ T6247] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 376.266096][ T6247] openat(AT_FDCWD, "./387", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./387/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./387/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./387/binderfs") = 0 [ 376.370881][ T13] [ 376.370881][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 376.370881][ T13] [ 376.381432][ T13] [ 376.381432][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 376.381432][ T13] [ 376.392860][ T113] [ 376.392860][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 376.392860][ T113] [ 376.403487][ T5827] [ 376.403487][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 376.403487][ T5827] [ 376.414284][ T5827] umount2("./387/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./387/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./387/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./387/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 376.414284][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 376.414284][ T5827] openat(AT_FDCWD, "./387/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./387/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./387") = 0 mkdir("./388", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6248 attached , child_tidptr=0x55556c245750) = 6248 [pid 6248] set_robust_list(0x55556c245760, 24) = 0 [pid 6248] chdir("./388") = 0 [pid 6248] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6248] setpgid(0, 0) = 0 [pid 6248] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6248] write(3, "1000", 4) = 4 [pid 6248] close(3) = 0 [pid 6248] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6248] write(1, "executing program\n", 18executing program ) = 18 [pid 6248] memfd_create("syzkaller", 0) = 3 [pid 6248] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6248] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6248] munmap(0x7fac16400000, 138412032) = 0 [pid 6248] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6248] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6248] close(3) = 0 [pid 6248] close(4) = 0 [pid 6248] mkdir("./bus", 0777) = 0 [pid 6248] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6248] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6248] chdir("./bus") = 0 [pid 6248] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6248] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6248] exit_group(0) = ? [pid 6248] +++ exited with 0 +++ [ 376.949258][ T6248] loop0: detected capacity change from 0 to 32768 [ 376.971117][ T6248] [ 376.971117][ T6248] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 376.971117][ T6248] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6248, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=15 /* 0.15 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./388", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./388", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./388/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./388/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./388/binderfs") = 0 [ 377.171371][ T1088] [ 377.171371][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 377.171371][ T1088] [ 377.182090][ T1088] [ 377.182090][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 377.182090][ T1088] [ 377.192964][ T5827] [ 377.192964][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 377.192964][ T5827] [ 377.203745][ T112] [ 377.203745][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 377.203745][ T112] [ 377.214379][ T5827] umount2("./388/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./388/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./388/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./388/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./388/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 377.214379][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 377.214379][ T5827] getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./388/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./388") = 0 mkdir("./389", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6249 attached [pid 6249] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 6249 [pid 6249] <... set_robust_list resumed>) = 0 [pid 6249] chdir("./389") = 0 [pid 6249] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6249] setpgid(0, 0) = 0 [pid 6249] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6249] write(3, "1000", 4) = 4 [pid 6249] close(3) = 0 [pid 6249] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6249] write(1, "executing program\n", 18) = 18 [pid 6249] memfd_create("syzkaller", 0) = 3 [pid 6249] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6249] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6249] munmap(0x7fac16400000, 138412032) = 0 [pid 6249] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6249] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6249] close(3) = 0 [pid 6249] close(4) = 0 [pid 6249] mkdir("./bus", 0777) = 0 [pid 6249] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6249] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6249] chdir("./bus") = 0 [pid 6249] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6249] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6249] exit_group(0) = ? [pid 6249] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6249, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=17 /* 0.17 s */} --- [ 377.744380][ T6249] loop0: detected capacity change from 0 