./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor839469233 <...> Warning: Permanently added '10.128.1.9' (ECDSA) to the list of known hosts. execve("./syz-executor839469233", ["./syz-executor839469233"], 0x7fff6af48dc0 /* 10 vars */) = 0 brk(NULL) = 0x5555569ab000 brk(0x5555569abc40) = 0x5555569abc40 arch_prctl(ARCH_SET_FS, 0x5555569ab300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x5555569ab5d0) = 5072 set_robust_list(0x5555569ab5e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7f1d9f4d3680, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f1d9f4d3d50}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7f1d9f4d3720, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f1d9f4d3d50}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor839469233", 4096) = 27 brk(0x5555569ccc40) = 0x5555569ccc40 brk(0x5555569cd000) = 0x5555569cd000 mprotect(0x7f1d9f59b000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 getpid() = 5072 mkdir("./syzkaller.DgCgyJ", 0700) = 0 chmod("./syzkaller.DgCgyJ", 0777) = 0 chdir("./syzkaller.DgCgyJ") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555569ab5d0) = 5073 ./strace-static-x86_64: Process 5073 attached [pid 5073] set_robust_list(0x5555569ab5e0, 24) = 0 [pid 5073] chdir("./0") = 0 [pid 5073] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5073] setpgid(0, 0) = 0 [pid 5073] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5073] write(3, "1000", 4) = 4 [pid 5073] close(3) = 0 [pid 5073] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5073] futex(0x7f1d9f5a17ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5073] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f1d9f4a2000 [pid 5073] mprotect(0x7f1d9f4a3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5073] clone(child_stack=0x7f1d9f4c23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5075], tls=0x7f1d9f4c2700, child_tidptr=0x7f1d9f4c29d0) = 5075 [pid 5073] futex(0x7f1d9f5a17a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5073] futex(0x7f1d9f5a17ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5075 attached [pid 5075] set_robust_list(0x7f1d9f4c29e0, 24) = 0 [pid 5075] memfd_create("syzkaller", 0) = 3 [pid 5075] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1d970a2000 [pid 5075] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5075] munmap(0x7f1d970a2000, 16777216) = 0 [pid 5075] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5075] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5075] close(3) = 0 [pid 5075] mkdir("./file0", 0777) = 0 [pid 5075] mount("/dev/loop0", "./file0", "jfs", MS_NOATIME, "nodiscard,nointegrity,usrquota,integrity,iocharset=iso8859-6,iocharset=iso8859-7,iocharset=cp866,") = 0 [pid 5075] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5075] chdir("./file0") = 0 [pid 5075] ioctl(4, LOOP_CLR_FD) = 0 [pid 5075] close(4) = 0 [pid 5075] futex(0x7f1d9f5a17ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5073] <... futex resumed>) = 0 [pid 5075] futex(0x7f1d9f5a17a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5073] futex(0x7f1d9f5a17a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5075] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5073] <... futex resumed>) = 0 [pid 5075] mkdir(".", 0777 [pid 5073] futex(0x7f1d9f5a17bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5075] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5073] <... futex resumed>) = 0 [pid 5075] mount(NULL, ".", 0x200000c0, MS_RDONLY|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_SILENT|MS_I_VERSION|MS_STRICTATIME, "" [pid 5073] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f1d98081000 [pid 5073] mprotect(0x7f1d98082000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5073] clone(child_stack=0x7f1d980a13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5076], tls=0x7f1d980a1700, child_tidptr=0x7f1d980a19d0) = 5076 [pid 5073] futex(0x7f1d9f5a17b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5073] futex(0x7f1d9f5a17bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5076 attached [pid 5076] set_robust_list(0x7f1d980a19e0, 24 [pid 5075] <... mount resumed>) = 0 [pid 5075] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 5075] chdir(".") = 0 [pid 5075] futex(0x7f1d9f5a17ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5075] futex(0x7f1d9f5a17a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5076] <... set_robust_list resumed>) = 0 [pid 5076] open("./file0", O_RDONLY) = 5 [pid 5076] futex(0x7f1d9f5a17bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5073] <... futex resumed>) = 0 [pid 5073] futex(0x7f1d9f5a17a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5075] <... futex resumed>) = 0 [pid 5073] <... futex resumed>) = 1 [pid 5075] getdents(5, [pid 5073] futex(0x7f1d9f5a17ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5075] <... getdents resumed>0x20000100 /* 2 entries */, 76) = 48 [pid 5076] <... futex resumed>) = 1 [pid 5075] futex(0x7f1d9f5a17ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5076] futex(0x7f1d9f5a17b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5075] <... futex resumed>) = 1 [pid 5073] <... futex resumed>) = 0 [pid 5075] futex(0x7f1d9f5a17a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5073] exit_group(0 [pid 5076] <... futex resumed>) = ? [pid 5075] <... futex