./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1725130023 <...> Warning: Permanently added '10.128.1.26' (ED25519) to the list of known hosts. execve("./syz-executor1725130023", ["./syz-executor1725130023"], 0x7ffe94352a60 /* 10 vars */) = 0 brk(NULL) = 0x555556cc7000 brk(0x555556cc7d40) = 0x555556cc7d40 arch_prctl(ARCH_SET_FS, 0x555556cc73c0) = 0 set_tid_address(0x555556cc7690) = 295 set_robust_list(0x555556cc76a0, 24) = 0 rseq(0x555556cc7ce0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1725130023", 4096) = 28 getrandom("\xb0\x6c\x55\x60\xc9\x0a\x97\x32", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555556cc7d40 brk(0x555556ce8d40) = 0x555556ce8d40 brk(0x555556ce9000) = 0x555556ce9000 mprotect(0x7f622052b000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cc7690) = 296 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cc7690) = 297 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cc7690) = 298 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cc7690) = 299 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cc7690) = 300 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cc7690) = 301 ./strace-static-x86_64: Process 301 attached [pid 301] set_robust_list(0x555556cc76a0, 24) = 0 [pid 301] mkdir("./syzkaller.bzF58U", 0700) = 0 ./strace-static-x86_64: Process 296 attached [pid 296] set_robust_list(0x555556cc76a0, 24) = 0 [pid 296] mkdir("./syzkaller.sY6u5M", 0700) = 0 [pid 301] chmod("./syzkaller.bzF58U", 0777) = 0 [pid 296] chmod("./syzkaller.sY6u5M", 0777) = 0 [pid 301] chdir("./syzkaller.bzF58U") = 0 [pid 296] chdir("./syzkaller.sY6u5M" [pid 301] mkdir("./0", 0777 [pid 296] <... chdir resumed>) = 0 [pid 296] mkdir("./0", 0777 [pid 301] <... mkdir resumed>) = 0 [pid 296] <... mkdir resumed>) = 0 [pid 296] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 301] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 296] <... openat resumed>) = 3 [pid 301] <... openat resumed>) = 3 [pid 301] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 301] close(3) = 0 [pid 301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 296] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 296] close(3) = 0 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cc7690) = 303 [pid 301] <... clone resumed>, child_tidptr=0x555556cc7690) = 302 ./strace-static-x86_64: Process 302 attached [pid 302] set_robust_list(0x555556cc76a0, 24) = 0 [pid 302] chdir("./0") = 0 [pid 302] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 302] setpgid(0, 0) = 0 [pid 302] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 302] write(3, "1000", 4) = 4 [pid 302] close(3) = 0 [pid 302] symlink("/dev/binderfs", "./binderfs") = 0 [pid 302] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 302] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, NULL, 8) = 0 [pid 302] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 302] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220445000 [pid 302] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 302] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 302] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} => {parent_tid=[304]}, 88) = 304 [pid 302] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 302] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 302] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 302] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220424000 [pid 302] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 302] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 302] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} => {parent_tid=[305]}, 88) = 305 [pid 302] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 302] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 302] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 305 attached [pid 305] set_robust_list(0x7f62204449a0, 24) = 0 [pid 305] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 305] creat("./bus", 000) = 3 [pid 305] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 302] <... futex resumed>) = 0 [pid 302] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 302] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 305] <... futex resumed>) = 1 [pid 305] mount("/dev/loop5", "./bus", NULL, MS_BIND, NULL) = 0 [pid 305] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 302] <... futex resumed>) = 0 [pid 302] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 302] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 305] <... futex resumed>) = 1 [pid 305] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 4 [pid 305] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 302] <... futex resumed>) = 0 [pid 302] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 302] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 305] <... futex resumed>) = 1 [pid 305] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE) = 5 [pid 305] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 302] <... futex resumed>) = 0 [pid 302] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 302] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 305] <... futex resumed>) = 1 [pid 305] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 4, 0) = 0x20000000 [pid 305] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 302] <... futex resumed>) = 0 [pid 302] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 305] <... futex resumed>) = 1 [pid 305] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000144} --- ./strace-static-x86_64: Process 304 attached [pid 305] +++ killed by SIGBUS +++ [pid 304] +++ killed by SIGBUS +++ [pid 302] +++ killed by SIGBUS +++ [pid 301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=302, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 301] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 301] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 301] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 301] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 301] getdents64(3, 0x555556cc8730 /* 4 entries */, 32768) = 104 [pid 301] umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 297 attached [pid 297] set_robust_list(0x555556cc76a0, 24) = 0 [pid 301] <... umount2 resumed>) = 0 [pid 301] umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 301] newfstatat(AT_FDCWD, "./0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 301] unlink("./0/bus") = 0 [pid 301] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 301] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 301] unlink("./0/binderfs") = 0 [pid 301] getdents64(3, 0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 301] close(3) = 0 [pid 301] rmdir("./0") = 0 [pid 301] mkdir("./1", 0777) = 0 [pid 301] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 301] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 301] close(3) = 0 [pid 301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cc7690) = 306 [pid 297] mkdir("./syzkaller.9gSDIa", 0700) = 0 [pid 297] chmod("./syzkaller.9gSDIa", 0777) = 0 [pid 297] chdir("./syzkaller.9gSDIa") = 0 [pid 297] mkdir("./0", 0777) = 0 [pid 297] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 297] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 297] close(3./strace-static-x86_64: Process 303 attached ) = 0 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cc7690) = 308 ./strace-static-x86_64: Process 306 attached [pid 306] set_robust_list(0x555556cc76a0, 24) = 0 [pid 303] set_robust_list(0x555556cc76a0, 24 [pid 306] chdir("./1") = 0 [pid 306] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 306] setpgid(0, 0) = 0 [pid 306] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 306] write(3, "1000", 4) = 4 [pid 306] close(3) = 0 [pid 306] symlink("/dev/binderfs", "./binderfs") = 0 [pid 306] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 306] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, NULL, 8) = 0 [pid 306] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], ./strace-static-x86_64: Process 299 attached ./strace-static-x86_64: Process 300 attached ./strace-static-x86_64: Process 298 attached [pid 303] <... set_robust_list resumed>) = 0 [pid 306] <... rt_sigprocmask resumed>NULL, 8) = 0 [ 23.008003][ T30] audit: type=1400 audit(1694881038.096:66): avc: denied { execmem } for pid=295 comm="syz-executor172" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [pid 306] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0./strace-static-x86_64: Process 308 attached [pid 303] chdir("./0" [pid 300] set_robust_list(0x555556cc76a0, 24 [pid 306] <... mmap resumed>) = 0x7f6220445000 [pid 299] set_robust_list(0x555556cc76a0, 24 [pid 298] set_robust_list(0x555556cc76a0, 24 [pid 303] <... chdir resumed>) = 0 [pid 300] <... set_robust_list resumed>) = 0 [pid 299] <... set_robust_list resumed>) = 0 [pid 298] <... set_robust_list resumed>) = 0 [pid 303] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 308] set_robust_list(0x555556cc76a0, 24 [pid 306] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 300] mkdir("./syzkaller.Zpv55J", 0700 [pid 299] mkdir("./syzkaller.4NT5vc", 0700 [pid 308] <... set_robust_list resumed>) = 0 [pid 306] <... mprotect resumed>) = 0 [pid 303] <... prctl resumed>) = 0 [pid 298] mkdir("./syzkaller.4RDDfu", 0700 [pid 308] chdir("./0" [pid 306] rt_sigprocmask(SIG_BLOCK, ~[], [pid 303] setpgid(0, 0 [pid 299] <... mkdir resumed>) = 0 [pid 298] <... mkdir resumed>) = 0 [pid 308] <... chdir resumed>) = 0 [pid 306] <... rt_sigprocmask resumed>[], 8) = 0 [pid 303] <... setpgid resumed>) = 0 [pid 300] <... mkdir resumed>) = 0 [pid 298] chmod("./syzkaller.4RDDfu", 0777 [pid 299] chmod("./syzkaller.4NT5vc", 0777 [pid 303] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 300] chmod("./syzkaller.Zpv55J", 0777 [pid 298] <... chmod resumed>) = 0 [pid 299] <... chmod resumed>) = 0 [pid 308] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 306] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 303] <... openat resumed>) = 3 [pid 300] <... chmod resumed>) = 0 [pid 299] chdir("./syzkaller.4NT5vc" [pid 298] chdir("./syzkaller.4RDDfu" [pid 303] write(3, "1000", 4 [pid 300] chdir("./syzkaller.Zpv55J" [pid 299] <... chdir resumed>) = 0 [pid 303] <... write resumed>) = 4 [pid 300] <... chdir resumed>) = 0 [pid 298] <... chdir resumed>) = 0 [pid 308] <... prctl resumed>) = 0 [pid 303] close(3 [pid 300] mkdir("./0", 0777 [pid 299] mkdir("./0", 0777 [pid 298] mkdir("./0", 0777 [pid 303] <... close resumed>) = 0 [pid 308] setpgid(0, 0 [pid 306] <... clone3 resumed> => {parent_tid=[311]}, 88) = 311 [pid 303] symlink("/dev/binderfs", "./binderfs" [pid 300] <... mkdir resumed>) = 0 [pid 308] <... setpgid resumed>) = 0 [pid 306] rt_sigprocmask(SIG_SETMASK, [], [pid 298] <... mkdir resumed>) = 0 [pid 303] <... symlink resumed>) = 0 [pid 308] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 306] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 303] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 299] <... mkdir resumed>) = 0 [pid 298] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 308] <... openat resumed>) = 3 [pid 306] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 303] <... futex resumed>) = 0 [pid 300] <... openat resumed>) = 3 [pid 299] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 298] <... openat resumed>) = 3 [pid 303] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 300] ioctl(3, LOOP_CLR_FD [pid 303] <... rt_sigaction resumed>NULL, 8) = 0 [pid 299] <... openat resumed>) = 3 [pid 298] ioctl(3, LOOP_CLR_FD [pid 300] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 308] write(3, "1000", 4 [pid 306] <... futex resumed>) = 0 [pid 303] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 300] close(3 [pid 299] ioctl(3, LOOP_CLR_FD [pid 298] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 308] <... write resumed>) = 4 [pid 306] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 303] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 300] <... close resumed>) = 0 [pid 299] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 308] close(3 [pid 306] <... futex resumed>) = 0 [pid 308] <... close resumed>) = 0 [pid 306] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 308] symlink("/dev/binderfs", "./binderfs" [pid 306] <... mmap resumed>) = 0x7f6220424000 [pid 308] <... symlink resumed>) = 0 [pid 306] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 308] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 306] <... mprotect resumed>) = 0 [pid 308] <... futex resumed>) = 0 [pid 306] rt_sigprocmask(SIG_BLOCK, ~[], [pid 303] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 299] close(3 [pid 298] close(3 [pid 308] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 306] <... rt_sigprocmask resumed>[], 8) = 0 [pid 308] <... rt_sigaction resumed>NULL, 8) = 0 [pid 306] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 303] <... mmap resumed>) = 0x7f6220445000 [pid 299] <... close resumed>) = 0 [pid 298] <... close resumed>) = 0 [pid 308] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 303] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 308] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 306] <... clone3 resumed> => {parent_tid=[313]}, 88) = 313 [pid 303] <... mprotect resumed>) = 0 [pid 308] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 306] rt_sigprocmask(SIG_SETMASK, [], [pid 308] <... mmap resumed>) = 0x7f6220445000 [pid 306] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 303] rt_sigprocmask(SIG_BLOCK, ~[], [pid 300] <... clone resumed>, child_tidptr=0x555556cc7690) = 312 [pid 299] <... clone resumed>, child_tidptr=0x555556cc7690) = 314 [pid 308] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 306] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 303] <... rt_sigprocmask resumed>[], 8) = 0 [pid 298] <... clone resumed>, child_tidptr=0x555556cc7690) = 315 [pid 308] <... mprotect resumed>) = 0 [pid 306] <... futex resumed>) = 0 [pid 303] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 308] rt_sigprocmask(SIG_BLOCK, ~[], [pid 306] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 308] <... rt_sigprocmask resumed>[], 8) = 0 [pid 303] <... clone3 resumed> => {parent_tid=[316]}, 88) = 316 [pid 308] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 303] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 308] <... clone3 resumed> => {parent_tid=[317]}, 88) = 317 [pid 308] rt_sigprocmask(SIG_SETMASK, [], [pid 303] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 308] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 303] <... futex resumed>) = 0 [pid 308] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 303] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 308] <... futex resumed>) = 0 [pid 303] <... futex resumed>) = 0 [pid 308] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 303] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 308] <... futex resumed>) = 0 [pid 303] <... mmap resumed>) = 0x7f6220424000 [pid 308] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 303] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 308] <... mmap resumed>) = 0x7f6220424000 [pid 303] <... mprotect resumed>) = 0 [pid 308] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 303] rt_sigprocmask(SIG_BLOCK, ~[], [pid 308] rt_sigprocmask(SIG_BLOCK, ~[], [pid 303] <... rt_sigprocmask resumed>[], 8) = 0 [pid 308] <... rt_sigprocmask resumed>[], 8) = 0 [pid 303] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 308] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} => {parent_tid=[319]}, 88) = 319 [pid 303] <... clone3 resumed> => {parent_tid=[318]}, 88) = 318 [pid 308] rt_sigprocmask(SIG_SETMASK, [], [pid 303] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 311 attached [pid 308] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 303] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 308] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 303] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 308] <... futex resumed>) = 0 [pid 311] set_robust_list(0x7f62204659a0, 24 [pid 303] <... futex resumed>) = 0 [pid 311] <... set_robust_list resumed>) = 0 [pid 308] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 303] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 311] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 319 attached ./strace-static-x86_64: Process 317 attached ./strace-static-x86_64: Process 316 attached [pid 311] memfd_create("syzkaller", 0) = 3 ./strace-static-x86_64: Process 315 attached ./strace-static-x86_64: Process 314 attached [pid 311] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0./strace-static-x86_64: Process 313 attached [pid 319] set_robust_list(0x7f62204449a0, 24 [pid 317] set_robust_list(0x7f62204659a0, 24 [pid 316] set_robust_list(0x7f62204659a0, 24 [pid 315] set_robust_list(0x555556cc76a0, 24 [pid 314] set_robust_list(0x555556cc76a0, 24 [pid 311] <... mmap resumed>) = 0x7f6218024000 ./strace-static-x86_64: Process 312 attached [pid 319] <... set_robust_list resumed>) = 0 [pid 317] <... set_robust_list resumed>) = 0 [pid 316] <... set_robust_list resumed>) = 0 [pid 313] set_robust_list(0x7f62204449a0, 24 [pid 315] <... set_robust_list resumed>) = 0 [pid 315] chdir("./0" [pid 314] <... set_robust_list resumed>) = 0 [pid 319] rt_sigprocmask(SIG_SETMASK, [], [pid 317] rt_sigprocmask(SIG_SETMASK, [], [pid 316] rt_sigprocmask(SIG_SETMASK, [], [pid 315] <... chdir resumed>) = 0 [pid 314] chdir("./0" [pid 313] <... set_robust_list resumed>) = 0 [pid 312] set_robust_list(0x555556cc76a0, 24 [pid 315] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 314] <... chdir resumed>) = 0 [pid 311] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144./strace-static-x86_64: Process 318 attached [pid 315] <... prctl resumed>) = 0 [pid 314] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 319] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 317] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 316] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 315] setpgid(0, 0 [pid 314] <... prctl resumed>) = 0 [pid 313] rt_sigprocmask(SIG_SETMASK, [], [pid 312] <... set_robust_list resumed>) = 0 [pid 319] creat("./bus", 000 [pid 318] set_robust_list(0x7f62204449a0, 24 [pid 317] memfd_create("syzkaller", 0 [pid 316] memfd_create("syzkaller", 0 [pid 315] <... setpgid resumed>) = 0 [pid 314] setpgid(0, 0 [pid 313] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 312] chdir("./0" [pid 319] <... creat resumed>) = 3 [pid 317] <... memfd_create resumed>) = 4 [pid 316] <... memfd_create resumed>) = 3 [pid 313] creat("./bus", 000 [pid 312] <... chdir resumed>) = 0 [pid 311] <... write resumed>) = 262144 [pid 319] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 318] <... set_robust_list resumed>) = 0 [pid 317] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 316] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 315] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 314] <... setpgid resumed>) = 0 [pid 313] <... creat resumed>) = 4 [pid 312] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 319] <... futex resumed>) = 1 [pid 317] <... mmap resumed>) = 0x7f6218024000 [pid 316] <... mmap resumed>) = 0x7f6218024000 [pid 313] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 312] <... prctl resumed>) = 0 [pid 308] <... futex resumed>) = 0 [pid 319] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 318] rt_sigprocmask(SIG_SETMASK, [], [ 23.052178][ T30] audit: type=1400 audit(1694881038.096:67): avc: denied { read write } for pid=296 comm="syz-executor172" name="loop0" dev="devtmpfs" ino=112 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 317] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 316] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 315] <... openat resumed>) = 3 [pid 314] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 313] <... futex resumed>) = 1 [pid 312] setpgid(0, 0 [pid 311] munmap(0x7f6218024000, 262144 [pid 308] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 306] <... futex resumed>) = 0 [pid 319] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 318] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 317] <... write resumed>) = 262144 [pid 316] <... write resumed>) = 262144 [pid 315] write(3, "1000", 4 [pid 314] <... openat resumed>) = 3 [pid 313] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 312] <... setpgid resumed>) = 0 [pid 311] <... munmap resumed>) = 0 [pid 308] <... futex resumed>) = 0 [pid 306] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 319] mount("/dev/loop1", "./bus", NULL, MS_BIND, NULL [pid 318] creat("./bus", 000 [pid 317] munmap(0x7f6218024000, 262144 [pid 316] munmap(0x7f6218024000, 262144 [pid 315] <... write resumed>) = 4 [pid 314] write(3, "1000", 4 [pid 313] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 312] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 311] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 308] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 306] <... futex resumed>) = 0 [pid 319] <... mount resumed>) = 0 [pid 318] <... creat resumed>) = 4 [pid 317] <... munmap resumed>) = 0 [pid 316] <... munmap resumed>) = 0 [pid 315] close(3 [pid 314] <... write resumed>) = 4 [pid 313] mount("/dev/loop5", "./bus", NULL, MS_BIND, NULL [pid 312] <... openat resumed>) = 3 [pid 311] <... openat resumed>) = 5 [pid 306] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 319] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 318] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 317] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 316] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 315] <... close resumed>) = 0 [pid 314] close(3 [pid 313] <... mount resumed>) = 0 [pid 312] write(3, "1000", 4 [ 23.121309][ T30] audit: type=1400 audit(1694881038.096:68): avc: denied { open } for pid=296 comm="syz-executor172" path="/dev/loop0" dev="devtmpfs" ino=112 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 23.142598][ T311] loop5: detected capacity change from 0 to 512 [pid 311] ioctl(5, LOOP_SET_FD, 3 [pid 319] <... futex resumed>) = 1 [pid 318] <... futex resumed>) = 1 [pid 317] <... openat resumed>) = 5 [pid 316] <... openat resumed>) = 5 [pid 315] symlink("/dev/binderfs", "./binderfs" [pid 314] <... close resumed>) = 0 [pid 313] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 312] <... write resumed>) = 4 [pid 308] <... futex resumed>) = 0 [pid 303] <... futex resumed>) = 0 [pid 318] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 315] <... symlink resumed>) = 0 [pid 314] symlink("/dev/binderfs", "./binderfs" [pid 303] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 318] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 315] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 314] <... symlink resumed>) = 0 [pid 303] <... futex resumed>) = 0 [pid 318] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 315] <... futex resumed>) = 0 [pid 314] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 303] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 318] <... mount resumed>) = 0 [pid 315] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 314] <... futex resumed>) = 0 [pid 318] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 315] <... rt_sigaction resumed>NULL, 8) = 0 [pid 314] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 318] <... futex resumed>) = 1 [pid 315] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 314] <... rt_sigaction resumed>NULL, 8) = 0 [pid 303] <... futex resumed>) = 0 [pid 318] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 315] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 314] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 303] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 318] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 315] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 314] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 303] <... futex resumed>) = 0 [pid 318] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 315] <... mmap resumed>) = 0x7f6220445000 [pid 314] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 303] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 318] <... open resumed>) = 6 [pid 315] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 314] <... mmap resumed>) = 0x7f6220445000 [pid 318] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 315] <... mprotect resumed>) = 0 [pid 314] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 318] <... futex resumed>) = 1 [pid 315] rt_sigprocmask(SIG_BLOCK, ~[], [pid 314] <... mprotect resumed>) = 0 [pid 303] <... futex resumed>) = 0 [pid 318] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 315] <... rt_sigprocmask resumed>[], 8) = 0 [pid 314] rt_sigprocmask(SIG_BLOCK, ~[], [pid 303] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 318] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 315] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 314] <... rt_sigprocmask resumed>[], 8) = 0 [pid 303] <... futex resumed>) = 0 [pid 318] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 314] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 303] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 318] <... socket resumed>) = 7 [pid 315] <... clone3 resumed> => {parent_tid=[320]}, 88) = 320 [pid 318] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 315] rt_sigprocmask(SIG_SETMASK, [], [pid 314] <... clone3 resumed> => {parent_tid=[321]}, 88) = 321 [pid 318] <... futex resumed>) = 1 [pid 315] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 314] rt_sigprocmask(SIG_SETMASK, [], [pid 303] <... futex resumed>) = 0 [pid 318] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 315] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 314] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 303] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 318] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 315] <... futex resumed>) = 0 [pid 314] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 303] <... futex resumed>) = 0 [pid 318] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 6, 0 [pid 315] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 314] <... futex resumed>) = 0 [pid 303] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 318] <... mmap resumed>) = 0x20000000 [pid 315] <... futex resumed>) = 0 [pid 314] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 318] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 315] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 314] <... futex resumed>) = 0 [pid 318] <... futex resumed>) = 1 [pid 315] <... mmap resumed>) = 0x7f6220424000 [pid 314] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 303] <... futex resumed>) = 0 [pid 318] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 315] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 314] <... mmap resumed>) = 0x7f6220424000 [pid 303] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 318] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 315] <... mprotect resumed>) = 0 [pid 314] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 311] <... ioctl resumed>) = 0 [pid 303] <... futex resumed>) = 0 [pid 318] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000144} --- [pid 315] rt_sigprocmask(SIG_BLOCK, ~[], [pid 314] <... mprotect resumed>) = 0 [pid 311] close(3 [pid 303] close(3 [pid 315] <... rt_sigprocmask resumed>[], 8) = 0 [pid 314] rt_sigprocmask(SIG_BLOCK, ~[], [pid 311] <... close resumed>) = 0 [pid 315] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 314] <... rt_sigprocmask resumed>[], 8) = 0 [pid 314] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 311] mkdir("./file0", 0777 [pid 315] <... clone3 resumed> => {parent_tid=[322]}, 88) = 322 [pid 311] <... mkdir resumed>) = 0 [pid 315] rt_sigprocmask(SIG_SETMASK, [], [pid 314] <... clone3 resumed> => {parent_tid=[323]}, 88) = 323 [pid 311] mount("/dev/loop5", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 315] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 314] rt_sigprocmask(SIG_SETMASK, [], [pid 315] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 314] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 315] <... futex resumed>) = 0 [pid 314] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 315] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 314] <... futex resumed>) = 0 [pid 314] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 320 attached [pid 320] set_robust_list(0x7f62204659a0, 24) = 0 [pid 320] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 320] memfd_create("syzkaller", 0) = 3 [pid 320] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6218024000 ./strace-static-x86_64: Process 322 attached [pid 322] set_robust_list(0x7f62204449a0, 24) = 0 [pid 322] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 322] creat("./bus", 000 [pid 320] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 322] <... creat resumed>) = 4 ./strace-static-x86_64: Process 323 attached [pid 323] set_robust_list(0x7f62204449a0, 24) = 0 [pid 323] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 323] creat("./bus", 000) = 3 [pid 322] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 315] <... futex resumed>) = 0 [pid 315] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 315] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 322] <... futex resumed>) = 1 [pid 322] mount("/dev/loop2", "./bus", NULL, MS_BIND, NULL) = 0 [pid 322] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 315] <... futex resumed>) = 0 [pid 315] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 315] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 322] <... futex resumed>) = 1 [pid 323] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 322] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 323] <... futex resumed>) = 1 [pid 322] <... open resumed>) = 5 [pid 314] <... futex resumed>) = 0 [pid 323] mount("/dev/loop3", "./bus", NULL, MS_BIND, NULL [pid 322] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 314] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 323] <... mount resumed>) = 0 [pid 322] <... futex resumed>) = 1 [pid 315] <... futex resumed>) = 0 [pid 314] <... futex resumed>) = 0 [pid 323] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 322] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 315] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 314] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 323] <... futex resumed>) = 0 [pid 322] <... socket resumed>) = 6 [pid 320] <... write resumed>) = 262144 [pid 315] <... futex resumed>) = 0 [pid 314] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 323] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 322] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 320] munmap(0x7f6218024000, 262144 [pid 315] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 314] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 323] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 322] <... futex resumed>) = 0 [pid 320] <... munmap resumed>) = 0 [pid 315] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 314] <... futex resumed>) = 0 [pid 323] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 322] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 320] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 315] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 314] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 323] <... open resumed>) = 4 [pid 322] <... mmap resumed>) = 0x20000000 [pid 320] <... openat resumed>) = 7 [pid 315] <... futex resumed>) = 0 [pid 323] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 322] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 320] ioctl(7, LOOP_SET_FD, 3 [pid 315] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 321 attached [pid 323] <... futex resumed>) = 1 [pid 322] <... futex resumed>) = 0 [pid 319] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 317] ioctl(5, LOOP_SET_FD, 4 [pid 315] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 23.146096][ T30] audit: type=1400 audit(1694881038.096:69): avc: denied { ioctl } for pid=301 comm="syz-executor172" path="/dev/loop5" dev="devtmpfs" ino=117 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 23.169807][ T320] loop2: detected capacity change from 0 to 512 [ 23.184006][ T30] audit: type=1400 audit(1694881038.106:70): avc: denied { mounton } for pid=302 comm="syz-executor172" path="/root/syzkaller.bzF58U/0/bus" dev="sda1" ino=1932 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=file permissive=1 [ 23.184717][ T322] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 3 prio class 0 [pid 314] <... futex resumed>) = 0 [pid 313] <... futex resumed>) = 1 [pid 312] close(3 [pid 308] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 306] <... futex resumed>) = 0 [pid 323] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 321] set_robust_list(0x7f62204659a0, 24 [pid 319] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 317] <... ioctl resumed>) = 0 [pid 316] +++ killed by SIGBUS +++ [pid 315] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 314] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 323] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 315] <... futex resumed>) = 0 [pid 314] <... futex resumed>) = 0 [pid 323] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 314] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 323] <... socket resumed>) = 5 [pid 323] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 314] <... futex resumed>) = 0 [pid 323] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 314] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 323] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 314] <... futex resumed>) = 0 [pid 323] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 4, 0 [pid 314] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 323] <... mmap resumed>) = 0x20000000 [pid 323] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 314] <... futex resumed>) = 0 [pid 323] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 314] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 323] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 314] <... futex resumed>) = 0 [pid 323] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000144} --- [pid 314] read(542316032, [pid 320] <... ioctl resumed>) = 0 [pid 320] close(3) = 0 [pid 320] mkdir(0x20000000, 0777) = -1 ENOENT (No such file or directory) [pid 320] mount("/dev/loop2", 0x20000000, 0x200005c0, MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"...) = -1 ENOENT (No such file or directory) [pid 320] ioctl(7, LOOP_CLR_FD) = 0 [pid 320] close(7) = 0 [pid 320] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 320] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 322] memfd_create("syzkaller", 0) = 3 [pid 322] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f620fc64000 [pid 322] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536) = 65536 [pid 322] munmap(0x7f620fc64000, 65536) = 0 [pid 322] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 313] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 312] <... close resumed>) = 0 [pid 312] symlink("/dev/binderfs", "./binderfs") = 0 [pid 312] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 312] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, NULL, 8) = 0 [pid 312] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 312] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 319] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 312] <... mmap resumed>) = 0x7f6220445000 [pid 308] <... futex resumed>) = 0 [pid 306] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 312] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 312] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 312] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} => {parent_tid=[324]}, 88) = 324 [pid 312] rt_sigprocmask(SIG_SETMASK, [], [pid 318] +++ killed by SIGBUS +++ [pid 312] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 303] +++ killed by SIGBUS +++ [pid 317] close(4 [pid 321] <... set_robust_list resumed>) = ? [pid 319] <... open resumed>) = 6 [pid 317] <... close resumed>) = 0 [pid 313] <... futex resumed>) = 0 [pid 312] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 308] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 306] <... futex resumed>) = 1 [pid 313] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 312] <... futex resumed>) = 0 [pid 313] <... open resumed>) = 3 [pid 312] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 313] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 312] <... futex resumed>) = 0 [pid 313] <... futex resumed>) = 0 [pid 312] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 313] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 312] <... mmap resumed>) = 0x7f6220424000 [pid 312] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 312] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 312] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} => {parent_tid=[327]}, 88) = 327 [pid 312] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 312] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 312] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 322] <... openat resumed>) = 7 [pid 322] ioctl(7, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 322] ioctl(7, LOOP_CLR_FD) = 0 ./strace-static-x86_64: Process 327 attached [pid 327] set_robust_list(0x7f62204449a0, 24) = 0 [pid 327] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 327] creat("./bus", 000 [pid 322] ioctl(7, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 322] close(7) = 0 [pid 322] close(3) = 0 [pid 322] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 322] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 315] exit_group(0 [pid 320] <... futex resumed>) = ? [pid 315] <... exit_group resumed>) = ? [pid 320] +++ exited with 0 +++ [pid 322] <... futex resumed>) = ? [ 23.208534][ T317] loop1: detected capacity change from 0 to 512 [ 23.225736][ T30] audit: type=1400 audit(1694881038.106:71): avc: denied { create } for pid=302 comm="syz-executor172" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [pid 321] +++ killed by SIGBUS +++ [pid 319] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 317] mkdir("./file0", 0777 [pid 308] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 306] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=303, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 323] +++ killed by SIGBUS +++ [pid 314] +++ killed by SIGBUS +++ [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=314, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 319] <... futex resumed>) = 0 [pid 317] <... mkdir resumed>) = 0 [pid 308] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 306] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 296] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 299] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(3, 0x555556cc8730 /* 4 entries */, 32768) = 104 [pid 299] umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 327] <... creat resumed>) = 3 [pid 327] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 312] <... futex resumed>) = 0 [pid 312] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 312] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 327] <... futex resumed>) = 1 [pid 327] mount("/dev/loop4", "./bus", NULL, MS_BIND, NULL) = 0 [pid 327] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 312] <... futex resumed>) = 0 [pid 312] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 327] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 312] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 327] <... open resumed>) = 4 [pid 327] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 312] <... futex resumed>) = 0 [pid 327] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 312] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 327] <... socket resumed>) = 5 [pid 312] <... futex resumed>) = 0 [pid 327] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 312] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 327] <... futex resumed>) = 0 [pid 312] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 327] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 4, 0 [pid 312] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 327] <... mmap resumed>) = 0x20000000 [pid 312] <... futex resumed>) = 0 [pid 327] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 312] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 327] <... futex resumed>) = 0 [pid 312] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) ./strace-static-x86_64: Process 324 attached [pid 327] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000144} --- [pid 312] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = ? [pid 324] +++ killed by SIGBUS +++ [pid 327] +++ killed by SIGBUS +++ [pid 312] +++ killed by SIGBUS +++ [pid 319] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 317] mount("/dev/loop1", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 308] <... futex resumed>) = 0 [pid 306] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=312, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 299] <... umount2 resumed>) = 0 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 300] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] newfstatat(AT_FDCWD, "./0/bus", [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 300] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 299] unlink("./0/bus" [pid 300] <... openat resumed>) = 3 [pid 299] <... unlink resumed>) = 0 [pid 300] newfstatat(3, "", [pid 299] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 300] getdents64(3, [pid 299] newfstatat(AT_FDCWD, "./0/binderfs", [pid 300] <... getdents64 resumed>0x555556cc8730 /* 4 entries */, 32768) = 104 [pid 299] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 300] umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] unlink("./0/binderfs") = 0 [pid 299] getdents64(3, 0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 299] close(3) = 0 [pid 299] rmdir("./0") = 0 [pid 299] mkdir("./1", 0777) = 0 [pid 299] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 299] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 299] close(3) = 0 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cc7690) = 329 [ 23.249421][ T30] audit: type=1400 audit(1694881038.106:72): avc: denied { map } for pid=302 comm="syz-executor172" path="/root/syzkaller.bzF58U/0/bus" dev="devtmpfs" ino=117 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 23.277152][ T30] audit: type=1400 audit(1694881038.106:73): avc: denied { unmount } for pid=301 comm="syz-executor172" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1 [ 23.289812][ T311] EXT4-fs (loop5): mounted filesystem without journal. Opts: nodiscard,barrier,nouid32,grpquota,,errors=continue. Quota mode: writeback. ./strace-static-x86_64: Process 329 attached [pid 329] set_robust_list(0x555556cc76a0, 24) = 0 [pid 329] chdir("./1") = 0 [pid 329] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 329] setpgid(0, 0) = 0 [pid 329] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 329] write(3, "1000", 4) = 4 [pid 329] close(3) = 0 [pid 329] symlink("/dev/binderfs", "./binderfs") = 0 [pid 329] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 329] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, NULL, 8) = 0 [pid 329] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 329] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220445000 [pid 329] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 329] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 329] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} => {parent_tid=[330]}, 88) = 330 [pid 329] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 329] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 329] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 329] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220424000 [pid 329] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 329] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 329] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} => {parent_tid=[331]}, 88) = 331 [pid 329] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 329] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 329] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 319] <... socket resumed>) = 4 [pid 313] <... futex resumed>) = 0 [pid 308] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 306] <... futex resumed>) = 1 [pid 300] <... umount2 resumed>) = 0 [pid 296] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 319] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 313] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 306] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 300] umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 319] <... futex resumed>) = 1 [pid 313] <... socket resumed>) = 6 [pid 308] <... futex resumed>) = 0 [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... openat resumed>) = 3 [pid 313] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] newfstatat(AT_FDCWD, "./0/bus", [pid 313] <... futex resumed>) = 1 [pid 306] <... futex resumed>) = 0 [pid 300] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 313] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 306] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] unlink("./0/bus" [pid 313] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 306] <... futex resumed>) = 0 [pid 300] <... unlink resumed>) = 0 [pid 313] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 3, 0 [ 23.297773][ T30] audit: type=1400 audit(1694881038.236:74): avc: denied { mounton } for pid=306 comm="syz-executor172" path="/root/syzkaller.bzF58U/1/file0" dev="sda1" ino=1947 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 23.337037][ T30] audit: type=1400 audit(1694881038.416:75): avc: denied { mount } for pid=306 comm="syz-executor172" name="/" dev="loop5" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 23.359422][ T311] ext4 filesystem being mounted at /root/syzkaller.bzF58U/1/file0 supports timestamps until 2038 (0x7fffffff) [pid 306] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 300] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 331 attached ./strace-static-x86_64: Process 330 attached [pid 319] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 313] <... mmap resumed>) = 0x20000000 [pid 311] <... mount resumed>) = 0 [pid 308] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] newfstatat(3, "", [pid 319] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 311] openat(AT_FDCWD, 0x20000000, O_RDONLY|O_DIRECTORY [pid 308] <... futex resumed>) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 319] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 6, 0 [pid 311] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 308] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 296] getdents64(3, [pid 311] ioctl(5, LOOP_CLR_FD [pid 296] <... getdents64 resumed>0x555556cc8730 /* 4 entries */, 32768) = 104 [pid 311] <... ioctl resumed>) = 0 [pid 311] close(5 [pid 296] umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 311] <... close resumed>) = 0 [pid 311] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 311] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 331] set_robust_list(0x7f62204449a0, 24 [pid 330] set_robust_list(0x7f62204659a0, 24 [pid 329] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 322] +++ exited with 0 +++ [pid 319] <... mmap resumed>) = 0x20000000 [pid 315] +++ exited with 0 +++ [pid 313] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 329] futex(0x7f62205316ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] newfstatat(AT_FDCWD, "./0/binderfs", [pid 329] <... futex resumed>) = 0 [pid 300] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 329] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 317] <... mount resumed>) = 0 [pid 300] unlink("./0/binderfs" [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=315, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 296] <... umount2 resumed>) = 0 [pid 329] <... mmap resumed>) = 0x7f6220403000 [pid 300] <... unlink resumed>) = 0 [pid 298] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 329] mprotect(0x7f6220404000, 131072, PROT_READ|PROT_WRITE [pid 300] getdents64(3, [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 329] <... mprotect resumed>) = 0 [pid 300] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 298] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 329] rt_sigprocmask(SIG_BLOCK, ~[], [pid 300] close(3 [pid 298] <... openat resumed>) = 3 [pid 329] <... rt_sigprocmask resumed>[], 8) = 0 [pid 300] <... close resumed>) = 0 [pid 298] newfstatat(3, "", [pid 296] umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 329] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220423990, parent_tid=0x7f6220423990, exit_signal=0, stack=0x7f6220403000, stack_size=0x20300, tls=0x7f62204236c0} [pid 