to 32768 [ 377.781374][ T6249] [ 377.781374][ T6249] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 377.781374][ T6249] restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./389", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./389", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./389/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./389/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./389/binderfs") = 0 [ 377.885839][ T1088] [ 377.885839][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 377.885839][ T1088] [ 377.896470][ T1088] [ 377.896470][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 377.896470][ T1088] [ 377.907986][ T112] [ 377.907986][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 377.907986][ T112] [ 377.918613][ T5827] [ 377.918613][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 377.918613][ T5827] [ 377.929604][ T5827] umount2("./389/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./389/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./389/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 377.929604][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 377.929604][ T5827] umount2("./389/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./389/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./389/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./389") = 0 mkdir("./390", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6250 attached , child_tidptr=0x55556c245750) = 6250 [pid 6250] set_robust_list(0x55556c245760, 24) = 0 [pid 6250] chdir("./390") = 0 [pid 6250] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6250] setpgid(0, 0) = 0 [pid 6250] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6250] write(3, "1000", 4) = 4 [pid 6250] close(3) = 0 [pid 6250] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6250] write(1, "executing program\n", 18) = 18 [pid 6250] memfd_create("syzkaller", 0) = 3 [pid 6250] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6250] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6250] munmap(0x7fac16400000, 138412032) = 0 [pid 6250] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6250] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6250] close(3) = 0 [pid 6250] close(4) = 0 [pid 6250] mkdir("./bus", 0777) = 0 [pid 6250] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6250] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6250] chdir("./bus") = 0 [pid 6250] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6250] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6250] exit_group(0) = ? [pid 6250] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6250, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./390", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./390", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./390/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./390/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./390/binderfs") = 0 [ 378.476826][ T6250] loop0: detected capacity change from 0 to 32768 [ 378.497867][ T6250] [ 378.497867][ T6250] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 378.497867][ T6250] [ 378.523989][ T36] [ 378.523989][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 378.523989][ T36] [ 378.534613][ T36] [ 378.534613][ T36] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 378.534613][ T36] [ 378.548414][ T5827] [ 378.548414][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 378.548414][ T5827] [ 378.560503][ T112] [ 378.560503][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 378.560503][ T112] [ 378.571497][ T5827] umount2("./390/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./390/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./390/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 378.571497][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 378.571497][ T5827] umount2("./390/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./390/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./390/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./390") = 0 mkdir("./391", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6251 attached , child_tidptr=0x55556c245750) = 6251 [pid 6251] set_robust_list(0x55556c245760, 24) = 0 [pid 6251] chdir("./391") = 0 [pid 6251] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6251] setpgid(0, 0) = 0 [pid 6251] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6251] write(3, "1000", 4) = 4 [pid 6251] close(3) = 0 [pid 6251] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6251] write(1, "executing program\n", 18) = 18 [pid 6251] memfd_create("syzkaller", 0) = 3 [pid 6251] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6251] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6251] munmap(0x7fac16400000, 138412032) = 0 [pid 6251] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6251] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6251] close(3) = 0 [pid 6251] close(4) = 0 [pid 6251] mkdir("./bus", 0777) = 0 [pid 6251] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6251] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6251] chdir("./bus") = 0 [pid 6251] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6251] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6251] exit_group(0) = ? [pid 6251] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6251, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=16 /* 0.16 s */} --- umount2("./391", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./391", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 