resumed>) = ? [pid 5073] <... exit_group resumed>) = ? [pid 5076] +++ exited with 0 +++ [pid 5075] +++ exited with 0 +++ [pid 5073] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5073, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=14 /* 0.14 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555569ac620 /* 4 entries */, 32768) = 112 [ 55.188368][ T5075] loop0: detected capacity change from 0 to 32768 umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./0/binderfs") = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555569b4660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555569b4660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file0") = 0 getdents64(3, 0x5555569ac620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555569ab5d0) = 5077 ./strace-static-x86_64: Process 5077 attached [pid 5077] set_robust_list(0x5555569ab5e0, 24) = 0 [pid 5077] chdir("./1") = 0 [pid 5077] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5077] setpgid(0, 0) = 0 [pid 5077] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5077] write(3, "1000", 4) = 4 [pid 5077] close(3) = 0 [pid 5077] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5077] futex(0x7f1d9f5a17ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5077] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f1d9f4a2000 [pid 5077] mprotect(0x7f1d9f4a3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5077] clone(child_stack=0x7f1d9f4c23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5078 attached , parent_tid=[5078], tls=0x7f1d9f4c2700, child_tidptr=0x7f1d9f4c29d0) = 5078 [pid 5077] futex(0x7f1d9f5a17a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5077] futex(0x7f1d9f5a17ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5078] set_robust_list(0x7f1d9f4c29e0, 24) = 0 [pid 5078] memfd_create("syzkaller", 0) = 3 [pid 5078] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1d970a2000 [pid 5078] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5078] munmap(0x7f1d970a2000, 16777216) = 0 [pid 5078] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5078] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5078] close(3) = 0 [pid 5078] mkdir("./file0", 0777) = 0 [pid 5078] mount("/dev/loop0", "./file0", "jfs", MS_NOATIME, "nodiscard,nointegrity,usrquota,integrity,iocharset=iso8859-6,iocharset=iso8859-7,iocharset=cp866,") = 0 [pid 5078] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5078] chdir("./file0") = 0 [pid 5078] ioctl(4, LOOP_CLR_FD) = 0 [pid 5078] close(4) = 0 [pid 5078] futex(0x7f1d9f5a17ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5077] <... futex resumed>) = 0 [pid 5077] futex(0x7f1d9f5a17a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5078] <... futex resumed>) = 1 [pid 5077] <... futex resumed>) = 0 [pid 5078] mkdir(".", 0777 [pid 5077] futex(0x7f1d9f5a17bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5078] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5077] <... futex resumed>) = 0 [pid 5078] mount(NULL, ".", 0x200000c0, MS_RDONLY|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_SILENT|MS_I_VERSION|MS_STRICTATIME, "" [pid 5077] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f1d98081000 [pid 5077] mprotect(0x7f1d98082000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5077] clone(child_stack=0x7f1d980a13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5079], tls=0x7f1d980a1700, child_tidptr=0x7f1d980a19d0) = 5079 [pid 5077] futex(0x7f1d9f5a17b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5077] futex(0x7f1d9f5a17bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5079 attached [pid 5079] set_robust_list(0x7f1d980a19e0, 24) = 0 [pid 5079] open("./file0", O_RDONLY [pid 5078] <... mount resumed>) = 0 [pid 5078] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 5 [pid 5078] chdir(".") = 0 [pid 5078] futex(0x7f1d9f5a17ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5078] futex(0x7f1d9f5a17a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5079] <... open resumed>) = 4 [pid 5079] futex(0x7f1d9f5a17bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5077] <... futex resumed>) = 0 [pid 5077] futex(0x7f1d9f5a17a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5078] <... futex resumed>) = 0 [pid 5077] <... futex resumed>) = 1 [pid 5078] getdents(4, [pid 5077] futex(0x7f1d9f5a17ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5078] <... getdents resumed>0x20000100 /* 2 entries */, 76) = 48 [pid 5078] futex(0x7f1d9f5a17ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5077] <... futex resumed>) = 0 [pid 5078] futex(0x7f1d9f5a17a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5077] exit_group(0 [pid 5078] <... futex resumed>) = ? [pid 5077] <... exit_group resumed>) = ? [pid 5078] +++ exited with 0 +++ [pid 5079] <... futex resumed>) = ? [pid 5079] +++ exited with 0 +++ [pid 5077] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5077, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} --- umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555569ac620 /* 4 entries */, 32768) = 112 umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./1/binderfs") = 0 [ 55.467745][ T5078] loop0: detected capacity change from 0 to 32768 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555569b4660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555569b4660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file0") = 