300] rmdir("./0" [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 ./strace-static-x86_64: Process 334 attached [pid 331] <... set_robust_list resumed>) = 0 [pid 330] <... set_robust_list resumed>) = 0 [pid 319] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 317] openat(AT_FDCWD, 0x20000000, O_RDONLY|O_DIRECTORY [pid 313] <... futex resumed>) = 1 [pid 300] <... rmdir resumed>) = 0 [pid 298] getdents64(3, [pid 306] <... futex resumed>) = 0 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 329] <... clone3 resumed> => {parent_tid=[334]}, 88) = 334 [pid 300] mkdir("./1", 0777 [pid 298] <... getdents64 resumed>0x555556cc8730 /* 4 entries */, 32768) = 104 [pid 331] rt_sigprocmask(SIG_SETMASK, [], [pid 330] rt_sigprocmask(SIG_SETMASK, [], [pid 329] rt_sigprocmask(SIG_SETMASK, [], [pid 319] <... futex resumed>) = 1 [pid 308] <... futex resumed>) = 0 [pid 306] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] <... mkdir resumed>) = 0 [pid 298] umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] newfstatat(AT_FDCWD, "./0/bus", [pid 334] set_robust_list(0x7f62204239a0, 24 [pid 331] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 317] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 313] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 329] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 300] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 334] <... set_robust_list resumed>) = 0 [pid 331] creat("./bus", 000 [pid 330] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 329] futex(0x7f62205316e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 319] memfd_create("syzkaller", 0 [pid 317] ioctl(5, LOOP_CLR_FD [pid 311] <... futex resumed>) = 0 [pid 308] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 306] <... futex resumed>) = 1 [pid 300] <... openat resumed>) = 3 [pid 298] <... umount2 resumed>) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 331] <... creat resumed>) = 3 [pid 330] memfd_create("syzkaller", 0 [pid 329] <... futex resumed>) = 0 [pid 311] memfd_create("syzkaller", 0 [pid 308] <... futex resumed>) = 0 [pid 319] <... memfd_create resumed>) = 7 [pid 300] ioctl(3, LOOP_CLR_FD [pid 298] umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 317] <... ioctl resumed>) = 0 [pid 296] unlink("./0/bus" [pid 334] rt_sigprocmask(SIG_SETMASK, [], [pid 331] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 330] <... memfd_create resumed>) = 4 [pid 329] futex(0x7f62205316ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 319] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 311] <... memfd_create resumed>) = 5 [pid 300] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 334] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 331] <... futex resumed>) = 0 [pid 330] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 317] close(5 [pid 311] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 296] <... unlink resumed>) = 0 [pid 334] mount("/dev/loop3", "./bus", NULL, MS_BIND, NULL [pid 331] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 330] <... mmap resumed>) = 0x7f6218003000 [pid 319] <... mmap resumed>) = 0x7f620fc64000 [pid 317] <... close resumed>) = 0 [pid 311] <... mmap resumed>) = 0x7f620fc64000 [pid 300] close(3 [pid 298] newfstatat(AT_FDCWD, "./0/bus", [pid 296] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 330] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 264966 [pid 311] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 300] <... close resumed>) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 330] <... write resumed>) = 264966 [pid 319] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 317] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 311] <... write resumed>) = 65536 [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 298] unlink("./0/bus" [pid 296] newfstatat(AT_FDCWD, "./0/binderfs", [pid 334] <... mount resumed>) = 0 [pid 330] munmap(0x7f6218003000, 264966 [pid 311] munmap(0x7f620fc64000, 65536 [pid 298] <... unlink resumed>) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 ./strace-static-x86_64: Process 335 attached [pid 334] futex(0x7f62205316ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 330] <... munmap resumed>) = 0 [pid 311] <... munmap resumed>) = 0 [pid 300] <... clone resumed>, child_tidptr=0x555556cc7690) = 335 [pid 298] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] unlink("./0/binderfs" [pid 335] set_robust_list(0x555556cc76a0, 24 [pid 334] <... futex resumed>) = 1 [pid 330] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 329] <... futex resumed>) = 0 [pid 319] <... write resumed>) = 65536 [pid 317] <... futex resumed>) = 0 [pid 311] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... unlink resumed>) = 0 [pid 334] futex(0x7f62205316e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 330] <... openat resumed>) = 5 [pid 329] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 319] munmap(0x7f620fc64000, 65536 [pid 317] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 311] <... openat resumed>) = 7 [pid 298] newfstatat(AT_FDCWD, "./0/binderfs", [pid 296] getdents64(3, [pid 331] <... futex resumed>) = 0 [pid 330] ioctl(5, LOOP_SET_FD, 4 [pid 329] <... futex resumed>) = 1 [pid 319] <... munmap resumed>) = 0 [pid 311] ioctl(7, LOOP_SET_FD, 5 [pid 298] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 335] <... set_robust_list resumed>) = 0 [pid 331] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 329] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] unlink("./0/binderfs" [pid 335] chdir("./1" [pid 298] <... unlink resumed>) = 0 [pid 335] <... chdir resumed>) = 0 [pid 298] getdents64(3, [pid 335] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 298] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 335] <... prctl resumed>) = 0 [pid 298] close(3 [pid 335] setpgid(0, 0 [pid 298] <... close resumed>) = 0 [pid 335] <... setpgid resumed>) = 0 [pid 298] rmdir("./0" [pid 335] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 298] <... rmdir resumed>) = 0 [pid 335] <... openat resumed>) = 3 [pid 298] mkdir("./1", 0777 [pid 335] write(3, "1000", 4 [pid 298] <... mkdir resumed>) = 0 [pid 335] <... write resumed>) = 4 [pid 298] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 335] close(3 [pid 298] <... openat resumed>) = 3 [pid 335] <... close resumed>) = 0 [pid 298] ioctl(3, LOOP_CLR_FD [pid 335] symlink("/dev/binderfs", "./binderfs" [pid 311] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 298] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 331] <... open resumed>) = 6 [pid 330] <... ioctl resumed>) = 0 [pid 319] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 311] ioctl(7, LOOP_CLR_FD [pid 298] close(3 [pid 296] close(3 [pid 331] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 330] close(4 [pid 319] <... openat resumed>) = 5 [pid 311] <... ioctl resumed>) = 0 [pid 298] <... close resumed>) = 0 [pid 296] <... close resumed>) = 0 [pid 331] <... futex resumed>) = 1 [pid 330] <... close resumed>) = 0 [pid 329] <... futex resumed>) = 0 [pid 319] ioctl(5, LOOP_SET_FD, 7 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 296] rmdir("./0" [pid 335] <... symlink resumed>) = 0 [pid 331] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 330] mkdir("./file0", 0777 [pid 329] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 319] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 296] <... rmdir resumed>) = 0 [pid 335] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 331] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 330] <... mkdir resumed>) = 0 [pid 329] <... futex resumed>) = 0 [pid 319] ioctl(5, LOOP_CLR_FD [pid 298] <... clone resumed>, child_tidptr=0x555556cc7690) = 336 [pid 296] mkdir("./1", 0777 [pid 335] <... futex resumed>) = 0 [pid 331] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 330] mount("/dev/loop3", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 329] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 319] <... ioctl resumed>) = 0 [pid 311] ioctl(7, LOOP_SET_FD, 5 [pid 296] <... mkdir resumed>) = 0 [pid 335] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 331] <... socket resumed>) = 4 [pid 311] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 296] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 335] <... rt_sigaction resumed>NULL, 8) = 0 [pid 331] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 311] close(7 [pid 296] <... openat resumed>) = 3 [pid 335] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 331] <... futex resumed>) = 1 [pid 329] <... futex resumed>) = 0 [pid 311] <... close resumed>) = 0 [pid 296] ioctl(3, LOOP_CLR_FD [pid 335] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 331] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 329] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 311] close(5 [pid 296] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 335] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 331] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 329] <... futex resumed>) = 0 [pid 311] <... close resumed>) = 0 [pid 296] close(3 [pid 335] <... mmap resumed>) = 0x7f6220445000 [pid 331] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 6, 0 [pid 329] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 319] ioctl(5, LOOP_SET_FD, 7 [pid 311] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... close resumed>) = 0 ./strace-static-x86_64: Process 336 attached [pid 335] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 331] <... mmap resumed>) = 0x20000000 [pid 319] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 311] <... futex resumed>) = 0 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 331] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 319] close(5 [pid 311] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 306] exit_group(0 [pid 335] <... mprotect resumed>) = 0 [pid 331] <... futex resumed>) = 1 [pid 329] <... futex resumed>) = 0 [pid 319] <... close resumed>) = 0 [pid 313] <... futex resumed>) = ? [pid 311] <... futex resumed>) = ? [pid 306] <... exit_group resumed>) = ? [pid 296] <... clone resumed>, child_tidptr=0x555556cc7690) = 337 [pid 335] rt_sigprocmask(SIG_BLOCK, ~[], [pid 331] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 329] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 319] close(7 [pid 313] +++ exited with 0 +++ [pid 311] +++ exited with 0 +++ [pid 306] +++ exited with 0 +++ [pid 335] <... rt_sigprocmask resumed>[], 8) = 0 [pid 331] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 329] <... futex resumed>) = 0 [pid 319] <... close resumed>) = 0 [pid 335] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 331] memfd_create("syzkaller", 0 [pid 319] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=306, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- [pid 336] set_robust_list(0x555556cc76a0, 24 [pid 331] <... memfd_create resumed>) = 7 [pid 319] <... futex resumed>) = 0 [pid 301] restart_syscall(<... resuming interrupted clone ...> [pid 336] <... set_robust_list resumed>) = 0 [pid 335] <... clone3 resumed> => {parent_tid=[339]}, 88) = 339 [pid 331] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 319] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 336] chdir("./1" [pid 335] rt_sigprocmask(SIG_SETMASK, [], [pid 331] <... mmap resumed>) = 0x7f620fc44000 [pid 335] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 336] <... chdir resumed>) = 0 [pid 336] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 301] <... restart_syscall resumed>) = 0 [pid 336] <... prctl resumed>) = 0 [pid 336] setpgid(0, 0 [pid 335] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 331] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 336] <... setpgid resumed>) = 0 [pid 335] <... futex resumed>) = 0 [pid 331] <... write resumed>) = 65536 [pid 308] exit_group(0 [pid 301] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 337 attached [pid 336] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 335] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 331] munmap(0x7f620fc44000, 65536 [pid 319] <... futex resumed>) = ? [pid 317] <... futex resumed>) = ? [pid 308] <... exit_group resumed>) = ? [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 337] set_robust_list(0x555556cc76a0, 24 [pid 336] <... openat resumed>) = 3 [pid 335] <... futex resumed>) = 0 [pid 331] <... munmap resumed>) = 0 [pid 319] +++ exited with 0 +++ [pid 317] +++ exited with 0 +++ [pid 308] +++ exited with 0 +++ [pid 301] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 337] <... set_robust_list resumed>) = 0 [pid 336] write(3, "1000", 4 [pid 335] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 331] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 301] <... openat resumed>) = 3 [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=308, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- [pid 336] <... write resumed>) = 4 [ 23.361330][ T317] EXT4-fs (loop1): mounted filesystem without journal. Opts: nodiscard,barrier,nouid32,grpquota,,errors=continue. Quota mode: writeback. [ 23.385676][ T317] ext4 filesystem being mounted at /root/syzkaller.9gSDIa/0/file0 supports timestamps until 2038 (0x7fffffff) [ 23.412514][ T330] loop3: detected capacity change from 0 to 517 [pid 301] newfstatat(3, "", [pid 336] close(3 [pid 301] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 336] <... close resumed>) = 0 [pid 301] getdents64(3, [pid 297] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 336] symlink("/dev/binderfs", "./binderfs" [pid 301] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 336] <... symlink resumed>) = 0 [pid 301] umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 336] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... openat resumed>) = 3 [pid 336] <... futex resumed>) = 0 [pid 297] newfstatat(3, "", [pid 336] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 336] <... rt_sigaction resumed>NULL, 8) = 0 [pid 297] getdents64(3, [pid 336] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 297] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 336] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 297] umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 336] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220445000 [pid 336] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 336] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 336] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} => {parent_tid=[342]}, 88) = 342 [pid 336] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 336] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 336] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 336] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220424000 [pid 336] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 336] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 336] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} => {parent_tid=[343]}, 88) = 343 [pid 336] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 336] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 336] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 339 attached [pid 339] set_robust_list(0x7f62204659a0, 24) = 0 [pid 339] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 339] memfd_create("syzkaller", 0) = 3 [pid 339] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6218045000 [pid 339] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 301] <... umount2 resumed>) = 0 [pid 297] <... umount2 resumed>) = 0 [pid 301] umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 301] newfstatat(AT_FDCWD, "./1/bus", [pid 297] newfstatat(AT_FDCWD, "./0/bus", [pid 301] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 331] <... openat resumed>) = 8 [pid 301] unlink("./1/bus" [pid 297] unlink("./0/bus" [pid 337] chdir("./1" [pid 335] <... mmap resumed>) = 0x7f6218024000 [pid 331] ioctl(8, LOOP_SET_FD, 7 [pid 301] <... unlink resumed>) = 0 [pid 297] <... unlink resumed>) = 0 [pid 337] <... chdir resumed>) = 0 [pid 335] mprotect(0x7f6218025000, 131072, PROT_READ|PROT_WRITE [pid 331] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 301] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 337] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 335] <... mprotect resumed>) = 0 [pid 331] ioctl(8, LOOP_CLR_FD [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 301] newfstatat(AT_FDCWD, "./1/binderfs", [pid 297] newfstatat(AT_FDCWD, "./0/binderfs", [pid 301] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 301] unlink("./1/binderfs" [pid 297] unlink("./0/binderfs" [pid 339] <... write resumed>) = 262144 [pid 301] <... unlink resumed>) = 0 [pid 297] <... unlink resumed>) = 0 [pid 301] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 339] munmap(0x7f6218045000, 262144) = 0 [pid 339] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 339] ioctl(4, LOOP_SET_FD, 3 [pid 335] rt_sigprocmask(SIG_BLOCK, ~[], [pid 331] <... ioctl resumed>) = 0 [pid 335] <... rt_sigprocmask resumed>[], 8) = 0 [pid 337] <... prctl resumed>) = 0 [pid 335] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6218044990, parent_tid=0x7f6218044990, exit_signal=0, stack=0x7f6218024000, stack_size=0x20300, tls=0x7f62180446c0} => {parent_tid=[345]}, 88) = 345 [pid 335] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 335] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 331] ioctl(8, LOOP_SET_FD, 7 [pid 339] <... ioctl resumed>) = 0 [pid 331] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 335] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 331] close(8) = 0 [pid 331] close(7 [pid 337] setpgid(0, 0) = 0 [pid 331] <... close resumed>) = 0 [pid 331] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 337] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 331] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 337] <... openat resumed>) = 3 [pid 337] write(3, "1000", 4) = 4 [pid 337] close(3) = 0 [pid 337] symlink("/dev/binderfs", "./binderfs" [pid 339] close(3 [pid 337] <... symlink resumed>) = 0 [pid 337] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 345 attached ./strace-static-x86_64: Process 343 attached ./strace-static-x86_64: Process 342 attached ) = 0 [pid 345] set_robust_list(0x7f62180449a0, 24 [pid 343] set_robust_list(0x7f62204449a0, 24 [pid 342] set_robust_list(0x7f62204659a0, 24 [pid 337] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, NULL, 8) = 0 [pid 345] <... set_robust_list resumed>) = 0 [pid 343] <... set_robust_list resumed>) = 0 [pid 342] <... set_robust_list resumed>) = 0 [pid 337] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 339] <... close resumed>) = 0 [pid 339] mkdir("./file0", 0777) = 0 [pid 339] mount("/dev/loop4", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 337] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 345] rt_sigprocmask(SIG_SETMASK, [], [pid 343] rt_sigprocmask(SIG_SETMASK, [], [pid 342] rt_sigprocmask(SIG_SETMASK, [], [pid 337] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 345] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 343] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 342] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 345] creat("./bus", 000 [pid 337] <... mmap resumed>) = 0x7f6220445000 [pid 343] creat("./bus", 000 [pid 342] memfd_create("syzkaller", 0 [pid 345] <... creat resumed>) = 3 [pid 343] <... creat resumed>) = 3 [pid 342] <... memfd_create resumed>) = 4 [pid 337] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 345] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 335] <... futex resumed>) = 0 [pid 345] mount("/dev/loop4", "./bus", NULL, MS_BIND, NULL [pid 335] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 345] <... mount resumed>) = 0 [pid 335] <... futex resumed>) = 0 [pid 345] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 335] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 345] <... futex resumed>) = 0 [pid 335] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 345] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [ 23.433249][ T338] EXT4-fs warning (device loop3): kmmpd:170: kmmpd being stopped since MMP feature has been disabled. [ 23.446237][ T330] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 23.451486][ T339] loop4: detected capacity change from 0 to 512 [ 23.466961][ T330] EXT4-fs error (device loop3): ext4_init_orphan_info:586: comm syz-executor172: inode #0: comm syz-executor172: iget: illegal inode # [pid 335] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 345] <... open resumed>) = 5 [pid 335] <... futex resumed>) = 0 [pid 345] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 335] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 345] <... futex resumed>) = 0 [pid 335] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 345] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 335] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 345] <... socket resumed>) = 6 [pid 335] <... futex resumed>) = 0 [pid 345] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 335] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 345] <... futex resumed>) = 0 [pid 335] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 345] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 335] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 345] <... mmap resumed>) = 0x20000000 [pid 335] <... futex resumed>) = 0 [pid 345] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 335] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 345] <... futex resumed>) = 0 [pid 335] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 345] memfd_create("syzkaller", 0 [pid 335] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 345] <... memfd_create resumed>) = 7 [pid 335] <... futex resumed>) = 0 [pid 345] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f620fc24000 [pid 345] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 343] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 342] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 337] <... mprotect resumed>) = 0 [pid 343] <... futex resumed>) = 1 [pid 342] <... mmap resumed>) = 0x7f6218024000 [pid 336] <... futex resumed>) = 0 [pid 337] rt_sigprocmask(SIG_BLOCK, ~[], [pid 336] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 345] <... write resumed>) = 65536 [pid 343] mount("/dev/loop2", "./bus", NULL, MS_BIND, NULL [pid 342] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 337] <... rt_sigprocmask resumed>[], 8) = 0 [pid 336] <... futex resumed>) = 0 [pid 345] munmap(0x7f620fc24000, 65536 [pid 343] <... mount resumed>) = 0 [pid 342] <... write resumed>) = 262144 [pid 337] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 336] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 345] <... munmap resumed>) = 0 [pid 343] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 342] munmap(0x7f6218024000, 262144 [pid 336] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 345] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 343] <... futex resumed>) = 0 [pid 342] <... munmap resumed>) = 0 [pid 337] <... clone3 resumed> => {parent_tid=[346]}, 88) = 346 [pid 336] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 345] <... openat resumed>) = 8 [pid 343] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 342] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 337] rt_sigprocmask(SIG_SETMASK, [], [pid 336] <... futex resumed>) = 0 [pid 345] ioctl(8, LOOP_SET_FD, 7 [pid 343] <... open resumed>) = 5 [pid 342] <... openat resumed>) = 6 [pid 337] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 336] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 345] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 343] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 342] ioctl(6, LOOP_SET_FD, 4 [pid 337] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 336] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 345] ioctl(8, LOOP_CLR_FD [pid 343] <... futex resumed>) = 0 [pid 337] <... futex resumed>) = 0 [pid 336] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 345] <... ioctl resumed>) = 0 [pid 343] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 337] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 336] <... futex resumed>) = 0 [pid 301] <... umount2 resumed>) = 0 [pid 343] <... socket resumed>) = 7 [pid 337] <... futex resumed>) = 0 [pid 336] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 343] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 337] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 336] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 297] <... umount2 resumed>) = 0 [pid 343] <... futex resumed>) = 0 [pid 337] <... mmap resumed>) = 0x7f6220424000 [pid 336] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 343] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 337] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 336] <... futex resumed>) = 0 [pid 345] ioctl(8, LOOP_SET_FD, 7 [pid 343] <... mmap resumed>) = 0x20000000 [pid 337] <... mprotect resumed>) = 0 [pid 336] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 345] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 343] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 337] rt_sigprocmask(SIG_BLOCK, ~[], [pid 336] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 345] close(8 [pid 343] <... futex resumed>) = 0 [pid 337] <... rt_sigprocmask resumed>[], 8) = 0 [pid 336] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 345] <... close resumed>) = 0 [pid 337] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 336] <... futex resumed>) = 0 [pid 301] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 345] close(7 [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 345] <... close resumed>) = 0 [pid 337] <... clone3 resumed> => {parent_tid=[347]}, 88) = 347 [pid 330] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 301] newfstatat(AT_FDCWD, "./1/file0", [pid 297] newfstatat(AT_FDCWD, "./0/file0", [pid 345] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 337] rt_sigprocmask(SIG_SETMASK, [], [pid 345] <... futex resumed>) = 0 [pid 337] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 345] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 337] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 337] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 347 attached [pid 347] set_robust_list(0x7f62204449a0, 24) = 0 [pid 347] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 347] creat("./bus", 000 [pid 301] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 301] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 330] ioctl(5, LOOP_CLR_FD [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 330] <... ioctl resumed>) = 0 [pid 330] close(5 [pid 301] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 339] <... mount resumed>) = -1 EBADMSG (Bad message) [pid 330] <... close resumed>) = 0 [pid 301] <... openat resumed>) = 4 [pid 297] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 339] ioctl(4, LOOP_CLR_FD [pid 330] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] newfstatat(4, "", [pid 297] <... openat resumed>) = 4 [pid 329] exit_group(0 [pid 330] <... futex resumed>) = ? [pid 301] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] newfstatat(4, "", [pid 339] <... ioctl resumed>) = 0 [pid 334] <... futex resumed>) = ? [pid 331] <... futex resumed>) = ? [pid 329] <... exit_group resumed>) = ? [pid 301] getdents64(4, [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 339] close(4 [pid 334] +++ exited with 0 +++ [pid 331] +++ exited with 0 +++ [pid 301] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 297] getdents64(4, [pid 301] getdents64(4, [pid 297] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 301] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 339] <... close resumed>) = 0 [pid 297] getdents64(4, [pid 339] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] close(4 [pid 297] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 301] <... close resumed>) = 0 [pid 297] close(4 [pid 339] <... futex resumed>) = 0 [pid 301] rmdir("./1/file0" [pid 297] <... close resumed>) = 0 [pid 347] <... creat resumed>) = 3 [pid 339] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 301] <... rmdir resumed>) = 0 [pid 297] rmdir("./0/file0" [pid 301] getdents64(3, ./strace-static-x86_64: Process 346 attached [pid 347] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 335] exit_group(0 [pid 301] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 297] <... rmdir resumed>) = 0 [pid 347] <... futex resumed>) = 1 [pid 346] set_robust_list(0x7f62204659a0, 24 [pid 345] <... futex resumed>) = ? [pid 339] <... futex resumed>) = ? [pid 337] <... futex resumed>) = 0 [pid 335] <... exit_group resumed>) = ? [pid 301] close(3 [pid 297] getdents64(3, [pid 347] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 346] <... set_robust_list resumed>) = 0 [pid 345] +++ exited with 0 +++ [pid 343] memfd_create("syzkaller", 0 [pid 342] <... ioctl resumed>) = 0 [pid 339] +++ exited with 0 +++ [pid 337] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] <... close resumed>) = 0 [pid 297] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 343] <... memfd_create resumed>) = 8 [pid 342] close(4 [pid 301] rmdir("./1" [pid 297] close(3 [pid 347] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 346] rt_sigprocmask(SIG_SETMASK, [], [pid 343] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 342] <... close resumed>) = 0 [pid 337] <... futex resumed>) = 0 [pid 301] <... rmdir resumed>) = 0 [pid 297] <... close resumed>) = 0 [pid 347] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 343] <... mmap resumed>) = 0x7f620fc64000 [pid 342] mkdir(0x20000000, 0777 [pid 337] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] mkdir("./2", 0777 [pid 297] rmdir("./0" [pid 347] <... mount resumed>) = 0 [pid 346] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 342] <... mkdir resumed>) = 0 [pid 347] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 346] memfd_create("syzkaller", 0 [pid 337] <... futex resumed>) = 0 [pid 301] <... mkdir resumed>) = 0 [pid 297] <... rmdir resumed>) = 0 [ 23.482056][ T330] EXT4-fs (loop3): get orphan inode failed [ 23.489061][ T330] EXT4-fs (loop3): mount failed [ 23.493807][ T339] EXT4-fs warning (device loop4): read_mmp_block:115: Error -74 while reading MMP block 12 [ 23.494290][ T342] loop2: detected capacity change from 0 to 512 [ 23.514262][ T343] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 18 prio class 0 [pid 347] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 346] <... memfd_create resumed>) = 4 [pid 342] mount("/dev/loop2", 0x20000000, 0x200005c0, MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"... [pid 337] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 343] write(8, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 297] mkdir("./1", 0777 [pid 347] <... open resumed>) = 5 [pid 346] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 337] <... futex resumed>) = 0 [pid 301] <... openat resumed>) = 3 [pid 347] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 346] <... mmap resumed>) = 0x7f6218024000 [pid 337] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 347] <... futex resumed>) = 0 [pid 346] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 337] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 301] ioctl(3, LOOP_CLR_FD [pid 297] <... mkdir resumed>) = 0 [pid 347] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 346] <... write resumed>) = 262144 [pid 337] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 347] <... socket resumed>) = 6 [pid 337] <... futex resumed>) = 0 [pid 347] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 337] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 347] <... futex resumed>) = 0 [pid 337] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 347] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 337] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 347] <... mmap resumed>) = 0x20000000 [pid 337] <... futex resumed>) = 0 [pid 347] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 337] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 347] <... futex resumed>) = 0 [pid 337] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 347] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000144} --- [pid 337] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = ? [pid 347] +++ killed by SIGBUS +++ [pid 346] +++ killed by SIGBUS +++ [pid 337] +++ killed by SIGBUS +++ [pid 343] <... write resumed>) = 65536 [pid 343] munmap(0x7f620fc64000, 65536 [pid 301] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 297] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 342] <... mount resumed>) = -1 ENODEV (No such device) [pid 301] close(3 [pid 342] ioctl(6, LOOP_CLR_FD [pid 297] <... openat resumed>) = 3 [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=337, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 301] <... close resumed>) = 0 [pid 342] <... ioctl resumed>) = 0 [pid 297] ioctl(3, LOOP_CLR_FD [pid 296] restart_syscall(<... resuming interrupted clone ...> [pid 342] close(6 [pid 301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 297] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 343] <... munmap resumed>) = 0 [pid 343] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 297] close(3 [pid 301] <... clone resumed>, child_tidptr=0x555556cc7690) = 348 [pid 297] <... close resumed>) = 0 ./strace-static-x86_64: Process 348 attached [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 296] <... restart_syscall resumed>) = 0 [pid 343] <... openat resumed>) = 4 [pid 343] ioctl(4, LOOP_SET_FD, 8) = -1 EBUSY (Device or resource busy) [pid 343] ioctl(4, LOOP_CLR_FD [pid 297] <... clone resumed>, child_tidptr=0x555556cc7690) = 349 [pid 342] <... close resumed>) = 0 [pid 343] <... ioctl resumed>) = 0 [pid 296] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 342] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 342] <... futex resumed>) = 0 [pid 296] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 342] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 296] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 348] set_robust_list(0x555556cc76a0, 24 [pid 296] getdents64(3, 0x555556cc8730 /* 4 entries */, 32768) = 104 ./strace-static-x86_64: Process 349 attached [pid 348] <... set_robust_list resumed>) = 0 [pid 296] umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 296] umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 349] set_robust_list(0x555556cc76a0, 24 [pid 348] chdir("./2" [pid 349] <... set_robust_list resumed>) = 0 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./1/bus", [pid 343] ioctl(4, LOOP_SET_FD, 8 [pid 296] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 343] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 296] unlink("./1/bus" [pid 343] close(4) = 0 [pid 343] close(8 [pid 296] <... unlink resumed>) = 0 [pid 349] chdir("./1" [pid 348] <... chdir resumed>) = 0 [pid 296] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 343] <... close resumed>) = 0 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./1/binderfs", [pid 343] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 343] <... futex resumed>) = 0 [pid 296] unlink("./1/binderfs" [pid 343] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 296] <... unlink resumed>) = 0 [pid 296] getdents64(3, 0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 296] close(3) = 0 [pid 296] rmdir("./1" [pid 349] <... chdir resumed>) = 0 [pid 336] exit_group(0 [pid 296] <... rmdir resumed>) = 0 [pid 296] mkdir("./2", 0777 [pid 349] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 348] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 343] <... futex resumed>) = ? [pid 342] <... futex resumed>) = ? [pid 336] <... exit_group resumed>) = ? [pid 342] +++ exited with 0 +++ [pid 296] <... mkdir resumed>) = 0 [pid 296] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 296] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 296] close(3) = 0 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 349] <... prctl resumed>) = 0 [pid 348] <... prctl resumed>) = 0 ./strace-static-x86_64: Process 350 attached [pid 349] setpgid(0, 0 [pid 350] set_robust_list(0x555556cc76a0, 24 [pid 349] <... setpgid resumed>) = 0 [pid 348] setpgid(0, 0 [pid 296] <... clone resumed>, child_tidptr=0x555556cc7690) = 350 [pid 350] <... set_robust_list resumed>) = 0 [pid 350] chdir("./2") = 0 [pid 350] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 350] setpgid(0, 0 [pid 349] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 350] <... setpgid resumed>) = 0 [pid 348] <... setpgid resumed>) = 0 [pid 350] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 349] <... openat resumed>) = 3 [pid 348] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 350] <... openat resumed>) = 3 [pid 350] write(3, "1000", 4) = 4 [pid 350] close(3) = 0 [pid 350] symlink("/dev/binderfs", "./binderfs") = 0 [pid 349] write(3, "1000", 4 [pid 350] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 350] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 348] <... openat resumed>) = 3 [pid 349] <... write resumed>) = 4 [pid 350] <... rt_sigaction resumed>NULL, 8) = 0 [pid 349] close(3 [pid 348] write(3, "1000", 4 [pid 350] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 349] <... close resumed>) = 0 [pid 350] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 348] <... write resumed>) = 4 [pid 350] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 349] symlink("/dev/binderfs", "./binderfs" [pid 348] close(3 [pid 350] <... mmap resumed>) = 0x7f6220445000 [pid 350] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 349] <... symlink resumed>) = 0 [pid 348] <... close resumed>) = 0 [pid 350] <... mprotect resumed>) = 0 [pid 349] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 348] symlink("/dev/binderfs", "./binderfs" [pid 350] rt_sigprocmask(SIG_BLOCK, ~[], [pid 349] <... futex resumed>) = 0 [pid 348] <... symlink resumed>) = 0 [pid 350] <... rt_sigprocmask resumed>[], 8) = 0 [pid 349] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 348] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 350] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 349] <... rt_sigaction resumed>NULL, 8) = 0 [pid 348] <... futex resumed>) = 0 [pid 349] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 348] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 349] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 348] <... rt_sigaction resumed>NULL, 8) = 0 [pid 349] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 348] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 349] <... mmap resumed>) = 0x7f6220445000 [pid 348] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 349] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 348] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 349] <... mprotect resumed>) = 0 [pid 348] <... mmap resumed>) = 0x7f6220445000 [pid 349] rt_sigprocmask(SIG_BLOCK, ~[], [pid 348] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 349] <... rt_sigprocmask resumed>[], 8) = 0 [pid 348] <... mprotect resumed>) = 0 [pid 349] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 348] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 330] +++ exited with 0 +++ [pid 329] +++ exited with 0 +++ [pid 349] <... clone3 resumed> => {parent_tid=[351]}, 88) = 351 [pid 348] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 349] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 348] <... clone3 resumed> => {parent_tid=[352]}, 88) = 352 [pid 349] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 348] rt_sigprocmask(SIG_SETMASK, [], [pid 349] <... futex resumed>) = 0 [pid 348] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 349] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 348] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 349] <... futex resumed>) = 0 [pid 348] <... futex resumed>) = 0 [pid 349] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 348] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 349] <... mmap resumed>) = 0x7f6220424000 [pid 348] <... futex resumed>) = 0 [pid 349] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 348] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 349] <... mprotect resumed>) = 0 [pid 348] <... mmap resumed>) = 0x7f6220424000 [pid 349] rt_sigprocmask(SIG_BLOCK, ~[], [pid 348] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 349] <... rt_sigprocmask resumed>[], 8) = 0 [pid 348] <... mprotect resumed>) = 0 [pid 349] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 348] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 349] <... clone3 resumed> => {parent_tid=[353]}, 88) = 353 [pid 348] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 349] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 348] <... clone3 resumed> => {parent_tid=[354]}, 88) = 354 [pid 349] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 348] rt_sigprocmask(SIG_SETMASK, [], [pid 349] <... futex resumed>) = 0 [pid 348] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 349] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 348] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 348] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 353 attached [pid 353] set_robust_list(0x7f62204449a0, 24) = 0 [pid 353] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 353] creat("./bus", 000./strace-static-x86_64: Process 351 attached [pid 351] set_robust_list(0x7f62204659a0, 24) = 0 [pid 351] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 351] memfd_create("syzkaller", 0 [pid 353] <... creat resumed>) = 3 [pid 351] <... memfd_create resumed>) = 4 [pid 351] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6218024000 [pid 353] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=329, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- [pid 349] <... futex resumed>) = 0 [pid 299] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 349] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 349] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 299] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 353] <... futex resumed>) = 1 [pid 299] getdents64(3, [pid 353] mount("/dev/loop1", "./bus", NULL, MS_BIND, NULL) = 0 [pid 299] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 353] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 349] <... futex resumed>) = 0 [pid 349] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 299] <... umount2 resumed>) = 0 [pid 349] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 353] <... futex resumed>) = 1 [pid 353] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5 [pid 353] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 349] <... futex resumed>) = 0 [pid 349] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 349] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 353] <... futex resumed>) = 1 [pid 353] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 299] umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./1/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] unlink("./1/bus" [pid 353] <... socket resumed>) = 6 [pid 353] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 349] <... futex resumed>) = 0 [pid 299] <... unlink resumed>) = 0 [pid 349] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 299] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 349] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 353] <... futex resumed>) = 1 [pid 299] newfstatat(AT_FDCWD, "./1/binderfs", [pid 353] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 353] <... mmap resumed>) = 0x20000000 [pid 299] unlink("./1/binderfs" [pid 353] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 349] <... futex resumed>) = 0 [pid 349] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 299] <... unlink resumed>) = 0 [pid 299] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 353] <... futex resumed>) = 1 [pid 351] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20001334} --- [pid 299] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 350] <... clone3 resumed> => {parent_tid=[355]}, 88) = 355 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 353] +++ killed by SIGBUS +++ [pid 350] rt_sigprocmask(SIG_SETMASK, [], [pid 299] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 350] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 299] <... openat resumed>) = 4 [pid 350] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 335] +++ exited with 0 +++ [pid 299] newfstatat(4, "", [pid 350] <... futex resumed>) = 0 [pid 300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=335, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 350] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] getdents64(4, [pid 351] +++ killed by SIGBUS +++ [pid 350] <... futex resumed>) = 0 [pid 349] +++ killed by SIGBUS +++ [pid 299] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 350] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 300] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] getdents64(4, [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=349, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 299] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 300] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 350] <... mmap resumed>) = 0x7f6220424000 [pid 299] close(4 [pid 300] <... openat resumed>) = 3 [pid 350] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 300] newfstatat(3, "", [pid 299] <... close resumed>) = 0 [pid 300] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] rmdir("./1/file0" [pid 350] <... mprotect resumed>) = 0 [pid 300] getdents64(3, ./strace-static-x86_64: Process 355 attached [pid 355] set_robust_list(0x7f62204659a0, 24) = 0 [pid 355] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 355] memfd_create("syzkaller", 0 [pid 300] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 299] <... rmdir resumed>) = 0 [pid 350] rt_sigprocmask(SIG_BLOCK, ~[], [pid 300] umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 350] <... rt_sigprocmask resumed>[], 8) = 0 [pid 299] getdents64(3, [pid 350] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 300] <... umount2 resumed>) = 0 [pid 299] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 300] umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] close(3 [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 300] newfstatat(AT_FDCWD, "./1/bus", [pid 299] <... close resumed>) = 0 [pid 355] <... memfd_create resumed>) = 3 [pid 300] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 300] unlink("./1/bus" [pid 299] rmdir("./1" [pid 355] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6218024000 [pid 350] <... clone3 resumed> => {parent_tid=[356]}, 88) = 356 [pid 300] <... unlink resumed>) = 0 [pid 299] <... rmdir resumed>) = 0 [pid 297] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 350] rt_sigprocmask(SIG_SETMASK, [], [pid 300] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] mkdir("./2", 0777 [pid 350] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 355] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 350] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] newfstatat(AT_FDCWD, "./1/binderfs", [pid 299] <... mkdir resumed>) = 0 [pid 297] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 350] <... futex resumed>) = 0 [pid 300] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 350] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 300] unlink("./1/binderfs" [pid 297] <... openat resumed>) = 3 [pid 299] <... openat resumed>) = 3 [pid 300] <... unlink resumed>) = 0 [pid 299] ioctl(3, LOOP_CLR_FD [pid 297] newfstatat(3, "", [pid 300] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] close(3 [pid 355] <... write resumed>) = 262144 [pid 300] newfstatat(AT_FDCWD, "./1/file0", [pid 299] <... close resumed>) = 0 [pid 297] getdents64(3, [pid 300] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 355] munmap(0x7f6218024000, 262144 [pid 297] <... getdents64 resumed>0x555556cc8730 /* 4 entries */, 32768) = 104 [pid 300] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 355] <... munmap resumed>) = 0 [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 299] <... clone resumed>, child_tidptr=0x555556cc7690) = 357 [pid 355] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 300] <... openat resumed>) = 4 [pid 297] <... umount2 resumed>) = 0 [pid 300] newfstatat(4, "", [pid 297] umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 300] getdents64(4, [pid 297] newfstatat(AT_FDCWD, "./1/bus", ./strace-static-x86_64: Process 356 attached [pid 355] <... openat resumed>) = 4 [pid 300] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 297] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 300] getdents64(4, [pid 297] unlink("./1/bus" [pid 356] set_robust_list(0x7f62204449a0, 24 [pid 355] ioctl(4, LOOP_SET_FD, 3 [pid 300] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 357 attached ./strace-static-x86_64: Process 354 attached ./strace-static-x86_64: Process 352 attached [pid 356] <... set_robust_list resumed>) = 0 [pid 355] <... ioctl resumed>) = 0 [pid 300] close(4 [pid 297] <... unlink resumed>) = 0 [pid 356] rt_sigprocmask(SIG_SETMASK, [], [pid 355] close(3 [pid 300] <... close resumed>) = 0 [pid 297] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 356] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 355] <... close resumed>) = 0 [pid 300] rmdir("./1/file0" [pid 356] creat("./bus", 000 [pid 355] mkdir("./file0", 0777 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 356] <... creat resumed>) = 3 [pid 300] <... rmdir resumed>) = 0 [pid 297] newfstatat(AT_FDCWD, "./1/binderfs", [pid 356] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 355] <... mkdir resumed>) = 0 [pid 300] getdents64(3, [pid 356] <... futex resumed>) = 1 [pid 350] <... futex resumed>) = 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 356] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 355] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 354] set_robust_list(0x7f62204449a0, 24 [pid 350] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 297] unlink("./1/binderfs" [pid 356] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 354] <... set_robust_list resumed>) = 0 [pid 352] set_robust_list(0x7f62204659a0, 24 [pid 350] <... futex resumed>) = 0 [pid 300] close(3 [pid 356] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 350] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] <... unlink resumed>) = 0 [pid 300] <... close resumed>) = 0 [pid 356] <... mount resumed>) = 0 [pid 354] rt_sigprocmask(SIG_SETMASK, [], [pid 300] rmdir("./1" [pid 297] getdents64(3, [pid 356] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 354] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 352] <... set_robust_list resumed>) = 0 [pid 356] <... futex resumed>) = 1 [pid 350] <... futex resumed>) = 0 [pid 356] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 350] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 356] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 350] <... futex resumed>) = 0 [pid 300] <... rmdir resumed>) = 0 [pid 356] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 350] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 300] mkdir("./2", 0777 [pid 297] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 357] set_robust_list(0x555556cc76a0, 24 [pid 356] <... open resumed>) = 5 [pid 354] creat("./bus", 000 [pid 352] rt_sigprocmask(SIG_SETMASK, [], [pid 343] +++ exited with 0 +++ [pid 336] +++ exited with 0 +++ [pid 356] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=336, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- [pid 297] close(3 [pid 356] <... futex resumed>) = 1 [pid 350] <... futex resumed>) = 0 [pid 356] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 350] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] <... mkdir resumed>) = 0 [pid 356] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 350] <... futex resumed>) = 0 [pid 300] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 298] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] <... close resumed>) = 0 [pid 356] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 354] <... creat resumed>) = 3 [pid 352] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 350] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 300] <... openat resumed>) = 3 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] rmdir("./1" [pid 356] <... socket resumed>) = 6 [pid 354] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] ioctl(3, LOOP_CLR_FD [pid 298] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 356] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 354] <... futex resumed>) = 1 [pid 352] memfd_create("syzkaller", 0 [pid 348] <... futex resumed>) = 0 [pid 300] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 298] <... openat resumed>) = 3 [pid 297] <... rmdir resumed>) = 0 [pid 356] <... futex resumed>) = 1 [pid 354] mount("/dev/loop5", "./bus", NULL, MS_BIND, NULL [pid 352] <... memfd_create resumed>) = 4 [pid 350] <... futex resumed>) = 0 [pid 348] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] close(3 [pid 298] newfstatat(3, "", [pid 297] mkdir("./2", 0777 [pid 357] <... set_robust_list resumed>) = 0 [pid 356] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 354] <... mount resumed>) = 0 [pid 352] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 350] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 348] <... futex resumed>) = 0 [pid 300] <... close resumed>) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 356] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 350] <... futex resumed>) = 0 [pid 348] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] getdents64(3, [pid 356] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 354] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 352] <... mmap resumed>) = 0x7f6218024000 [pid 350] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 348] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 357] chdir("./2" [pid 298] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 128 [pid 297] <... mkdir resumed>) = 0 [pid 356] <... mmap resumed>) = 0x20000000 [pid 354] <... futex resumed>) = 0 [pid 348] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 356] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 348] <... futex resumed>) = 0 [pid 356] <... futex resumed>) = 1 [pid 354] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 350] <... futex resumed>) = 0 [pid 348] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] <... umount2 resumed>) = 0 [pid 297] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 356] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 350] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] <... clone resumed>, child_tidptr=0x555556cc7690) = 360 [pid 298] umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 356] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 354] <... open resumed>) = 5 [pid 350] <... futex resumed>) = 0 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] <... openat resumed>) = 3 [pid 356] memfd_create("syzkaller", 0 [pid 354] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] newfstatat(AT_FDCWD, "./1/bus", [pid 297] ioctl(3, LOOP_CLR_FD [pid 356] <... memfd_create resumed>) = 7 [pid 354] <... futex resumed>) = 1 [pid 348] <... futex resumed>) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 357] <... chdir resumed>) = 0 [pid 356] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 354] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 348] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] unlink("./1/bus" [pid 297] close(3 [pid 356] <... mmap resumed>) = 0x7f620fc64000 [pid 348] <... futex resumed>) = 0 [pid 298] <... unlink resumed>) = 0 [pid 357] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 356] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 354] <... socket resumed>) = 6 [pid 352] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 265740 [pid 348] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] <... close resumed>) = 0 [pid 357] <... prctl resumed>) = 0 [pid 356] <... write resumed>) = 65536 [pid 354] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 357] setpgid(0, 0 [pid 356] munmap(0x7f620fc64000, 65536 [pid 354] <... futex resumed>) = 1 [pid 348] <... futex resumed>) = 0 [pid 298] newfstatat(AT_FDCWD, "./1/binderfs", ./strace-static-x86_64: Process 360 attached [pid 356] <... munmap resumed>) = 0 [pid 348] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 360] set_robust_list(0x555556cc76a0, 24 [pid 357] <... setpgid resumed>) = 0 [pid 356] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 354] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 348] <... futex resumed>) = 0 [pid 298] unlink("./1/binderfs" [pid 360] <... set_robust_list resumed>) = 0 [pid 356] <... openat resumed>) = 8 [pid 354] <... mmap resumed>) = 0x20000000 [pid 348] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] <... unlink resumed>) = 0 [pid 357] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 297] <... clone resumed>, child_tidptr=0x555556cc7690) = 361 [pid 360] chdir("./2" [pid 356] ioctl(8, LOOP_SET_FD, 7 [pid 354] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] umount2("./1/ext4", MNT_DETACH|UMOUNT_NOFOLLOW [pid 360] <... chdir resumed>) = 0 [pid 357] <... openat resumed>) = 3 [pid 356] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 354] <... futex resumed>) = 1 [pid 348] <... futex resumed>) = 0 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 360] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 356] ioctl(8, LOOP_CLR_FD [pid 348] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] newfstatat(AT_FDCWD, "./1/ext4", [pid 354] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000144} --- [pid 357] write(3, "1000", 4 [pid 360] <... prctl resumed>) = 0 [pid 356] <... ioctl resumed>) = 0 [pid 348] <... futex resumed>) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 360] setpgid(0, 0 [pid 298] umount2("./1/ext4", MNT_DETACH|UMOUNT_NOFOLLOW [pid 360] <... setpgid resumed>) = 0 [pid 357] <... write resumed>) = 4 [pid 352] <... write resumed>) = ? [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 360] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 357] close(3 [pid 298] openat(AT_FDCWD, "./1/ext4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 360] <... openat resumed>) = 3 [pid 357] <... close resumed>) = 0 [pid 352] +++ killed by SIGBUS +++ [pid 298] <... openat resumed>) = 4 ./strace-static-x86_64: Process 361 attached [pid 360] write(3, "1000", 4 [pid 298] newfstatat(4, "", [pid 361] set_robust_list(0x555556cc76a0, 24 [pid 360] <... write resumed>) = 4 [pid 356] ioctl(8, LOOP_SET_FD, 7 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 361] <... set_robust_list resumed>) = 0 [pid 360] close(3 [pid 356] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 298] getdents64(4, [pid 361] chdir("./2" [pid 360] <... close resumed>) = 0 [pid 356] close(8 [pid 298] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 361] <... chdir resumed>) = 0 [pid 360] symlink("/dev/binderfs", "./binderfs" [pid 356] <... close resumed>) = 0 [pid 298] getdents64(4, [pid 361] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 360] <... symlink resumed>) = 0 [pid 356] close(7 [pid 354] +++ killed by SIGBUS +++ [pid 357] symlink("/dev/binderfs", "./binderfs" [pid 348] +++ killed by SIGBUS +++ [pid 298] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 361] <... prctl resumed>) = 0 [pid 360] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 356] <... close resumed>) = 0 [pid 298] close(4 [pid 357] <... symlink resumed>) = 0 [pid 361] setpgid(0, 0 [pid 360] <... futex resumed>) = 0 [pid 356] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=348, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 298] <... close resumed>) = 0 [pid 361] <... setpgid resumed>) = 0 [pid 360] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 357] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 356] <... futex resumed>) = 0 [pid 301] umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] rmdir("./1/ext4" [pid 361] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 360] <... rt_sigaction resumed>NULL, 8) = 0 [pid 357] <... futex resumed>) = 0 [pid 356] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] <... rmdir resumed>) = 0 [pid 361] <... openat resumed>) = 3 [pid 360] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 357] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 301] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [ 23.540118][ T342] request_module fs- succeeded, but still no fs? [ 23.576795][ T355] loop0: detected capacity change from 0 to 512 [pid 298] getdents64(3, [pid 361] write(3, "1000", 4 [pid 360] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 357] <... rt_sigaction resumed>NULL, 8) = 0 [pid 301] <... openat resumed>) = 3 [pid 298] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 361] <... write resumed>) = 4 [pid 360] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 298] close(3 [pid 361] close(3 [pid 360] <... mmap resumed>) = 0x7f6220445000 [pid 357] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 301] newfstatat(3, "", [pid 298] <... close resumed>) = 0 [pid 361] <... close resumed>) = 0 [pid 360] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 298] rmdir("./1" [pid 361] symlink("/dev/binderfs", "./binderfs" [pid 360] <... mprotect resumed>) = 0 [pid 357] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 301] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] <... rmdir resumed>) = 0 [pid 361] <... symlink resumed>) = 0 [pid 360] rt_sigprocmask(SIG_BLOCK, ~[], [pid 298] mkdir("./2", 0777 [pid 361] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 360] <... rt_sigprocmask resumed>[], 8) = 0 [pid 298] <... mkdir resumed>) = 0 [pid 361] <... futex resumed>) = 0 [pid 360] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 298] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 361] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 298] <... openat resumed>) = 3 [pid 361] <... rt_sigaction resumed>NULL, 8) = 0 [pid 360] <... clone3 resumed> => {parent_tid=[362]}, 88) = 362 [pid 298] ioctl(3, LOOP_CLR_FD [pid 361] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 360] rt_sigprocmask(SIG_SETMASK, [], [pid 298] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 361] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 360] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 298] close(3 [pid 361] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 360] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... close resumed>) = 0 [pid 361] <... mmap resumed>) = 0x7f6220445000 [pid 360] <... futex resumed>) = 0 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 361] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 360] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 361] <... mprotect resumed>) = 0 [pid 360] <... futex resumed>) = 0 [pid 298] <... clone resumed>, child_tidptr=0x555556cc7690) = 363 [pid 361] rt_sigprocmask(SIG_BLOCK, ~[], [pid 360] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 361] <... rt_sigprocmask resumed>[], 8) = 0 [pid 360] <... mmap resumed>) = 0x7f6220424000 [pid 361] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 360] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 361] <... clone3 resumed> => {parent_tid=[364]}, 88) = 364 [pid 360] rt_sigprocmask(SIG_BLOCK, ~[], [pid 361] rt_sigprocmask(SIG_SETMASK, [], [pid 360] <... rt_sigprocmask resumed>[], 8) = 0 [pid 361] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 360] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 361] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 360] <... clone3 resumed> => {parent_tid=[365]}, 88) = 365 [pid 361] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 360] rt_sigprocmask(SIG_SETMASK, [], [pid 361] <... futex resumed>) = 0 [pid 360] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 361] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 360] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 361] <... mmap resumed>) = 0x7f6220424000 [pid 360] <... futex resumed>) = 0 [pid 361] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 360] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 361] <... mprotect resumed>) = 0 [pid 361] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 361] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} => {parent_tid=[366]}, 88) = 366 [pid 361] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 361] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 361] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 365 attached [pid 365] set_robust_list(0x7f62204449a0, 24) = 0 [pid 365] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 365] creat("./bus", 000) = 3 ./strace-static-x86_64: Process 364 attached [pid 364] set_robust_list(0x7f62204659a0, 24) = 0 [pid 364] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 364] memfd_create("syzkaller", 0./strace-static-x86_64: Process 366 attached [pid 366] set_robust_list(0x7f62204449a0, 24) = 0 [pid 366] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 366] creat("./bus", 000) = 3 [pid 364] <... memfd_create resumed>) = 4 [pid 365] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 360] <... futex resumed>) = 0 [pid 360] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 360] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 364] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 365] <... futex resumed>) = 1 [pid 365] mount("/dev/loop4", "./bus", NULL, MS_BIND, NULL [pid 364] <... mmap resumed>) = 0x7f6218024000 [pid 365] <... mount resumed>) = 0 [pid 366] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 361] <... futex resumed>) = 0 [pid 361] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 361] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 366] <... futex resumed>) = 1 [pid 365] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 366] mount("/dev/loop1", "./bus", NULL, MS_BIND, NULL./strace-static-x86_64: Process 363 attached [pid 360] <... futex resumed>) = 0 [pid 360] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 360] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 366] <... mount resumed>) = 0 [pid 365] <... futex resumed>) = 1 [pid 365] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 4 [pid 363] set_robust_list(0x555556cc76a0, 24 [pid 365] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 363] <... set_robust_list resumed>) = 0 [pid 366] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 365] <... futex resumed>) = 1 [pid 363] chdir("./2" [pid 360] <... futex resumed>) = 0 [pid 366] <... futex resumed>) = 1 [pid 365] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 363] <... chdir resumed>) = 0 [pid 361] <... futex resumed>) = 0 [pid 360] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 366] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 365] <... socket resumed>) = 5 [pid 363] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 361] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 360] <... futex resumed>) = 0 [pid 366] <... open resumed>) = 5 [pid 365] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 363] <... prctl resumed>) = 0 [pid 361] <... futex resumed>) = 0 [pid 360] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 362 attached [pid 366] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 365] <... futex resumed>) = 0 [pid 363] setpgid(0, 0 [pid 361] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 360] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 366] <... futex resumed>) = 0 [pid 365] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 363] <... setpgid resumed>) = 0 [pid 362] set_robust_list(0x7f62204659a0, 24 [pid 361] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 360] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 366] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 365] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 363] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 362] <... set_robust_list resumed>) = 0 [pid 361] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 360] <... futex resumed>) = 0 [pid 366] <... socket resumed>) = 6 [pid 365] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 4, 0 [pid 363] <... openat resumed>) = 3 [pid 362] rt_sigprocmask(SIG_SETMASK, [], [pid 361] <... futex resumed>) = 0 [pid 360] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 366] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 365] <... mmap resumed>) = 0x20000000 [pid 364] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 265739 [pid 363] write(3, "1000", 4 [pid 362] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 361] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 366] <... futex resumed>) = 0 [pid 365] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 363] <... write resumed>) = 4 [pid 362] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200005c4} --- [pid 361] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 366] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 365] <... futex resumed>) = ? [pid 364] <... write resumed>) = 265739 [pid 363] close(3 [pid 361] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 360] <... futex resumed>) = ? [pid 366] <... mmap resumed>) = 0x20000000 [pid 365] +++ killed by SIGBUS +++ [pid 363] <... close resumed>) = 0 [pid 361] <... futex resumed>) = 0 [pid 366] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 363] symlink("/dev/binderfs", "./binderfs" [pid 362] +++ killed by SIGBUS +++ [pid 361] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 360] +++ killed by SIGBUS +++ [pid 366] <... futex resumed>) = 0 [pid 363] <... symlink resumed>) = 0 [pid 361] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 366] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000144} --- [pid 363] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 361] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 357] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=360, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 301] getdents64(3, [pid 363] <... futex resumed>) = 0 [pid 361] <... futex resumed>) = ? [pid 357] <... mmap resumed>) = 0x7f6220445000 [pid 363] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 301] <... getdents64 resumed>0x555556cc8730 /* 4 entries */, 32768) = 104 [pid 364] +++ killed by SIGBUS +++ [pid 363] <... rt_sigaction resumed>NULL, 8) = 0 [pid 357] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 301] umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 366] +++ killed by SIGBUS +++ [pid 363] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 361] +++ killed by SIGBUS +++ [pid 357] <... mprotect resumed>) = 0 [pid 363] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 363] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220445000 [pid 363] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 363] rt_sigprocmask(SIG_BLOCK, ~[], [pid 357] rt_sigprocmask(SIG_BLOCK, ~[], [pid 301] <... umount2 resumed>) = 0 [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=361, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 363] <... rt_sigprocmask resumed>[], 8) = 0 [pid 363] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 357] <... rt_sigprocmask resumed>[], 8) = 0 [pid 301] umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 363] <... clone3 resumed> => {parent_tid=[367]}, 88) = 367 [pid 363] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 357] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 300] umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 363] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 363] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 363] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220424000 [pid 363] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 363] rt_sigprocmask(SIG_BLOCK, ~[], [pid 301] newfstatat(AT_FDCWD, "./2/bus", [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 363] <... rt_sigprocmask resumed>[], 8) = 0 [pid 363] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 357] <... clone3 resumed> => {parent_tid=[368]}, 88) = 368 [pid 301] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 300] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 363] <... clone3 resumed> => {parent_tid=[369]}, 88) = 369 [pid 363] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 363] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 357] rt_sigprocmask(SIG_SETMASK, [], [pid 301] unlink("./2/bus" [pid 300] <... openat resumed>) = 3 [pid 363] <... futex resumed>) = 0 [pid 357] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 363] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 357] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] <... unlink resumed>) = 0 [pid 300] newfstatat(3, "", [pid 297] umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 357] <... futex resumed>) = 0 [pid 301] umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 357] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 300] getdents64(3, [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 357] <... futex resumed>) = 0 [pid 301] newfstatat(AT_FDCWD, "./2/binderfs", [pid 357] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 301] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 300] <... getdents64 resumed>0x555556cc8730 /* 4 entries */, 32768) = 104 [pid 297] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 357] <... mmap resumed>) = 0x7f6220424000 [pid 301] unlink("./2/binderfs" [pid 300] umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 357] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 301] <... unlink resumed>) = 0 [pid 297] <... openat resumed>) = 3 ./strace-static-x86_64: Process 368 attached [pid 357] <... mprotect resumed>) = 0 [pid 297] newfstatat(3, "", [pid 301] getdents64(3, [pid 300] <... umount2 resumed>) = 0 [pid 368] set_robust_list(0x7f62204659a0, 24 [pid 357] rt_sigprocmask(SIG_BLOCK, ~[], [pid 301] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 300] umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 368] <... set_robust_list resumed>) = 0 [pid 357] <... rt_sigprocmask resumed>[], 8) = 0 [pid 301] close(3 [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] getdents64(3, [pid 368] rt_sigprocmask(SIG_SETMASK, [], [pid 357] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 301] <... close resumed>) = 0 [pid 300] newfstatat(AT_FDCWD, "./2/bus", [pid 297] <... getdents64 resumed>0x555556cc8730 /* 4 entries */, 32768) = 104 [pid 368] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 301] rmdir("./2" [pid 300] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 368] memfd_create("syzkaller", 0 [pid 357] <... clone3 resumed> => {parent_tid=[370]}, 88) = 370 [pid 368] <... memfd_create resumed>) = 3 [pid 357] rt_sigprocmask(SIG_SETMASK, [], [pid 301] <... rmdir resumed>) = 0 [pid 300] unlink("./2/bus" [pid 297] <... umount2 resumed>) = 0 ./strace-static-x86_64: Process 369 attached ./strace-static-x86_64: Process 370 attached ./strace-static-x86_64: Process 367 attached [pid 368] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 357] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 301] mkdir("./3", 0777 [pid 300] <... unlink resumed>) = 0 [pid 297] umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 370] set_robust_list(0x7f62204449a0, 24 [pid 369] set_robust_list(0x7f62204449a0, 24 [pid 368] <... mmap resumed>) = 0x7f6218024000 [pid 367] set_robust_list(0x7f62204659a0, 24 [pid 357] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] <... mkdir resumed>) = 0 [pid 300] umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 370] <... set_robust_list resumed>) = 0 [pid 367] <... set_robust_list resumed>) = 0 [pid 357] <... futex resumed>) = 0 [pid 301] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./2/bus", [pid 370] rt_sigprocmask(SIG_SETMASK, [], [pid 367] rt_sigprocmask(SIG_SETMASK, [], [pid 357] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] <... openat resumed>) = 3 [pid 300] newfstatat(AT_FDCWD, "./2/binderfs", [pid 297] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 370] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 367] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 301] ioctl(3, LOOP_CLR_FD [pid 300] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] unlink("./2/bus" [pid 370] creat("./bus", 000 [pid 367] memfd_create("syzkaller", 0 [pid 301] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 300] unlink("./2/binderfs" [pid 370] <... creat resumed>) = 4 [pid 367] <... memfd_create resumed>) = 3 [pid 301] close(3 [pid 300] <... unlink resumed>) = 0 [pid 297] <... unlink resumed>) = 0 [pid 370] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 367] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 301] <... close resumed>) = 0 [pid 300] getdents64(3, [pid 297] umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 370] <... futex resumed>) = 1 [pid 367] <... mmap resumed>) = 0x7f6218024000 [pid 357] <... futex resumed>) = 0 [pid 301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 300] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 370] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 368] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 367] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 357] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] close(3 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 370] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 369] <... set_robust_list resumed>) = 0 [pid 367] <... write resumed>) = 262144 [pid 357] <... futex resumed>) = 0 [pid 301] <... clone resumed>, child_tidptr=0x555556cc7690) = 371 [pid 300] <... close resumed>) = 0 [pid 297] newfstatat(AT_FDCWD, "./2/binderfs", [pid 370] mount("/dev/loop3", "./bus", NULL, MS_BIND, NULL [pid 367] munmap(0x7f6218024000, 262144 [pid 357] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 300] rmdir("./2" [pid 370] <... mount resumed>) = 0 [pid 369] rt_sigprocmask(SIG_SETMASK, [], [pid 367] <... munmap resumed>) = 0 [pid 300] <... rmdir resumed>) = 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 370] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 367] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 300] mkdir("./3", 0777 [pid 297] unlink("./2/binderfs" [pid 370] <... futex resumed>) = 1 [pid 369] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 367] <... openat resumed>) = 4 [pid 357] <... futex resumed>) = 0 [pid 300] <... mkdir resumed>) = 0 [pid 370] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 367] ioctl(4, LOOP_SET_FD, 3 [ 23.602385][ T355] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 23.612994][ T355] EXT4-fs error (device loop0): ext4_init_orphan_info:586: comm syz-executor172: inode #0: comm syz-executor172: iget: illegal inode # [pid 357] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 297] <... unlink resumed>) = 0 [pid 370] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 369] creat("./bus", 000 [pid 368] <... write resumed>) = 262144 [pid 357] <... futex resumed>) = 0 [pid 300] <... openat resumed>) = 3 [pid 297] getdents64(3, [pid 370] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 357] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 300] ioctl(3, LOOP_CLR_FD [pid 370] <... open resumed>) = 5 [pid 300] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 370] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] close(3 [pid 370] <... futex resumed>) = 1 [pid 369] <... creat resumed>) = 5 [pid 357] <... futex resumed>) = 0 [pid 300] <... close resumed>) = 0 [pid 370] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 357] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 297] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 369] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 371 attached [pid 370] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 368] munmap(0x7f6218024000, 262144 [pid 357] <... futex resumed>) = 0 [pid 370] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 369] <... futex resumed>) = 1 [pid 363] <... futex resumed>) = 0 [pid 357] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 300] <... clone resumed>, child_tidptr=0x555556cc7690) = 372 [pid 297] close(3 [pid 370] <... socket resumed>) = 6 [pid 367] <... ioctl resumed>) = 0 ./strace-static-x86_64: Process 372 attached [pid 371] set_robust_list(0x555556cc76a0, 24 [pid 370] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 369] mount("/dev/loop2", "./bus", NULL, MS_BIND, NULL [pid 368] <... munmap resumed>) = 0 [pid 363] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... close resumed>) = 0 [pid 370] <... futex resumed>) = 1 [pid 367] close(3 [pid 357] <... futex resumed>) = 0 [pid 370] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 367] <... close resumed>) = 0 [pid 357] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 370] <... mmap resumed>) = 0x20000000 [pid 367] mkdir("./file0", 0777 [pid 357] <... futex resumed>) = 0 [pid 372] set_robust_list(0x555556cc76a0, 24 [pid 371] <... set_robust_list resumed>) = 0 [pid 370] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 369] <... mount resumed>) = 0 [pid 368] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 367] <... mkdir resumed>) = 0 [pid 363] <... futex resumed>) = 0 [pid 357] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] rmdir("./2" [pid 372] <... set_robust_list resumed>) = 0 [pid 371] chdir("./3" [pid 369] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 368] <... openat resumed>) = 7 [pid 363] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 370] <... futex resumed>) = 0 [pid 367] mount("/dev/loop2", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 357] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 370] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000144} --- [pid 357] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 363] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 297] <... rmdir resumed>) = 0 [pid 372] chdir("./3" [pid 363] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 357] <... futex resumed>) = ? [pid 371] <... chdir resumed>) = 0 [pid 369] <... futex resumed>) = 0 [pid 372] <... chdir resumed>) = 0 [pid 363] <... futex resumed>) = 0 [pid 371] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 297] mkdir("./3", 0777 [pid 372] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 371] <... prctl resumed>) = 0 [pid 369] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 368] +++ killed by SIGBUS +++ [pid 363] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 372] <... prctl resumed>) = 0 [pid 371] setpgid(0, 0 [pid 370] +++ killed by SIGBUS +++ [pid 369] <... open resumed>) = 3 [pid 357] +++ killed by SIGBUS +++ [pid 297] <... mkdir resumed>) = 0 [pid 372] setpgid(0, 0 [pid 371] <... setpgid resumed>) = 0 [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=357, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 369] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 369] <... futex resumed>) = 1 [pid 363] <... futex resumed>) = 0 [pid 299] umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 372] <... setpgid resumed>) = 0 [pid 371] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 369] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 363] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] <... openat resumed>) = 3 [pid 372] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 363] <... futex resumed>) = 0 [pid 369] <... socket resumed>) = 6 [pid 363] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 371] <... openat resumed>) = 3 [pid 372] <... openat resumed>) = 3 [pid 369] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] ioctl(3, LOOP_CLR_FD [pid 299] <... openat resumed>) = 3 [pid 371] write(3, "1000", 4 [pid 369] <... futex resumed>) = 1 [pid 363] <... futex resumed>) = 0 [pid 299] newfstatat(3, "", [pid 372] write(3, "1000", 4 [pid 297] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 363] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 372] <... write resumed>) = 4 [pid 371] <... write resumed>) = 4 [pid 369] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 3, 0 [pid 363] <... futex resumed>) = 0 [pid 372] close(3 [pid 299] getdents64(3, [pid 297] close(3 [pid 363] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] <... getdents64 resumed>0x555556cc8730 /* 4 entries */, 32768) = 104 [pid 369] <... mmap resumed>) = 0x20000000 [pid 299] umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 369] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 372] <... close resumed>) = 0 [pid 371] close(3 [pid 297] <... close resumed>) = 0 [pid 369] <... futex resumed>) = 1 [pid 363] <... futex resumed>) = 0 [pid 299] <... umount2 resumed>) = 0 [pid 371] <... close resumed>) = 0 [pid 372] symlink("/dev/binderfs", "./binderfs" [pid 369] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 363] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 371] symlink("/dev/binderfs", "./binderfs" [pid 369] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 363] <... futex resumed>) = 0 [pid 299] umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 372] <... symlink resumed>) = 0 [pid 369] memfd_create("syzkaller", 0 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 371] <... symlink resumed>) = 0 [pid 299] newfstatat(AT_FDCWD, "./2/bus", [pid 371] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 369] <... memfd_create resumed>) = 7 [pid 372] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 369] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 371] <... futex resumed>) = 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 371] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 369] <... mmap resumed>) = 0x7f620fc64000 [pid 299] unlink("./2/bus" [pid 372] <... futex resumed>) = 0 [pid 371] <... rt_sigaction resumed>NULL, 8) = 0 [pid 299] <... unlink resumed>) = 0 [pid 372] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 371] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 299] umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 372] <... rt_sigaction resumed>NULL, 8) = 0 [pid 371] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 372] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 371] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 297] <... clone resumed>, child_tidptr=0x555556cc7690) = 373 [pid 371] <... mmap resumed>) = 0x7f6220445000 [pid 372] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 299] newfstatat(AT_FDCWD, "./2/binderfs", [pid 372] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 371] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 299] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 372] <... mmap resumed>) = 0x7f6220445000 [pid 371] <... mprotect resumed>) = 0 [pid 299] unlink("./2/binderfs" [pid 372] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 355] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 299] <... unlink resumed>) = 0 [pid 372] <... mprotect resumed>) = 0 [pid 371] rt_sigprocmask(SIG_BLOCK, ~[], [pid 372] rt_sigprocmask(SIG_BLOCK, ~[], [pid 371] <... rt_sigprocmask resumed>[], 8) = 0 [pid 299] getdents64(3, [pid 372] <... rt_sigprocmask resumed>[], 8) = 0 [pid 371] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 299] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 355] ioctl(4, LOOP_CLR_FD [pid 372] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 355] <... ioctl resumed>) = 0 [pid 355] close(4 [pid 371] <... clone3 resumed> => {parent_tid=[374]}, 88) = 374 [pid 299] close(3 [pid 372] <... clone3 resumed> => {parent_tid=[375]}, 88) = 375 [pid 355] <... close resumed>) = 0 [pid 355] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 371] rt_sigprocmask(SIG_SETMASK, [], [pid 372] rt_sigprocmask(SIG_SETMASK, [], [pid 299] <... close resumed>) = 0 [pid 355] <... futex resumed>) = 0 [pid 355] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 371] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 299] rmdir("./2" [pid 372] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 371] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 299] <... rmdir resumed>) = 0 [pid 372] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 350] exit_group(0 [pid 356] <... futex resumed>) = ? [pid 350] <... exit_group resumed>) = ? [pid 372] <... futex resumed>) = 0 [pid 371] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 356] +++ exited with 0 +++ [pid 299] mkdir("./3", 0777 [pid 355] <... futex resumed>) = ? [pid 372] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 371] <... futex resumed>) = 0 [pid 299] <... mkdir resumed>) = 0 [pid 371] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 372] <... futex resumed>) = 0 [pid 299] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 371] <... mmap resumed>) = 0x7f6220424000 [pid 372] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 371] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 299] <... openat resumed>) = 3 [pid 372] <... mmap resumed>) = 0x7f6220424000 [pid 371] <... mprotect resumed>) = 0 [pid 372] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 299] ioctl(3, LOOP_CLR_FD [pid 372] <... mprotect resumed>) = 0 [pid 371] rt_sigprocmask(SIG_BLOCK, ~[], [pid 299] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 371] <... rt_sigprocmask resumed>[], 8) = 0 [pid 372] rt_sigprocmask(SIG_BLOCK, ~[], [pid 371] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 299] close(3 [pid 372] <... rt_sigprocmask resumed>[], 8) = 0 [pid 371] <... clone3 resumed> => {parent_tid=[376]}, 88) = 376 [pid 299] <... close resumed>) = 0 [pid 372] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 371] rt_sigprocmask(SIG_SETMASK, [], [pid 369] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 371] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 372] <... clone3 resumed> => {parent_tid=[377]}, 88) = 377 [pid 371] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 372] rt_sigprocmask(SIG_SETMASK, [], [pid 371] <... futex resumed>) = 0 [pid 372] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 371] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] <... clone resumed>, child_tidptr=0x555556cc7690) = 378 ./strace-static-x86_64: Process 378 attached ./strace-static-x86_64: Process 377 attached ./strace-static-x86_64: Process 376 attached ./strace-static-x86_64: Process 375 attached ./strace-static-x86_64: Process 374 attached ./strace-static-x86_64: Process 373 attached [pid 372] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 369] <... write resumed>) = 65536 [pid 367] <... mount resumed>) = -1 EBADMSG (Bad message) [pid 378] set_robust_list(0x555556cc76a0, 24 [pid 375] set_robust_list(0x7f62204659a0, 24 [pid 374] set_robust_list(0x7f62204659a0, 24 [pid 373] set_robust_list(0x555556cc76a0, 24 [pid 372] <... futex resumed>) = 0 [pid 369] munmap(0x7f620fc64000, 65536 [pid 367] ioctl(4, LOOP_CLR_FD [pid 378] <... set_robust_list resumed>) = 0 [pid 367] <... ioctl resumed>) = 0 [pid 367] close(4 [pid 369] <... munmap resumed>) = 0 [pid 367] <... close resumed>) = 0 [pid 374] <... set_robust_list resumed>) = 0 [pid 372] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 375] <... set_robust_list resumed>) = 0 [pid 374] rt_sigprocmask(SIG_SETMASK, [], [pid 375] rt_sigprocmask(SIG_SETMASK, [], [pid 373] <... set_robust_list resumed>) = 0 [pid 378] chdir("./3" [pid 375] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 374] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 373] chdir("./3" [pid 367] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 374] memfd_create("syzkaller", 0 [pid 367] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 375] memfd_create("syzkaller", 0 [pid 369] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 374] <... memfd_create resumed>) = 3 [pid 375] <... memfd_create resumed>) = 3 [pid 373] <... chdir resumed>) = 0 [pid 378] <... chdir resumed>) = 0 [pid 369] <... openat resumed>) = 4 [pid 375] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 374] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 378] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 377] set_robust_list(0x7f62204449a0, 24 [pid 376] set_robust_list(0x7f62204449a0, 24 [pid 375] <... mmap resumed>) = 0x7f6218024000 [pid 374] <... mmap resumed>) = 0x7f6218024000 [pid 373] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 369] ioctl(4, LOOP_SET_FD, 7 [pid 378] <... prctl resumed>) = 0 [pid 377] <... set_robust_list resumed>) = 0 [pid 377] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 375] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 377] creat("./bus", 000) = 4 [pid 377] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 372] <... futex resumed>) = 0 [pid 377] mount("/dev/loop4", "./bus", NULL, MS_BIND, NULL [pid 372] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 377] <... mount resumed>) = 0 [pid 372] <... futex resumed>) = 0 [pid 377] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 372] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 377] <... futex resumed>) = 0 [pid 372] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 377] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 372] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 377] <... open resumed>) = 5 [pid 374] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 373] <... prctl resumed>) = 0 [pid 372] <... futex resumed>) = 0 [pid 369] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 378] setpgid(0, 0 [pid 377] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 372] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 377] <... futex resumed>) = 0 [pid 372] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 377] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 372] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 377] <... socket resumed>) = 6 [pid 372] <... futex resumed>) = 0 [pid 377] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 372] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 377] <... futex resumed>) = 0 [pid 372] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 377] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 372] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 378] <... setpgid resumed>) = 0 [pid 377] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 373] setpgid(0, 0 [pid 372] <... futex resumed>) = 0 [pid 369] ioctl(4, LOOP_CLR_FD [pid 377] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 372] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 377] <... mmap resumed>) = 0x20000000 [pid 369] <... ioctl resumed>) = 0 [pid 378] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 377] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 373] <... setpgid resumed>) = 0 [pid 377] <... futex resumed>) = 1 [pid 372] <... futex resumed>) = 0 [pid 377] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 372] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 377] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 372] <... futex resumed>) = 0 [pid 377] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000144} --- [pid 372] read(542316032, [pid 376] <... set_robust_list resumed>) = 0 [pid 376] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 373] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 376] creat("./bus", 000 [pid 378] <... openat resumed>) = 3 [pid 376] <... creat resumed>) = 4 [pid 373] <... openat resumed>) = 3 [pid 376] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 371] <... futex resumed>) = 0 [pid 376] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 371] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 376] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 371] <... futex resumed>) = 0 [pid 376] mount("/dev/loop5", "./bus", NULL, MS_BIND, NULL [pid 371] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 376] <... mount resumed>) = 0 [pid 376] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 374] <... write resumed>) = 262144 [pid 373] write(3, "1000", 4 [pid 378] write(3, "1000", 4 [pid 376] <... futex resumed>) = 1 [pid 371] <... futex resumed>) = 0 [pid 376] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 371] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 376] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 371] <... futex resumed>) = 0 [pid 376] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 371] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 376] <... open resumed>) = 5 [pid 376] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 373] <... write resumed>) = 4 [pid 369] ioctl(4, LOOP_SET_FD, 7 [pid 378] <... write resumed>) = 4 [pid 376] <... futex resumed>) = 1 [pid 375] <... write resumed>) = ? [pid 371] <... futex resumed>) = 0 [pid 376] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 371] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 376] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 371] <... futex resumed>) = 0 [pid 376] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 371] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 376] <... socket resumed>) = 6 [pid 369] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 378] close(3 [pid 376] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 375] +++ killed by SIGBUS +++ [pid 374] munmap(0x7f6218024000, 262144 [pid 373] close(3 [pid 369] close(4 [pid 378] <... close resumed>) = 0 [pid 377] +++ killed by SIGBUS +++ [pid 376] <... futex resumed>) = 1 [pid 374] <... munmap resumed>) = 0 [pid 373] <... close resumed>) = 0 [pid 372] +++ killed by SIGBUS +++ [pid 371] <... futex resumed>) = 0 [pid 369] <... close resumed>) = 0 [pid 378] symlink("/dev/binderfs", "./binderfs" [pid 376] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 374] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 373] symlink("/dev/binderfs", "./binderfs" [pid 371] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 369] close(7 [pid 