379.180563][ T6251] loop0: detected capacity change from 0 to 32768 [ 379.207453][ T6251] [ 379.207453][ T6251] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 379.207453][ T6251] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./391/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./391/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./391/binderfs") = 0 [ 379.298923][ T1088] [ 379.298923][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 379.298923][ T1088] [ 379.309521][ T1088] [ 379.309521][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 379.309521][ T1088] [ 379.320415][ T5827] [ 379.320415][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 379.320415][ T5827] [ 379.331328][ T112] [ 379.331328][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 379.331328][ T112] [ 379.342025][ T5827] umount2("./391/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./391/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./391/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 379.342025][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 379.342025][ T5827] umount2("./391/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./391/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./391/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./391") = 0 mkdir("./392", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6252 attached , child_tidptr=0x55556c245750) = 6252 [pid 6252] set_robust_list(0x55556c245760, 24) = 0 [pid 6252] chdir("./392") = 0 [pid 6252] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6252] setpgid(0, 0) = 0 [pid 6252] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6252] write(3, "1000", 4) = 4 [pid 6252] close(3) = 0 [pid 6252] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6252] write(1, "executing program\n", 18executing program ) = 18 [pid 6252] memfd_create("syzkaller", 0) = 3 [pid 6252] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6252] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6252] munmap(0x7fac16400000, 138412032) = 0 [pid 6252] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6252] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6252] close(3) = 0 [pid 6252] close(4) = 0 [pid 6252] mkdir("./bus", 0777) = 0 [ 379.901841][ T6252] loop0: detected capacity change from 0 to 32768 [pid 6252] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6252] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6252] chdir("./bus") = 0 [pid 6252] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6252] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6252] exit_group(0) = ? [pid 6252] +++ exited with 0 +++ [ 379.946478][ T6252] [ 379.946478][ T6252] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 379.946478][ T6252] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6252, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=13 /* 0.13 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./392", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./392", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./392/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./392/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./392/binderfs") = 0 [ 380.167099][ T1088] [ 380.167099][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 380.167099][ T1088] [ 380.177720][ T1088] [ 380.177720][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 380.177720][ T1088] [ 380.188661][ T113] [ 380.188661][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 380.188661][ T113] [ 380.199282][ T5827] [ 380.199282][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 380.199282][ T5827] [ 380.210316][ T5827] umount2("./392/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./392/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./392/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 380.210316][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 380.210316][ T5827] umount2("./392/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./392/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./392/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./392") = 0 mkdir("./393", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6253 attached [pid 6253] set_robust_list(0x55556c245760, 24 [pid 5827] <... clone resumed>, child_tidptr=0x55556c245750) = 6253 [pid 6253] <... set_robust_list resumed>) = 0 [pid 6253] chdir("./393") = 0 [pid 6253] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6253] setpgid(0, 0) = 0 [pid 6253] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6253] write(3, "1000", 4) = 4 [pid 6253] close(3) = 0 [pid 6253] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6253] write(1, "executing program\n", 18) = 18 [pid 6253] memfd_create("syzkaller", 0) = 3 [pid 6253] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6253] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6253] munmap(0x7fac16400000, 138412032) = 0 [pid 6253] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6253] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6253] close(3) = 0 [pid 6253] close(4) = 0 [pid 6253] mkdir("./bus", 0777) = 0 [pid 6253] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6253] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6253] chdir("./bus") = 0 [pid 6253] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6253] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6253] exit_group(0) = ? [pid 6253] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6253, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=17 /* 0.17 s */} --- [ 380.753504][ T6253] loop0: detected capacity change from 0 to 32768 [ 380.774317][ T6253] [ 380.774317][ T6253] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 380.774317][ T6253] restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./393", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./393", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./393/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./393/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./393/binderfs") = 0 [ 380.955238][ T13] [ 380.955238][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 380.955238][ T13] [ 380.965775][ T13] [ 380.965775][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 380.965775][ T13] [ 380.976615][ T5827] [ 380.976615][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 380.976615][ T5827] [ 380.987547][ T112] [ 380.987547][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 380.987547][ T112] [ 380.998340][ T5827] umount2("./393/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./393/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./393/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 380.998340][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 380.998340][ T5827] umount2("./393/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./393/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./393/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./393") = 0 mkdir("./394", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6254 attached , child_tidptr=0x55556c245750) = 6254 [pid 6254] set_robust_list(0x55556c245760, 24) = 0 [pid 6254] chdir("./394") = 0 [pid 6254] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6254] setpgid(0, 0) = 0 [pid 6254] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6254] write(3, "1000", 4) = 4 [pid 6254] close(3) = 0 [pid 6254] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6254] write(1, "executing program\n", 18executing program ) = 18 [pid 6254] memfd_create("syzkaller", 0) = 3 [pid 6254] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6254] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6254] munmap(0x7fac16400000, 138412032) = 0 [pid 6254] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6254] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6254] close(3) = 0 [pid 6254] close(4) = 0 [pid 6254] mkdir("./bus", 0777) = 0 [pid 6254] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6254] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6254] chdir("./bus") = 0 [pid 6254] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 381.652547][ T6254] loop0: detected capacity change from 0 to 32768 [ 381.683882][ T6254] [ 381.683882][ T6254] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 381.683882][ T6254] [pid 6254] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6254] exit_group(0) = ? [pid 6254] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6254, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=18 /* 0.18 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./394", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./394", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./394/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./394/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./394/binderfs") = 0 [ 381.883204][ T13] [ 381.883204][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 381.883204][ T13] [ 381.894240][ T13] [ 381.894240][ T13] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 381.894240][ T13] [ 381.905006][ T5827] [ 381.905006][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 381.905006][ T5827] [ 381.916085][ T112] [ 381.916085][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 381.916085][ T112] [ 381.926677][ T5827] umount2("./394/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./394/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./394/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 381.926677][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 381.926677][ T5827] umount2("./394/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./394/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./394/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./394") = 0 mkdir("./395", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6256 attached , child_tidptr=0x55556c245750) = 6256 [pid 6256] set_robust_list(0x55556c245760, 24) = 0 [pid 6256] chdir("./395") = 0 [pid 6256] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6256] setpgid(0, 0) = 0 [pid 6256] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6256] write(3, "1000", 4) = 4 [pid 6256] close(3) = 0 [pid 6256] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6256] write(1, "executing program\n", 18executing program ) = 18 [pid 6256] memfd_create("syzkaller", 0) = 3 [pid 6256] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6256] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6256] munmap(0x7fac16400000, 138412032) = 0 [pid 6256] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6256] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6256] close(3) = 0 [pid 6256] close(4) = 0 [pid 6256] mkdir("./bus", 0777) = 0 [ 382.471117][ T6256] loop0: detected capacity change from 0 to 32768 [ 382.509106][ T6256] [ 382.509106][ T6256] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 382.509106][ T6256] [pid 6256] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6256] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6256] chdir("./bus") = 0 [pid 6256] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6256] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6256] exit_group(0) = ? [pid 6256] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6256, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./395", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./395", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./395/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./395/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./395/binderfs") = 0 [ 382.678216][ T1088] [ 382.678216][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 382.678216][ T1088] [ 382.688807][ T1088] [ 382.688807][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 382.688807][ T1088] [ 382.699631][ T5827] [ 382.699631][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 382.699631][ T5827] [ 382.710499][ T113] [ 382.710499][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 382.710499][ T113] [ 382.721098][ T5827] umount2("./395/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./395/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./395/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 382.721098][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 382.721098][ T5827] umount2("./395/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./395/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./395/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./395") = 0 mkdir("./396", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6258 attached , child_tidptr=0x55556c245750) = 6258 [pid 6258] set_robust_list(0x55556c245760, 24) = 0 [pid 6258] chdir("./396") = 0 [pid 6258] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6258] setpgid(0, 0) = 0 [pid 6258] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6258] write(3, "1000", 4) = 4 [pid 6258] close(3) = 0 [pid 6258] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6258] write(1, "executing program\n", 18executing program ) = 18 [pid 6258] memfd_create("syzkaller", 0) = 3 [pid 6258] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6258] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6258] munmap(0x7fac16400000, 138412032) = 0 [pid 6258] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6258] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6258] close(3) = 0 [pid 6258] close(4) = 0 [pid 6258] mkdir("./bus", 0777) = 0 [ 383.339124][ T6258] loop0: detected capacity change from 0 to 32768 [ 383.379099][ T6258] [ 383.379099][ T6258] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 383.379099][ T6258] [pid 6258] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6258] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6258] chdir("./bus") = 0 [pid 6258] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6258] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6258] exit_group(0) = ? [pid 6258] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6258, si_uid=0, si_status=0, si_utime=0, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./396", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./396", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./396/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./396/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./396/binderfs") = 0 [ 383.542408][ T1088] [ 383.542408][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 383.542408][ T1088] [ 383.553034][ T1088] [ 383.553034][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 383.553034][ T1088] [ 383.564161][ T113] [ 383.564161][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 383.564161][ T113] [ 383.574902][ T5827] [ 383.574902][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 383.574902][ T5827] [ 383.585717][ T5827] umount2("./396/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./396/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./396/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./396/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 383.585717][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 383.585717][ T5827] openat(AT_FDCWD, "./396/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556c24e830 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556c24e830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./396/bus") = 0 getdents64(3, 0x55556c2467f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./396") = 0 mkdir("./397", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6261 attached , child_tidptr=0x55556c245750) = 6261 [pid 6261] set_robust_list(0x55556c245760, 24) = 0 [pid 6261] chdir("./397") = 0 [pid 6261] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6261] setpgid(0, 0) = 0 [pid 6261] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6261] write(3, "1000", 4) = 4 [pid 6261] close(3) = 0 [pid 6261] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6261] write(1, "executing program\n", 18executing program ) = 18 [pid 6261] memfd_create("syzkaller", 0) = 3 [pid 6261] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac16400000 [pid 6261] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6261] munmap(0x7fac16400000, 138412032) = 0 [pid 6261] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6261] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6261] close(3) = 0 [pid 6261] close(4) = 0 [pid 6261] mkdir("./bus", 0777) = 0 [pid 6261] mount("/dev/loop0", "./bus", "jfs", MS_SYNCHRONOUS|MS_SILENT|MS_LAZYTIME, "iocharset=maccroatian,discard=0x0000000000000003,nodiscard,errors=continue,iocharset=maccyrillic,") = 0 [pid 6261] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6261] chdir("./bus") = 0 [pid 6261] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6261] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 4 [pid 6261] exit_group(0) = ? [pid 6261] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6261, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=15 /* 0.15 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./397", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 384.114421][ T6261] loop0: detected capacity change from 0 to 32768 [ 384.145126][ T6261] [ 384.145126][ T6261] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 384.145126][ T6261] openat(AT_FDCWD, "./397", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556c2467f0 /* 4 entries */, 32768) = 104 umount2("./397/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./397/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./397/binderfs") = 0 [ 384.290885][ T1088] [ 384.290885][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 384.290885][ T1088] [ 384.301447][ T1088] [ 384.301447][ T1088] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 384.301447][ T1088] [ 384.312434][ T5827] [ 384.312434][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 384.312434][ T5827] [ 384.323865][ T5827] [ 384.323865][ T5827] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 384.323865][ T5827] [ 384.335975][ T112] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000006: 0000 [#1] SMP KASAN PTI [ 384.347918][ T112] KASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037] [ 384.356354][ T112] CPU: 1 UID: 0 PID: 112 Comm: jfsCommit Not tainted 6.15.0-syzkaller-13473-gc0c9379f235d #0 PREEMPT(full) [ 384.367820][ T112] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 384.377898][ T112] RIP: 0010:lmLogSync+0x138/0x9d0 [ 384.382952][ T112] Code: 22 b9 fe 4d 8d 7e f0 4c 89 f8 48 c1 e8 03 80 3c 18 00 74 08 4c 89 ff e8 a6 af e3 fe 4d 8b 3f 49 83 c7 30 4c 89 f8 48 c1 e8 03 <80> 3c 18 00 74 08 4c 89 ff e8 8a af e3 fe 49 8b 3f e8 b2 22 b9 fe [ 384.402583][ T112] RSP: 0018:ffffc9000258fb00 EFLAGS: 00010206 [ 384.408687][ T112] RAX: 0000000000000006 RBX: dffffc0000000000 RCX: ffff88801eba9e00 [ 384.416665][ T112] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 384.424661][ T112] RBP: ffffc9000258fc08 R08: ffffc9000258fa5f R09: 0000000000000000 [ 384.432652][ T112] R10: ffffc9000258f8e8 R11: fffff520004b1f4c R12: ffff888026c14800 [ 384.441089][ T112] R13: dffffc0000000000 R14: ffff888032d20e38 R15: 0000000000000030 [ 384.449111][ T112] FS: 0000000000000000(0000) GS:ffff888125d87000(0000) knlGS:0000000000000000 [ 384.458161][ T112] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 384.464764][ T112] CR2: 000055c0a56af168 CR3: 000000002f622000 CR4: 00000000003526f0 [ 384.472768][ T112] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 384.480779][ T112] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 384.488779][ T112] Call Trace: [ 384.492084][ T112] [ 384.495026][ T112] ? __pfx___mutex_lock+0x10/0x10 [ 384.500080][ T112] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 384.506217][ T112] ? __pfx_lmLogSync+0x10/0x10 [ 384.511019][ T112] jfs_syncpt+0x7b/0x90 [ 384.515194][ T112] txEnd+0x2e5/0x530 [ 384.519110][ T112] jfs_lazycommit+0x5ba/0xa90 [ 384.523812][ T112] ? __pfx_jfs_lazycommit+0x10/0x10 [ 384.529049][ T112] ? __pfx_default_wake_function+0x10/0x10 [ 384.534892][ T112] ? __kthread_parkme+0x7b/0x200 [ 384.539878][ T112] ? __kthread_parkme+0x1a1/0x200 [ 384.544932][ T112] kthread+0x70e/0x8a0 [ 384.549019][ T112] ? __pfx_jfs_lazycommit+0x10/0x10 [ 384.554256][ T112] ? __pfx_kthread+0x10/0x10 [ 384.558864][ T112] ? _raw_spin_unlock_irq+0x23/0x50 [ 384.564099][ T112] ? lockdep_hardirqs_on+0x9c/0x150 [ 384.569330][ T112] ? __pfx_kthread+0x10/0x10 [ 384.573949][ T112] ret_from_fork+0x3f9/0x770 [ 384.578561][ T112] ? __pfx_ret_from_fork+0x10/0x10 [ 384.583891][ T112] ? __switch_to_asm+0x39/0x70 [ 384.588683][ T112] ? __switch_to_asm+0x33/0x70 [ 384.593482][ T112] ? __pfx_kthread+0x10/0x10 [ 384.598125][ T112] ret_from_fork_asm+0x1a/0x30 [ 384.602923][ T112] [ 384.605998][ T112] Modules linked in: [ 384.610262][ T112] ---[ end trace 0000000000000000 ]--- [ 384.618690][ T112] RIP: 0010:lmLogSync+0x138/0x9d0 [ 384.623986][ T112] Code: 22 b9 fe 4d 8d 7e f0 4c 89 f8 48 c1 e8 03 80 3c 18 00 74 08 4c 89 ff e8 a6 af e3 fe 4d 8b 3f 49 83 c7 30 4c 89 f8 48 c1 e8 03 <80> 3c 18 00 74 08 4c 89 ff e8 8a af e3 fe 49 8b 3f e8 b2 22 b9 fe [ 384.643736][ T112] RSP: 0018:ffffc9000258fb00 EFLAGS: 00010206 [ 384.650174][ T112] RAX: 0000000000000006 RBX: dffffc0000000000 RCX: ffff88801eba9e00 [ 384.658190][ T112] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 384.666248][ T112] RBP: ffffc9000258fc08 R08: ffffc9000258fa5f R09: 0000000000000000 [ 384.674288][ T112] R10: ffffc9000258f8e8 R11: fffff520004b1f4c R12: ffff888026c14800 [ 384.682359][ T112] R13: dffffc0000000000 R14: ffff888032d20e38 R15: 0000000000000030 [ 384.690393][ T112] FS: 0000000000000000(0000) GS:ffff888125c87000(0000) knlGS:0000000000000000 [ 384.699388][ T112] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 384.706020][ T112] CR2: 00007fff677b7f68 CR3: 000000002f622000 CR4: 00000000003526f0 [ 384.714073][ T112] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 384.722389][ T112] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 384.730552][ T112] Kernel panic - not syncing: Fatal exception [ 384.737002][ T112] Kernel Offset: disabled [ 384.741358][ T112] Rebooting in 86400 seconds..