0 getdents64(3, 0x5555569ac620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555569ab5d0) = 5080 ./strace-static-x86_64: Process 5080 attached [pid 5080] set_robust_list(0x5555569ab5e0, 24) = 0 [pid 5080] chdir("./2") = 0 [pid 5080] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5080] setpgid(0, 0) = 0 [pid 5080] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5080] write(3, "1000", 4) = 4 [pid 5080] close(3) = 0 [pid 5080] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5080] futex(0x7f1d9f5a17ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5080] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f1d9f4a2000 [pid 5080] mprotect(0x7f1d9f4a3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5080] clone(child_stack=0x7f1d9f4c23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5081], tls=0x7f1d9f4c2700, child_tidptr=0x7f1d9f4c29d0) = 5081 [pid 5080] futex(0x7f1d9f5a17a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5080] futex(0x7f1d9f5a17ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5081 attached [pid 5081] set_robust_list(0x7f1d9f4c29e0, 24) = 0 [pid 5081] memfd_create("syzkaller", 0) = 3 [pid 5081] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1d970a2000 [pid 5081] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5081] munmap(0x7f1d970a2000, 16777216) = 0 [pid 5081] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5081] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5081] close(3) = 0 [pid 5081] mkdir("./file0", 0777) = 0 [pid 5081] mount("/dev/loop0", "./file0", "jfs", MS_NOATIME, "nodiscard,nointegrity,usrquota,integrity,iocharset=iso8859-6,iocharset=iso8859-7,iocharset=cp866,") = 0 [pid 5081] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5081] chdir("./file0") = 0 [pid 5081] ioctl(4, LOOP_CLR_FD) = 0 [pid 5081] close(4) = 0 [pid 5081] futex(0x7f1d9f5a17ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5080] <... futex resumed>) = 0 [pid 5080] futex(0x7f1d9f5a17a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5081] mkdir(".", 0777 [pid 5080] futex(0x7f1d9f5a17bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5080] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5081] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5081] mount(NULL, ".", 0x200000c0, MS_RDONLY|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_SILENT|MS_I_VERSION|MS_STRICTATIME, "" [pid 5080] <... mmap resumed>) = 0x7f1d98081000 [pid 5080] mprotect(0x7f1d98082000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5080] clone(child_stack=0x7f1d980a13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5082], tls=0x7f1d980a1700, child_tidptr=0x7f1d980a19d0) = 5082 [pid 5080] futex(0x7f1d9f5a17b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5080] futex(0x7f1d9f5a17bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5082 attached [pid 5082] set_robust_list(0x7f1d980a19e0, 24) = 0 [pid 5082] open("./file0", O_RDONLY) = 4 [pid 5081] <... mount resumed>) = 0 [pid 5081] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 5 [pid 5081] chdir(".") = 0 [pid 5081] futex(0x7f1d9f5a17ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5081] futex(0x7f1d9f5a17a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5082] futex(0x7f1d9f5a17bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5080] <... futex resumed>) = 0 [pid 5080] futex(0x7f1d9f5a17a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... futex resumed>) = 0 [pid 5080] <... futex resumed>) = 1 [pid 5080] futex(0x7f1d9f5a17ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] <... futex resumed>) = 1 [pid 5081] getdents(4, [pid 5082] futex(0x7f1d9f5a17b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5081] <... getdents resumed>0x20000100 /* 2 entries */, 76) = 48 [pid 5081] futex(0x7f1d9f5a17ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5080] <... futex resumed>) = 0 [pid 5080] exit_group(0) = ? [pid 5081] <... futex resumed>) = ? [pid 5081] +++ exited with 0 +++ [pid 5082] <... futex resumed>) = ? [pid 5082] +++ exited with 0 +++ [pid 5080] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5080, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=11 /* 0.11 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555569ac620 /* 4 entries */, 32768) = 112 umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./2/binderfs") = 0 [ 55.735547][ T5081] loop0: detected capacity change from 0 to 32768 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555569b4660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555569b4660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file0") = 0 getdents64(3, 0x5555569ac620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555569ab5d0) = 5083 ./strace-static-x86_64: Process 5083 attached [pid 5083] set_robust_list(0x5555569ab5e0, 24) = 0 [pid 5083] chdir("./3") = 0 [pid 5083] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5083] setpgid(0, 0) = 0 [pid 5083] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5083] write(3, "1000", 4) = 4 [pid 5083] close(3) = 0 [pid 5083] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5083] futex(0x7f1d9f5a17ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5083] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f1d9f4a2000 [pid 