300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=372, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 376] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 371] <... futex resumed>) = 0 [pid 376] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 371] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 378] <... symlink resumed>) = 0 [pid 376] <... mmap resumed>) = 0x20000000 [pid 376] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 371] <... futex resumed>) = 0 [pid 369] <... close resumed>) = 0 [pid 376] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 371] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 376] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 373] <... symlink resumed>) = 0 [pid 371] <... futex resumed>) = 0 [pid 369] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 378] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 376] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000144} --- [pid 374] <... openat resumed>) = ? [pid 373] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 371] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 369] <... futex resumed>) = 0 [pid 378] <... futex resumed>) = 0 [pid 373] <... futex resumed>) = 0 [pid 369] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 378] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 374] +++ killed by SIGBUS +++ [pid 373] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 378] <... rt_sigaction resumed>NULL, 8) = 0 [pid 376] +++ killed by SIGBUS +++ [pid 373] <... rt_sigaction resumed>NULL, 8) = 0 [pid 371] +++ killed by SIGBUS +++ [pid 363] exit_group(0 [pid 378] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 373] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 369] <... futex resumed>) = ? [pid 367] <... futex resumed>) = ? [pid 363] <... exit_group resumed>) = ? [pid 378] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 373] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 369] +++ exited with 0 +++ [pid 367] +++ exited with 0 +++ [pid 301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=371, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 300] umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW [pid 378] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 373] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 301] umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 378] <... mmap resumed>) = 0x7f6220445000 [pid 373] <... mmap resumed>) = 0x7f6220445000 [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 300] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 378] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 373] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 301] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 378] <... mprotect resumed>) = 0 [pid 373] <... mprotect resumed>) = 0 [pid 300] <... openat resumed>) = 3 [pid 301] <... openat resumed>) = 3 [pid 378] rt_sigprocmask(SIG_BLOCK, ~[], [pid 373] rt_sigprocmask(SIG_BLOCK, ~[], [pid 301] newfstatat(3, "", [pid 300] newfstatat(3, "", [pid 378] <... rt_sigprocmask resumed>[], 8) = 0 [pid 373] <... rt_sigprocmask resumed>[], 8) = 0 [pid 378] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 373] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 301] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 300] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 301] getdents64(3, [pid 300] getdents64(3, ./strace-static-x86_64: Process 379 attached [pid 379] set_robust_list(0x7f62204659a0, 24) = 0 [pid 301] <... getdents64 resumed>0x555556cc8730 /* 4 entries */, 32768) = 104 [pid 379] rt_sigprocmask(SIG_SETMASK, [], [pid 300] <... getdents64 resumed>0x555556cc8730 /* 4 entries */, 32768) = 104 [pid 378] <... clone3 resumed> => {parent_tid=[379]}, 88) = 379 [pid 373] <... clone3 resumed> => {parent_tid=[380]}, 88) = 380 [pid 301] umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 378] rt_sigprocmask(SIG_SETMASK, [], [pid 373] rt_sigprocmask(SIG_SETMASK, [], [pid 300] umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 378] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 373] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 301] <... umount2 resumed>) = 0 [pid 378] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 373] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] <... umount2 resumed>) = 0 [pid 378] <... futex resumed>) = 0 [pid 373] <... futex resumed>) = 0 [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 300] umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 378] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] newfstatat(AT_FDCWD, "./3/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 378] <... futex resumed>) = 0 [pid 373] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] unlink("./3/bus" [pid 300] newfstatat(AT_FDCWD, "./3/bus", [pid 378] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 373] <... futex resumed>) = 0 [pid 379] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 379] memfd_create("syzkaller", 0 [pid 301] <... unlink resumed>) = 0 [pid 378] <... mmap resumed>) = 0x7f6220424000 [pid 373] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 301] umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 378] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 373] <... mmap resumed>) = 0x7f6220424000 [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 300] unlink("./3/bus" [pid 378] <... mprotect resumed>) = 0 [pid 373] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 301] newfstatat(AT_FDCWD, "./3/binderfs", [pid 379] <... memfd_create resumed>) = 3 [pid 300] <... unlink resumed>) = 0 [pid 301] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 300] umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 373] <... mprotect resumed>) = 0 [pid 379] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 301] unlink("./3/binderfs" [pid 378] rt_sigprocmask(SIG_BLOCK, ~[], [pid 373] rt_sigprocmask(SIG_BLOCK, ~[], [pid 300] newfstatat(AT_FDCWD, "./3/binderfs", [pid 379] <... mmap resumed>) = 0x7f6218024000 [pid 301] <... unlink resumed>) = 0 [pid 373] <... rt_sigprocmask resumed>[], 8) = 0 [pid 301] getdents64(3, [pid 300] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 378] <... rt_sigprocmask resumed>[], 8) = 0 [pid 373] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 378] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 301] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 300] unlink("./3/binderfs"./strace-static-x86_64: Process 381 attached [pid 379] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 301] close(3 [pid 300] <... unlink resumed>) = 0 [pid 378] <... clone3 resumed> => {parent_tid=[382]}, 88) = 382 [pid 373] <... clone3 resumed> => {parent_tid=[381]}, 88) = 381 [pid 301] <... close resumed>) = 0 [pid 300] getdents64(3, [pid 378] rt_sigprocmask(SIG_SETMASK, [], [pid 373] rt_sigprocmask(SIG_SETMASK, [], [pid 301] rmdir("./3" [pid 300] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 378] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 373] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 381] set_robust_list(0x7f62204449a0, 24 [pid 379] <... write resumed>) = 262144 [pid 378] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 373] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] <... rmdir resumed>) = 0 [pid 300] close(3 [pid 379] munmap(0x7f6218024000, 262144 [pid 378] <... futex resumed>) = 0 [pid 373] <... futex resumed>) = 0 [pid 301] mkdir("./4", 0777 [pid 300] <... close resumed>) = 0 [pid 378] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 373] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 379] <... munmap resumed>) = 0 ./strace-static-x86_64: Process 380 attached [pid 379] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 380] set_robust_list(0x7f62204659a0, 24 [pid 301] <... mkdir resumed>) = 0 [pid 301] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 300] rmdir("./3" [pid 379] <... openat resumed>) = 4 [pid 301] <... openat resumed>) = 3 [pid 380] <... set_robust_list resumed>) = 0 [pid 380] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 23.645472][ T367] loop2: detected capacity change from 0 to 512 [ 23.655981][ T355] EXT4-fs (loop0): get orphan inode failed [ 23.668679][ T355] EXT4-fs (loop0): mount failed [ 23.677799][ T367] EXT4-fs warning (device loop2): read_mmp_block:115: Error -74 while reading MMP block 12 [pid 379] ioctl(4, LOOP_SET_FD, 3 [pid 380] memfd_create("syzkaller", 0 [pid 301] ioctl(3, LOOP_CLR_FD [pid 300] <... rmdir resumed>) = 0 [pid 301] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 300] mkdir("./4", 0777 [pid 301] close(3 [pid 381] <... set_robust_list resumed>) = 0 [pid 379] <... ioctl resumed>) = 0 [pid 301] <... close resumed>) = 0 [pid 300] <... mkdir resumed>) = 0 [pid 301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 380] <... memfd_create resumed>) = 3 [pid 300] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 380] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6218024000 ./strace-static-x86_64: Process 383 attached ./strace-static-x86_64: Process 382 attached [pid 381] rt_sigprocmask(SIG_SETMASK, [], [pid 379] close(3 [pid 300] <... openat resumed>) = 3 [pid 383] set_robust_list(0x555556cc76a0, 24 [pid 382] set_robust_list(0x7f62204449a0, 24 [pid 381] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 301] <... clone resumed>, child_tidptr=0x555556cc7690) = 383 [pid 300] ioctl(3, LOOP_CLR_FD [pid 383] <... set_robust_list resumed>) = 0 [pid 382] <... set_robust_list resumed>) = 0 [pid 381] creat("./bus", 000 [pid 363] +++ exited with 0 +++ [pid 355] +++ exited with 0 +++ [pid 350] +++ exited with 0 +++ [pid 300] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 383] chdir("./4" [pid 382] rt_sigprocmask(SIG_SETMASK, [], [pid 381] <... creat resumed>) = 4 [pid 300] close(3 [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=363, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=350, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 383] <... chdir resumed>) = 0 [pid 382] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 381] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] <... close resumed>) = 0 [pid 298] restart_syscall(<... resuming interrupted clone ...> [pid 296] restart_syscall(<... resuming interrupted clone ...> [pid 383] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 382] creat("./bus", 000 [pid 381] <... futex resumed>) = 1 [pid 379] <... close resumed>) = 0 [pid 373] <... futex resumed>) = 0 [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 298] <... restart_syscall resumed>) = 0 [pid 296] <... restart_syscall resumed>) = 0 [pid 383] <... prctl resumed>) = 0 [pid 382] <... creat resumed>) = 3 [pid 381] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 379] mkdir("./file0", 0777 [pid 373] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 383] setpgid(0, 0 [pid 382] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 381] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 379] <... mkdir resumed>) = 0 [pid 373] <... futex resumed>) = 0 [pid 300] <... clone resumed>, child_tidptr=0x555556cc7690) = 384 [pid 383] <... setpgid resumed>) = 0 [pid 382] <... futex resumed>) = 1 [pid 381] mount("/dev/loop1", "./bus", NULL, MS_BIND, NULL [pid 380] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 379] mount("/dev/loop3", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 378] <... futex resumed>) = 0 [pid 373] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 383] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 382] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 381] <... mount resumed>) = 0 [pid 380] <... write resumed>) = 262144 [pid 378] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 383] <... openat resumed>) = 3 [pid 382] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 381] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 378] <... futex resumed>) = 0 [pid 298] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 296] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 383] write(3, "1000", 4 [pid 382] mount("/dev/loop3", "./bus", NULL, MS_BIND, NULL [pid 381] <... futex resumed>) = 1 [pid 378] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 373] <... futex resumed>) = 0 [pid 298] <... openat resumed>) = 3 [pid 296] <... openat resumed>) = 3 [pid 383] <... write resumed>) = 4 [pid 382] <... mount resumed>) = 0 [pid 381] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 373] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] newfstatat(3, "", [pid 296] newfstatat(3, "", [pid 383] close(3 [pid 382] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 381] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 373] <... futex resumed>) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 383] <... close resumed>) = 0 [pid 382] <... futex resumed>) = 1 [pid 381] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 380] munmap(0x7f6218024000, 262144 [pid 378] <... futex resumed>) = 0 [pid 373] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] getdents64(3, [pid 296] getdents64(3, ./strace-static-x86_64: Process 384 attached [pid 383] symlink("/dev/binderfs", "./binderfs" [pid 382] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 381] <... open resumed>) = 5 [pid 380] <... munmap resumed>) = 0 [pid 378] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 296] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 384] set_robust_list(0x555556cc76a0, 24 [pid 383] <... symlink resumed>) = 0 [pid 382] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 381] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 378] <... futex resumed>) = 0 [pid 298] umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 384] <... set_robust_list resumed>) = 0 [pid 383] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 382] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 381] <... futex resumed>) = 1 [pid 380] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 378] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 373] <... futex resumed>) = 0 [pid 298] <... umount2 resumed>) = 0 [pid 296] <... umount2 resumed>) = 0 [pid 384] chdir("./4" [pid 383] <... futex resumed>) = 0 [pid 382] <... open resumed>) = 5 [pid 381] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 373] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 384] <... chdir resumed>) = 0 [pid 383] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 382] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 381] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 380] <... openat resumed>) = 6 [pid 373] <... futex resumed>) = 0 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 384] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 383] <... rt_sigaction resumed>NULL, 8) = 0 [pid 382] <... futex resumed>) = 1 [pid 381] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 380] ioctl(6, LOOP_SET_FD, 3 [pid 378] <... futex resumed>) = 0 [pid 373] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] newfstatat(AT_FDCWD, "./2/bus", [pid 296] newfstatat(AT_FDCWD, "./2/bus", [pid 384] <... prctl resumed>) = 0 [pid 383] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 382] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 381] <... socket resumed>) = 7 [pid 378] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 383] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 382] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 381] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 378] <... futex resumed>) = 0 [pid 298] unlink("./2/bus" [pid 296] unlink("./2/bus" [pid 383] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 382] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 381] <... futex resumed>) = 1 [pid 378] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 373] <... futex resumed>) = 0 [pid 298] <... unlink resumed>) = 0 [pid 296] <... unlink resumed>) = 0 [pid 383] <... mmap resumed>) = 0x7f6220445000 [pid 382] <... socket resumed>) = 6 [pid 381] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 373] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 383] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 382] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 381] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 373] <... futex resumed>) = 0 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 383] <... mprotect resumed>) = 0 [pid 382] <... futex resumed>) = 1 [pid 381] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 378] <... futex resumed>) = 0 [pid 373] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] newfstatat(AT_FDCWD, "./2/binderfs", [pid 296] newfstatat(AT_FDCWD, "./2/binderfs", [pid 384] setpgid(0, 0 [pid 383] rt_sigprocmask(SIG_BLOCK, ~[], [pid 382] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 381] <... mmap resumed>) = 0x20000000 [pid 378] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 384] <... setpgid resumed>) = 0 [pid 383] <... rt_sigprocmask resumed>[], 8) = 0 [pid 382] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 381] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 378] <... futex resumed>) = 0 [pid 298] unlink("./2/binderfs" [pid 296] unlink("./2/binderfs" [pid 384] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 383] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 382] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 381] <... futex resumed>) = 1 [pid 378] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 373] <... futex resumed>) = 0 [pid 298] <... unlink resumed>) = 0 [pid 296] <... unlink resumed>) = 0 [pid 382] <... mmap resumed>) = 0x20000000 [pid 381] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 373] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 383] <... clone3 resumed> => {parent_tid=[387]}, 88) = 387 [ 23.720091][ T379] loop3: detected capacity change from 0 to 512 [ 23.754520][ T380] loop1: detected capacity change from 0 to 512 [pid 382] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 381] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 373] <... futex resumed>) = 0 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 384] <... openat resumed>) = 3 [pid 383] rt_sigprocmask(SIG_SETMASK, [], [pid 382] <... futex resumed>) = 1 [pid 380] <... ioctl resumed>) = 0 [pid 378] <... futex resumed>) = 0 [pid 298] newfstatat(AT_FDCWD, "./2/file0", [pid 296] newfstatat(AT_FDCWD, "./2/file0", [pid 384] write(3, "1000", 4 [pid 383] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 382] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 378] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 383] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 382] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 378] <... futex resumed>) = 0 [pid 298] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 384] <... write resumed>) = 4 [pid 383] <... futex resumed>) = 0 [pid 382] memfd_create("syzkaller", 0 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 383] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 382] <... memfd_create resumed>) = 7 [pid 298] openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 296] openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 383] <... futex resumed>) = 0 [pid 382] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 298] <... openat resumed>) = 4 [pid 296] <... openat resumed>) = 4 [pid 383] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 382] <... mmap resumed>) = 0x7f620fc64000 [pid 298] newfstatat(4, "", [pid 296] newfstatat(4, "", [pid 384] close(3 [pid 383] <... mmap resumed>) = 0x7f6220424000 [pid 380] close(3 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 384] <... close resumed>) = 0 [pid 383] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 380] <... close resumed>) = 0 [pid 298] getdents64(4, [pid 296] getdents64(4, [pid 384] symlink("/dev/binderfs", "./binderfs" [pid 383] <... mprotect resumed>) = 0 [pid 298] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 296] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 383] rt_sigprocmask(SIG_BLOCK, ~[], [pid 298] getdents64(4, [pid 296] getdents64(4, [pid 383] <... rt_sigprocmask resumed>[], 8) = 0 [pid 298] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 296] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 383] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 298] close(4 [pid 296] close(4 [pid 298] <... close resumed>) = 0 [pid 296] <... close resumed>) = 0 [pid 384] <... symlink resumed>) = 0 [pid 383] <... clone3 resumed> => {parent_tid=[388]}, 88) = 388 [pid 298] rmdir("./2/file0" [pid 296] rmdir("./2/file0" [pid 384] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 383] rt_sigprocmask(SIG_SETMASK, [], [pid 380] mkdir(0x20000000, 0777 [pid 298] <... rmdir resumed>) = 0 [pid 296] <... rmdir resumed>) = 0 [pid 384] <... futex resumed>) = 0 [pid 383] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 298] getdents64(3, [pid 296] getdents64(3, [pid 384] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 383] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 296] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 384] <... rt_sigaction resumed>NULL, 8) = 0 [pid 383] <... futex resumed>) = 0 [pid 298] close(3 [pid 296] close(3 [pid 384] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 383] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] <... close resumed>) = 0 [pid 296] <... close resumed>) = 0 [pid 384] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 298] rmdir("./2" [pid 296] rmdir("./2" [pid 384] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 298] <... rmdir resumed>) = 0 [pid 296] <... rmdir resumed>) = 0 [pid 298] mkdir("./3", 0777 [pid 296] mkdir("./3", 0777 [pid 384] <... mmap resumed>) = 0x7f6220445000 [pid 298] <... mkdir resumed>) = 0 [pid 296] <... mkdir resumed>) = 0 [pid 384] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 298] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 296] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 384] <... mprotect resumed>) = 0 [pid 298] <... openat resumed>) = 3 [pid 296] <... openat resumed>) = 3 [pid 384] rt_sigprocmask(SIG_BLOCK, ~[], [pid 298] ioctl(3, LOOP_CLR_FD [pid 296] ioctl(3, LOOP_CLR_FD [pid 384] <... rt_sigprocmask resumed>[], 8) = 0 [pid 298] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 296] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 384] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 298] close(3 [pid 296] close(3 [pid 298] <... close resumed>) = 0 [pid 296] <... close resumed>) = 0 [pid 384] <... clone3 resumed> => {parent_tid=[390]}, 88) = 390 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 384] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 298] <... clone resumed>, child_tidptr=0x555556cc7690) = 391 [pid 296] <... clone resumed>, child_tidptr=0x555556cc7690) = 392 ./strace-static-x86_64: Process 387 attached [pid 384] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 384] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 384] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220424000 [pid 384] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 384] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 384] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} => {parent_tid=[393]}, 88) = 393 [pid 384] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 384] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 384] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 387] set_robust_list(0x7f62204659a0, 24 [pid 382] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 68515) = 68515 [pid 382] munmap(0x7f620fc64000, 68515) = 0 [pid 382] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 8 [pid 382] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy) [pid 382] ioctl(8, LOOP_CLR_FD [pid 387] <... set_robust_list resumed>) = 0 [pid 387] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 382] <... ioctl resumed>) = 0 ./strace-static-x86_64: Process 393 attached [pid 387] memfd_create("syzkaller", 0 [pid 393] set_robust_list(0x7f62204449a0, 24 [pid 387] <... memfd_create resumed>) = 3 [pid 387] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 393] <... set_robust_list resumed>) = 0 [pid 393] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 393] creat("./bus", 000 [pid 387] <... mmap resumed>) = 0x7f6218024000 [pid 382] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy) [pid 382] close(8) = 0 [pid 382] close(7 [pid 387] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 382] <... close resumed>) = 0 [pid 382] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 382] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 393] <... creat resumed>) = 3 [ 23.764932][ T381] blk_update_request: I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 2 prio class 0 [ 23.778762][ T379] EXT4-fs error (device loop3): ext4_init_orphan_info:586: comm syz-executor172: inode #0: comm syz-executor172: iget: illegal inode # ./strace-static-x86_64: Process 390 attached [pid 393] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 388 attached [pid 388] set_robust_list(0x7f62204449a0, 24 [pid 381] memfd_create("syzkaller", 0 [pid 388] <... set_robust_list resumed>) = 0 [pid 388] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 388] creat("./bus", 000 [pid 381] <... memfd_create resumed>) = 3 [pid 381] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f620fc64000 [pid 388] <... creat resumed>) = 4 [pid 388] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 381] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 383] <... futex resumed>) = 0 [pid 383] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 383] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 381] <... write resumed>) = 65536 [pid 388] <... futex resumed>) = 1 [pid 388] mount("/dev/loop5", "./bus", NULL, MS_BIND, NULL) = 0 [pid 388] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 383] <... futex resumed>) = 0 [pid 383] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 383] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 388] <... futex resumed>) = 1 [pid 388] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5 [pid 381] munmap(0x7f620fc64000, 65536 [pid 388] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 380] <... mkdir resumed>) = 0 [pid 383] <... futex resumed>) = 0 [pid 381] <... munmap resumed>) = 0 [pid 383] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 381] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 380] mount("/dev/loop1", 0x20000000, 0x200005c0, MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"... [pid 383] <... futex resumed>) = 0 [pid 383] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 388] <... futex resumed>) = 1 [pid 388] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE) = 6 [pid 388] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 383] <... futex resumed>) = 0 [pid 383] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 383] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 388] <... futex resumed>) = 1 [pid 388] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000 [pid 388] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 383] <... futex resumed>) = 0 [pid 383] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 388] <... futex resumed>) = 1 [pid 388] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000144} --- [pid 381] <... openat resumed>) = 8 [pid 381] ioctl(8, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 380] <... mount resumed>) = -1 ENODEV (No such device) [pid 381] ioctl(8, LOOP_CLR_FD [pid 380] ioctl(6, LOOP_CLR_FD [pid 381] <... ioctl resumed>) = 0 [pid 380] <... ioctl resumed>) = 0 [pid 380] close(6) = 0 [pid 380] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 380] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 381] ioctl(8, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 381] close(8) = 0 [pid 381] close(3) = 0 [pid 381] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 381] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 393] <... futex resumed>) = 1 [pid 390] set_robust_list(0x7f62204659a0, 24 [pid 384] <... futex resumed>) = 0 [pid 373] exit_group(0 [pid 384] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 381] <... futex resumed>) = ? [pid 373] <... exit_group resumed>) = ? [pid 380] <... futex resumed>) = ? [pid 384] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 381] +++ exited with 0 +++ [pid 380] +++ exited with 0 +++ [pid 390] <... set_robust_list resumed>) = 0 [pid 393] mount("/dev/loop4", "./bus", NULL, MS_BIND, NULL [pid 390] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 392 attached ./strace-static-x86_64: Process 391 attached NULL, 8) = 0 [pid 393] <... mount resumed>) = 0 [pid 387] <... write resumed>) = ? [pid 393] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 390] memfd_create("syzkaller", 0 [pid 392] set_robust_list(0x555556cc76a0, 24 [pid 393] <... futex resumed>) = 1 [pid 391] set_robust_list(0x555556cc76a0, 24 [pid 384] <... futex resumed>) = 0 [pid 384] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 384] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 390] <... memfd_create resumed>) = 4 [pid 393] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 392] <... set_robust_list resumed>) = 0 [pid 391] <... set_robust_list resumed>) = 0 [pid 390] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 393] <... open resumed>) = 5 [pid 390] <... mmap resumed>) = 0x7f6218024000 [pid 392] chdir("./3" [pid 390] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 393] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 384] <... futex resumed>) = 0 [pid 392] <... chdir resumed>) = 0 [pid 384] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 384] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 393] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 392] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 390] <... write resumed>) = 262144 [pid 393] <... socket resumed>) = 6 [pid 392] <... prctl resumed>) = 0 [pid 391] chdir("./3" [pid 390] munmap(0x7f6218024000, 262144 [pid 393] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 384] <... futex resumed>) = 0 [pid 392] setpgid(0, 0 [pid 384] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 384] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 393] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 392] <... setpgid resumed>) = 0 [pid 391] <... chdir resumed>) = 0 [pid 390] <... munmap resumed>) = 0 [pid 393] <... mmap resumed>) = 0x20000000 [pid 392] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 393] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 391] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 384] <... futex resumed>) = 0 [pid 393] <... futex resumed>) = 1 [pid 392] <... openat resumed>) = 3 [pid 391] <... prctl resumed>) = 0 [pid 384] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 393] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000144} --- [pid 392] write(3, "1000", 4 [pid 391] setpgid(0, 0 [pid 392] <... write resumed>) = 4 [pid 391] <... setpgid resumed>) = 0 [pid 392] close(3 [pid 390] +++ killed by SIGBUS +++ [pid 393] +++ killed by SIGBUS +++ [pid 384] +++ killed by SIGBUS +++ [pid 300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=384, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 392] <... close resumed>) = 0 [pid 300] restart_syscall(<... resuming interrupted clone ...> [pid 391] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 392] symlink("/dev/binderfs", "./binderfs") = 0 [pid 391] <... openat resumed>) = 3 [pid 392] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] <... restart_syscall resumed>) = 0 [pid 388] +++ killed by SIGBUS +++ [pid 300] umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 300] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 300] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 300] getdents64(3, 0x555556cc8730 /* 4 entries */, 32768) = 104 [pid 300] umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 387] +++ killed by SIGBUS +++ [pid 383] +++ killed by SIGBUS +++ [pid 300] <... umount2 resumed>) = 0 [pid 392] <... futex resumed>) = 0 [pid 391] write(3, "1000", 4 [pid 300] umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=383, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 301] restart_syscall(<... resuming interrupted clone ...> [pid 300] newfstatat(AT_FDCWD, "./4/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 300] unlink("./4/bus" [pid 301] <... restart_syscall resumed>) = 0 [pid 300] <... unlink resumed>) = 0 [pid 392] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 391] <... write resumed>) = 4 [pid 300] umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 392] <... rt_sigaction resumed>NULL, 8) = 0 [pid 391] close(3 [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 301] umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] newfstatat(AT_FDCWD, "./4/binderfs", [pid 392] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 391] <... close resumed>) = 0 [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 300] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 301] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 300] unlink("./4/binderfs" [pid 392] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 391] symlink("/dev/binderfs", "./binderfs" [pid 301] <... openat resumed>) = 3 [pid 392] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 301] newfstatat(3, "", [pid 300] <... unlink resumed>) = 0 [pid 392] <... mmap resumed>) = 0x7f6220445000 [pid 391] <... symlink resumed>) = 0 [pid 301] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 301] getdents64(3, [pid 300] getdents64(3, [pid 392] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 391] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] <... getdents64 resumed>0x555556cc8730 /* 4 entries */, 32768) = 104 [pid 300] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 392] <... mprotect resumed>) = 0 [pid 391] <... futex resumed>) = 0 [pid 301] umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] close(3 [pid 392] rt_sigprocmask(SIG_BLOCK, ~[], [pid 391] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 301] <... umount2 resumed>) = 0 [pid 300] <... close resumed>) = 0 [pid 392] <... rt_sigprocmask resumed>[], 8) = 0 [pid 301] umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] rmdir("./4" [pid 392] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 391] <... rt_sigaction resumed>NULL, 8) = 0 [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 300] <... rmdir resumed>) = 0 [pid 391] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 301] newfstatat(AT_FDCWD, "./4/bus", [pid 300] mkdir("./5", 0777 [pid 392] <... clone3 resumed> => {parent_tid=[395]}, 88) = 395 [pid 391] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 301] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 300] <... mkdir resumed>) = 0 [pid 301] unlink("./4/bus" [pid 300] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 301] <... unlink resumed>) = 0 [pid 300] <... openat resumed>) = 3 [pid 301] umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] ioctl(3, LOOP_CLR_FD [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 300] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 301] newfstatat(AT_FDCWD, "./4/binderfs", [pid 300] close(3 [pid 301] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 300] <... close resumed>) = 0 [pid 301] unlink("./4/binderfs" [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 301] <... unlink resumed>) = 0 [pid 301] getdents64(3, [pid 300] <... clone resumed>, child_tidptr=0x555556cc7690) = 396 [pid 301] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 301] close(3) = 0 [pid 301] rmdir("./4") = 0 [pid 301] mkdir("./5", 0777) = 0 [pid 301] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 301] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 301] close(3) = 0 [pid 301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cc7690) = 397 ./strace-static-x86_64: Process 395 attached [pid 395] set_robust_list(0x7f62204659a0, 24) = 0 [pid 395] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 392] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 391] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 392] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 391] <... mmap resumed>) = 0x7f6220445000 [pid 392] <... futex resumed>) = 0 [pid 392] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 391] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 392] <... futex resumed>) = 0 [pid 391] <... mprotect resumed>) = 0 [pid 392] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 391] rt_sigprocmask(SIG_BLOCK, ~[], [pid 392] <... mmap resumed>) = 0x7f6220424000 [pid 391] <... rt_sigprocmask resumed>[], 8) = 0 [pid 392] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 391] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 392] <... mprotect resumed>) = 0 [pid 395] memfd_create("syzkaller", 0 [pid 392] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 391] <... clone3 resumed> => {parent_tid=[398]}, 88) = 398 [pid 392] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 391] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 392] <... clone3 resumed> => {parent_tid=[399]}, 88) = 399 [pid 391] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 399 attached ./strace-static-x86_64: Process 398 attached ./strace-static-x86_64: Process 397 attached ./strace-static-x86_64: Process 396 attached [pid 395] <... memfd_create resumed>) = 3 [pid 392] rt_sigprocmask(SIG_SETMASK, [], [pid 391] <... futex resumed>) = 0 [pid 399] set_robust_list(0x7f62204449a0, 24 [pid 396] set_robust_list(0x555556cc76a0, 24 [pid 392] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 391] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 398] set_robust_list(0x7f62204659a0, 24 [pid 397] set_robust_list(0x555556cc76a0, 24 [pid 395] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 379] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 379] ioctl(4, LOOP_CLR_FD) = 0 [pid 379] close(4) = 0 [pid 379] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 373] +++ exited with 0 +++ [pid 399] <... set_robust_list resumed>) = 0 [pid 398] <... set_robust_list resumed>) = 0 [pid 397] <... set_robust_list resumed>) = 0 [pid 396] <... set_robust_list resumed>) = 0 [pid 395] <... mmap resumed>) = 0x7f6218024000 [pid 392] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 391] <... futex resumed>) = 0 [pid 379] <... futex resumed>) = 0 [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=373, si_uid=0, si_status=0, si_utime=1, si_stime=1} --- [pid 399] rt_sigprocmask(SIG_SETMASK, [], [pid 398] rt_sigprocmask(SIG_SETMASK, [], [pid 397] chdir("./5" [pid 396] chdir("./5" [pid 395] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 392] <... futex resumed>) = 0 [pid 391] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 378] exit_group(0 [pid 379] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 399] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 398] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 397] <... chdir resumed>) = 0 [pid 396] <... chdir resumed>) = 0 [pid 392] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 391] <... mmap resumed>) = 0x7f6220424000 [pid 399] creat("./bus", 000 [pid 398] memfd_create("syzkaller", 0 [pid 397] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 396] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 395] <... write resumed>) = 262144 [pid 391] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 382] <... futex resumed>) = ? [pid 379] <... futex resumed>) = ? [pid 378] <... exit_group resumed>) = ? [pid 399] <... creat resumed>) = 4 [pid 398] <... memfd_create resumed>) = 3 [pid 397] <... prctl resumed>) = 0 [pid 396] <... prctl resumed>) = 0 [pid 391] <... mprotect resumed>) = 0 [pid 399] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 398] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 397] setpgid(0, 0 [pid 396] setpgid(0, 0 [pid 391] rt_sigprocmask(SIG_BLOCK, ~[], [pid 399] <... futex resumed>) = 1 [pid 398] <... mmap resumed>) = 0x7f6218024000 [pid 397] <... setpgid resumed>) = 0 [pid 396] <... setpgid resumed>) = 0 [pid 392] <... futex resumed>) = 0 [pid 391] <... rt_sigprocmask resumed>[], 8) = 0 [pid 382] +++ exited with 0 +++ [pid 297] umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW [pid 399] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 398] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 397] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 396] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 395] munmap(0x7f6218024000, 262144 [pid 392] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 391] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 399] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 397] <... openat resumed>) = 3 [pid 396] <... openat resumed>) = 3 [pid 395] <... munmap resumed>) = 0 [pid 392] <... futex resumed>) = 0 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 399] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 397] write(3, "1000", 4 [pid 396] write(3, "1000", 4 [pid 395] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 392] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 391] <... clone3 resumed> => {parent_tid=[400]}, 88) = 400 [pid 297] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 399] <... mount resumed>) = 0 [pid 397] <... write resumed>) = 4 [pid 396] <... write resumed>) = 4 [pid 395] <... openat resumed>) = 5 [pid 391] rt_sigprocmask(SIG_SETMASK, [], [pid 297] <... openat resumed>) = 3 [pid 399] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 397] close(3 [pid 396] close(3 [pid 395] ioctl(5, LOOP_SET_FD, 3 [pid 391] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 297] newfstatat(3, "", ./strace-static-x86_64: Process 400 attached [pid 399] <... futex resumed>) = 1 [pid 398] <... write resumed>) = 262144 [ 23.811366][ T379] EXT4-fs (loop3): get orphan inode failed [ 23.841115][ T379] EXT4-fs (loop3): mount failed [pid 397] <... close resumed>) = 0 [pid 396] <... close resumed>) = 0 [pid 392] <... futex resumed>) = 0 [pid 391] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 400] set_robust_list(0x7f62204449a0, 24 [pid 399] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 398] munmap(0x7f6218024000, 262144 [pid 397] symlink("/dev/binderfs", "./binderfs" [pid 396] symlink("/dev/binderfs", "./binderfs" [pid 392] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 391] <... futex resumed>) = 0 [pid 400] <... set_robust_list resumed>) = 0 [pid 399] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 398] <... munmap resumed>) = 0 [pid 397] <... symlink resumed>) = 0 [pid 396] <... symlink resumed>) = 0 [pid 392] <... futex resumed>) = 0 [pid 391] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 400] rt_sigprocmask(SIG_SETMASK, [], [pid 399] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 398] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 397] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 396] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 392] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 400] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 398] <... openat resumed>) = 4 [pid 397] <... futex resumed>) = 0 [pid 396] <... futex resumed>) = 0 [pid 400] creat("./bus", 000 [pid 398] ioctl(4, LOOP_SET_FD, 3 [pid 397] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 396] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 399] <... open resumed>) = 6 [pid 395] <... ioctl resumed>) = 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 399] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 395] close(3 [pid 297] getdents64(3, [pid 399] <... futex resumed>) = 1 [pid 395] <... close resumed>) = 0 [pid 297] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 128 [pid 399] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 395] mkdir("./file0", 0777 [pid 297] umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 395] <... mkdir resumed>) = 0 [pid 395] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 397] <... rt_sigaction resumed>NULL, 8) = 0 [pid 396] <... rt_sigaction resumed>NULL, 8) = 0 [pid 297] <... umount2 resumed>) = 0 [pid 392] <... futex resumed>) = 0 [pid 397] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 396] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 392] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 399] <... futex resumed>) = 0 [pid 397] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 396] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 392] <... futex resumed>) = 1 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 399] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 398] <... ioctl resumed>) = 0 [pid 397] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 396] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 392] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] newfstatat(AT_FDCWD, "./3/bus", [pid 400] <... creat resumed>) = 5 [pid 399] <... socket resumed>) = 3 [pid 398] close(3 [pid 397] <... mmap resumed>) = 0x7f6220445000 [pid 396] <... mmap resumed>) = 0x7f6220445000 [pid 399] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 398] <... close resumed>) = 0 [pid 397] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 396] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 297] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 399] <... futex resumed>) = 1 [pid 398] mkdir("./file0", 0777 [pid 397] <... mprotect resumed>) = 0 [pid 396] <... mprotect resumed>) = 0 [pid 392] <... futex resumed>) = 0 [pid 297] unlink("./3/bus" [pid 399] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 397] rt_sigprocmask(SIG_BLOCK, ~[], [pid 396] rt_sigprocmask(SIG_BLOCK, ~[], [pid 392] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... unlink resumed>) = 0 [pid 399] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 297] umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 399] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 6, 0 [pid 397] <... rt_sigprocmask resumed>[], 8) = 0 [pid 396] <... rt_sigprocmask resumed>[], 8) = 0 [pid 392] <... futex resumed>) = 0 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 399] <... mmap resumed>) = 0x20000000 [pid 397] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 396] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 392] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 398] <... mkdir resumed>) = 0 [pid 297] newfstatat(AT_FDCWD, "./3/binderfs", [pid 399] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 392] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 297] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 400] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 399] <... futex resumed>) = 0 [pid 398] mount("/dev/loop2", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 397] <... clone3 resumed> => {parent_tid=[402]}, 88) = 402 [pid 392] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] unlink("./3/binderfs" [pid 400] <... futex resumed>) = 1 [pid 399] memfd_create("syzkaller", 0 [pid 397] rt_sigprocmask(SIG_SETMASK, [], [pid 396] <... clone3 resumed> => {parent_tid=[403]}, 88) = 403 [pid 392] <... futex resumed>) = 0 [pid 391] <... futex resumed>) = 0 [pid 297] <... unlink resumed>) = 0 [pid 400] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 399] <... memfd_create resumed>) = 7 [pid 397] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 396] rt_sigprocmask(SIG_SETMASK, [], [pid 391] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] umount2("./3/ext4", MNT_DETACH|UMOUNT_NOFOLLOW [pid 400] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 399] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 397] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 396] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 391] <... futex resumed>) = 0 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 403 attached ./strace-static-x86_64: Process 402 attached [pid 400] mount("/dev/loop2", "./bus", NULL, MS_BIND, NULL [pid 399] <... mmap resumed>) = 0x7f620fc64000 [pid 397] <... futex resumed>) = 0 [pid 396] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 391] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] newfstatat(AT_FDCWD, "./3/ext4", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 399] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 397] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 396] <... futex resumed>) = 0 [pid 297] umount2("./3/ext4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 399] <... write resumed>) = 65536 [pid 297] openat(AT_FDCWD, "./3/ext4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 400] <... mount resumed>) = 0 [pid 399] munmap(0x7f620fc64000, 65536 [pid 397] <... futex resumed>) = 0 [pid 396] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... openat resumed>) = 4 [pid 297] newfstatat(4, "", [pid 399] <... munmap resumed>) = 0 [pid 397] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 396] <... futex resumed>) = 0 [pid 403] set_robust_list(0x7f62204659a0, 24 [pid 402] set_robust_list(0x7f62204659a0, 24 [pid 400] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 399] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 397] <... mmap resumed>) = 0x7f6220424000 [pid 396] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 403] <... set_robust_list resumed>) = 0 [pid 402] <... set_robust_list resumed>) = 0 [pid 400] <... futex resumed>) = 1 [pid 399] <... openat resumed>) = 8 [pid 397] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 396] <... mmap resumed>) = 0x7f6220424000 [pid 391] <... futex resumed>) = 0 [pid 403] rt_sigprocmask(SIG_SETMASK, [], [pid 402] rt_sigprocmask(SIG_SETMASK, [], [pid 400] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 399] ioctl(8, LOOP_SET_FD, 7 [pid 397] <... mprotect resumed>) = 0 [pid 396] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 391] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 403] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 402] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 400] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 399] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 397] rt_sigprocmask(SIG_BLOCK, ~[], [pid 396] <... mprotect resumed>) = 0 [pid 391] <... futex resumed>) = 0 [pid 403] memfd_create("syzkaller", 0 [pid 402] memfd_create("syzkaller", 0 [pid 400] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 399] ioctl(8, LOOP_CLR_FD [pid 397] <... rt_sigprocmask resumed>[], 8) = 0 [pid 396] rt_sigprocmask(SIG_BLOCK, ~[], [pid 391] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 403] <... memfd_create resumed>) = 3 [pid 402] <... memfd_create resumed>) = 3 [pid 400] <... open resumed>) = 3 [pid 399] <... ioctl resumed>) = 0 [pid 397] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 396] <... rt_sigprocmask resumed>[], 8) = 0 [pid 403] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 402] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 400] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 396] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 403] <... mmap resumed>) = 0x7f6218024000 [pid 402] <... mmap resumed>) = 0x7f6218024000 [pid 400] <... futex resumed>) = 1 [pid 397] <... clone3 resumed> => {parent_tid=[405]}, 88) = 405 [pid 391] <... futex resumed>) = 0 [pid 403] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 402] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 400] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 397] rt_sigprocmask(SIG_SETMASK, [], [pid 396] <... clone3 resumed> => {parent_tid=[406]}, 88) = 406 [pid 391] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 379] +++ exited with 0 +++ [pid 378] +++ exited with 0 +++ [pid 297] getdents64(4, [pid 403] <... write resumed>) = 262144 [pid 402] <... write resumed>) = 262144 [pid 400] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 399] ioctl(8, LOOP_SET_FD, 7 [pid 397] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 396] rt_sigprocmask(SIG_SETMASK, [], [pid 391] <... futex resumed>) = 0 [pid 403] munmap(0x7f6218024000, 262144 [pid 402] munmap(0x7f6218024000, 262144 [pid 400] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 399] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 397] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 396] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 391] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 403] <... munmap resumed>) = 0 [pid 402] <... munmap resumed>) = 0 [pid 400] <... socket resumed>) = 6 [pid 399] close(8 [pid 397] <... futex resumed>) = 0 [pid 396] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 403] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 402] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 400] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 399] <... close resumed>) = 0 [pid 397] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 396] <... futex resumed>) = 0 [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=378, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 297] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 403] <... openat resumed>) = 4 [pid 402] <... openat resumed>) = 4 [pid 400] <... futex resumed>) = 1 [pid 399] close(7 [pid 396] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 391] <... futex resumed>) = 0 [ 23.873151][ T395] loop0: detected capacity change from 0 to 512 [ 23.877915][ T398] loop2: detected capacity change from 0 to 512 [ 23.890151][ T401] EXT4-fs warning (device loop0): kmmpd:170: kmmpd being stopped since MMP feature has been disabled. [ 23.891700][ T395] EXT4-fs (loop0): revision level too high, forcing read-only mode [pid 403] ioctl(4, LOOP_SET_FD, 3 [pid 402] ioctl(4, LOOP_SET_FD, 3 [pid 400] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 399] <... close resumed>) = 0 [pid 391] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] getdents64(4, [pid 403] <... ioctl resumed>) = 0 [pid 400] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 399] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 391] <... futex resumed>) = 0 ./strace-static-x86_64: Process 405 attached [pid 403] close(3 [pid 402] <... ioctl resumed>) = 0 [pid 400] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 3, 0 [pid 399] <... futex resumed>) = 0 [pid 391] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 405] set_robust_list(0x7f62204449a0, 24 [pid 400] <... mmap resumed>) = 0x20000000 [pid 399] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 299] umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] close(4 [pid 405] <... set_robust_list resumed>) = 0 [pid 400] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 405] rt_sigprocmask(SIG_SETMASK, [], [pid 400] <... futex resumed>) = 1 [pid 391] <... futex resumed>) = 0 [pid 299] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 297] <... close resumed>) = 0 [pid 405] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 403] <... close resumed>) = 0 [pid 402] close(3 [pid 400] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 391] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 403] mkdir("./file0", 0777 [pid 402] <... close resumed>) = 0 [pid 400] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 391] <... futex resumed>) = 0 [pid 403] <... mkdir resumed>) = 0 [pid 402] mkdir("./file0", 0777 [pid 400] memfd_create("syzkaller", 0 [pid 403] mount("/dev/loop4", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 402] <... mkdir resumed>) = 0 [pid 400] <... memfd_create resumed>) = 7 [pid 405] creat("./bus", 000 [pid 402] mount("/dev/loop5", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 400] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 397] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 396] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 299] <... openat resumed>) = 3 [pid 297] rmdir("./3/ext4"./strace-static-x86_64: Process 406 attached [pid 400] <... mmap resumed>) = 0x7f620fc64000 [pid 397] futex(0x7f62205316ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 396] futex(0x7f62205316ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 406] set_robust_list(0x7f62204449a0, 24 [pid 405] <... creat resumed>) = 3 [ 23.921310][ T403] loop4: detected capacity change from 0 to 512 [ 23.928395][ T402] loop5: detected capacity change from 0 to 512 [ 23.959656][ T395] EXT4-fs error (device loop0): ext4_init_orphan_info:586: comm syz-executor172: inode #0: comm syz-executor172: iget: illegal inode # [pid 400] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 397] <... futex resumed>) = 0 [pid 396] <... futex resumed>) = 0 [pid 299] newfstatat(3, "", [pid 297] <... rmdir resumed>) = 0 [pid 406] <... set_robust_list resumed>) = 0 [pid 405] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 400] <... write resumed>) = 65536 [pid 397] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 396] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(3, [pid 405] <... futex resumed>) = 0 [pid 299] getdents64(3, [pid 297] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 405] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 299] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 297] close(3 [pid 299] umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] <... close resumed>) = 0 [pid 297] rmdir("./3") = 0 [pid 297] mkdir("./4", 0777) = 0 [pid 297] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 297] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 297] close(3) = 0 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cc7690) = 410 [pid 397] <... mmap resumed>) = 0x7f6218043000 [pid 299] <... umount2 resumed>) = 0 [pid 396] <... mmap resumed>) = 0x7f6218043000 [pid 397] mprotect(0x7f6218044000, 131072, PROT_READ|PROT_WRITE [pid 406] rt_sigprocmask(SIG_SETMASK, [], [pid 400] munmap(0x7f620fc64000, 65536 [pid 397] <... mprotect resumed>) = 0 [pid 396] mprotect(0x7f6218044000, 131072, PROT_READ|PROT_WRITE [pid 299] umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 400] <... munmap resumed>) = 0 [pid 397] rt_sigprocmask(SIG_BLOCK, ~[], [pid 396] <... mprotect resumed>) = 0 [pid 400] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 397] <... rt_sigprocmask resumed>[], 8) = 0 [pid 396] rt_sigprocmask(SIG_BLOCK, ~[], [pid 400] <... openat resumed>) = 8 [pid 397] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6218063990, parent_tid=0x7f6218063990, exit_signal=0, stack=0x7f6218043000, stack_size=0x20300, tls=0x7f62180636c0} [pid 400] ioctl(8, LOOP_SET_FD, 7 [pid 396] <... rt_sigprocmask resumed>[], 8) = 0 [pid 406] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 400] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 396] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6218063990, parent_tid=0x7f6218063990, exit_signal=0, stack=0x7f6218043000, stack_size=0x20300, tls=0x7f62180636c0} [pid 395] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 406] creat("./bus", 000 [pid 400] ioctl(8, LOOP_CLR_FD [pid 397] <... clone3 resumed> => {parent_tid=[412]}, 88) = 412 [pid 400] <... ioctl resumed>) = 0 [pid 397] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 396] <... clone3 resumed> => {parent_tid=[413]}, 88) = 413 [pid 397] futex(0x7f62205316e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 396] rt_sigprocmask(SIG_SETMASK, [], [pid 397] <... futex resumed>) = 0 [pid 396] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 397] futex(0x7f62205316ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 396] futex(0x7f62205316e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 406] <... creat resumed>) = 3 [pid 396] <... futex resumed>) = 0 [pid 396] futex(0x7f62205316ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 395] ioctl(5, LOOP_CLR_FD [pid 299] newfstatat(AT_FDCWD, "./3/bus", [pid 395] <... ioctl resumed>) = 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 395] close(5 [pid 299] unlink("./3/bus" [pid 395] <... close resumed>) = 0 [pid 299] <... unlink resumed>) = 0 [pid 395] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 400] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy) [pid 395] <... futex resumed>) = 0 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 400] close(8) = 0 [pid 395] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 299] newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 400] close(7 [pid 392] exit_group(0 [pid 299] unlink("./3/binderfs" [pid 406] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 400] <... close resumed>) = 0 [pid 399] <... futex resumed>) = ? [pid 395] <... futex resumed>) = ? [pid 392] <... exit_group resumed>) = ? [pid 299] <... unlink resumed>) = 0 ./strace-static-x86_64: Process 413 attached ./strace-static-x86_64: Process 412 attached ./strace-static-x86_64: Process 410 attached [pid 406] <... futex resumed>) = 0 [pid 400] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 399] +++ exited with 0 +++ [pid 395] +++ exited with 0 +++ [pid 299] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 413] set_robust_list(0x7f62180639a0, 24 [pid 412] set_robust_list(0x7f62180639a0, 24 [pid 410] set_robust_list(0x555556cc76a0, 24 [pid 406] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 400] <... futex resumed>) = 0 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 413] <... set_robust_list resumed>) = 0 [pid 412] <... set_robust_list resumed>) = 0 [pid 410] <... set_robust_list resumed>) = 0 [pid 400] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 299] newfstatat(AT_FDCWD, "./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 299] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(4, 0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 299] getdents64(4, 0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 299] close(4) = 0 [pid 299] rmdir("./3/file0") = 0 [pid 299] getdents64(3, 0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 299] close(3) = 0 [pid 299] rmdir("./3") = 0 [pid 299] mkdir("./4", 0777) = 0 [pid 299] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 299] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 299] close(3) = 0 [ 23.976113][ T395] EXT4-fs (loop0): get orphan inode failed [ 23.976773][ T407] EXT4-fs warning (device loop2): kmmpd:170: kmmpd being stopped since MMP feature has been disabled. [ 23.982425][ T395] EXT4-fs (loop0): mount failed [ 23.993691][ T398] EXT4-fs (loop2): revision level too high, forcing read-only mode [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cc7690) = 415 ./strace-static-x86_64: Process 415 attached [pid 413] rt_sigprocmask(SIG_SETMASK, [], [pid 412] rt_sigprocmask(SIG_SETMASK, [], [pid 410] chdir("./4" [pid 415] set_robust_list(0x555556cc76a0, 24 [pid 413] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 412] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 410] <... chdir resumed>) = 0 [pid 402] <... mount resumed>) = 0 [pid 415] <... set_robust_list resumed>) = 0 [pid 413] mount("/dev/loop4", "./bus", NULL, MS_BIND, NULL [pid 412] mount("/dev/loop5", "./bus", NULL, MS_BIND, NULL [pid 410] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 415] chdir("./4" [pid 413] <... mount resumed>) = 0 [pid 412] <... mount resumed>) = 0 [pid 410] <... prctl resumed>) = 0 [pid 415] <... chdir resumed>) = 0 [pid 413] futex(0x7f62205316ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 412] futex(0x7f62205316ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 410] setpgid(0, 0 [pid 415] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 413] <... futex resumed>) = 1 [pid 412] <... futex resumed>) = 1 [pid 410] <... setpgid resumed>) = 0 [pid 397] <... futex resumed>) = 0 [pid 396] <... futex resumed>) = 0 [pid 415] <... prctl resumed>) = 0 [pid 413] futex(0x7f62205316e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 412] futex(0x7f62205316e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 410] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 397] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 396] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 415] setpgid(0, 0 [pid 410] <... openat resumed>) = 3 [pid 406] <... futex resumed>) = 0 [pid 397] <... futex resumed>) = 1 [pid 396] <... futex resumed>) = 1 [pid 415] <... setpgid resumed>) = 0 [pid 410] write(3, "1000", 4 [pid 406] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 397] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 396] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 415] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 410] <... write resumed>) = 4 [pid 406] <... open resumed>) = 5 [pid 415] <... openat resumed>) = 3 [pid 410] close(3 [pid 406] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 415] write(3, "1000", 4 [pid 410] <... close resumed>) = 0 [pid 406] <... futex resumed>) = 1 [pid 396] <... futex resumed>) = 0 [pid 415] <... write resumed>) = 4 [pid 410] symlink("/dev/binderfs", "./binderfs" [pid 406] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 396] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 415] close(3 [pid 410] <... symlink resumed>) = 0 [pid 406] <... socket resumed>) = 6 [pid 396] <... futex resumed>) = 0 [pid 415] <... close resumed>) = 0 [pid 410] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 406] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 396] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 415] symlink("/dev/binderfs", "./binderfs" [pid 410] <... futex resumed>) = 0 [pid 406] <... futex resumed>) = 0 [pid 396] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 415] <... symlink resumed>) = 0 [pid 410] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 406] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 396] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 415] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 410] <... rt_sigaction resumed>NULL, 8) = 0 [pid 406] <... mmap resumed>) = 0x20000000 [pid 396] <... futex resumed>) = 0 [pid 415] <... futex resumed>) = 0 [pid 410] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 406] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 396] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 415] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 410] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 406] <... futex resumed>) = 0 [pid 396] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 415] <... rt_sigaction resumed>NULL, 8) = 0 [pid 405] <... futex resumed>) = 0 [pid 402] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 392] +++ exited with 0 +++ [pid 405] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5 [pid 405] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 405] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 402] <... openat resumed>) = 6 [pid 402] chdir("./file0") = 0 [pid 402] ioctl(4, LOOP_CLR_FD) = 0 [pid 402] close(4) = 0 [pid 402] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 402] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 410] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220445000 [pid 410] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 410] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 410] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} => {parent_tid=[418]}, 88) = 418 [pid 410] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 410] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 410] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 410] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220424000 [pid 410] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 410] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 410] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} => {parent_tid=[419]}, 88) = 419 [pid 410] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 410] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 410] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 406] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 396] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 406] <... futex resumed>) = 0 [pid 396] <... futex resumed>) = 1 [pid 406] memfd_create("syzkaller", 0) = 7 [pid 406] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f620fc43000 [pid 406] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 397] <... futex resumed>) = 0 [pid 406] <... write resumed>) = 65536 [pid 406] munmap(0x7f620fc43000, 65536) = 0 [pid 406] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 8 [pid 406] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy) [pid 406] ioctl(8, LOOP_CLR_FD) = 0 [pid 397] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=392, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- [pid 415] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 397] <... futex resumed>) = 1 [ 24.015741][ T402] EXT4-fs (loop5): mounted filesystem without journal. Opts: nodiscard,barrier,nouid32,grpquota,,errors=continue. Quota mode: writeback. [ 24.023836][ T398] EXT4-fs error (device loop2): ext4_init_orphan_info:586: comm syz-executor172: inode #0: comm syz-executor172: iget: illegal inode # [ 24.033273][ T402] ext4 filesystem being mounted at /root/syzkaller.bzF58U/5/file0 supports timestamps until 2038 (0x7fffffff) [ 24.044399][ T398] EXT4-fs (loop2): get orphan inode failed [ 24.062273][ T403] EXT4-fs (loop4): mounted filesystem without journal. Opts: nodiscard,barrier,nouid32,grpquota,,errors=continue. Quota mode: writeback. [pid 415] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 397] futex(0x7f62205316cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 406] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy) [pid 406] close(8) = 0 [pid 406] close(7 [pid 415] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 406] <... close resumed>) = 0 [pid 406] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 406] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 415] <... mmap resumed>) = 0x7f6220445000 [pid 415] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 415] rt_sigprocmask(SIG_BLOCK, ~[], [pid 296] umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW [pid 415] <... rt_sigprocmask resumed>[], 8) = 0 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 415] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 296] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 415] <... clone3 resumed> => {parent_tid=[420]}, 88) = 420 [pid 296] newfstatat(3, "", [pid 415] rt_sigprocmask(SIG_SETMASK, [], [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 415] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 415] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] getdents64(3, [pid 415] <... futex resumed>) = 0 [pid 415] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 415] <... futex resumed>) = 0 [pid 415] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 296] umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 415] <... mmap resumed>) = 0x7f6220424000 [pid 415] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 296] <... umount2 resumed>) = 0 ./strace-static-x86_64: Process 420 attached ./strace-static-x86_64: Process 419 attached ./strace-static-x86_64: Process 418 attached [pid 415] <... mprotect resumed>) = 0 [pid 402] <... futex resumed>) = 0 [pid 296] umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 420] set_robust_list(0x7f62204659a0, 24 [pid 415] rt_sigprocmask(SIG_BLOCK, ~[], [pid 402] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 419] set_robust_list(0x7f62204449a0, 24 [pid 418] set_robust_list(0x7f62204659a0, 24 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 420] <... set_robust_list resumed>) = 0 [pid 415] <... rt_sigprocmask resumed>[], 8) = 0 [pid 402] <... socket resumed>) = 4 [pid 296] newfstatat(AT_FDCWD, "./3/bus", [pid 420] rt_sigprocmask(SIG_SETMASK, [], [pid 418] <... set_robust_list resumed>) = 0 [pid 420] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 415] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 402] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 419] <... set_robust_list resumed>) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 420] memfd_create("syzkaller", 0 [pid 418] rt_sigprocmask(SIG_SETMASK, [], [pid 403] <... mount resumed>) = 0 [pid 419] rt_sigprocmask(SIG_SETMASK, [], [pid 402] <... futex resumed>) = 1 [pid 397] <... futex resumed>) = 0 [pid 418] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 296] unlink("./3/bus"./strace-static-x86_64: Process 421 attached [pid 420] <... memfd_create resumed>) = 3 [pid 419] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 415] <... clone3 resumed> => {parent_tid=[421]}, 88) = 421 [pid 403] openat(AT_FDCWD, 0x20000000, O_RDONLY|O_DIRECTORY [pid 402] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 397] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 418] memfd_create("syzkaller", 0 [pid 421] set_robust_list(0x7f62204449a0, 24 [pid 420] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 419] creat("./bus", 000 [pid 415] rt_sigprocmask(SIG_SETMASK, [], [pid 403] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 296] <... unlink resumed>) = 0 [pid 420] <... mmap resumed>) = 0x7f6218024000 [pid 402] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 397] <... futex resumed>) = 0 [pid 421] <... set_robust_list resumed>) = 0 [pid 419] <... creat resumed>) = 3 [pid 415] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 402] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 397] futex(0x7f62205316cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 420] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 415] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 421] rt_sigprocmask(SIG_SETMASK, [], [pid 402] <... mmap resumed>) = 0x20000000 [pid 421] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 421] creat("./bus", 000 [pid 415] <... futex resumed>) = 0 [pid 418] <... memfd_create resumed>) = 4 [pid 403] ioctl(4, LOOP_CLR_FD [pid 415] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 421] <... creat resumed>) = 4 [pid 403] <... ioctl resumed>) = 0 [pid 402] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 418] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 419] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 420] <... write resumed>) = 262144 [pid 403] close(4 [pid 402] <... futex resumed>) = 1 [pid 397] <... futex resumed>) = 0 [pid 418] <... mmap resumed>) = 0x7f6218024000 [pid 403] <... close resumed>) = 0 [pid 397] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 402] memfd_create("syzkaller", 0 [pid 403] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 397] <... futex resumed>) = 0 [pid 396] exit_group(0 [pid 406] <... futex resumed>) = ? [pid 396] <... exit_group resumed>) = ? [pid 421] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 420] munmap(0x7f6218024000, 262144 [pid 419] <... futex resumed>) = 1 [pid 418] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 413] <... futex resumed>) = ? [pid 410] <... futex resumed>) = 0 [pid 406] +++ exited with 0 +++ [pid 403] <... futex resumed>) = ? [pid 402] <... memfd_create resumed>) = 7 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 421] <... futex resumed>) = 1 [pid 420] <... munmap resumed>) = 0 [pid 419] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 415] <... futex resumed>) = 0 [pid 410] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 398] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 421] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 420] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 419] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 415] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 413] +++ exited with 0 +++ [pid 410] <... futex resumed>) = 0 [pid 421] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 420] <... openat resumed>) = 5 [pid 419] mount("/dev/loop1", "./bus", NULL, MS_BIND, NULL [pid 415] <... futex resumed>) = 0 [pid 410] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 403] +++ exited with 0 +++ [pid 402] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 396] +++ exited with 0 +++ [pid 296] newfstatat(AT_FDCWD, "./3/binderfs", [pid 421] mount("/dev/loop3", "./bus", NULL, MS_BIND, NULL [pid 420] ioctl(5, LOOP_SET_FD, 3 [pid 419] <... mount resumed>) = 0 [pid 415] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 421] <... mount resumed>) = 0 [pid 419] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 418] <... write resumed>) = 262144 [pid 402] <... mmap resumed>) = 0x7f620fc43000 [pid 398] ioctl(4, LOOP_CLR_FD [pid 296] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 421] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 419] <... futex resumed>) = 1 [pid 418] munmap(0x7f6218024000, 262144 [pid 415] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 410] <... futex resumed>) = 0 [pid 421] <... futex resumed>) = 0 [pid 419] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 418] <... munmap resumed>) = 0 [pid 415] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 410] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 402] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 398] <... ioctl resumed>) = 0 [pid 300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=396, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 296] unlink("./3/binderfs" [pid 421] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 419] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 418] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 415] <... futex resumed>) = 0 [pid 410] <... futex resumed>) = 0 [pid 419] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 418] <... openat resumed>) = 5 [pid 415] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 410] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 402] <... write resumed>) = 65536 [pid 398] close(4 [pid 300] umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... unlink resumed>) = 0 [pid 419] <... open resumed>) = 6 [pid 418] ioctl(5, LOOP_SET_FD, 4 [pid 402] munmap(0x7f620fc43000, 65536 [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 398] <... close resumed>) = 0 [pid 296] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 419] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 410] <... futex resumed>) = 0 [pid 419] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 410] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 419] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 410] <... futex resumed>) = 0 [pid 419] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 410] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 419] <... socket resumed>) = 7 [pid 419] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 410] <... futex resumed>) = 0 [pid 419] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 410] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 419] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 410] <... futex resumed>) = 0 [pid 419] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 6, 0 [pid 410] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 419] <... mmap resumed>) = 0x20000000 [pid 402] <... munmap resumed>) = 0 [pid 398] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 419] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 402] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 398] <... futex resumed>) = 0 [pid 300] <... openat resumed>) = 3 [pid 296] newfstatat(AT_FDCWD, "./3/file0", [pid 419] <... futex resumed>) = 1 [pid 410] <... futex resumed>) = 0 [pid 402] <... openat resumed>) = 8 [pid 398] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 300] newfstatat(3, "", [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 419] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [ 24.078979][ T398] EXT4-fs (loop2): mount failed [ 24.088438][ T403] ext4 filesystem being mounted at /root/syzkaller.Zpv55J/5/file0 supports timestamps until 2038 (0x7fffffff) [ 24.111643][ T420] loop3: detected capacity change from 0 to 512 [ 24.121543][ T418] loop1: detected capacity change from 0 to 512 [pid 410] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 402] ioctl(8, LOOP_SET_FD, 7 [pid 300] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 419] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 410] <... futex resumed>) = 0 [pid 402] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 300] getdents64(3, [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 420] <... ioctl resumed>) = 0 [pid 421] <... open resumed>) = 6 [pid 418] <... ioctl resumed>) = 0 [pid 402] ioctl(8, LOOP_CLR_FD [pid 391] exit_group(0 [pid 300] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 296] openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 421] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 420] close(3 [pid 421] <... futex resumed>) = 1 [pid 421] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 420] <... close resumed>) = 0 [pid 420] mkdir("./file0", 0777) = 0 [pid 402] <... ioctl resumed>) = 0 [pid 391] <... exit_group resumed>) = ? [pid 415] <... futex resumed>) = 0 [pid 400] <... futex resumed>) = ? [pid 398] <... futex resumed>) = ? [pid 415] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 400] +++ exited with 0 +++ [pid 296] <... openat resumed>) = 4 [pid 398] +++ exited with 0 +++ [pid 420] mount("/dev/loop3", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 421] <... futex resumed>) = 0 [pid 415] <... futex resumed>) = 1 [pid 418] close(4 [pid 421] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 418] <... close resumed>) = 0 [pid 421] <... socket resumed>) = 3 [pid 418] mkdir(0x20000000, 0777 [pid 415] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 300] umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] newfstatat(4, "", [pid 421] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 418] <... mkdir resumed>) = -1 ENOENT (No such file or directory) [pid 415] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 421] <... futex resumed>) = 0 [pid 415] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] <... umount2 resumed>) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 419] memfd_create("syzkaller", 0) = 4 [pid 419] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f620fc64000 [pid 421] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 6, 0 [pid 419] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 418] mount("/dev/loop1", 0x20000000, 0x200005c0, MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"... [pid 415] <... futex resumed>) = 0 [pid 300] umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] getdents64(4, [pid 421] <... mmap resumed>) = 0x20000000 [pid 415] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 402] ioctl(8, LOOP_SET_FD, 7 [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 402] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 296] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 421] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 402] close(8 [pid 300] newfstatat(AT_FDCWD, "./5/bus", [pid 296] getdents64(4, [pid 421] <... futex resumed>) = 1 [pid 419] <... write resumed>) = 65536 [pid 418] <... mount resumed>) = -1 ENOENT (No such file or directory) [pid 415] <... futex resumed>) = 0 [pid 421] memfd_create("syzkaller", 0 [pid 419] munmap(0x7f620fc64000, 65536 [pid 418] ioctl(5, LOOP_CLR_FD [pid 415] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 402] <... close resumed>) = 0 [pid 300] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 421] <... memfd_create resumed>) = 7 [pid 418] <... ioctl resumed>) = 0 [pid 419] <... munmap resumed>) = 0 [pid 415] <... futex resumed>) = 0 [pid 402] close(7 [pid 300] unlink("./5/bus" [pid 296] close(4 [pid 421] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 419] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 418] close(5 [pid 402] <... close resumed>) = 0 [pid 300] <... unlink resumed>) = 0 [pid 296] <... close resumed>) = 0 [pid 421] <... mmap resumed>) = 0x7f620fc64000 [pid 418] <... close resumed>) = 0 [pid 402] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] rmdir("./3/file0" [pid 421] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 419] <... openat resumed>) = 5 [pid 418] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 402] <... futex resumed>) = 0 [pid 397] exit_group(0 [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... rmdir resumed>) = 0 [pid 421] <... write resumed>) = 65536 [pid 419] ioctl(5, LOOP_SET_FD, 4 [pid 418] <... futex resumed>) = 0 [pid 412] <... futex resumed>) = ? [pid 405] <... futex resumed>) = ? [pid 397] <... exit_group resumed>) = ? [pid 300] newfstatat(AT_FDCWD, "./5/binderfs", [pid 296] getdents64(3, [pid 421] munmap(0x7f620fc64000, 65536 [pid 419] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 418] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 412] +++ exited with 0 +++ [pid 405] +++ exited with 0 +++ [pid 402] +++ exited with 0 +++ [pid 300] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 421] <... munmap resumed>) = 0 [pid 419] ioctl(5, LOOP_CLR_FD [pid 300] unlink("./5/binderfs" [pid 296] close(3 [pid 421] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 419] <... ioctl resumed>) = 0 [pid 397] +++ exited with 0 +++ [pid 300] <... unlink resumed>) = 0 [pid 296] <... close resumed>) = 0 [pid 421] <... openat resumed>) = 8 [pid 301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=397, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 300] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] rmdir("./3" [pid 421] ioctl(8, LOOP_SET_FD, 7 [pid 296] <... rmdir resumed>) = 0 [pid 421] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 419] ioctl(5, LOOP_SET_FD, 4 [pid 296] mkdir("./4", 0777 [pid 421] ioctl(8, LOOP_CLR_FD [pid 419] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 301] umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... mkdir resumed>) = 0 [pid 421] <... ioctl resumed>) = 0 [pid 419] close(5 [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 419] <... close resumed>) = 0 [pid 301] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 296] <... openat resumed>) = 3 [pid 419] close(4 [pid 301] <... openat resumed>) = 3 [pid 296] ioctl(3, LOOP_CLR_FD [pid 419] <... close resumed>) = 0 [pid 301] newfstatat(3, "", [pid 296] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 419] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 410] exit_group(0 [pid 301] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] close(3 [pid 419] <... futex resumed>) = ? [pid 418] <... futex resumed>) = ? [pid 410] <... exit_group resumed>) = ? [pid 301] getdents64(3, [pid 296] <... close resumed>) = 0 [pid 418] +++ exited with 0 +++ [pid 301] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 421] ioctl(8, LOOP_SET_FD, 7 [pid 301] umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 422 attached [pid 421] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 419] +++ exited with 0 +++ [pid 410] +++ exited with 0 +++ [pid 391] +++ exited with 0 +++ [pid 301] <... umount2 resumed>) = 0 [pid 300] <... umount2 resumed>) = 0 [pid 296] <... clone resumed>, child_tidptr=0x555556cc7690) = 422 [pid 421] close(8 [pid 301] umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=391, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- [pid 421] <... close resumed>) = 0 [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 421] close(7 [pid 301] newfstatat(AT_FDCWD, "./5/bus", [pid 300] newfstatat(AT_FDCWD, "./5/file0", [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=410, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- [pid 422] set_robust_list(0x555556cc76a0, 24 [pid 421] <... close resumed>) = 0 [pid 301] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 300] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW [pid 421] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] unlink("./5/bus" [pid 300] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 421] <... futex resumed>) = 0 [pid 301] <... unlink resumed>) = 0 [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 421] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 301] umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 298] <... openat resumed>) = 3 [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 300] <... openat resumed>) = 4 [pid 298] newfstatat(3, "", [pid 301] newfstatat(AT_FDCWD, "./5/binderfs", [pid 300] newfstatat(4, "", [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 301] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 300] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(3, [pid 422] <... set_robust_list resumed>) = 0 [pid 301] unlink("./5/binderfs" [pid 300] getdents64(4, [pid 298] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 297] umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW [pid 422] chdir("./4" [pid 301] <... unlink resumed>) = 0 [pid 300] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 298] umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 301] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] getdents64(4, [pid 298] <... umount2 resumed>) = 0 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 422] <... chdir resumed>) = 0 [pid 300] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 298] umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] close(4 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 300] <... close resumed>) = 0 [pid 298] newfstatat(AT_FDCWD, "./3/bus", [pid 300] rmdir("./5/file0" [pid 298] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 422] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 300] <... rmdir resumed>) = 0 [pid 298] unlink("./3/bus" [pid 297] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 422] <... prctl resumed>) = 0 [pid 300] getdents64(3, [pid 298] <... unlink resumed>) = 0 [pid 422] setpgid(0, 0 [pid 300] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 298] umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] <... openat resumed>) = 3 [pid 300] close(3 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 422] <... setpgid resumed>) = 0 [pid 300] <... close resumed>) = 0 [pid 298] newfstatat(AT_FDCWD, "./3/binderfs", [pid 297] newfstatat(3, "", [pid 300] rmdir("./5" [pid 298] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 422] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 300] <... rmdir resumed>) = 0 [pid 298] unlink("./3/binderfs" [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 300] mkdir("./6", 0777 [pid 298] <... unlink resumed>) = 0 [pid 422] <... openat resumed>) = 3 [pid 300] <... mkdir resumed>) = 0 [pid 298] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] getdents64(3, [pid 300] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 422] write(3, "1000", 4 [pid 300] <... openat resumed>) = 3 [pid 298] newfstatat(AT_FDCWD, "./3/file0", [pid 297] <... getdents64 resumed>0x555556cc8730 /* 4 entries */, 32768) = 104 [pid 300] ioctl(3, LOOP_CLR_FD [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 422] <... write resumed>) = 4 [pid 300] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 298] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] close(3 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 422] close(3 [pid 300] <... close resumed>) = 0 [pid 298] openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 297] <... umount2 resumed>) = 0 [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 298] <... openat resumed>) = 4 [pid 297] umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 422] <... close resumed>) = 0 [pid 298] newfstatat(4, "", [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 422] symlink("/dev/binderfs", "./binderfs" [pid 300] <... clone resumed>, child_tidptr=0x555556cc7690) = 423 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] newfstatat(AT_FDCWD, "./4/bus", [pid 298] getdents64(4, [pid 422] <... symlink resumed>) = 0 [pid 298] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 297] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 422] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] getdents64(4, [pid 297] unlink("./4/bus" [pid 422] <... futex resumed>) = 0 [pid 298] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 298] close(4) = 0 [pid 298] rmdir("./3/file0" [pid 422] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 297] <... unlink resumed>) = 0 [pid 422] <... rt_sigaction resumed>NULL, 8) = 0 [pid 298] <... rmdir resumed>) = 0 [pid 297] umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 422] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 298] getdents64(3, [pid 422] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 298] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] close(3 [pid 422] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 298] <... close resumed>) = 0 [pid 297] newfstatat(AT_FDCWD, "./4/binderfs", [pid 422] <... mmap resumed>) = 0x7f6220445000 [pid 298] rmdir("./3" [pid 422] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 298] <... rmdir resumed>) = 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 422] <... mprotect resumed>) = 0 [pid 298] mkdir("./4", 0777 [pid 297] unlink("./4/binderfs" [pid 422] rt_sigprocmask(SIG_BLOCK, ~[], [pid 298] <... mkdir resumed>) = 0 [pid 422] <... rt_sigprocmask resumed>[], 8) = 0 [pid 298] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 297] <... unlink resumed>) = 0 [pid 422] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 298] <... openat resumed>) = 3 [pid 420] <... mount resumed>) = -1 EBADMSG (Bad message) [pid 297] getdents64(3, [pid 420] ioctl(5, LOOP_CLR_FD [pid 298] ioctl(3, LOOP_CLR_FD [pid 420] <... ioctl resumed>) = 0 [pid 298] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 297] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 422] <... clone3 resumed> => {parent_tid=[424]}, 88) = 424 [pid 420] close(5 [pid 298] close(3 [pid 297] close(3./strace-static-x86_64: Process 424 attached ./strace-static-x86_64: Process 423 attached [pid 422] rt_sigprocmask(SIG_SETMASK, [], [pid 420] <... close resumed>) = 0 [pid 298] <... close resumed>) = 0 [pid 297] <... close resumed>) = 0 [pid 422] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 420] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 297] rmdir("./4" [pid 422] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 420] <... futex resumed>) = 0 [pid 415] exit_group(0 [pid 421] <... futex resumed>) = ? [pid 415] <... exit_group resumed>) = ? [pid 298] <... clone resumed>, child_tidptr=0x555556cc7690) = 425 ./strace-static-x86_64: Process 425 attached [pid 422] <... futex resumed>) = 0 [pid 421] +++ exited with 0 +++ [pid 297] <... rmdir resumed>) = 0 [pid 422] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] mkdir("./5", 0777 [pid 422] <... futex resumed>) = 0 [pid 424] set_robust_list(0x7f62204659a0, 24) = 0 [pid 424] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 424] memfd_create("syzkaller", 0 [pid 422] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 297] <... mkdir resumed>) = 0 [pid 425] set_robust_list(0x555556cc76a0, 24 [pid 422] <... mmap resumed>) = 0x7f6220424000 [pid 297] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 422] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 297] <... openat resumed>) = 3 [pid 422] <... mprotect resumed>) = 0 [pid 297] ioctl(3, LOOP_CLR_FD [pid 422] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 297] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 422] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 297] close(3) = 0 [pid 422] <... clone3 resumed> => {parent_tid=[426]}, 88) = 426 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 426 attached [pid 425] <... set_robust_list resumed>) = 0 [pid 424] <... memfd_create resumed>) = 3 [pid 424] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6218024000 [pid 422] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 427 attached [pid 426] set_robust_list(0x7f62204449a0, 24 [pid 425] chdir("./4" [pid 422] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... clone resumed>, child_tidptr=0x555556cc7690) = 427 [pid 427] set_robust_list(0x555556cc76a0, 24 [pid 426] <... set_robust_list resumed>) = 0 [pid 425] <... chdir resumed>) = 0 [pid 422] <... futex resumed>) = 0 [pid 424] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 422] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 425] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 427] <... set_robust_list resumed>) = 0 [pid 426] rt_sigprocmask(SIG_SETMASK, [], [pid 423] set_robust_list(0x555556cc76a0, 24) = 0 [pid 426] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 425] <... prctl resumed>) = 0 [pid 426] creat("./bus", 000 [pid 425] setpgid(0, 0) = 0 [pid 423] chdir("./6" [pid 425] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 423] <... chdir resumed>) = 0 [pid 423] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 423] setpgid(0, 0) = 0 [pid 423] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 425] <... openat resumed>) = 3 [pid 426] <... creat resumed>) = 4 [pid 426] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 425] write(3, "1000", 4 [pid 423] <... openat resumed>) = 3 [pid 426] <... futex resumed>) = 1 [pid 425] <... write resumed>) = 4 [pid 422] <... futex resumed>) = 0 [pid 422] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 426] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 425] close(3 [pid 423] write(3, "1000", 4) = 4 [pid 423] close(3) = 0 [pid 423] symlink("/dev/binderfs", "./binderfs" [pid 422] <... futex resumed>) = 0 [pid 425] <... close resumed>) = 0 [pid 425] symlink("/dev/binderfs", "./binderfs" [pid 423] <... symlink resumed>) = 0 [pid 422] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 423] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 423] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, NULL, 8) = 0 [pid 423] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 423] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 427] chdir("./5" [pid 426] <... mount resumed>) = 0 [pid 425] <... symlink resumed>) = 0 [pid 423] <... mmap resumed>) = 0x7f6220445000 [pid 423] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 427] <... chdir resumed>) = 0 [pid 426] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 425] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 424] <... write resumed>) = 262144 [pid 423] <... mprotect resumed>) = 0 [pid 423] rt_sigprocmask(SIG_BLOCK, ~[], [pid 425] <... futex resumed>) = 0 [pid 423] <... rt_sigprocmask resumed>[], 8) = 0 [pid 422] <... futex resumed>) = 0 [pid 423] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 425] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 422] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 423] <... clone3 resumed> => {parent_tid=[428]}, 88) = 428 [pid 422] <... futex resumed>) = 0 [pid 425] <... rt_sigaction resumed>NULL, 8) = 0 [pid 422] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 423] rt_sigprocmask(SIG_SETMASK, [], [pid 425] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 423] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 423] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 423] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 423] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220424000 [pid 423] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 423] rt_sigprocmask(SIG_BLOCK, ~[], [pid 425] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 427] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 426] <... futex resumed>) = 1 [pid 424] munmap(0x7f6218024000, 262144 [pid 423] <... rt_sigprocmask resumed>[], 8) = 0 [pid 427] <... prctl resumed>) = 0 [pid 426] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 425] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 424] <... munmap resumed>) = 0 [pid 423] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 425] <... mmap resumed>) = 0x7f6220445000 [pid 423] <... clone3 resumed> => {parent_tid=[429]}, 88) = 429 [pid 425] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 423] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 423] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 423] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 425] <... mprotect resumed>) = 0 ./strace-static-x86_64: Process 428 attached [pid 428] set_robust_list(0x7f62204659a0, 24) = 0 [pid 428] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 428] memfd_create("syzkaller", 0) = 3 [pid 428] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6218024000 [pid 425] rt_sigprocmask(SIG_BLOCK, ~[], [pid 426] <... open resumed>) = 5 [pid 425] <... rt_sigprocmask resumed>[], 8) = 0 [pid 426] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 425] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0}./strace-static-x86_64: Process 430 attached [pid 428] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 427] setpgid(0, 0 [pid 426] <... futex resumed>) = 1 [pid 424] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 422] <... futex resumed>) = 0 [pid 426] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 425] <... clone3 resumed> => {parent_tid=[430]}, 88) = 430 [pid 422] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 427] <... setpgid resumed>) = 0 [pid 426] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 425] rt_sigprocmask(SIG_SETMASK, [], [pid 422] <... futex resumed>) = 0 [pid 426] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 425] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 422] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 426] <... socket resumed>) = 6 [pid 425] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 426] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 425] <... futex resumed>) = 0 ./strace-static-x86_64: Process 429 attached [pid 425] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 426] <... futex resumed>) = 1 [pid 422] <... futex resumed>) = 0 [pid 425] <... futex resumed>) = 0 [pid 422] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 426] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 425] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 422] <... futex resumed>) = 0 [pid 425] <... mmap resumed>) = 0x7f6220424000 [pid 422] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 430] set_robust_list(0x7f62204659a0, 24 [pid 429] set_robust_list(0x7f62204449a0, 24 [pid 428] <... write resumed>) = 262144 [pid 427] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 426] <... mmap resumed>) = 0x20000000 [pid 425] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 424] <... openat resumed>) = 7 [pid 425] <... mprotect resumed>) = 0 [pid 426] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 425] rt_sigprocmask(SIG_BLOCK, ~[], [pid 422] <... futex resumed>) = 0 [pid 426] <... futex resumed>) = 1 [pid 425] <... rt_sigprocmask resumed>[], 8) = 0 [pid 422] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 426] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000144} --- [pid 425] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 422] <... futex resumed>) = 0 [pid 429] <... set_robust_list resumed>) = 0 [pid 429] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 429] creat("./bus", 000) = 4 [pid 425] <... clone3 resumed> => {parent_tid=[431]}, 88) = 431 [pid 427] <... openat resumed>) = 3 [pid 429] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 425] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 423] <... futex resumed>) = 0 [pid 425] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 423] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 429] <... futex resumed>) = 1 [pid 425] <... futex resumed>) = 0 [pid 423] <... futex resumed>) = 0 [pid 429] mount("/dev/loop4", "./bus", NULL, MS_BIND, NULL [pid 423] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 425] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 429] <... mount resumed>) = 0 [pid 429] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 427] write(3, "1000", 4 [pid 430] <... set_robust_list resumed>) = 0 [pid 429] <... futex resumed>) = 1 [pid 423] <... futex resumed>) = 0 [pid 427] <... write resumed>) = 4 [pid 429] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 428] munmap(0x7f6218024000, 262144 [pid 423] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 430] rt_sigprocmask(SIG_SETMASK, [], [ 24.130008][ T419] blk_update_request: I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 26 prio class 0 [ 24.159825][ T420] EXT4-fs warning (device loop3): read_mmp_block:115: Error -74 while reading MMP block 12 [pid 429] <... open resumed>) = 5 [pid 428] <... munmap resumed>) = 0 [pid 427] close(3 [pid 424] +++ killed by SIGBUS +++ [pid 423] <... futex resumed>) = 0 [pid 430] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 429] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 423] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 420] +++ exited with 0 +++ [pid 415] +++ exited with 0 +++ [pid 301] <... umount2 resumed>) = 0 [pid 429] <... futex resumed>) = 0 [pid 423] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 301] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=415, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 429] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 423] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 431 attached [pid 429] <... socket resumed>) = 6 [pid 423] <... futex resumed>) = 0 [pid 301] newfstatat(AT_FDCWD, "./5/file0", [pid 431] set_robust_list(0x7f62204449a0, 24 [pid 429] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 423] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 431] <... set_robust_list resumed>) = 0 [pid 429] <... futex resumed>) = 0 [pid 423] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 301] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW [pid 431] rt_sigprocmask(SIG_SETMASK, [], [pid 429] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 423] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 431] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 429] <... mmap resumed>) = 0x20000000 [pid 423] <... futex resumed>) = 0 [pid 301] openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 431] creat("./bus", 000 [pid 429] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 426] +++ killed by SIGBUS +++ [pid 423] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 422] +++ killed by SIGBUS +++ [pid 301] <... openat resumed>) = 4 [pid 299] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 431] <... creat resumed>) = 3 [pid 429] <... futex resumed>) = 0 [pid 427] <... close resumed>) = 0 [pid 423] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 301] newfstatat(4, "", [pid 431] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 430] memfd_create("syzkaller", 0 [pid 429] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 428] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 427] symlink("/dev/binderfs", "./binderfs" [pid 301] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] <... openat resumed>) = 3 [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=422, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 430] <... memfd_create resumed>) = 4 [pid 428] <... openat resumed>) = 7 [pid 427] <... symlink resumed>) = 0 [pid 301] getdents64(4, [pid 299] newfstatat(3, "", [pid 430] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 428] ioctl(7, LOOP_SET_FD, 3 [pid 427] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 431] <... futex resumed>) = 1 [pid 430] <... mmap resumed>) = 0x7f6218024000 [pid 429] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 428] <... ioctl resumed>) = 0 [pid 427] <... futex resumed>) = 0 [pid 425] <... futex resumed>) = 0 [pid 423] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] getdents64(4, [pid 299] getdents64(3, [pid 296] umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW [pid 430] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 427] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 301] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 299] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 431] mount("/dev/loop2", "./bus", NULL, MS_BIND, NULL [pid 429] memfd_create("syzkaller", 0 [pid 427] <... rt_sigaction resumed>NULL, 8) = 0 [pid 425] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 423] <... futex resumed>) = 0 [pid 301] close(4 [pid 299] umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 431] <... mount resumed>) = 0 [pid 430] <... write resumed>) = 262144 [pid 429] <... memfd_create resumed>) = 8 [pid 427] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 425] <... futex resumed>) = 0 [pid 301] <... close resumed>) = 0 [pid 299] <... umount2 resumed>) = 0 [pid 296] <... openat resumed>) = 3 [pid 431] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 430] munmap(0x7f6218024000, 262144 [pid 429] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 427] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 425] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] rmdir("./5/file0" [pid 299] umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] newfstatat(3, "", [pid 431] <... futex resumed>) = 0 [pid 430] <... munmap resumed>) = 0 [pid 429] <... mmap resumed>) = 0x7f620fc64000 [pid 427] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 425] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 301] <... rmdir resumed>) = 0 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 431] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 430] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 429] write(8, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 427] <... mmap resumed>) = 0x7f6220445000 [pid 425] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] getdents64(3, [pid 299] newfstatat(AT_FDCWD, "./4/bus", [pid 296] getdents64(3, [pid 431] <... open resumed>) = 5 [pid 430] <... openat resumed>) = 6 [pid 429] <... write resumed>) = 65536 [pid 427] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 425] <... futex resumed>) = 0 [pid 301] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] <... getdents64 resumed>0x555556cc8730 /* 4 entries */, 32768) = 104 [pid 431] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 430] ioctl(6, LOOP_SET_FD, 4 [pid 429] munmap(0x7f620fc64000, 65536 [pid 427] <... mprotect resumed>) = 0 [pid 425] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] close(3 [pid 299] unlink("./4/bus" [pid 296] umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 431] <... futex resumed>) = 0 [pid 429] <... munmap resumed>) = 0 [pid 427] rt_sigprocmask(SIG_BLOCK, ~[], [pid 425] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 301] <... close resumed>) = 0 [pid 299] <... unlink resumed>) = 0 [pid 427] <... rt_sigprocmask resumed>[], 8) = 0 [pid 301] rmdir("./5" [pid 299] umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 427] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 301] <... rmdir resumed>) = 0 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 301] mkdir("./6", 0777 [pid 299] newfstatat(AT_FDCWD, "./4/binderfs", [pid 427] <... clone3 resumed> => {parent_tid=[432]}, 88) = 432 [pid 301] <... mkdir resumed>) = 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 427] rt_sigprocmask(SIG_SETMASK, [], [pid 301] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 299] unlink("./4/binderfs" [pid 427] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 301] <... openat resumed>) = 3 [pid 299] <... unlink resumed>) = 0 [pid 427] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] ioctl(3, LOOP_CLR_FD [pid 299] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 427] <... futex resumed>) = 0 [pid 301] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 427] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] close(3 [pid 299] newfstatat(AT_FDCWD, "./4/file0", [pid 427] <... futex resumed>) = 0 [pid 301] <... close resumed>) = 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 431] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 429] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 427] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 425] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 299] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... umount2 resumed>) = 0 [pid 431] <... socket resumed>) = 7 [pid 429] <... openat resumed>) = 9 [pid 427] <... mmap resumed>) = 0x7f6220424000 [pid 425] <... futex resumed>) = 0 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 431] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 429] ioctl(9, LOOP_SET_FD, 8 [pid 427] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 425] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] <... clone resumed>, child_tidptr=0x555556cc7690) = 433 [pid 299] openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 431] <... futex resumed>) = 0 [pid 429] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 427] <... mprotect resumed>) = 0 [pid 425] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 299] <... openat resumed>) = 4 [pid 296] newfstatat(AT_FDCWD, "./4/bus", [pid 431] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 429] ioctl(9, LOOP_CLR_FD [pid 428] close(3 [pid 427] rt_sigprocmask(SIG_BLOCK, ~[], [pid 425] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] newfstatat(4, "", [pid 431] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 429] <... ioctl resumed>) = 0 [pid 428] <... close resumed>) = 0 [pid 427] <... rt_sigprocmask resumed>[], 8) = 0 [pid 425] <... futex resumed>) = 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 ./strace-static-x86_64: Process 432 attached [pid 431] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 428] mkdir(0x20000000, 0777 [pid 427] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 425] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] getdents64(4, [pid 431] <... mmap resumed>) = 0x20000000 [pid 428] <... mkdir resumed>) = 0 [pid 299] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 296] unlink("./4/bus"./strace-static-x86_64: Process 433 attached [pid 431] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 428] mount("/dev/loop4", 0x20000000, 0x200005c0, MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"... [pid 427] <... clone3 resumed> => {parent_tid=[434]}, 88) = 434 [pid 299] getdents64(4, [pid 433] set_robust_list(0x555556cc76a0, 24 [pid 431] <... futex resumed>) = 1 [pid 428] <... mount resumed>) = -1 ENODEV (No such device) [pid 427] rt_sigprocmask(SIG_SETMASK, [], [pid 425] <... futex resumed>) = 0 [pid 299] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 296] <... unlink resumed>) = 0 [pid 433] <... set_robust_list resumed>) = 0 [pid 431] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 428] ioctl(7, LOOP_CLR_FD [pid 427] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 425] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] close(4 [pid 296] umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 433] chdir("./6" [pid 431] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 429] ioctl(9, LOOP_SET_FD, 8 [pid 428] <... ioctl resumed>) = 0 [pid 427] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 425] <... futex resumed>) = 0 [pid 299] <... close resumed>) = 0 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 433] <... chdir resumed>) = 0 [pid 432] set_robust_list(0x7f62204659a0, 24 [pid 431] memfd_create("syzkaller", 0 [pid 429] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 428] close(7 [pid 427] <... futex resumed>) = 0 [pid 299] rmdir("./4/file0" [pid 296] newfstatat(AT_FDCWD, "./4/binderfs", ./strace-static-x86_64: Process 434 attached [pid 433] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 432] <... set_robust_list resumed>) = 0 [pid 431] <... memfd_create resumed>) = 8 [pid 430] <... ioctl resumed>) = 0 [pid 429] close(9 [pid 428] <... close resumed>) = 0 [pid 427] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 296] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 434] set_robust_list(0x7f62204449a0, 24 [pid 433] <... prctl resumed>) = 0 [pid 432] rt_sigprocmask(SIG_SETMASK, [], [pid 431] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 430] close(4 [pid 429] <... close resumed>) = 0 [pid 428] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... rmdir resumed>) = 0 [pid 296] unlink("./4/binderfs" [pid 434] <... set_robust_list resumed>) = 0 [pid 433] setpgid(0, 0 [pid 432] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 431] <... mmap resumed>) = 0x7f620fc64000 [pid 430] <... close resumed>) = 0 [pid 429] close(8 [pid 428] <... futex resumed>) = 0 [pid 299] getdents64(3, [pid 296] <... unlink resumed>) = 0 [pid 434] rt_sigprocmask(SIG_SETMASK, [], [pid 433] <... setpgid resumed>) = 0 [pid 432] memfd_create("syzkaller", 0 [pid 431] write(8, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 430] mkdir(0x20000000, 0777 [pid 429] <... close resumed>) = 0 [pid 428] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 299] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 296] getdents64(3, [pid 434] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 433] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 432] <... memfd_create resumed>) = 3 [pid 431] <... write resumed>) = 65536 [pid 430] <... mkdir resumed>) = 0 [pid 429] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 423] exit_group(0 [pid 299] close(3 [pid 296] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 434] creat("./bus", 000 [pid 432] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 431] munmap(0x7f620fc64000, 65536 [pid 430] mount("/dev/loop2", 0x20000000, 0x200005c0, MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"... [pid 429] <... futex resumed>) = ? [pid 428] <... futex resumed>) = ? [pid 423] <... exit_group resumed>) = ? [pid 296] close(3 [pid 434] <... creat resumed>) = 4 [pid 433] <... openat resumed>) = 3 [pid 432] <... mmap resumed>) = 0x7f6218024000 [pid 431] <... munmap resumed>) = 0 [pid 430] <... mount resumed>) = -1 ENODEV (No such device) [pid 429] +++ exited with 0 +++ [pid 428] +++ exited with 0 +++ [pid 423] +++ exited with 0 +++ [pid 299] <... close resumed>) = 0 [pid 296] <... close resumed>) = 0 [pid 434] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 433] write(3, "1000", 4 [pid 432] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 431] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 430] ioctl(6, LOOP_CLR_FD [pid 299] rmdir("./4" [pid 296] rmdir("./4" [pid 434] <... futex resumed>) = 1 [pid 433] <... write resumed>) = 4 [pid 432] <... write resumed>) = 262144 [pid 431] <... openat resumed>) = 4 [pid 430] <... ioctl resumed>) = 0 [pid 427] <... futex resumed>) = 0 [pid 300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=423, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 299] <... rmdir resumed>) = 0 [pid 296] <... rmdir resumed>) = 0 [pid 434] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 433] close(3 [pid 432] munmap(0x7f6218024000, 262144 [pid 431] ioctl(4, LOOP_SET_FD, 8 [pid 430] close(6 [pid 427] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] restart_syscall(<... resuming interrupted clone ...> [pid 299] mkdir("./5", 0777 [pid 296] mkdir("./5", 0777 [pid 434] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 433] <... close resumed>) = 0 [pid 432] <... munmap resumed>) = 0 [pid 431] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 430] <... close resumed>) = 0 [pid 427] <... futex resumed>) = 0 [pid 300] <... restart_syscall resumed>) = 0 [pid 299] <... mkdir resumed>) = 0 [pid 296] <... mkdir resumed>) = 0 [pid 434] mount("/dev/loop1", "./bus", NULL, MS_BIND, NULL [pid 433] symlink("/dev/binderfs", "./binderfs" [pid 432] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 431] ioctl(4, LOOP_CLR_FD [pid 430] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 427] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 296] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 434] <... mount resumed>) = 0 [pid 433] <... symlink resumed>) = 0 [pid 432] <... openat resumed>) = 5 [pid 431] <... ioctl resumed>) = 0 [pid 430] <... futex resumed>) = 0 [pid 299] <... openat resumed>) = 3 [pid 296] <... openat resumed>) = 3 [pid 434] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 433] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [ 24.220664][ T428] loop4: detected capacity change from 0 to 512 [ 24.236916][ T430] loop2: detected capacity change from 0 to 512 [pid 432] ioctl(5, LOOP_SET_FD, 3 [pid 430] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 300] umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] ioctl(3, LOOP_CLR_FD [pid 296] ioctl(3, LOOP_CLR_FD [pid 434] <... futex resumed>) = 1 [pid 433] <... futex resumed>) = 0 [pid 427] <... futex resumed>) = 0 [pid 299] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 434] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 433] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 432] <... ioctl resumed>) = 0 [pid 427] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] close(3 [pid 296] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 434] <... open resumed>) = 6 [pid 433] <... rt_sigaction resumed>NULL, 8) = 0 [pid 432] close(3 [pid 427] <... futex resumed>) = 0 [pid 300] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 299] <... close resumed>) = 0 [pid 296] close(3 [pid 434] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 433] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 432] <... close resumed>) = 0 [pid 431] ioctl(4, LOOP_SET_FD, 8 [pid 427] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 300] <... openat resumed>) = 3 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 296] <... close resumed>) = 0 [pid 434] <... futex resumed>) = 0 [pid 433] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 432] mkdir("./file0", 0777 [pid 431] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 427] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 300] newfstatat(3, "", [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 434] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 433] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 432] <... mkdir resumed>) = 0 [pid 431] close(4 [pid 427] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 434] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 433] <... mmap resumed>) = 0x7f6220445000 [pid 432] mount("/dev/loop1", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 431] <... close resumed>) = 0 [pid 427] <... futex resumed>) = 0 [pid 300] getdents64(3, [pid 299] <... clone resumed>, child_tidptr=0x555556cc7690) = 435 [pid 296] <... clone resumed>, child_tidptr=0x555556cc7690) = 436 [pid 434] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 433] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 431] close(8 [pid 427] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 300] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 128 [pid 434] <... socket resumed>) = 3 [pid 433] <... mprotect resumed>) = 0 [pid 431] <... close resumed>) = 0 [pid 300] umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 434] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 433] rt_sigprocmask(SIG_BLOCK, ~[], [pid 431] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] <... umount2 resumed>) = 0 [pid 434] <... futex resumed>) = 1 [pid 431] <... futex resumed>) = 0 [pid 425] exit_group(0 [pid 300] umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 436 attached ./strace-static-x86_64: Process 435 attached [pid 434] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 433] <... rt_sigprocmask resumed>[], 8) = 0 [pid 430] <... futex resumed>) = ? [pid 427] <... futex resumed>) = 0 [pid 425] <... exit_group resumed>) = ? [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 433] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 431] +++ exited with 0 +++ [pid 430] +++ exited with 0 +++ [pid 427] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] newfstatat(AT_FDCWD, "./6/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 434] <... futex resumed>) = 0 [pid 433] <... clone3 resumed> => {parent_tid=[439]}, 88) = 439 [pid 427] <... futex resumed>) = 1 [pid 300] unlink("./6/bus" [pid 434] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 6, 0 [pid 433] rt_sigprocmask(SIG_SETMASK, [], [pid 427] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 300] <... unlink resumed>) = 0 [pid 434] <... mmap resumed>) = 0x20000000 [pid 433] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 300] umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 434] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 433] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 434] <... futex resumed>) = 1 [pid 427] <... futex resumed>) = 0 [pid 300] newfstatat(AT_FDCWD, "./6/binderfs", [pid 434] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 433] <... futex resumed>) = 0 [pid 427] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 434] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 433] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 427] <... futex resumed>) = 0 [pid 300] unlink("./6/binderfs" [pid 435] set_robust_list(0x555556cc76a0, 24 [pid 434] memfd_create("syzkaller", 0 [pid 433] <... futex resumed>) = 0 [pid 300] <... unlink resumed>) = 0 [pid 434] <... memfd_create resumed>) = 7 [pid 433] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 300] umount2("./6/ext4", MNT_DETACH|UMOUNT_NOFOLLOW [pid 434] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 433] <... mmap resumed>) = 0x7f6220424000 [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 434] <... mmap resumed>) = 0x7f620fc64000 [pid 300] newfstatat(AT_FDCWD, "./6/ext4", [pid 435] <... set_robust_list resumed>) = 0 [pid 434] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 433] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 300] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 434] <... write resumed>) = 65536 [pid 433] <... mprotect resumed>) = 0 [pid 300] umount2("./6/ext4", MNT_DETACH|UMOUNT_NOFOLLOW [pid 434] munmap(0x7f620fc64000, 65536 [pid 433] rt_sigprocmask(SIG_BLOCK, ~[], [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 434] <... munmap resumed>) = 0 [pid 433] <... rt_sigprocmask resumed>[], 8) = 0 [pid 300] openat(AT_FDCWD, "./6/ext4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 434] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 433] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 300] <... openat resumed>) = 4 [pid 434] <... openat resumed>) = 8 [pid 300] newfstatat(4, "", [pid 434] ioctl(8, LOOP_SET_FD, 7 [pid 300] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 434] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 433] <... clone3 resumed> => {parent_tid=[440]}, 88) = 440 [pid 300] getdents64(4, [pid 434] ioctl(8, LOOP_CLR_FD [pid 433] rt_sigprocmask(SIG_SETMASK, [], [pid 300] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 434] <... ioctl resumed>) = 0 [pid 433] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 300] getdents64(4, 0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 433] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] close(4 [pid 435] chdir("./5" [pid 433] <... futex resumed>) = 0 [pid 300] <... close resumed>) = 0 [pid 433] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 300] rmdir("./6/ext4" [pid 436] set_robust_list(0x555556cc76a0, 24 [pid 435] <... chdir resumed>) = 0 [pid 300] <... rmdir resumed>) = 0 [pid 435] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 300] getdents64(3, [pid 435] <... prctl resumed>) = 0 [pid 300] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 435] setpgid(0, 0 [pid 300] close(3) = 0 [pid 300] rmdir("./6" [pid 436] <... set_robust_list resumed>) = 0 [pid 435] <... setpgid resumed>) = 0 [pid 300] <... rmdir resumed>) = 0 [pid 434] ioctl(8, LOOP_SET_FD, 7 [pid 300] mkdir("./7", 0777./strace-static-x86_64: Process 440 attached ./strace-static-x86_64: Process 439 attached [pid 436] chdir("./5" [pid 435] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 434] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 300] <... mkdir resumed>) = 0 [pid 440] set_robust_list(0x7f62204449a0, 24 [pid 439] set_robust_list(0x7f62204659a0, 24 [pid 436] <... chdir resumed>) = 0 [pid 435] <... openat resumed>) = 3 [pid 440] <... set_robust_list resumed>) = 0 [pid 439] <... set_robust_list resumed>) = 0 [pid 436] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 435] write(3, "1000", 4 [pid 440] rt_sigprocmask(SIG_SETMASK, [], [pid 439] rt_sigprocmask(SIG_SETMASK, [], [pid 436] <... prctl resumed>) = 0 [pid 435] <... write resumed>) = 4 [pid 440] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 439] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 436] setpgid(0, 0 [pid 435] close(3 [pid 440] creat("./bus", 000 [pid 439] memfd_create("syzkaller", 0 [pid 436] <... setpgid resumed>) = 0 [pid 435] <... close resumed>) = 0 [pid 440] <... creat resumed>) = 4 [pid 439] <... memfd_create resumed>) = 3 [pid 436] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 435] symlink("/dev/binderfs", "./binderfs" [pid 440] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 439] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 436] <... openat resumed>) = 3 [pid 435] <... symlink resumed>) = 0 [pid 440] <... futex resumed>) = 1 [pid 439] <... mmap resumed>) = 0x7f6218024000 [pid 436] write(3, "1000", 4 [pid 435] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 433] <... futex resumed>) = 0 [pid 440] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 439] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 436] <... write resumed>) = 4 [pid 435] <... futex resumed>) = 0 [pid 434] close(8 [pid 433] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 440] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 439] <... write resumed>) = 262144 [pid 436] close(3 [pid 435] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 433] <... futex resumed>) = 0 [pid 440] mount("/dev/loop5", "./bus", NULL, MS_BIND, NULL [pid 439] munmap(0x7f6218024000, 262144 [pid 436] <... close resumed>) = 0 [pid 435] <... rt_sigaction resumed>NULL, 8) = 0 [pid 433] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 440] <... mount resumed>) = 0 [pid 439] <... munmap resumed>) = 0 [pid 436] symlink("/dev/binderfs", "./binderfs" [pid 435] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 440] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 439] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 436] <... symlink resumed>) = 0 [pid 435] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 440] <... futex resumed>) = 1 [pid 439] <... openat resumed>) = 5 [pid 436] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 435] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 433] <... futex resumed>) = 0 [pid 440] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 439] ioctl(5, LOOP_SET_FD, 3 [pid 436] <... futex resumed>) = 0 [pid 435] <... mmap resumed>) = 0x7f6220445000 [pid 433] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 440] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 436] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 434] <... close resumed>) = 0 [pid 300] <... openat resumed>) = 3 [pid 434] close(7 [pid 300] ioctl(3, LOOP_CLR_FD [pid 434] <... close resumed>) = 0 [pid 300] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 434] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] close(3 [pid 434] <... futex resumed>) = 0 [pid 300] <... close resumed>) = 0 [pid 434] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cc7690) = 441 ./strace-static-x86_64: Process 441 attached [pid 441] set_robust_list(0x555556cc76a0, 24) = 0 [pid 441] chdir("./7") = 0 [pid 441] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 441] setpgid(0, 0) = 0 [pid 441] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 441] write(3, "1000", 4) = 4 [pid 441] close(3) = 0 [pid 441] symlink("/dev/binderfs", "./binderfs") = 0 [pid 441] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 441] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, NULL, 8) = 0 [pid 441] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 441] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220445000 [pid 441] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 441] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 441] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} => {parent_tid=[442]}, 88) = 442 [pid 441] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 441] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 441] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 441] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220424000 [pid 441] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 441] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 441] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} => {parent_tid=[443]}, 88) = 443 [pid 441] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 441] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 441] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 443 attached [pid 443] set_robust_list(0x7f62204449a0, 24) = 0 [pid 443] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 443] creat("./bus", 000) = 3 [pid 435] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 433] <... futex resumed>) = 0 [pid 433] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 440] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 436] <... rt_sigaction resumed>NULL, 8) = 0 [pid 435] <... mprotect resumed>) = 0 [pid 436] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 435] rt_sigprocmask(SIG_BLOCK, ~[], [pid 436] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 435] <... rt_sigprocmask resumed>[], 8) = 0 [pid 436] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 435] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 436] <... mmap resumed>) = 0x7f6220445000 [pid 436] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 435] <... clone3 resumed> => {parent_tid=[444]}, 88) = 444 [pid 436] <... mprotect resumed>) = 0 [pid 435] rt_sigprocmask(SIG_SETMASK, [], [pid 436] rt_sigprocmask(SIG_BLOCK, ~[], [pid 435] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 436] <... rt_sigprocmask resumed>[], 8) = 0 [pid 435] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 436] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 435] <... futex resumed>) = 0 [pid 443] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 435] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 425] +++ exited with 0 +++ [pid 441] <... futex resumed>) = 0 [pid 441] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 441] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 443] <... futex resumed>) = 1 [pid 443] mount("/dev/loop4", "./bus", NULL, MS_BIND, NULL) = 0 [pid 443] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 441] <... futex resumed>) = 0 [pid 441] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 441] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 443] <... futex resumed>) = 1 [pid 443] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 4 [pid 443] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 441] <... futex resumed>) = 0 [pid 441] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 441] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 443] <... futex resumed>) = 1 [pid 443] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE) = 5 [pid 443] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 441] <... futex resumed>) = 0 [pid 441] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 441] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 443] <... futex resumed>) = 1 [pid 443] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 4, 0) = 0x20000000 [pid 443] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 441] <... futex resumed>) = 0 [pid 441] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 443] <... futex resumed>) = 1 [pid 443] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000144} --- ./strace-static-x86_64: Process 442 attached [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=425, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 435] <... futex resumed>) = 0 [pid 436] <... clone3 resumed> => {parent_tid=[445]}, 88) = 445 [pid 298] umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW [pid 436] rt_sigprocmask(SIG_SETMASK, [], [pid 435] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 435] <... mmap resumed>) = 0x7f6220424000 [pid 436] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 298] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 436] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 435] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 298] newfstatat(3, "", [pid 436] <... futex resumed>) = 0 [pid 435] <... mprotect resumed>) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 436] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 435] rt_sigprocmask(SIG_BLOCK, ~[], [pid 298] getdents64(3, [pid 435] <... rt_sigprocmask resumed>[], 8) = 0 [pid 436] <... futex resumed>) = 0 [pid 436] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 435] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 298] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 128 [pid 298] umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 436] <... mmap resumed>) = 0x7f6220424000 [pid 435] <... clone3 resumed> => {parent_tid=[446]}, 88) = 446 [pid 436] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 435] rt_sigprocmask(SIG_SETMASK, [], [pid 298] <... umount2 resumed>) = 0 [pid 436] <... mprotect resumed>) = 0 [pid 435] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 298] umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 436] rt_sigprocmask(SIG_BLOCK, ~[], [pid 435] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 436] <... rt_sigprocmask resumed>[], 8) = 0 [pid 435] <... futex resumed>) = 0 [pid 298] newfstatat(AT_FDCWD, "./4/bus", [pid 436] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 435] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 442] +++ killed by SIGBUS +++ [pid 298] unlink("./4/bus" [pid 436] <... clone3 resumed> => {parent_tid=[447]}, 88) = 447 [pid 298] <... unlink resumed>) = 0 [pid 436] rt_sigprocmask(SIG_SETMASK, [], [pid 298] umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 436] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 436] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] newfstatat(AT_FDCWD, "./4/binderfs", [pid 436] <... futex resumed>) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 436] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] unlink("./4/binderfs" [pid 443] +++ killed by SIGBUS +++ [pid 441] +++ killed by SIGBUS +++ [pid 298] <... unlink resumed>) = 0 [pid 300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=441, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 298] umount2("./4/ext4", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] restart_syscall(<... resuming interrupted clone ...> [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 300] <... restart_syscall resumed>) = 0 [pid 298] newfstatat(AT_FDCWD, "./4/ext4", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] umount2("./4/ext4", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./4/ext4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 300] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 298] <... openat resumed>) = 4 [pid 300] newfstatat(3, "", [pid 298] newfstatat(4, "", [pid 300] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 300] getdents64(3, [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 300] <... getdents64 resumed>0x555556cc8730 /* 4 entries */, 32768) = 104 [pid 300] umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] getdents64(4, [pid 300] <... umount2 resumed>) = 0 [pid 300] umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 300] newfstatat(AT_FDCWD, "./7/bus", [pid 298] getdents64(4, ./strace-static-x86_64: Process 445 attached [pid 300] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 445] set_robust_list(0x7f62204659a0, 24 [pid 300] unlink("./7/bus" [pid 298] close(4 [pid 445] <... set_robust_list resumed>) = 0 [pid 300] <... unlink resumed>) = 0 [pid 298] <... close resumed>) = 0 [pid 445] rt_sigprocmask(SIG_SETMASK, [], [pid 300] umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] rmdir("./4/ext4" [pid 445] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 447 attached ./strace-static-x86_64: Process 446 attached [pid 445] memfd_create("syzkaller", 0 [pid 300] newfstatat(AT_FDCWD, "./7/binderfs", [pid 447] set_robust_list(0x7f62204449a0, 24 [pid 446] set_robust_list(0x7f62204449a0, 24 [pid 445] <... memfd_create resumed>) = 3 [pid 300] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] <... rmdir resumed>) = 0 ./strace-static-x86_64: Process 444 attached [pid 447] <... set_robust_list resumed>) = 0 [pid 446] <... set_robust_list resumed>) = 0 [pid 445] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 300] unlink("./7/binderfs" [pid 298] getdents64(3, [pid 447] rt_sigprocmask(SIG_SETMASK, [], [pid 446] rt_sigprocmask(SIG_SETMASK, [], [pid 445] <... mmap resumed>) = 0x7f6218024000 [pid 444] set_robust_list(0x7f62204659a0, 24 [pid 300] <... unlink resumed>) = 0 [pid 447] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 446] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 445] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 444] <... set_robust_list resumed>) = 0 [pid 300] getdents64(3, [pid 298] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 447] creat("./bus", 000 [pid 446] creat("./bus", 000 [pid 444] rt_sigprocmask(SIG_SETMASK, [], [pid 300] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 447] <... creat resumed>) = 4 [pid 446] <... creat resumed>) = 3 [pid 444] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 300] close(3 [pid 447] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 446] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 444] memfd_create("syzkaller", 0 [pid 300] <... close resumed>) = 0 [pid 447] <... futex resumed>) = 1 [pid 446] <... futex resumed>) = 1 [pid 445] <... write resumed>) = 262144 [pid 444] <... memfd_create resumed>) = 4 [pid 436] <... futex resumed>) = 0 [pid 435] <... futex resumed>) = 0 [pid 300] rmdir("./7" [pid 298] close(3 [pid 447] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 446] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 445] munmap(0x7f6218024000, 262144 [pid 444] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 436] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 435] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] <... rmdir resumed>) = 0 [pid 298] <... close resumed>) = 0 [pid 447] <... mount resumed>) = 0 [pid 446] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 445] <... munmap resumed>) = 0 [pid 444] <... mmap resumed>) = 0x7f6218024000 [pid 436] <... futex resumed>) = 0 [pid 435] <... futex resumed>) = 0 [ 24.276544][ T432] loop1: detected capacity change from 0 to 512 [ 24.298519][ T432] EXT4-fs (loop1): revision level too high, forcing read-only mode [ 24.306730][ T432] EXT4-fs error (device loop1): ext4_init_orphan_info:586: comm syz-executor172: inode #0: comm syz-executor172: iget: illegal inode # [ 24.312367][ T439] loop5: detected capacity change from 0 to 512 [pid 300] mkdir("./8", 0777 [pid 298] rmdir("./4" [pid 447] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 446] mount("/dev/loop3", "./bus", NULL, MS_BIND, NULL [pid 445] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 444] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 264966 [pid 436] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 435] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 300] <... mkdir resumed>) = 0 [pid 447] <... futex resumed>) = 0 [pid 446] <... mount resumed>) = 0 [pid 445] <... openat resumed>) = 5 [pid 444] <... write resumed>) = 264966 [pid 436] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 300] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 298] <... rmdir resumed>) = 0 [pid 447] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 446] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 445] ioctl(5, LOOP_SET_FD, 3 [pid 444] munmap(0x7f6218024000, 264966 [pid 436] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] <... openat resumed>) = 3 [pid 447] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 446] <... futex resumed>) = 1 [pid 444] <... munmap resumed>) = 0 [pid 436] <... futex resumed>) = 0 [pid 435] <... futex resumed>) = 0 [pid 300] ioctl(3, LOOP_CLR_FD [pid 298] mkdir("./5", 0777 [pid 447] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 446] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 444] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 436] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 435] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 446] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 444] <... openat resumed>) = 5 [pid 435] <... futex resumed>) = 0 [pid 300] close(3 [pid 447] <... open resumed>) = 6 [pid 446] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 445] <... ioctl resumed>) = 0 [pid 444] ioctl(5, LOOP_SET_FD, 4 [pid 440] <... open resumed>) = 6 [pid 439] <... ioctl resumed>) = 0 [pid 435] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 432] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 300] <... close resumed>) = 0 [pid 298] <... mkdir resumed>) = 0 [pid 447] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 446] <... open resumed>) = 6 [pid 445] close(3 [pid 440] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 439] close(3 [pid 432] ioctl(5, LOOP_CLR_FD [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 298] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 447] <... futex resumed>) = 1 [pid 445] <... close resumed>) = 0 [pid 440] <... futex resumed>) = 1 [pid 439] <... close resumed>) = 0 [pid 436] <... futex resumed>) = 0 [pid 433] <... futex resumed>) = 0 [pid 432] <... ioctl resumed>) = 0 [pid 298] <... openat resumed>) = 3 [pid 445] mkdir("./file0", 0777 [pid 440] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 439] mkdir("./file0", 0777 [pid 433] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 432] close(5 [pid 298] ioctl(3, LOOP_CLR_FD [pid 445] <... mkdir resumed>) = 0 [pid 440] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 439] <... mkdir resumed>) = 0 [pid 433] <... futex resumed>) = 0 [pid 432] <... close resumed>) = 0 [pid 298] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 445] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 440] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 439] mount("/dev/loop5", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 433] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 432] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] close(3 [pid 446] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 447] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 440] <... socket resumed>) = 3 [pid 436] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 432] <... futex resumed>) = 0 [pid 298] <... close resumed>) = 0 ./strace-static-x86_64: Process 448 attached [pid 447] <... socket resumed>) = 3 [pid 446] <... futex resumed>) = 1 [pid 440] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 436] <... futex resumed>) = 0 [pid 435] <... futex resumed>) = 0 [pid 432] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 427] exit_group(0 [pid 300] <... clone resumed>, child_tidptr=0x555556cc7690) = 448 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 448] set_robust_list(0x555556cc76a0, 24 [pid 447] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 446] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 440] <... futex resumed>) = 1 [pid 436] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 435] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 434] <... futex resumed>) = ? [pid 433] <... futex resumed>) = 0 [pid 432] <... futex resumed>) = ? [pid 427] <... exit_group resumed>) = ? [pid 448] <... set_robust_list resumed>) = 0 [pid 447] <... futex resumed>) = 0 [pid 446] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 440] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 436] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 435] <... futex resumed>) = 0 [pid 434] +++ exited with 0 +++ [pid 433] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 432] +++ exited with 0 +++ [pid 298] <... clone resumed>, child_tidptr=0x555556cc7690) = 451 [pid 448] chdir("./8" [pid 447] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 446] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 440] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 436] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 435] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 433] <... futex resumed>) = 0 [pid 440] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 6, 0 [pid 433] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 440] <... mmap resumed>) = 0x20000000 [pid 440] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 433] <... futex resumed>) = 0 [pid 447] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 446] <... socket resumed>) = 7 [ 24.345455][ T432] EXT4-fs (loop1): get orphan inode failed [ 24.353904][ T445] loop0: detected capacity change from 0 to 512 [ 24.355120][ T432] EXT4-fs (loop1): mount failed [ 24.369232][ T444] loop3: detected capacity change from 0 to 517 [pid 440] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 436] <... futex resumed>) = 0 [pid 433] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 451 attached [pid 448] <... chdir resumed>) = 0 [pid 447] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 6, 0 [pid 446] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 444] <... ioctl resumed>) = 0 [pid 440] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 436] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 433] <... futex resumed>) = 0 [pid 451] set_robust_list(0x555556cc76a0, 24 [pid 448] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 447] <... mmap resumed>) = 0x20000000 [pid 446] <... futex resumed>) = 1 [pid 444] close(4 [pid 440] memfd_create("syzkaller", 0 [pid 435] <... futex resumed>) = 0 [pid 448] <... prctl resumed>) = 0 [pid 447] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 446] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 444] <... close resumed>) = 0 [pid 435] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 448] setpgid(0, 0 [pid 447] <... futex resumed>) = 1 [pid 446] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 444] mkdir("./file0", 0777 [pid 436] <... futex resumed>) = 0 [pid 435] <... futex resumed>) = 0 [pid 448] <... setpgid resumed>) = 0 [pid 447] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 446] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 6, 0 [pid 444] <... mkdir resumed>) = 0 [pid 440] <... memfd_create resumed>) = 7 [pid 436] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 435] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 448] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 447] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 446] <... mmap resumed>) = 0x20000000 [pid 436] <... futex resumed>) = 0 [pid 448] <... openat resumed>) = 3 [pid 447] memfd_create("syzkaller", 0 [pid 446] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 448] write(3, "1000", 4 [pid 447] <... memfd_create resumed>) = 7 [pid 446] <... futex resumed>) = 1 [pid 435] <... futex resumed>) = 0 [pid 448] <... write resumed>) = 4 [pid 447] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 446] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 435] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 448] close(3 [pid 447] <... mmap resumed>) = 0x7f620fc64000 [pid 446] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 435] <... futex resumed>) = 0 [pid 448] <... close resumed>) = 0 [pid 448] symlink("/dev/binderfs", "./binderfs" [pid 451] <... set_robust_list resumed>) = 0 [pid 448] <... symlink resumed>) = 0 [pid 446] memfd_create("syzkaller", 0 [pid 444] mount("/dev/loop3", 0x20000000, 0x200005c0, MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"... [pid 440] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 448] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 446] <... memfd_create resumed>) = 4 [pid 444] <... mount resumed>) = -1 ENOENT (No such file or directory) [pid 448] <... futex resumed>) = 0 [pid 446] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 444] ioctl(5, LOOP_CLR_FD [pid 448] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 446] <... mmap resumed>) = 0x7f620fc65000 [pid 444] <... ioctl resumed>) = 0 [pid 448] <... rt_sigaction resumed>NULL, 8) = 0 [pid 446] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 444] close(5 [pid 448] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 446] <... write resumed>) = 65536 [pid 444] <... close resumed>) = 0 [pid 448] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 446] munmap(0x7f620fc65000, 65536 [pid 444] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 448] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 446] <... munmap resumed>) = 0 [pid 444] <... futex resumed>) = 0 [pid 448] <... mmap resumed>) = 0x7f6220445000 [pid 446] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 444] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 448] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 448] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 448] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} => {parent_tid=[454]}, 88) = 454 [pid 448] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 447] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 448] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 447] <... write resumed>) = 65536 [pid 448] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 448] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220424000 [pid 448] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 447] munmap(0x7f620fc64000, 65536 [pid 448] rt_sigprocmask(SIG_BLOCK, ~[], [pid 447] <... munmap resumed>) = 0 [pid 448] <... rt_sigprocmask resumed>[], 8) = 0 [pid 447] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 448] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 447] <... openat resumed>) = 8 [pid 447] ioctl(8, LOOP_SET_FD, 7 [pid 448] <... clone3 resumed> => {parent_tid=[455]}, 88) = 455 [pid 448] rt_sigprocmask(SIG_SETMASK, [], [pid 447] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 448] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 448] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 447] ioctl(8, LOOP_CLR_FD [pid 448] <... futex resumed>) = 0 [pid 448] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 447] <... ioctl resumed>) = 0 [pid 451] chdir("./5" [pid 440] <... mmap resumed>) = 0x7f620fc64000 [pid 447] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy) [pid 447] close(8) = 0 [pid 447] close(7) = 0 [pid 440] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 68515 [pid 447] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 447] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 445] <... mount resumed>) = 0 ./strace-static-x86_64: Process 455 attached ./strace-static-x86_64: Process 454 attached [pid 451] <... chdir resumed>) = 0 [pid 446] <... openat resumed>) = 5 [pid 445] openat(AT_FDCWD, 0x20000000, O_RDONLY|O_DIRECTORY [pid 440] <... write resumed>) = 68515 [pid 427] +++ exited with 0 +++ [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=427, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- [pid 451] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 446] ioctl(5, LOOP_SET_FD, 4 [pid 445] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 440] munmap(0x7f620fc64000, 68515 [pid 297] restart_syscall(<... resuming interrupted clone ...> [pid 451] <... prctl resumed>) = 0 [pid 446] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 445] ioctl(5, LOOP_CLR_FD [pid 440] <... munmap resumed>) = 0 [pid 451] setpgid(0, 0 [pid 446] ioctl(5, LOOP_CLR_FD [pid 445] <... ioctl resumed>) = 0 [pid 440] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 297] <... restart_syscall resumed>) = 0 [pid 451] <... setpgid resumed>) = 0 [pid 446] <... ioctl resumed>) = 0 [pid 445] close(5 [pid 440] <... openat resumed>) = 8 [pid 451] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 445] <... close resumed>) = 0 [pid 440] ioctl(8, LOOP_SET_FD, 7 [pid 451] <... openat resumed>) = 3 [pid 445] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 440] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 451] write(3, "1000", 4 [pid 445] <... futex resumed>) = 0 [pid 440] ioctl(8, LOOP_CLR_FD [pid 451] <... write resumed>) = 4 [pid 445] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 440] <... ioctl resumed>) = 0 [pid 436] exit_group(0 [pid 297] umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW [pid 451] close(3 [pid 446] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 446] close(5) = 0 [pid 446] close(4) = 0 [pid 447] <... futex resumed>) = ? [pid 436] <... exit_group resumed>) = ? [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 447] +++ exited with 0 +++ [pid 451] <... close resumed>) = 0 [pid 446] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 445] <... futex resumed>) = ? [pid 297] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 451] symlink("/dev/binderfs", "./binderfs" [pid 446] <... futex resumed>) = 0 [pid 451] <... symlink resumed>) = 0 [pid 446] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 445] +++ exited with 0 +++ [pid 436] +++ exited with 0 +++ [pid 297] <... openat resumed>) = 3 [pid 451] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 440] ioctl(8, LOOP_SET_FD, 7 [pid 451] <... futex resumed>) = 0 [pid 440] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 451] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 440] close(8 [pid 435] exit_group(0 [pid 297] newfstatat(3, "", [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=436, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- [pid 451] <... rt_sigaction resumed>NULL, 8) = 0 [pid 446] <... futex resumed>) = ? [pid 444] <... futex resumed>) = ? [pid 440] <... close resumed>) = 0 [pid 435] <... exit_group resumed>) = ? [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] restart_syscall(<... resuming interrupted clone ...> [pid 451] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 446] +++ exited with 0 +++ [pid 444] +++ exited with 0 +++ [pid 440] close(7 [pid 451] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 440] <... close resumed>) = 0 [pid 297] getdents64(3, [pid 296] <... restart_syscall resumed>) = 0 [pid 451] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 440] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 451] <... mmap resumed>) = 0x7f6220445000 [pid 440] <... futex resumed>) = 0 [pid 297] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 451] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 440] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 297] umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 451] <... mprotect resumed>) = 0 [pid 451] rt_sigprocmask(SIG_BLOCK, ~[], [pid 297] <... umount2 resumed>) = 0 [pid 296] umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW [pid 451] <... rt_sigprocmask resumed>[], 8) = 0 [pid 451] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 297] umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 451] <... clone3 resumed> => {parent_tid=[456]}, 88) = 456 [pid 297] newfstatat(AT_FDCWD, "./5/bus", [pid 451] rt_sigprocmask(SIG_SETMASK, [], [pid 296] <... openat resumed>) = 3 [pid 451] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] newfstatat(3, "", ./strace-static-x86_64: Process 456 attached [pid 451] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] unlink("./5/bus" [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 456] set_robust_list(0x7f62204659a0, 24 [pid 451] <... futex resumed>) = 0 [pid 451] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 456] <... set_robust_list resumed>) = 0 [pid 451] <... futex resumed>) = 0 [pid 448] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 297] <... unlink resumed>) = 0 [pid 296] getdents64(3, [pid 456] rt_sigprocmask(SIG_SETMASK, [], [pid 455] set_robust_list(0x7f62204449a0, 24 [pid 454] set_robust_list(0x7f62204659a0, 24 [pid 451] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 448] futex(0x7f62205316ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 456] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 455] <... set_robust_list resumed>) = 0 [pid 454] <... set_robust_list resumed>) = 0 [pid 451] <... mmap resumed>) = 0x7f6220424000 [pid 448] <... futex resumed>) = 0 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 451] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 448] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 297] newfstatat(AT_FDCWD, "./5/binderfs", [ 24.388726][ T445] EXT4-fs (loop0): mounted filesystem without journal. Opts: nodiscard,barrier,nouid32,grpquota,,errors=continue. Quota mode: writeback. [ 24.403561][ T439] EXT4-fs (loop5): revision level too high, forcing read-only mode [ 24.408698][ T445] ext4 filesystem being mounted at /root/syzkaller.sY6u5M/5/file0 supports timestamps until 2038 (0x7fffffff) [ 24.412427][ T439] EXT4-fs error (device loop5): ext4_init_orphan_info:586: comm syz-executor172: inode #0: comm syz-executor172: iget: illegal inode # [ 24.438590][ T439] EXT4-fs (loop5): get orphan inode failed [pid 296] umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 456] memfd_create("syzkaller", 0 [pid 455] rt_sigprocmask(SIG_SETMASK, [], [pid 454] rt_sigprocmask(SIG_SETMASK, [], [pid 451] <... mprotect resumed>) = 0 [pid 448] <... mmap resumed>) = 0x7f6220403000 [pid 297] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] <... umount2 resumed>) = 0 [pid 456] <... memfd_create resumed>) = 3 [pid 455] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 454] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 448] mprotect(0x7f6220404000, 131072, PROT_READ|PROT_WRITE [pid 297] unlink("./5/binderfs" [pid 296] umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 456] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 455] creat("./bus", 000 [pid 454] memfd_create("syzkaller", 0 [pid 448] <... mprotect resumed>) = 0 [pid 297] <... unlink resumed>) = 0 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 456] <... mmap resumed>) = 0x7f6218024000 [pid 455] <... creat resumed>) = 3 [pid 454] <... memfd_create resumed>) = 4 [pid 448] rt_sigprocmask(SIG_BLOCK, ~[], [pid 297] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] newfstatat(AT_FDCWD, "./5/bus", [pid 456] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 455] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 454] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 448] <... rt_sigprocmask resumed>[], 8) = 0 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 455] <... futex resumed>) = 0 [pid 454] <... mmap resumed>) = 0x7f6218003000 [pid 451] rt_sigprocmask(SIG_BLOCK, ~[], [pid 448] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220423990, parent_tid=0x7f6220423990, exit_signal=0, stack=0x7f6220403000, stack_size=0x20300, tls=0x7f62204236c0} [pid 297] newfstatat(AT_FDCWD, "./5/file0", [pid 296] unlink("./5/bus" [pid 455] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 454] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 451] <... rt_sigprocmask resumed>[], 8) = 0 [pid 439] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] <... unlink resumed>) = 0 [pid 456] <... write resumed>) = 262144 [pid 454] <... write resumed>) = 262144 [pid 451] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 448] <... clone3 resumed> => {parent_tid=[457]}, 88) = 457 [pid 297] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 448] rt_sigprocmask(SIG_SETMASK, [], [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 454] munmap(0x7f6218003000, 262144 [pid 448] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 297] openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 296] newfstatat(AT_FDCWD, "./5/binderfs", [pid 456] munmap(0x7f6218024000, 262144 [pid 454] <... munmap resumed>) = 0 [pid 448] futex(0x7f62205316e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 439] ioctl(5, LOOP_CLR_FD [pid 297] <... openat resumed>) = 4 [pid 296] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 454] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 448] <... futex resumed>) = 0 [pid 297] newfstatat(4, "", [pid 296] unlink("./5/binderfs" [pid 454] <... openat resumed>) = 5 [pid 451] <... clone3 resumed> => {parent_tid=[459]}, 88) = 459 [pid 448] futex(0x7f62205316ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 439] <... ioctl resumed>) = 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] <... unlink resumed>) = 0 ./strace-static-x86_64: Process 459 attached ./strace-static-x86_64: Process 457 attached [pid 456] <... munmap resumed>) = 0 [pid 454] ioctl(5, LOOP_SET_FD, 4 [pid 297] getdents64(4, [pid 296] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 451] rt_sigprocmask(SIG_SETMASK, [], [pid 439] close(5 [pid 451] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 439] <... close resumed>) = 0 [pid 451] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 439] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 451] <... futex resumed>) = 0 [pid 451] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 439] <... futex resumed>) = 0 [pid 439] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 459] set_robust_list(0x7f62204449a0, 24 [pid 433] exit_group(0 [pid 440] <... futex resumed>) = ? [pid 439] <... futex resumed>) = ? [pid 433] <... exit_group resumed>) = ? [pid 440] +++ exited with 0 +++ [pid 459] <... set_robust_list resumed>) = 0 [pid 457] set_robust_list(0x7f62204239a0, 24 [pid 456] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 454] <... ioctl resumed>) = 0 [pid 297] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 457] <... set_robust_list resumed>) = 0 [pid 456] <... openat resumed>) = 4 [pid 297] getdents64(4, 0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 297] close(4) = 0 [pid 297] rmdir("./5/file0") = 0 [pid 297] getdents64(3, 0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 297] close(3) = 0 [pid 297] rmdir("./5") = 0 [pid 297] mkdir("./6", 0777 [pid 459] rt_sigprocmask(SIG_SETMASK, [], [pid 457] rt_sigprocmask(SIG_SETMASK, [], [pid 456] ioctl(4, LOOP_SET_FD, 3 [pid 454] close(4 [pid 459] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 297] <... mkdir resumed>) = 0 [pid 297] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 297] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 297] close(3) = 0 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cc7690) = 460 ./strace-static-x86_64: Process 460 attached [pid 460] set_robust_list(0x555556cc76a0, 24) = 0 [pid 460] chdir("./6") = 0 [pid 460] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 460] setpgid(0, 0) = 0 [pid 460] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 460] write(3, "1000", 4) = 4 [pid 460] close(3) = 0 [pid 460] symlink("/dev/binderfs", "./binderfs") = 0 [pid 460] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 460] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, NULL, 8) = 0 [pid 460] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 460] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220445000 [pid 460] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 460] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 460] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} => {parent_tid=[461]}, 88) = 461 [pid 460] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 460] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 460] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 460] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220424000 [pid 460] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 460] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 460] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} => {parent_tid=[462]}, 88) = 462 [pid 460] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 460] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 460] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 462 attached [pid 462] set_robust_list(0x7f62204449a0, 24) = 0 [pid 462] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 462] creat("./bus", 000) = 3 [pid 462] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 460] <... futex resumed>) = 0 [pid 460] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 460] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 462] <... futex resumed>) = 1 [pid 462] mount("/dev/loop1", "./bus", NULL, MS_BIND, NULL) = 0 [pid 462] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 460] <... futex resumed>) = 0 [pid 460] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 460] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 462] <... futex resumed>) = 1 [pid 456] <... ioctl resumed>) = 0 [pid 457] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 454] <... close resumed>) = 0 [pid 459] creat("./bus", 000 [pid 456] close(3 [pid 462] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 4 [pid 462] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 460] <... futex resumed>) = 0 [pid 460] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 460] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 462] <... futex resumed>) = 1 [pid 462] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE) = 5 [pid 462] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 461 attached ) = 1 [pid 459] <... creat resumed>) = 5 [pid 457] mount("/dev/loop4", "./bus", NULL, MS_BIND, NULL [pid 456] <... close resumed>) = 0 [pid 454] mkdir("./file0", 0777 [pid 459] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 457] <... mount resumed>) = 0 [pid 454] <... mkdir resumed>) = 0 [pid 435] +++ exited with 0 +++ [pid 459] <... futex resumed>) = 1 [pid 457] futex(0x7f62205316ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 454] mount("/dev/loop4", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 451] <... futex resumed>) = 0 [pid 459] mount("/dev/loop2", "./bus", NULL, MS_BIND, NULL [pid 457] <... futex resumed>) = 1 [pid 451] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=435, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 459] <... mount resumed>) = 0 [pid 457] futex(0x7f62205316e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 451] <... futex resumed>) = 0 [pid 459] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 451] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 459] <... futex resumed>) = 0 [pid 451] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 459] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 451] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 459] <... open resumed>) = 3 [pid 451] <... futex resumed>) = 0 [pid 459] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 451] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 459] <... futex resumed>) = 0 [pid 451] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 459] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 451] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 459] <... socket resumed>) = 6 [pid 451] <... futex resumed>) = 0 [pid 459] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 451] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 459] <... futex resumed>) = 0 [pid 451] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 448] <... futex resumed>) = 0 [pid 459] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 3, 0 [pid 451] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 459] <... mmap resumed>) = 0x20000000 [pid 451] <... futex resumed>) = 0 [pid 459] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 451] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 459] <... futex resumed>) = 0 [pid 451] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 462] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 461] set_robust_list(0x7f62204659a0, 24 [pid 460] <... futex resumed>) = 0 [pid 459] memfd_create("syzkaller", 0 [pid 456] mkdir(0x20000000, 0777 [pid 451] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 448] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 460] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 455] <... futex resumed>) = 0 [pid 451] <... futex resumed>) = 0 [pid 448] <... futex resumed>) = 1 [pid 462] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 460] <... futex resumed>) = 0 [pid 459] <... memfd_create resumed>) = 7 [pid 455] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 461] <... set_robust_list resumed>) = 0 [pid 448] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW [pid 460] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 455] <... open resumed>) = 4 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 455] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 455] <... futex resumed>) = 1 [pid 448] <... futex resumed>) = 0 [pid 299] <... openat resumed>) = 3 [pid 455] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 448] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] newfstatat(3, "", [pid 455] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 448] <... futex resumed>) = 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 455] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 448] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] getdents64(3, [pid 459] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 455] <... socket resumed>) = 6 [pid 299] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 459] <... mmap resumed>) = 0x7f620fc64000 [pid 455] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 455] <... futex resumed>) = 1 [pid 448] <... futex resumed>) = 0 [pid 455] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 448] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... umount2 resumed>) = 0 [pid 459] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 455] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 448] <... futex resumed>) = 0 [pid 299] umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 455] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 4, 0 [pid 448] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 459] <... write resumed>) = 65536 [pid 455] <... mmap resumed>) = 0x20000000 [pid 299] newfstatat(AT_FDCWD, "./5/bus", [pid 459] munmap(0x7f620fc64000, 65536 [pid 455] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 455] <... futex resumed>) = 1 [pid 448] <... futex resumed>) = 0 [pid 299] unlink("./5/bus" [pid 459] <... munmap resumed>) = 0 [pid 455] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 448] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... unlink resumed>) = 0 [pid 459] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 455] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 448] <... futex resumed>) = 0 [pid 299] umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 455] memfd_create("syzkaller", 0 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 459] <... openat resumed>) = 8 [pid 455] <... memfd_create resumed>) = 7 [pid 299] newfstatat(AT_FDCWD, "./5/binderfs", [pid 459] ioctl(8, LOOP_SET_FD, 7 [pid 455] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 459] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 455] <... mmap resumed>) = 0x7f620fc43000 [pid 299] unlink("./5/binderfs" [pid 459] ioctl(8, LOOP_CLR_FD [pid 456] <... mkdir resumed>) = 0 [pid 455] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 299] <... unlink resumed>) = 0 [pid 462] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 4, 0 [pid 461] rt_sigprocmask(SIG_SETMASK, [], [pid 459] <... ioctl resumed>) = 0 [pid 456] mount("/dev/loop2", 0x20000000, 0x200005c0, MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"... [ 24.460953][ T439] EXT4-fs (loop5): mount failed [ 24.470884][ T454] loop4: detected capacity change from 0 to 512 [ 24.480471][ T456] loop2: detected capacity change from 0 to 512 [pid 455] <... write resumed>) = 65536 [pid 299] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 455] munmap(0x7f620fc43000, 65536 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 456] <... mount resumed>) = -1 ENODEV (No such device) [pid 455] <... munmap resumed>) = 0 [pid 299] newfstatat(AT_FDCWD, "./5/file0", [pid 461] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 462] <... mmap resumed>) = 0x20000000 [pid 456] ioctl(4, LOOP_CLR_FD [pid 455] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 455] <... openat resumed>) = 8 [pid 299] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 455] ioctl(8, LOOP_SET_FD, 7 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 455] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 299] openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 455] ioctl(8, LOOP_CLR_FD [pid 299] <... openat resumed>) = 4 [pid 455] <... ioctl resumed>) = 0 [pid 299] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(4, 0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 299] getdents64(4, 0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 299] close(4) = 0 [pid 299] rmdir("./5/file0") = 0 [pid 299] getdents64(3, 0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 299] close(3 [pid 455] ioctl(8, LOOP_SET_FD, 7 [pid 299] <... close resumed>) = 0 [pid 455] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 299] rmdir("./5" [pid 455] close(8 [pid 299] <... rmdir resumed>) = 0 [pid 455] <... close resumed>) = 0 [pid 299] mkdir("./6", 0777 [pid 455] close(7 [pid 299] <... mkdir resumed>) = 0 [pid 455] <... close resumed>) = 0 [pid 299] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 455] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... openat resumed>) = 3 [pid 455] <... futex resumed>) = 0 [pid 299] ioctl(3, LOOP_CLR_FD [pid 455] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 299] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 299] close(3) = 0 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cc7690) = 465 ./strace-static-x86_64: Process 465 attached [pid 465] set_robust_list(0x555556cc76a0, 24) = 0 [pid 465] chdir("./6") = 0 [pid 465] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 465] setpgid(0, 0) = 0 [pid 465] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 465] write(3, "1000", 4) = 4 [pid 465] close(3) = 0 [pid 465] symlink("/dev/binderfs", "./binderfs") = 0 [pid 465] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 465] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, NULL, 8) = 0 [pid 465] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 465] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220445000 [pid 465] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 465] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 465] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} => {parent_tid=[466]}, 88) = 466 [pid 465] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 465] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 465] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 465] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220424000 [pid 465] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 465] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 465] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} => {parent_tid=[467]}, 88) = 467 [pid 465] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 465] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 465] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 467 attached [pid 467] set_robust_list(0x7f62204449a0, 24) = 0 [pid 467] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 467] creat("./bus", 000) = 3 [pid 467] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 465] <... futex resumed>) = 0 [pid 465] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 465] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 467] <... futex resumed>) = 1 [pid 467] mount("/dev/loop3", "./bus", NULL, MS_BIND, NULL) = 0 [pid 467] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 465] <... futex resumed>) = 0 [pid 465] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 465] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 467] <... futex resumed>) = 1 [pid 459] ioctl(8, LOOP_SET_FD, 7 [pid 467] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 4 [pid 467] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 459] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 439] +++ exited with 0 +++ [pid 433] +++ exited with 0 +++ [pid 301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=433, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- [pid 301] umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 301] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 301] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 301] getdents64(3, 0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 301] umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 459] close(8 [pid 301] <... umount2 resumed>) = 0 [pid 459] <... close resumed>) = 0 [pid 301] umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 462] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 461] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200005c4} --- [pid 459] close(7 [pid 456] <... ioctl resumed>) = 0 [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... umount2 resumed>) = 0 [pid 301] newfstatat(AT_FDCWD, "./6/bus", [pid 462] <... futex resumed>) = ? [pid 460] <... futex resumed>) = -1 (errno 18446744073709551555) [pid 459] <... close resumed>) = 0 [pid 456] close(4 [pid 301] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 ./strace-static-x86_64: Process 466 attached [pid 459] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 456] <... close resumed>) = 0 [pid 301] unlink("./6/bus" [pid 296] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 467] <... futex resumed>) = 1 [pid 466] set_robust_list(0x7f62204659a0, 24 [pid 465] <... futex resumed>) = 0 [pid 462] +++ killed by SIGBUS +++ [pid 459] <... futex resumed>) = 0 [pid 456] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] <... unlink resumed>) = 0 [pid 301] umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 301] newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 301] unlink("./6/binderfs") = 0 [pid 301] umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 301] newfstatat(AT_FDCWD, "./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 301] umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 301] openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 301] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 301] getdents64(4, 0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 301] getdents64(4, 0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 301] close(4) = 0 [pid 301] rmdir("./6/file0") = 0 [pid 301] getdents64(3, 0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 301] close(3) = 0 [pid 301] rmdir("./6") = 0 [pid 301] mkdir("./7", 0777) = 0 [pid 301] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 301] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 301] close(3) = 0 [pid 301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cc7690) = 468 [pid 459] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 456] <... futex resumed>) = 0 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 466] <... set_robust_list resumed>) = 0 [pid 465] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 461] +++ killed by SIGBUS +++ [pid 460] +++ killed by SIGBUS +++ [pid 456] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 451] exit_group(0 [pid 296] newfstatat(AT_FDCWD, "./5/file0", [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=460, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 451] <... exit_group resumed>) = ? [pid 459] <... futex resumed>) = 230 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 456] <... futex resumed>) = ? [pid 459] +++ exited with 0 +++ [pid 467] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE) = 5 [pid 467] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 467] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 296] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 456] +++ exited with 0 +++ [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 297] umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... openat resumed>) = 4 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 297] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(3, 0x555556cc8730 /* 4 entries */, 32768) = 104 [pid 297] umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] newfstatat(4, "", [pid 297] <... umount2 resumed>) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 467] <... futex resumed>) = 0 [pid 465] <... futex resumed>) = 1 [pid 296] getdents64(4, [pid 467] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 465] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] newfstatat(AT_FDCWD, "./6/bus", [pid 296] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 297] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 465] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 297] unlink("./6/bus" [pid 296] getdents64(4, [pid 297] <... unlink resumed>) = 0 [pid 465] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 297] umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 467] <... futex resumed>) = 0 [pid 465] <... futex resumed>) = 1 [pid 296] close(4 [pid 467] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 4, 0 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 468 attached [pid 467] <... mmap resumed>) = 0x20000000 [pid 466] rt_sigprocmask(SIG_SETMASK, [], [pid 465] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] newfstatat(AT_FDCWD, "./6/binderfs", [pid 296] <... close resumed>) = 0 [pid 467] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 465] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 297] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] rmdir("./5/file0" [pid 468] set_robust_list(0x555556cc76a0, 24 [pid 466] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 468] <... set_robust_list resumed>) = 0 [pid 467] <... futex resumed>) = 0 [pid 466] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200005c4} --- [pid 465] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] unlink("./6/binderfs" [pid 296] <... rmdir resumed>) = 0 [pid 296] getdents64(3, 0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 296] close(3) = 0 [pid 296] rmdir("./5" [pid 465] <... futex resumed>) = ? [pid 297] <... unlink resumed>) = 0 [pid 296] <... rmdir resumed>) = 0 [pid 468] chdir("./7" [pid 296] mkdir("./6", 0777 [pid 468] <... chdir resumed>) = 0 [pid 467] +++ killed by SIGBUS +++ [pid 297] getdents64(3, [pid 296] <... mkdir resumed>) = 0 [pid 454] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 297] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 296] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 468] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 454] ioctl(5, LOOP_CLR_FD [pid 297] close(3 [pid 296] <... openat resumed>) = 3 [pid 297] <... close resumed>) = 0 [pid 297] rmdir("./6" [pid 296] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 297] <... rmdir resumed>) = 0 [pid 466] +++ killed by SIGBUS +++ [pid 468] <... prctl resumed>) = 0 [pid 465] +++ killed by SIGBUS +++ [pid 454] <... ioctl resumed>) = 0 [pid 297] mkdir("./7", 0777 [pid 296] close(3) = 0 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=465, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 468] setpgid(0, 0 [pid 454] close(5 [pid 299] restart_syscall(<... resuming interrupted clone ...> [pid 297] <... mkdir resumed>) = 0 [pid 299] <... restart_syscall resumed>) = 0 [pid 297] openat(AT_FDCWD, "/dev/loop1", O_RDWR./strace-static-x86_64: Process 469 attached [pid 468] <... setpgid resumed>) = 0 [pid 297] <... openat resumed>) = 3 [pid 296] <... clone resumed>, child_tidptr=0x555556cc7690) = 469 [pid 469] set_robust_list(0x555556cc76a0, 24 [pid 454] <... close resumed>) = 0 [pid 297] ioctl(3, LOOP_CLR_FD [pid 299] umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] close(3 [pid 299] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 297] <... close resumed>) = 0 [pid 299] <... openat resumed>) = 3 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 469] <... set_robust_list resumed>) = 0 [pid 468] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 454] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] newfstatat(3, "", ./strace-static-x86_64: Process 470 attached {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 454] <... futex resumed>) = 0 [pid 299] getdents64(3, [pid 297] <... clone resumed>, child_tidptr=0x555556cc7690) = 470 [pid 454] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 299] <... getdents64 resumed>0x555556cc8730 /* 4 entries */, 32768) = 104 [pid 448] exit_group(0 [pid 299] umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 457] <... futex resumed>) = ? [pid 455] <... futex resumed>) = ? [pid 448] <... exit_group resumed>) = ? [pid 299] <... umount2 resumed>) = 0 [pid 455] +++ exited with 0 +++ [pid 299] umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./6/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] unlink("./6/bus") = 0 [pid 457] +++ exited with 0 +++ [pid 299] umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 454] <... futex resumed>) = ? [pid 299] unlink("./6/binderfs") = 0 [pid 299] getdents64(3, 0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 299] close(3) = 0 [pid 299] rmdir("./6" [pid 469] chdir("./6" [pid 468] <... openat resumed>) = 3 [pid 299] <... rmdir resumed>) = 0 [pid 299] mkdir("./7", 0777) = 0 [pid 299] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 469] <... chdir resumed>) = 0 [pid 468] write(3, "1000", 4 [pid 299] <... openat resumed>) = 3 [pid 299] ioctl(3, LOOP_CLR_FD [pid 469] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 468] <... write resumed>) = 4 [pid 299] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 299] close(3 [pid 469] <... prctl resumed>) = 0 [pid 468] close(3 [pid 299] <... close resumed>) = 0 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 469] setpgid(0, 0 [pid 468] <... close resumed>) = 0 [pid 299] <... clone resumed>, child_tidptr=0x555556cc7690) = 471 [pid 470] set_robust_list(0x555556cc76a0, 24 [pid 468] symlink("/dev/binderfs", "./binderfs" [pid 470] <... set_robust_list resumed>) = 0 [pid 470] chdir("./7") = 0 [pid 469] <... setpgid resumed>) = 0 [pid 470] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 470] setpgid(0, 0) = 0 [pid 470] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 470] write(3, "1000", 4) = 4 [pid 470] close(3) = 0 [pid 470] symlink("/dev/binderfs", "./binderfs") = 0 [pid 468] <... symlink resumed>) = 0 [pid 470] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 469] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 470] <... futex resumed>) = 0 [pid 470] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, NULL, 8) = 0 [pid 470] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 468] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 470] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220445000 [pid 470] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 470] rt_sigprocmask(SIG_BLOCK, ~[], [pid 468] <... futex resumed>) = 0 [pid 470] <... rt_sigprocmask resumed>[], 8) = 0 [pid 470] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} => {parent_tid=[472]}, 88) = 472 [pid 468] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 470] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 470] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 470] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 470] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220424000 [pid 468] <... rt_sigaction resumed>NULL, 8) = 0 [pid 470] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 469] <... openat resumed>) = 3 [pid 470] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 468] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 470] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} => {parent_tid=[473]}, 88) = 473 [pid 470] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 470] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 470] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 473 attached [pid 468] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 473] set_robust_list(0x7f62204449a0, 24) = 0 [pid 473] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 473] creat("./bus", 000 [pid 468] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 469] write(3, "1000", 4./strace-static-x86_64: Process 472 attached [pid 472] set_robust_list(0x7f62204659a0, 24) = 0 [pid 472] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 471 attached [pid 469] <... write resumed>) = 4 [pid 468] <... mmap resumed>) = 0x7f6220445000 [pid 468] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 469] close(3 [pid 472] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 472] memfd_create("syzkaller", 0 [pid 468] <... mprotect resumed>) = 0 [pid 471] set_robust_list(0x555556cc76a0, 24 [pid 469] <... close resumed>) = 0 [pid 472] <... memfd_create resumed>) = 4 [pid 472] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6218024000 [pid 469] symlink("/dev/binderfs", "./binderfs" [pid 468] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 468] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 469] <... symlink resumed>) = 0 [pid 469] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 474 attached [pid 473] <... creat resumed>) = 3 [pid 471] <... set_robust_list resumed>) = 0 [pid 469] <... futex resumed>) = 0 [pid 468] <... clone3 resumed> => {parent_tid=[474]}, 88) = 474 [pid 473] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 471] chdir("./7" [pid 469] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 468] rt_sigprocmask(SIG_SETMASK, [], [pid 472] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 474] set_robust_list(0x7f62204659a0, 24 [pid 473] <... futex resumed>) = 1 [pid 471] <... chdir resumed>) = 0 [pid 470] <... futex resumed>) = 0 [pid 469] <... rt_sigaction resumed>NULL, 8) = 0 [pid 468] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 470] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 468] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 469] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 470] <... futex resumed>) = 0 [pid 468] <... futex resumed>) = 0 [pid 469] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 470] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 468] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 469] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 468] <... futex resumed>) = 0 [ 24.501616][ T463] EXT4-fs warning (device loop4): kmmpd:170: kmmpd being stopped since MMP feature has been disabled. [ 24.514258][ T454] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 24.525319][ T454] EXT4-fs error (device loop4): ext4_init_orphan_info:586: comm syz-executor172: inode #0: comm syz-executor172: iget: illegal inode # [ 24.541608][ T454] EXT4-fs (loop4): get orphan inode failed [ 24.550930][ T454] EXT4-fs (loop4): mount failed [pid 472] <... write resumed>) = 262144 [pid 469] <... mmap resumed>) = 0x7f6220445000 [pid 468] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 474] <... set_robust_list resumed>) = 0 [pid 474] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 474] memfd_create("syzkaller", 0) = 3 [pid 451] +++ exited with 0 +++ [pid 474] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=451, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 474] <... mmap resumed>) = 0x7f6218045000 [pid 298] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 298] umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 472] munmap(0x7f6218024000, 262144 [pid 298] <... openat resumed>) = 3 [pid 472] <... munmap resumed>) = 0 [pid 298] newfstatat(3, "", [pid 472] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 472] <... openat resumed>) = 5 [pid 298] getdents64(3, [pid 472] ioctl(5, LOOP_SET_FD, 4 [pid 298] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 128 [pid 474] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 473] mount("/dev/loop1", "./bus", NULL, MS_BIND, NULL [pid 471] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 469] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 468] <... mmap resumed>) = 0x7f6218024000 [pid 474] <... write resumed>) = 262144 [pid 472] <... ioctl resumed>) = 0 [pid 471] <... prctl resumed>) = 0 [pid 469] <... mprotect resumed>) = 0 [pid 468] mprotect(0x7f6218025000, 131072, PROT_READ|PROT_WRITE [pid 298] umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 473] <... mount resumed>) = 0 [pid 471] setpgid(0, 0 [pid 469] rt_sigprocmask(SIG_BLOCK, ~[], [pid 468] <... mprotect resumed>) = 0 [pid 298] <... umount2 resumed>) = 0 [pid 473] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 471] <... setpgid resumed>) = 0 [pid 469] <... rt_sigprocmask resumed>[], 8) = 0 [pid 468] rt_sigprocmask(SIG_BLOCK, ~[], [pid 298] umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 473] <... futex resumed>) = 1 [pid 471] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 470] <... futex resumed>) = 0 [pid 469] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 468] <... rt_sigprocmask resumed>[], 8) = 0 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 473] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 470] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 468] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6218044990, parent_tid=0x7f6218044990, exit_signal=0, stack=0x7f6218024000, stack_size=0x20300, tls=0x7f62180446c0} [pid 298] newfstatat(AT_FDCWD, "./5/bus", [pid 470] <... futex resumed>) = 0 [pid 469] <... clone3 resumed> => {parent_tid=[475]}, 88) = 475 [pid 298] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 473] <... open resumed>) = 6 [pid 470] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 469] rt_sigprocmask(SIG_SETMASK, [], [pid 298] unlink("./5/bus" [pid 474] munmap(0x7f6218045000, 262144 [pid 473] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 471] <... openat resumed>) = 3 [pid 469] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 468] <... clone3 resumed> => {parent_tid=[476]}, 88) = 476 [pid 298] <... unlink resumed>) = 0 [pid 473] <... futex resumed>) = 1 [pid 472] close(4 [pid 471] write(3, "1000", 4 [pid 470] <... futex resumed>) = 0 [pid 469] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 473] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 471] <... write resumed>) = 4 [pid 470] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 469] <... futex resumed>) = 0 [pid 468] rt_sigprocmask(SIG_SETMASK, [], [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 473] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 471] close(3 [pid 470] <... futex resumed>) = 0 [pid 469] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 468] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 298] newfstatat(AT_FDCWD, "./5/binderfs", [pid 473] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 471] <... close resumed>) = 0 [pid 470] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 469] <... futex resumed>) = 0 [pid 468] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 473] <... socket resumed>) = 7 [pid 471] symlink("/dev/binderfs", "./binderfs" [pid 469] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 468] <... futex resumed>) = 0 [pid 298] unlink("./5/binderfs" [pid 473] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 469] <... mmap resumed>) = 0x7f6220424000 [pid 468] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 471] <... symlink resumed>) = 0 [pid 298] <... unlink resumed>) = 0 [pid 473] <... futex resumed>) = 1 [pid 470] <... futex resumed>) = 0 [pid 469] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 298] umount2("./5/ext4", MNT_DETACH|UMOUNT_NOFOLLOW [pid 473] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 471] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 470] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 469] <... mprotect resumed>) = 0 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 476 attached [pid 470] <... futex resumed>) = 0 [pid 298] newfstatat(AT_FDCWD, "./5/ext4", [pid 476] set_robust_list(0x7f62180449a0, 24 [pid 473] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 471] <... futex resumed>) = 0 [pid 470] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 469] rt_sigprocmask(SIG_BLOCK, ~[], [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 476] <... set_robust_list resumed>) = 0 [pid 473] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 6, 0 [pid 471] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 469] <... rt_sigprocmask resumed>[], 8) = 0 [pid 298] umount2("./5/ext4", MNT_DETACH|UMOUNT_NOFOLLOW [pid 476] rt_sigprocmask(SIG_SETMASK, [], [pid 473] <... mmap resumed>) = 0x20000000 [pid 471] <... rt_sigaction resumed>NULL, 8) = 0 [pid 469] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 476] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 473] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] openat(AT_FDCWD, "./5/ext4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 476] creat("./bus", 000 [pid 473] <... futex resumed>) = 1 [pid 471] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 470] <... futex resumed>) = 0 [pid 298] <... openat resumed>) = 4 ./strace-static-x86_64: Process 477 attached ./strace-static-x86_64: Process 475 attached [pid 476] <... creat resumed>) = 4 [pid 474] <... munmap resumed>) = 0 [pid 473] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 472] <... close resumed>) = 0 [pid 471] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 470] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 469] <... clone3 resumed> => {parent_tid=[477]}, 88) = 477 [pid 298] newfstatat(4, "", [pid 476] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 470] <... futex resumed>) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 476] <... futex resumed>) = 1 [pid 468] <... futex resumed>) = 0 [pid 298] getdents64(4, [pid 476] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 468] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 476] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 468] <... futex resumed>) = 0 [pid 298] getdents64(4, [pid 476] mount("/dev/loop5", "./bus", NULL, MS_BIND, NULL [pid 468] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 476] <... mount resumed>) = 0 [pid 473] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 471] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 469] rt_sigprocmask(SIG_SETMASK, [], [pid 454] +++ exited with 0 +++ [pid 448] +++ exited with 0 +++ [pid 298] close(4 [pid 476] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 469] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=448, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- [pid 298] <... close resumed>) = 0 [pid 476] <... futex resumed>) = 1 [pid 468] <... futex resumed>) = 0 [pid 300] restart_syscall(<... resuming interrupted clone ...