5083] mprotect(0x7f1d9f4a3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5083] clone(child_stack=0x7f1d9f4c23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5084 attached , parent_tid=[5084], tls=0x7f1d9f4c2700, child_tidptr=0x7f1d9f4c29d0) = 5084 [pid 5083] futex(0x7f1d9f5a17a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5083] futex(0x7f1d9f5a17ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5084] set_robust_list(0x7f1d9f4c29e0, 24) = 0 [pid 5084] memfd_create("syzkaller", 0) = 3 [pid 5084] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1d970a2000 [pid 5084] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5084] munmap(0x7f1d970a2000, 16777216) = 0 [pid 5084] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5084] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5084] close(3) = 0 [pid 5084] mkdir("./file0", 0777) = 0 [pid 5084] mount("/dev/loop0", "./file0", "jfs", MS_NOATIME, "nodiscard,nointegrity,usrquota,integrity,iocharset=iso8859-6,iocharset=iso8859-7,iocharset=cp866,") = 0 [pid 5084] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5084] chdir("./file0") = 0 [pid 5084] ioctl(4, LOOP_CLR_FD) = 0 [pid 5084] close(4) = 0 [pid 5084] futex(0x7f1d9f5a17ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5084] futex(0x7f1d9f5a17a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5083] <... futex resumed>) = 0 [pid 5083] futex(0x7f1d9f5a17a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5083] futex(0x7f1d9f5a17bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5083] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f1d98081000 [pid 5083] mprotect(0x7f1d98082000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5083] clone(child_stack=0x7f1d980a13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5085], tls=0x7f1d980a1700, child_tidptr=0x7f1d980a19d0) = 5085 [pid 5083] futex(0x7f1d9f5a17b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5083] futex(0x7f1d9f5a17bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] <... futex resumed>) = 0 ./strace-static-x86_64: Process 5085 attached [pid 5084] mkdir(".", 0777 [pid 5085] set_robust_list(0x7f1d980a19e0, 24) = 0 [pid 5085] open("./file0", O_RDONLY [pid 5084] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5084] mount(NULL, ".", 0x200000c0, MS_RDONLY|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_SILENT|MS_I_VERSION|MS_STRICTATIME, "" [pid 5085] <... open resumed>) = 4 [pid 5085] futex(0x7f1d9f5a17bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... futex resumed>) = 0 [pid 5083] futex(0x7f1d9f5a17b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5083] futex(0x7f1d9f5a17bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... futex resumed>) = 1 [pid 5085] getdents(4, 0x20000100 /* 2 entries */, 76) = 48 [pid 5084] <... mount resumed>) = 0 [pid 5085] futex(0x7f1d9f5a17bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... futex resumed>) = 0 [pid 5084] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 5085] <... futex resumed>) = 1 [pid 5084] <... openat resumed>) = 5 [pid 5084] chdir(".") = 0 [pid 5084] futex(0x7f1d9f5a17ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5084] futex(0x7f1d9f5a17a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5085] futex(0x7f1d9f5a17b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5083] exit_group(0) = ? [pid 5084] <... futex resumed>) = ? [pid 5085] <... futex resumed>) = ? [pid 5084] +++ exited with 0 +++ [pid 5085] +++ exited with 0 +++ [pid 5083] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5083, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555569ac620 /* 4 entries */, 32768) = 112 umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./3/binderfs") = 0 [ 56.005781][ T5084] loop0: detected capacity change from 0 to 32768 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555569b4660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555569b4660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file0") = 0 getdents64(3, 0x5555569ac620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555569ab5d0) = 5086 ./strace-static-x86_64: Process 5086 attached [pid 5086] set_robust_list(0x5555569ab5e0, 24) = 0 [pid 5086] chdir("./4") = 0 [pid 5086] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5086] setpgid(0, 0) = 0 [pid 5086] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5086] write(3, "1000", 4) = 4 [pid 5086] close(3) = 0 [pid 5086] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5086] futex(0x7f1d9f5a17ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5086] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f1d9f4a2000 [pid 5086] mprotect(0x7f1d9f4a3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5086] clone(child_stack=0x7f1d9f4c23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5087 attached , parent_tid=[5087], tls=0x7f1d9f4c2700, child_tidptr=0x7f1d9f4c29d0) = 5087 [pid 5086] futex(0x7f1d9f5a17a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5087] set_robust_list(0x7f1d9f4c29e0, 24) = 0 [pid 5087] memfd_create("syzkaller", 0 [pid 5086] <... futex resumed>) = 0 [pid 5087] <... memfd_create resumed>) = 3 [pid 5087] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1d970a2000 [pid 5086] futex(0x7f1d9f5a17ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5087] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5087] munmap(0x7f1d970a2000, 16777216) = 0 [pid 5087] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5087] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5087] close(3) = 0 [pid 5087] mkdir("./file0", 0777) = 0 [pid 5087] mount("/dev/loop0", "./file0", "jfs", MS_NOATIME, "nodiscard,nointegrity,usrquota,integrity,iocharset=iso8859-6,iocharset=iso8859-7,iocharset=cp866,") = 0 [pid 5087] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5087] chdir("./file0") = 0 [pid 5087] ioctl(4, LOOP_CLR_FD) = 0 [pid 5087] close(4) = 0 [pid 5087] futex(0x7f1d9f5a17ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5087] futex(0x7f1d9f5a17a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5086] <... futex resumed>) = 0 [pid 5086] futex(0x7f1d9f5a17a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5087] <... futex resumed>) = 0 [pid 5086] <... futex resumed>) = 1 [pid 5087] mkdir(".", 0777 [pid 5086] futex(0x7f1d9f5a17bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5087] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5086] <... futex resumed>) = 0 [pid 5087] mount(NULL, ".", 0x200000c0, MS_RDONLY|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_SILENT|MS_I_VERSION|MS_STRICTATIME, "" [pid 5086] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f1d98081000 [pid 5086] mprotect(0x7f1d98082000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5086] clone(child_stack=0x7f1d980a13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5088], tls=0x7f1d980a1700, child_tidptr=0x7f1d980a19d0) = 5088 [pid 5086] futex(0x7f1d9f5a17b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5087] <... mount resumed>) = 0 [pid 5086] <... futex resumed>) = 0 [pid 5087] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 5086] futex(0x7f1d9f5a17bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5087] <... openat resumed>) = 4 [pid 5087] chdir(".") = 0 [pid 5087] futex(0x7f1d9f5a17ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5087] futex(0x7f1d9f5a17a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5088 attached [pid 5088] set_robust_list(0x7f1d980a19e0, 24) = 0 [pid 5088] open("./file0", O_RDONLY) = 5 [pid 5088] futex(0x7f1d9f5a17bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5086] <... futex resumed>) = 0 [pid 5086] futex(0x7f1d9f5a17a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5087] <... futex resumed>) = 0 [pid 5086] futex(0x7f1d9f5a17ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5087] getdents(5, [pid 5088] futex(0x7f1d9f5a17b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5087] <... getdents resumed>0x20000100 /* 2 entries */, 76) = 48 [pid 5087] futex(0x7f1d9f5a17ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5086] <... futex resumed>) = 0 [pid 5087] futex(0x7f1d9f5a17a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5086] exit_group(0 [pid 5088] <... futex resumed>) = ? [pid 5087] <... futex resumed>) = ? [pid 5086] <... exit_group resumed>) = ? [pid 5088] +++ exited with 0 +++ [pid 5087] +++ exited with 0 +++ [pid 5086] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5086, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=15 /* 0.15 s */} --- umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555569ac620 /* 4 entries */, 32768) = 112 umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./4/binderfs") = 0 [ 56.288133][ T5087] loop0: detected capacity change from 0 to 32768 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555569b4660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555569b4660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file0") = 0 getdents64(3, 0x5555569ac620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555569ab5d0) = 5089 ./strace-static-x86_64: Process 5089 attached [pid 5089] set_robust_list(0x5555569ab5e0, 24) = 0 [pid 5089] chdir("./5") = 0 [pid 5089] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5089] setpgid(0, 0) = 0 [pid 5089] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5089] write(3, "1000", 4) = 4 [pid 5089] close(3) = 0 [pid 5089] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5089] futex(0x7f1d9f5a17ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5089] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f1d9f4a2000 [pid 5089] mprotect(0x7f1d9f4a3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5089] clone(child_stack=0x7f1d9f4c23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5090], tls=0x7f1d9f4c2700, child_tidptr=0x7f1d9f4c29d0) = 5090 [pid 5089] futex(0x7f1d9f5a17a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5089] futex(0x7f1d9f5a17ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5090 attached [pid 5090] set_robust_list(0x7f1d9f4c29e0, 24) = 0 [pid 5090] memfd_create("syzkaller", 0) = 3 [pid 5090] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1d970a2000 [pid 5090] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5090] munmap(0x7f1d970a2000, 16777216) = 0 [pid 5090] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5090] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5090] close(3) = 0 [pid 5090] mkdir("./file0", 0777) = 0 [pid 5090] mount("/dev/loop0", "./file0", "jfs", MS_NOATIME, "nodiscard,nointegrity,usrquota,integrity,iocharset=iso8859-6,iocharset=iso8859-7,iocharset=cp866,") = 0 [pid 5090] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5090] chdir("./file0") = 0 [pid 5090] ioctl(4, LOOP_CLR_FD) = 0 [pid 5090] close(4) = 0 [pid 5090] futex(0x7f1d9f5a17ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5090] futex(0x7f1d9f5a17a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5089] <... futex resumed>) = 0 [pid 5089] futex(0x7f1d9f5a17a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5090] <... futex resumed>) = 0 [pid 5089] <... futex resumed>) = 1 [pid 5090] mkdir(".", 0777 [pid 5089] futex(0x7f1d9f5a17bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5090] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5089] <... futex resumed>) = 0 [pid 5090] mount(NULL, ".", 0x200000c0, MS_RDONLY|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_SILENT|MS_I_VERSION|MS_STRICTATIME, "" [pid 5089] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f1d98081000 [pid 5089] mprotect(0x7f1d98082000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5089] clone(child_stack=0x7f1d980a13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5090] <... mount resumed>) = 0 [pid 5089] <... clone resumed>, parent_tid=[5091], tls=0x7f1d980a1700, child_tidptr=0x7f1d980a19d0) = 5091 [pid 5089] futex(0x7f1d9f5a17b8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5091 attached ) = 0 [pid 5090] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY [pid 5089] futex(0x7f1d9f5a17bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5091] set_robust_list(0x7f1d980a19e0, 24) = 0 [pid 5091] open("./file0", O_RDONLY [pid 5090] <... openat resumed>) = 4 [pid 5090] chdir(".") = 0 [pid 5091] <... open resumed>) = 5 [pid 5090] futex(0x7f1d9f5a17ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5091] futex(0x7f1d9f5a17bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5090] <... futex resumed>) = 0 [pid 5091] <... futex resumed>) = 1 [pid 5089] <... futex resumed>) = 0 [pid 5091] futex(0x7f1d9f5a17b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5089] futex(0x7f1d9f5a17a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5090] getdents(5, [pid 5089] <... futex resumed>) = 0 [pid 5090] <... getdents resumed>0x20000100 /* 2 entries */, 76) = 48 [pid 5089] futex(0x7f1d9f5a17ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5090] futex(0x7f1d9f5a17ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5089] <... futex resumed>) = 0 [pid 5090] futex(0x7f1d9f5a17a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5089] exit_group(0 [pid 5091] <... futex resumed>) = ? [pid 5090] <... futex resumed>) = ? [pid 5089] <... exit_group resumed>) = ? [pid 5090] +++ exited with 0 +++ [pid 5091] +++ exited with 0 +++ [pid 5089] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5089, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=11 /* 0.11 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555569ac620 /* 4 entries */, 32768) = 112 umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./5/binderfs") = 0 [ 56.553669][ T5090] loop0: detected capacity change from 0 to 32768 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555569b4660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555569b4660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file0") = 0 getdents64(3, 0x5555569ac620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555569ab5d0) = 5092 ./strace-static-x86_64: Process 5092 attached [pid 5092] set_robust_list(0x5555569ab5e0, 24) = 0 [pid 5092] chdir("./6") = 0 [pid 5092] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5092] setpgid(0, 0) = 0 [pid 5092] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5092] write(3, "1000", 4) = 4 [pid 5092] close(3) = 0 [pid 5092] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5092] futex(0x7f1d9f5a17ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5092] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f1d9f4a2000 [pid 5092] mprotect(0x7f1d9f4a3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5092] clone(child_stack=0x7f1d9f4c23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5093], tls=0x7f1d9f4c2700, child_tidptr=0x7f1d9f4c29d0) = 5093 [pid 5092] futex(0x7f1d9f5a17a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5092] futex(0x7f1d9f5a17ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5093 attached [pid 5093] set_robust_list(0x7f1d9f4c29e0, 24) = 0 [pid 5093] memfd_create("syzkaller", 0) = 3 [pid 5093] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1d970a2000 [pid 5093] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5093] munmap(0x7f1d970a2000, 16777216) = 0 [pid 5093] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5093] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5093] close(3) = 0 [pid 5093] mkdir("./file0", 0777) = 0 [pid 5093] mount("/dev/loop0", "./file0", "jfs", MS_NOATIME, "nodiscard,nointegrity,usrquota,integrity,iocharset=iso8859-6,iocharset=iso8859-7,iocharset=cp866,") = 0 [pid 5093] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5093] chdir("./file0") = 0 [pid 5093] ioctl(4, LOOP_CLR_FD) = 0 [pid 5093] close(4) = 0 [pid 5093] futex(0x7f1d9f5a17ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5092] <... futex resumed>) = 0 [pid 5093] mkdir(".", 0777 [pid 5092] futex(0x7f1d9f5a17a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5093] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5092] <... futex resumed>) = 0 [pid 5093] mount(NULL, ".", 0x200000c0, MS_RDONLY|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_SILENT|MS_I_VERSION|MS_STRICTATIME, "" [pid 5092] futex(0x7f1d9f5a17bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5092] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f1d98081000 [pid 5092] mprotect(0x7f1d98082000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5092] clone(child_stack=0x7f1d980a13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5094], tls=0x7f1d980a1700, child_tidptr=0x7f1d980a19d0) = 5094 [pid 5092] futex(0x7f1d9f5a17b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5092] futex(0x7f1d9f5a17bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5094 attached [pid 5094] set_robust_list(0x7f1d980a19e0, 24) = 0 [pid 5094] open("./file0", O_RDONLY [pid 5093] <... mount resumed>) = 0 [pid 5093] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4 [pid 5093] chdir(".") = 0 [pid 5093] futex(0x7f1d9f5a17ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5093] futex(0x7f1d9f5a17a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5094] <... open resumed>) = 5 [pid 5094] futex(0x7f1d9f5a17bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5092] <... futex resumed>) = 0 [pid 5094] futex(0x7f1d9f5a17b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5092] futex(0x7f1d9f5a17a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5093] <... futex resumed>) = 0 [pid 5092] <... futex resumed>) = 1 [pid 5093] getdents(5, [pid 5092] futex(0x7f1d9f5a17ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5093] <... getdents resumed>0x20000100 /* 2 entries */, 76) = 48 [pid 5093] futex(0x7f1d9f5a17ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5092] <... futex resumed>) = 0 [pid 5093] futex(0x7f1d9f5a17a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5092] exit_group(0 [pid 5094] <... futex resumed>) = ? [pid 5093] <... futex resumed>) = ? [pid 5092] <... exit_group resumed>) = ? [pid 5094] +++ exited with 0 +++ [pid 5093] +++ exited with 0 +++ [pid 5092] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5092, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=11 /* 0.11 s */} --- umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x5555569ac620 /* 4 entries */, 32768) = 112 umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./6/binderfs") = 0 [ 56.830297][ T5093] loop0: detected capacity change from 0 to 32768 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x5555569b4660 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555569b4660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file0") = 0 getdents64(3, 0x5555569ac620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555569ab5d0) = 5095 ./strace-static-x86_64: Process 5095 attached [pid 5095] set_robust_list(0x5555569ab5e0, 24) = 0 [pid 5095] chdir("./7") = 0 [pid 5095] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5095] setpgid(0, 0) = 0 [pid 5095] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5095] write(3, "1000", 4) = 4 [pid 5095] close(3) = 0 [pid 5095] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5095] futex(0x7f1d9f5a17ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5095] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f1d9f4a2000 [pid 5095] mprotect(0x7f1d9f4a3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5095] clone(child_stack=0x7f1d9f4c23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5096], tls=0x7f1d9f4c2700, child_tidptr=0x7f1d9f4c29d0) = 5096 [pid 5095] futex(0x7f1d9f5a17a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5095] futex(0x7f1d9f5a17ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5096 attached [pid 5096] set_robust_list(0x7f1d9f4c29e0, 24) = 0 [pid 5096] memfd_create("syzkaller", 0) = 3 [pid 5096] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1d970a2000 [pid 5096] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5096] munmap(0x7f1d970a2000, 16777216) = 0 [pid 5096] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5096] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5096] close(3) = 0 [pid 5096] mkdir("./file0", 0777) = 0 [pid 5096] mount("/dev/loop0", "./file0", "jfs", MS_NOATIME, "nodiscard,nointegrity,usrquota,integrity,iocharset=iso8859-6,iocharset=iso8859-7,iocharset=cp866,") = 0 [pid 5096] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5096] chdir("./file0") = 0 [pid 5096] ioctl(4, LOOP_CLR_FD) = 0 [pid 5096] close(4) = 0 [pid 5096] futex(0x7f1d9f5a17ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5095] <... futex resumed>) = 0 [pid 5095] futex(0x7f1d9f5a17a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5095] futex(0x7f1d9f5a17bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5095] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f1d98081000 [pid 5095] mprotect(0x7f1d98082000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5095] clone(child_stack=0x7f1d980a13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5097], tls=0x7f1d980a1700, child_tidptr=0x7f1d980a19d0) = 5097 ./strace-static-x86_64: Process 5097 attached [pid 5096] <... futex resumed>) = 1 [pid 5095] futex(0x7f1d9f5a17b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5095] futex(0x7f1d9f5a17bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5097] set_robust_list(0x7f1d980a19e0, 24 [pid 5096] mkdir(".", 0777) = -1 EEXIST (File exists) [pid 5097] <... set_robust_list resumed>) = 0 [pid 5097] open("./file0", O_RDONLY [pid 5096] mount(NULL, ".", 0x200000c0, MS_RDONLY|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_SILENT|MS_I_VERSION|MS_STRICTATIME, "" [pid 5097] <... open resumed>) = 4 [pid 5097] futex(0x7f1d9f5a17bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5095] <... futex resumed>) = 0 [pid 5095] futex(0x7f1d9f5a17b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5097] getdents(4, [ 57.095930][ T5096] loop0: detected capacity change from 0 to 32768 [pid 5095] futex(0x7f1d9f5a17bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5096] <... mount resumed>) = 0 [pid 5096] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 5 [pid 5096] chdir(".") = 0 [pid 5096] futex(0x7f1d9f5a17ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 57.137860][ T5097] read_mapping_page failed! [ 57.143075][ T5097] ERROR: (device loop0): txAbort: [ 57.143075][ T5097] [ 57.151316][ T5097] general protection fault, probably for non-canonical address 0xdffffc0000000029: 0000 [#1] PREEMPT SMP KASAN [ 57.163062][ T5097] KASAN: null-ptr-deref in range [0x0000000000000148-0x000000000000014f] [ 57.171454][ T5097] CPU: 0 PID: 5097 Comm: syz-executor839 Not tainted 6.2.0-rc5-syzkaller-00047-g7c46948a6e9c #0 [ 57.181843][ T5097] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023 [ 57.191881][ T5097] RIP: 0010:txEnd+0x21d/0x4c0 [ 57.196557][ T5097] Code: eb 0e 45 0f b7 ed 49 8d bc 24 4c 01 00 00 44 89 2d f8 63 eb 0e 48 89 fa 48 c1 ea 03 66 89 43 28 48 b8 00 00 00 00 00 fc ff df <0f> b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 30 [ 57.216157][ T5097] RSP: 0018:ffffc90003f4fb18 EFLAGS: 00010213 [ 57.222213][ T5097] RAX: dffffc0000000000 RBX: ffffc90002671110 RCX: 0000000000000000 [ 57.230168][ T5097] RDX: 0000000000000029 RSI: ffffffff82e8496f RDI: 000000000000014c [ 57.238137][ T5097] RBP: ffffffff8cccdde0 R08: 0000000000000003 R09: 0000000000000000 [ 57.246092][ T5097] R10: 0000000000000000 R11: 0000000000000005 R12: 0000000000000000 [ 57.254046][ T5097] R13: 0000000000000001 R14: 0000000000000000 R15: ffffc90002671112 [ 57.261998][ T5097] FS: 00007f1d980a1700(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 57.270912][ T5097] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 57.277479][ T5097] CR2: 00007f1d980a1718 CR3: 0000000076595000 CR4: 0000000000350ef0 [ 57.285435][ T5097] Call Trace: [ 57.288693][ T5097] [ 57.291609][ T5097] jfs_readdir+0x2865/0x4230 [ 57.296194][ T5097] ? dtDelete+0x2f90/0x2f90 [ 57.300716][ T5097] ? down_write_killable+0x15c/0x250 [ 57.306088][ T5097] ? down_write_killable_nested+0x250/0x250 [ 57.311974][ T5097] ? apparmor_file_permission+0x268/0x4e0 [ 57.317704][ T5097] iterate_dir+0x1fd/0x6f0 [ 57.322105][ T5097] __x64_sys_getdents+0x13e/0x2c0 [ 57.327108][ T5097] ? __ia32_sys_old_readdir+0x1d0/0x1d0 [ 57.332634][ T5097] ? filldir64+0x690/0x690 [ 57.337028][ T5097] ? lockdep_hardirqs_on+0x7d/0x100 [ 57.342209][ T5097] ? _raw_spin_unlock_irq+0x2e/0x50 [ 57.347388][ T5097] ? ptrace_notify+0xfe/0x140 [ 57.352045][ T5097] do_syscall_64+0x39/0xb0 [ 57.356445][ T5097] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 57.362322][ T5097] RIP: 0033:0x7f1d9f516729 [ 57.366720][ T5097] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 57.386489][ T5097] RSP: 002b:00007f1d980a12f8 EFLAGS: 00000246 ORIG_RAX: 000000000000004e [ 57.394890][ T5097] RAX: ffffffffffffffda RBX: 00007f1d9f5a17b0 RCX: 00007f1d9f516729 [ 57.402844][ T5097] RDX: 000000000000004c RSI: 0000000020000100 RDI: 0000000000000004 [ 57.410795][ T5097] RBP: 0030656c69662f2e R08: 0000000000000000 R09: 0000000000000000 [ 57.418746][ T5097] R10: 0000000000000000 R11: 0000000000000246 R12: 61746f7571727375 [ 57.426696][ T5097] R13: 726765746e696f6e R14: 7261637369646f6e R15: 00007f1d9f5a17b8 [ 57.434654][ T5097] [pid 5096] futex(0x7f1d9f5a17a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5095] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 57.437649][ T5097] Modules linked in: [ 57.441644][ T5097] ---[ end trace 0000000000000000 ]--- [ 57.447112][ T5097] RIP: 0010:txEnd+0x21d/0x4c0 [ 57.451858][ T5097] Code: eb 0e 45 0f b7 ed 49 8d bc 24 4c 01 00 00 44 89 2d f8 63 eb 0e 48 89 fa 48 c1 ea 03 66 89 43 28 48 b8 00 00 00 00 00 fc ff df <0f> b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 30 [ 57.471609][ T5097] RSP: 0018:ffffc90003f4fb18 EFLAGS: 00010213 [ 57.477700][ T5097] RAX: dffffc0000000000 RBX: ffffc90002671110 RCX: 0000000000000000 [ 57.485721][ T5097] RDX: 0000000000000029 RSI: ffffffff82e8496f RDI: 000000000000014c [ 57.493712][ T5097] RBP: ffffffff8cccdde0 R08: 0000000000000003 R09: 0000000000000000 [ 57.501714][ T5097] R10: 0000000000000000 R11: 0000000000000005 R12: 0000000000000000 [ 57.509725][ T5097] R13: 0000000000000001 R14: 0000000000000000 R15: ffffc90002671112 [ 57.517708][ T5097] FS: 00007f1d980a1700(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 57.526662][ T5097] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 57.533280][ T5097] CR2: 00007f1d980a1718 CR3: 0000000076595000 CR4: 0000000000350ef0 [ 57.541285][ T5097] Kernel panic - not syncing: Fatal exception [ 57.547934][ T5097] Kernel Offset: disabled [ 57.552249][ T5097] Rebooting in 86400 seconds..