> [pid 298] rmdir("./5/ext4" [pid 476] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 468] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] <... restart_syscall resumed>) = 0 [pid 298] <... rmdir resumed>) = 0 [pid 469] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 477] set_robust_list(0x7f62204449a0, 24 [pid 476] <... open resumed>) = 5 [pid 475] set_robust_list(0x7f62204659a0, 24 [pid 473] memfd_create("syzkaller", 0 [pid 471] <... mmap resumed>) = 0x7f6220445000 [pid 469] <... futex resumed>) = 0 [pid 468] <... futex resumed>) = 0 [pid 298] getdents64(3, [pid 477] <... set_robust_list resumed>) = 0 [pid 476] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 475] <... set_robust_list resumed>) = 0 [pid 473] <... memfd_create resumed>) = 4 [pid 471] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 469] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 468] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 477] rt_sigprocmask(SIG_SETMASK, [], [pid 476] <... futex resumed>) = 0 [pid 475] rt_sigprocmask(SIG_SETMASK, [], [pid 473] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 471] <... mprotect resumed>) = 0 [pid 468] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 300] umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] close(3 [pid 477] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 476] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 475] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 473] <... mmap resumed>) = 0x7f620fc64000 [pid 471] rt_sigprocmask(SIG_BLOCK, ~[], [pid 468] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] <... close resumed>) = 0 [pid 477] creat("./bus", 000 [pid 476] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 475] memfd_create("syzkaller", 0 [pid 471] <... rt_sigprocmask resumed>[], 8) = 0 [pid 468] <... futex resumed>) = 0 [pid 300] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 298] rmdir("./5" [pid 477] <... creat resumed>) = 3 [pid 476] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 475] <... memfd_create resumed>) = 4 [pid 473] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 471] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 468] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 300] <... openat resumed>) = 3 [pid 298] <... rmdir resumed>) = 0 [pid 477] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 476] <... socket resumed>) = 6 [pid 475] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 300] newfstatat(3, "", [pid 298] mkdir("./6", 0777 [pid 477] <... futex resumed>) = 1 [pid 476] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 475] <... mmap resumed>) = 0x7f6218024000 [pid 474] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 473] <... write resumed>) = 65536 [pid 471] <... clone3 resumed> => {parent_tid=[478]}, 88) = 478 [pid 469] <... futex resumed>) = 0 [pid 300] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] <... mkdir resumed>) = 0 [pid 477] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 476] <... futex resumed>) = 1 [pid 475] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 474] <... openat resumed>) = 7 [pid 473] munmap(0x7f620fc64000, 65536 [pid 471] rt_sigprocmask(SIG_SETMASK, [], [pid 469] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 468] <... futex resumed>) = 0 [pid 300] getdents64(3, [pid 298] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 477] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 476] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 475] <... write resumed>) = 262144 [pid 474] ioctl(7, LOOP_SET_FD, 3 [pid 473] <... munmap resumed>) = 0 [pid 472] mkdir(0x20000000, 0777 [pid 471] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 469] <... futex resumed>) = 0 [pid 468] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 298] <... openat resumed>) = 3 [pid 477] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 476] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 475] munmap(0x7f6218024000, 262144 [pid 473] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 471] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 469] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 468] <... futex resumed>) = 0 [pid 300] umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] ioctl(3, LOOP_CLR_FD [pid 477] <... mount resumed>) = 0 [pid 476] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 475] <... munmap resumed>) = 0 [pid 468] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 477] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 476] <... mmap resumed>) = 0x20000000 [pid 475] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 473] <... openat resumed>) = 8 [pid 471] <... futex resumed>) = 0 [pid 469] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 300] <... umount2 resumed>) = 0 [pid 298] close(3./strace-static-x86_64: Process 478 attached [pid 477] <... futex resumed>) = 0 [pid 476] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 475] <... openat resumed>) = 5 [pid 473] ioctl(8, LOOP_SET_FD, 4 [pid 471] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 469] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] <... close resumed>) = 0 [pid 478] set_robust_list(0x7f62204659a0, 24 [pid 477] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 476] <... futex resumed>) = 1 [pid 475] ioctl(5, LOOP_SET_FD, 4 [pid 473] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 471] <... futex resumed>) = 0 [pid 469] <... futex resumed>) = 0 [pid 468] <... futex resumed>) = 0 [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 479 attached [pid 478] <... set_robust_list resumed>) = 0 [pid 477] <... open resumed>) = 6 [pid 475] <... ioctl resumed>) = 0 [pid 474] <... ioctl resumed>) = 0 [pid 473] ioctl(8, LOOP_CLR_FD [pid 472] <... mkdir resumed>) = 0 [pid 471] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 469] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 468] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] newfstatat(AT_FDCWD, "./8/bus", [pid 479] set_robust_list(0x555556cc76a0, 24 [pid 475] close(4 [pid 474] close(3 [pid 473] <... ioctl resumed>) = 0 [pid 472] mount("/dev/loop1", 0x20000000, 0x200005c0, MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"... [pid 471] <... mmap resumed>) = 0x7f6220424000 [pid 479] <... set_robust_list resumed>) = 0 [pid 475] <... close resumed>) = 0 [pid 474] <... close resumed>) = 0 [pid 472] <... mount resumed>) = -1 ENODEV (No such device) [pid 471] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 468] <... futex resumed>) = 0 [pid 300] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] <... clone resumed>, child_tidptr=0x555556cc7690) = 479 [pid 479] chdir("./6" [pid 475] mkdir("./file0", 0777 [pid 474] mkdir(0x20000000, 0777 [pid 472] ioctl(5, LOOP_CLR_FD [pid 471] <... mprotect resumed>) = 0 [pid 300] unlink("./8/bus" [pid 479] <... chdir resumed>) = 0 [pid 475] <... mkdir resumed>) = 0 [pid 474] <... mkdir resumed>) = 0 [pid 473] ioctl(8, LOOP_SET_FD, 4 [pid 472] <... ioctl resumed>) = 0 [pid 471] rt_sigprocmask(SIG_BLOCK, ~[], [pid 479] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 475] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 474] mount("/dev/loop5", 0x20000000, 0x200005c0, MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"... [pid 473] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 472] close(5 [pid 471] <... rt_sigprocmask resumed>[], 8) = 0 [pid 300] <... unlink resumed>) = 0 [pid 479] <... prctl resumed>) = 0 [pid 474] <... mount resumed>) = -1 ENODEV (No such device) [pid 473] close(8 [pid 472] <... close resumed>) = 0 [pid 471] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 479] setpgid(0, 0 [pid 474] ioctl(7, LOOP_CLR_FD [pid 473] <... close resumed>) = 0 [pid 472] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 479] <... setpgid resumed>) = 0 [pid 474] <... ioctl resumed>) = 0 [pid 473] close(4 [pid 472] <... futex resumed>) = 0 [pid 471] <... clone3 resumed> => {parent_tid=[480]}, 88) = 480 [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 479] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 474] close(7 [pid 473] <... close resumed>) = 0 [pid 472] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 471] rt_sigprocmask(SIG_SETMASK, [], [pid 479] <... openat resumed>) = 3 [pid 474] <... close resumed>) = 0 [pid 473] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 471] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 470] exit_group(0 [pid 300] newfstatat(AT_FDCWD, "./8/binderfs", [pid 479] write(3, "1000", 4 [pid 474] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 473] <... futex resumed>) = ? [pid 472] <... futex resumed>) = ? [pid 471] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 470] <... exit_group resumed>) = ? [pid 300] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 479] <... write resumed>) = 4 [pid 477] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 474] <... futex resumed>) = 0 [pid 473] +++ exited with 0 +++ [pid 472] +++ exited with 0 +++ [pid 471] <... futex resumed>) = 0 [pid 479] close(3 [pid 477] <... futex resumed>) = 1 [pid 474] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 471] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 470] +++ exited with 0 +++ [pid 469] <... futex resumed>) = 0 [pid 300] unlink("./8/binderfs" [pid 479] <... close resumed>) = 0 [pid 477] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 469] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] <... unlink resumed>) = 0 [pid 479] symlink("/dev/binderfs", "./binderfs" [pid 469] <... futex resumed>) = 0 [pid 300] umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=470, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 479] <... symlink resumed>) = 0 [pid 477] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 469] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] restart_syscall(<... resuming interrupted clone ...> [pid 479] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 477] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 300] newfstatat(AT_FDCWD, "./8/file0", [pid 297] <... restart_syscall resumed>) = 0 [pid 479] <... futex resumed>) = 0 [pid 479] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 477] <... socket resumed>) = 4 [pid 300] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 ./strace-static-x86_64: Process 480 attached [pid 479] <... rt_sigaction resumed>NULL, 8) = 0 [pid 477] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 480] set_robust_list(0x7f62204449a0, 24 [pid 479] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 477] <... futex resumed>) = 1 [pid 469] <... futex resumed>) = 0 [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 480] <... set_robust_list resumed>) = 0 [pid 479] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 477] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 469] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 297] umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW [pid 480] rt_sigprocmask(SIG_SETMASK, [], [pid 479] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 478] rt_sigprocmask(SIG_SETMASK, [], [pid 477] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 469] <... futex resumed>) = 0 [pid 300] <... openat resumed>) = 4 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 480] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 479] <... mmap resumed>) = 0x7f6220445000 [pid 478] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 477] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 6, 0 [pid 476] memfd_create("syzkaller", 0 [pid 469] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 300] newfstatat(4, "", [pid 297] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 480] creat("./bus", 000 [pid 479] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 477] <... mmap resumed>) = 0x20000000 [pid 300] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 480] <... creat resumed>) = 3 [pid 479] <... mprotect resumed>) = 0 [pid 477] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] getdents64(4, [pid 297] <... openat resumed>) = 3 [pid 480] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 479] rt_sigprocmask(SIG_BLOCK, ~[], [pid 478] memfd_create("syzkaller", 0 [pid 477] <... futex resumed>) = 1 [pid 476] <... memfd_create resumed>) = 3 [pid 469] <... futex resumed>) = 0 [pid 300] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 297] newfstatat(3, "", [pid 480] <... futex resumed>) = 1 [pid 479] <... rt_sigprocmask resumed>[], 8) = 0 [pid 477] memfd_create("syzkaller", 0 [pid 471] <... futex resumed>) = 0 [pid 469] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] getdents64(4, [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 480] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 479] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 477] <... memfd_create resumed>) = 7 [pid 471] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 469] <... futex resumed>) = 0 [pid 300] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 297] getdents64(3, [pid 480] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 477] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 471] <... futex resumed>) = 0 [pid 300] close(4 [pid 480] mount("/dev/loop3", "./bus", NULL, MS_BIND, NULL [pid 479] <... clone3 resumed> => {parent_tid=[482]}, 88) = 482 [pid 478] <... memfd_create resumed>) = 4 [pid 477] <... mmap resumed>) = 0x7f620fc64000 [pid 476] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 471] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 300] <... close resumed>) = 0 [pid 297] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 128 [pid 480] <... mount resumed>) = 0 [pid 479] rt_sigprocmask(SIG_SETMASK, [], [pid 478] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 477] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 476] <... mmap resumed>) = 0x7f620fc24000 [ 24.581914][ T472] loop1: detected capacity change from 0 to 512 [ 24.602517][ T474] loop5: detected capacity change from 0 to 512 [ 24.609979][ T475] loop0: detected capacity change from 0 to 512 [pid 300] rmdir("./8/file0" [pid 297] umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 480] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 479] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 480] <... futex resumed>) = 1 [pid 479] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 471] <... futex resumed>) = 0 [pid 300] <... rmdir resumed>) = 0 [pid 297] <... umount2 resumed>) = 0 [pid 480] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 479] <... futex resumed>) = 0 [pid 478] <... mmap resumed>) = 0x7f6218024000 [pid 477] <... write resumed>) = 65536 [pid 476] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 471] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 480] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 479] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 471] <... futex resumed>) = 0 [pid 480] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 479] <... futex resumed>) = 0 [pid 471] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 480] <... open resumed>) = 5 [pid 479] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 480] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 479] <... mmap resumed>) = 0x7f6220424000 [pid 480] <... futex resumed>) = 1 [pid 479] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 471] <... futex resumed>) = 0 [pid 480] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 479] <... mprotect resumed>) = 0 [pid 471] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 480] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 479] rt_sigprocmask(SIG_BLOCK, ~[], [pid 471] <... futex resumed>) = 0 [pid 480] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 479] <... rt_sigprocmask resumed>[], 8) = 0 [pid 471] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 482 attached [pid 480] <... socket resumed>) = 6 [pid 479] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 482] set_robust_list(0x7f62204659a0, 24 [pid 480] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 482] <... set_robust_list resumed>) = 0 [pid 480] <... futex resumed>) = 1 [pid 479] <... clone3 resumed> => {parent_tid=[484]}, 88) = 484 [pid 471] <... futex resumed>) = 0 [pid 482] rt_sigprocmask(SIG_SETMASK, [], [pid 480] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 479] rt_sigprocmask(SIG_SETMASK, [], [pid 471] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 482] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 480] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 479] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 471] <... futex resumed>) = 0 [pid 482] memfd_create("syzkaller", 0 [pid 480] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 479] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 471] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 482] <... memfd_create resumed>) = 3 [pid 480] <... mmap resumed>) = 0x20000000 [pid 479] <... futex resumed>) = 0 [pid 482] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 480] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 479] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 482] <... mmap resumed>) = 0x7f6218024000 [pid 480] <... futex resumed>) = 1 [pid 477] munmap(0x7f620fc64000, 65536 [pid 471] <... futex resumed>) = 0 [pid 300] getdents64(3, [pid 478] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000f02} --- [pid 297] umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 482] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 477] <... munmap resumed>) = 0 [pid 476] <... write resumed>) = 65536 [pid 300] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 480] +++ killed by SIGBUS +++ [pid 482] <... write resumed>) = 262144 [pid 478] +++ killed by SIGBUS +++ [pid 477] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 471] +++ killed by SIGBUS +++ [pid 300] close(3 [pid 297] newfstatat(AT_FDCWD, "./7/bus", [pid 482] munmap(0x7f6218024000, 262144 [pid 477] <... openat resumed>) = 8 [pid 476] munmap(0x7f620fc24000, 65536 [pid 300] <... close resumed>) = 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 482] <... munmap resumed>) = 0 [pid 477] ioctl(8, LOOP_SET_FD, 7 [pid 476] <... munmap resumed>) = 0 [pid 300] rmdir("./8" [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=471, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 297] unlink("./7/bus" [pid 482] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 477] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 476] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 299] umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 484 attached [pid 482] <... openat resumed>) = 4 [pid 477] ioctl(8, LOOP_CLR_FD [pid 476] <... openat resumed>) = 7 [pid 300] <... rmdir resumed>) = 0 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] <... unlink resumed>) = 0 [pid 484] set_robust_list(0x7f62204449a0, 24 [pid 482] ioctl(4, LOOP_SET_FD, 3 [pid 477] <... ioctl resumed>) = 0 [pid 476] ioctl(7, LOOP_SET_FD, 3 [pid 300] mkdir("./9", 0777 [pid 299] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 297] umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 484] <... set_robust_list resumed>) = 0 [pid 476] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 300] <... mkdir resumed>) = 0 [pid 299] <... openat resumed>) = 3 [pid 484] rt_sigprocmask(SIG_SETMASK, [], [pid 299] newfstatat(3, "", [pid 484] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 484] creat("./bus", 000 [pid 299] getdents64(3, [pid 484] <... creat resumed>) = 5 [pid 299] <... getdents64 resumed>0x555556cc8730 /* 4 entries */, 32768) = 104 [pid 484] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 484] <... futex resumed>) = 1 [pid 479] <... futex resumed>) = 0 [pid 484] mount("/dev/loop2", "./bus", NULL, MS_BIND, NULL [pid 479] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 484] <... mount resumed>) = 0 [pid 479] <... futex resumed>) = 0 [pid 484] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 479] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 484] <... futex resumed>) = 0 [pid 479] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 484] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 479] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 479] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 482] <... ioctl resumed>) = 0 [pid 482] close(3) = 0 [pid 482] mkdir("./file0", 0777) = 0 [pid 482] mount("/dev/loop2", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] unlink("./7/binderfs") = 0 [pid 297] umount2("./7/ext4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./7/ext4", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] umount2("./7/ext4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./7/ext4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 297] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(4, 0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 297] getdents64(4, 0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 297] close(4) = 0 [pid 297] rmdir("./7/ext4") = 0 [pid 297] getdents64(3, 0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 297] close(3) = 0 [pid 297] rmdir("./7") = 0 [pid 297] mkdir("./8", 0777) = 0 [pid 297] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 476] ioctl(7, LOOP_CLR_FD) = 0 [pid 300] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 300] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 300] close(3 [pid 477] ioctl(8, LOOP_SET_FD, 7 [pid 476] ioctl(7, LOOP_SET_FD, 3 [pid 300] <... close resumed>) = 0 [pid 477] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 476] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 477] close(8 [pid 476] close(7 [pid 299] <... umount2 resumed>) = 0 [pid 477] <... close resumed>) = 0 [pid 476] <... close resumed>) = 0 [pid 300] <... clone resumed>, child_tidptr=0x555556cc7690) = 485 [pid 299] umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 484] <... open resumed>) = 6 [pid 477] close(7 [pid 476] close(3 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 484] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 477] <... close resumed>) = 0 [pid 476] <... close resumed>) = 0 [pid 299] newfstatat(AT_FDCWD, "./7/bus", [pid 484] <... futex resumed>) = 1 [pid 479] <... futex resumed>) = 0 [pid 477] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 476] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 468] exit_group(0 [pid 299] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 484] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 479] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 477] <... futex resumed>) = 0 [pid 476] <... futex resumed>) = ? [pid 474] <... futex resumed>) = ? [pid 468] <... exit_group resumed>) = ? [pid 299] unlink("./7/bus" [pid 484] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 479] <... futex resumed>) = 0 [pid 477] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 476] +++ exited with 0 +++ [pid 474] +++ exited with 0 +++ [pid 299] <... unlink resumed>) = 0 [pid 297] <... openat resumed>) = 3 [pid 484] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 479] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] ioctl(3, LOOP_CLR_FD [pid 484] <... socket resumed>) = 3 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 484] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] newfstatat(AT_FDCWD, "./7/binderfs", [pid 297] close(3 [pid 484] <... futex resumed>) = 1 [pid 479] <... futex resumed>) = 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] <... close resumed>) = 0 [pid 484] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 479] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] unlink("./7/binderfs" [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 485 attached [pid 484] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 479] <... futex resumed>) = 0 [pid 485] set_robust_list(0x555556cc76a0, 24) = 0 [pid 485] chdir("./9") = 0 [pid 485] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 485] setpgid(0, 0) = 0 [ 24.655281][ T481] EXT4-fs warning (device loop0): kmmpd:170: kmmpd being stopped since MMP feature has been disabled. [ 24.661969][ T475] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 24.682744][ T482] loop2: detected capacity change from 0 to 512 [ 24.685957][ T475] EXT4-fs error (device loop0): ext4_init_orphan_info:586: comm syz-executor172: inode #0: comm syz-executor172: iget: illegal inode # [pid 485] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 485] write(3, "1000", 4) = 4 [pid 485] close(3) = 0 [pid 485] symlink("/dev/binderfs", "./binderfs") = 0 [pid 485] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 485] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, NULL, 8) = 0 [pid 485] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 485] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220445000 [pid 485] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 485] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 485] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} => {parent_tid=[486]}, 88) = 486 [pid 485] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 485] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 485] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 485] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220424000 [pid 485] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 485] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 485] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} => {parent_tid=[487]}, 88) = 487 [pid 485] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 485] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 485] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] <... unlink resumed>) = 0 [pid 299] getdents64(3, 0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 299] close(3) = 0 [pid 299] rmdir("./7") = 0 [pid 484] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 6, 0 [pid 479] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] mkdir("./8", 0777 [pid 484] <... mmap resumed>) = 0x20000000 [pid 299] <... mkdir resumed>) = 0 [pid 484] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 297] <... clone resumed>, child_tidptr=0x555556cc7690) = 488 [pid 484] <... futex resumed>) = 1 [pid 479] <... futex resumed>) = 0 [pid 299] <... openat resumed>) = 3 ./strace-static-x86_64: Process 487 attached ./strace-static-x86_64: Process 486 attached [pid 484] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 479] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 484] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 479] <... futex resumed>) = 0 [pid 486] set_robust_list(0x7f62204659a0, 24 [pid 299] ioctl(3, LOOP_CLR_FD [pid 484] memfd_create("syzkaller", 0 [pid 486] <... set_robust_list resumed>) = 0 [pid 299] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 486] rt_sigprocmask(SIG_SETMASK, [], [pid 299] close(3 [pid 484] <... memfd_create resumed>) = 7 [pid 486] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 484] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 299] <... close resumed>) = 0 [pid 484] <... mmap resumed>) = 0x7f620fc64000 [pid 486] memfd_create("syzkaller", 0 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 489 attached ./strace-static-x86_64: Process 488 attached [pid 486] <... memfd_create resumed>) = 3 [pid 484] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 486] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 299] <... clone resumed>, child_tidptr=0x555556cc7690) = 489 [pid 486] <... mmap resumed>) = 0x7f6218024000 [pid 484] <... write resumed>) = 65536 [pid 484] munmap(0x7f620fc64000, 65536 [pid 489] set_robust_list(0x555556cc76a0, 24 [pid 488] set_robust_list(0x555556cc76a0, 24 [pid 486] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 484] <... munmap resumed>) = 0 [pid 486] <... write resumed>) = 262144 [pid 486] munmap(0x7f6218024000, 262144) = 0 [pid 486] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 486] ioctl(4, LOOP_SET_FD, 3 [pid 489] <... set_robust_list resumed>) = 0 [pid 488] <... set_robust_list resumed>) = 0 [pid 487] set_robust_list(0x7f62204449a0, 24 [pid 484] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 489] chdir("./8" [pid 488] chdir("./8" [pid 484] <... openat resumed>) = 8 [pid 484] ioctl(8, LOOP_SET_FD, 7 [pid 488] <... chdir resumed>) = 0 [pid 484] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 489] <... chdir resumed>) = 0 [pid 488] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 484] ioctl(8, LOOP_CLR_FD [pid 489] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 488] <... prctl resumed>) = 0 [pid 484] <... ioctl resumed>) = 0 [pid 489] <... prctl resumed>) = 0 [pid 488] setpgid(0, 0 [pid 489] setpgid(0, 0 [pid 488] <... setpgid resumed>) = 0 [pid 489] <... setpgid resumed>) = 0 [pid 488] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 489] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 488] <... openat resumed>) = 3 [pid 489] <... openat resumed>) = 3 [pid 488] write(3, "1000", 4 [pid 487] <... set_robust_list resumed>) = 0 [pid 489] write(3, "1000", 4 [pid 488] <... write resumed>) = 4 [pid 487] rt_sigprocmask(SIG_SETMASK, [], [pid 484] ioctl(8, LOOP_SET_FD, 7 [pid 489] <... write resumed>) = 4 [pid 488] close(3 [pid 487] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 484] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 489] close(3 [pid 488] <... close resumed>) = 0 [pid 487] creat("./bus", 000 [pid 484] close(8 [pid 489] <... close resumed>) = 0 [pid 486] <... ioctl resumed>) = 0 [pid 486] close(3) = 0 [pid 486] mkdir("./file0", 0777 [pid 484] <... close resumed>) = 0 [pid 484] close(7 [pid 488] symlink("/dev/binderfs", "./binderfs" [pid 489] symlink("/dev/binderfs", "./binderfs" [pid 486] <... mkdir resumed>) = 0 [pid 486] mount("/dev/loop4", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 484] <... close resumed>) = 0 [pid 488] <... symlink resumed>) = 0 [pid 484] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 488] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 489] <... symlink resumed>) = 0 [pid 484] <... futex resumed>) = 0 [pid 488] <... futex resumed>) = 0 [pid 489] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 484] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 488] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 489] <... futex resumed>) = 0 [pid 488] <... rt_sigaction resumed>NULL, 8) = 0 [pid 489] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 488] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 487] <... creat resumed>) = 3 [pid 487] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 485] <... futex resumed>) = 0 [pid 488] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 489] <... rt_sigaction resumed>NULL, 8) = 0 [pid 487] mount("/dev/loop4", "./bus", NULL, MS_BIND, NULL [pid 485] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 488] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 489] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 487] <... mount resumed>) = 0 [pid 485] <... futex resumed>) = 0 [pid 488] <... mmap resumed>) = 0x7f6220445000 [pid 487] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 485] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 489] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 488] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 487] <... futex resumed>) = 0 [pid 485] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 488] <... mprotect resumed>) = 0 [pid 487] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 485] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 489] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 487] <... open resumed>) = 5 [pid 485] <... futex resumed>) = 0 [pid 489] <... mmap resumed>) = 0x7f6220445000 [pid 488] rt_sigprocmask(SIG_BLOCK, ~[], [pid 487] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 485] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 489] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 488] <... rt_sigprocmask resumed>[], 8) = 0 [pid 487] <... futex resumed>) = 0 [pid 485] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 489] <... mprotect resumed>) = 0 [pid 488] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 487] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 485] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 487] <... socket resumed>) = 6 [pid 485] <... futex resumed>) = 0 [pid 487] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 485] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 487] <... futex resumed>) = 0 [pid 489] rt_sigprocmask(SIG_BLOCK, ~[], [pid 485] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 489] <... rt_sigprocmask resumed>[], 8) = 0 [pid 488] <... clone3 resumed> => {parent_tid=[490]}, 88) = 490 [pid 487] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 485] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 489] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 488] rt_sigprocmask(SIG_SETMASK, [], [pid 487] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 485] <... futex resumed>) = 0 [pid 488] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 487] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 485] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 487] <... mmap resumed>) = 0x20000000 [pid 487] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 485] <... futex resumed>) = 0 [pid 487] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 485] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 487] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 485] <... futex resumed>) = 0 ./strace-static-x86_64: Process 491 attached ./strace-static-x86_64: Process 490 attached [pid 489] <... clone3 resumed> => {parent_tid=[491]}, 88) = 491 [pid 488] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 482] <... mount resumed>) = -1 EBADMSG (Bad message) [pid 475] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 468] +++ exited with 0 +++ [pid 491] set_robust_list(0x7f62204659a0, 24 [pid 490] set_robust_list(0x7f62204659a0, 24 [pid 489] rt_sigprocmask(SIG_SETMASK, [], [pid 488] <... futex resumed>) = 0 [pid 487] memfd_create("syzkaller", 0 [pid 482] ioctl(4, LOOP_CLR_FD [pid 475] ioctl(5, LOOP_CLR_FD [pid 491] <... set_robust_list resumed>) = 0 [pid 490] <... set_robust_list resumed>) = 0 [pid 489] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 488] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 482] <... ioctl resumed>) = 0 [pid 475] <... ioctl resumed>) = 0 [pid 301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=468, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 491] rt_sigprocmask(SIG_SETMASK, [], [pid 490] rt_sigprocmask(SIG_SETMASK, [], [pid 489] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 488] <... futex resumed>) = 0 [pid 487] <... memfd_create resumed>) = 7 [pid 482] close(4 [pid 475] close(5 [pid 301] umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW [pid 491] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 490] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 489] <... futex resumed>) = 0 [pid 488] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 482] <... close resumed>) = 0 [pid 475] <... close resumed>) = 0 [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 491] memfd_create("syzkaller", 0 [pid 490] memfd_create("syzkaller", 0 [pid 489] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 488] <... mmap resumed>) = 0x7f6220424000 [pid 482] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 475] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 491] <... memfd_create resumed>) = 3 [pid 490] <... memfd_create resumed>) = 3 [pid 489] <... futex resumed>) = 0 [pid 488] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 482] <... futex resumed>) = 0 [pid 475] <... futex resumed>) = 0 [pid 301] <... openat resumed>) = 3 [pid 491] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 490] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 489] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 488] <... mprotect resumed>) = 0 [ 24.711871][ T475] EXT4-fs (loop0): get orphan inode failed [ 24.721932][ T475] EXT4-fs (loop0): mount failed [ 24.723979][ T486] loop4: detected capacity change from 0 to 512 [ 24.738727][ T482] EXT4-fs warning (device loop2): read_mmp_block:115: Error -74 while reading MMP block 12 [pid 482] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 479] exit_group(0 [pid 475] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 469] exit_group(0 [pid 301] newfstatat(3, "", [pid 491] <... mmap resumed>) = 0x7f6218045000 [pid 490] <... mmap resumed>) = 0x7f6218024000 [pid 489] <... mmap resumed>) = 0x7f6218024000 [pid 488] rt_sigprocmask(SIG_BLOCK, ~[], [pid 487] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 484] <... futex resumed>) = ? [pid 482] <... futex resumed>) = ? [pid 479] <... exit_group resumed>) = ? [pid 477] <... futex resumed>) = ? [pid 475] <... futex resumed>) = ? [pid 469] <... exit_group resumed>) = ? [pid 301] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 491] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 490] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 489] mprotect(0x7f6218025000, 131072, PROT_READ|PROT_WRITE [pid 488] <... rt_sigprocmask resumed>[], 8) = 0 [pid 487] <... mmap resumed>) = 0x7f620fc64000 [pid 484] +++ exited with 0 +++ [pid 482] +++ exited with 0 +++ [pid 477] +++ exited with 0 +++ [pid 475] +++ exited with 0 +++ [pid 301] getdents64(3, [pid 491] <... write resumed>) = 262144 [pid 490] <... write resumed>) = 262144 [pid 489] <... mprotect resumed>) = 0 [pid 488] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 301] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 128 [pid 491] munmap(0x7f6218045000, 262144 [pid 490] munmap(0x7f6218024000, 262144 [pid 489] rt_sigprocmask(SIG_BLOCK, ~[], [pid 301] umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 491] <... munmap resumed>) = 0 [pid 490] <... munmap resumed>) = 0 [pid 489] <... rt_sigprocmask resumed>[], 8) = 0 [pid 488] <... clone3 resumed> => {parent_tid=[492]}, 88) = 492 [pid 491] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 490] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 489] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6218044990, parent_tid=0x7f6218044990, exit_signal=0, stack=0x7f6218024000, stack_size=0x20300, tls=0x7f62180446c0} [pid 488] rt_sigprocmask(SIG_SETMASK, [], [pid 491] <... openat resumed>) = 4 [pid 490] <... openat resumed>) = 4 [pid 488] <... rt_sigprocmask resumed>NULL, 8) = 0 ./strace-static-x86_64: Process 492 attached ./strace-static-x86_64: Process 493 attached [pid 491] ioctl(4, LOOP_SET_FD, 3 [pid 490] ioctl(4, LOOP_SET_FD, 3 [pid 489] <... clone3 resumed> => {parent_tid=[493]}, 88) = 493 [pid 488] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 487] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 301] <... umount2 resumed>) = 0 [pid 487] <... write resumed>) = 65536 [pid 486] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 493] set_robust_list(0x7f62180449a0, 24 [pid 492] set_robust_list(0x7f62204449a0, 24 [pid 487] munmap(0x7f620fc64000, 65536 [pid 493] <... set_robust_list resumed>) = 0 [pid 492] <... set_robust_list resumed>) = 0 [pid 487] <... munmap resumed>) = 0 [pid 486] ioctl(4, LOOP_CLR_FD [pid 493] rt_sigprocmask(SIG_SETMASK, [], [pid 492] rt_sigprocmask(SIG_SETMASK, [], [pid 487] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 493] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 492] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 487] <... openat resumed>) = 8 [pid 486] <... ioctl resumed>) = 0 [pid 493] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 492] creat("./bus", 000 [pid 487] ioctl(8, LOOP_SET_FD, 7 [pid 486] close(4 [pid 492] <... creat resumed>) = 5 [pid 487] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 492] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 487] ioctl(8, LOOP_CLR_FD [pid 486] <... close resumed>) = 0 [pid 492] <... futex resumed>) = 0 [pid 487] <... ioctl resumed>) = 0 [pid 492] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 486] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 486] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 491] <... ioctl resumed>) = 0 [pid 489] rt_sigprocmask(SIG_SETMASK, [], [pid 488] <... futex resumed>) = 1 [pid 301] umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 491] close(3 [pid 489] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 488] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 487] ioctl(8, LOOP_SET_FD, 7 [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 491] <... close resumed>) = 0 [pid 489] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 488] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 487] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 301] newfstatat(AT_FDCWD, "./7/bus", [pid 491] mkdir("./file0", 0777 [pid 489] <... futex resumed>) = 1 [pid 488] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 487] close(8 [pid 301] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 491] <... mkdir resumed>) = 0 [pid 489] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 488] <... futex resumed>) = 0 [pid 487] <... close resumed>) = 0 [pid 301] unlink("./7/bus" [pid 491] mount("/dev/loop3", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 488] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 487] close(7 [pid 301] <... unlink resumed>) = 0 [pid 487] <... close resumed>) = 0 [pid 301] umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 487] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 487] <... futex resumed>) = 0 [pid 301] newfstatat(AT_FDCWD, "./7/binderfs", [pid 487] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 301] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 301] unlink("./7/binderfs") = 0 [pid 301] umount2("./7/ext4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 301] newfstatat(AT_FDCWD, "./7/ext4", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 301] umount2("./7/ext4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 485] exit_group(0 [pid 301] openat(AT_FDCWD, "./7/ext4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 487] <... futex resumed>) = ? [pid 485] <... exit_group resumed>) = ? [pid 301] <... openat resumed>) = 4 [pid 487] +++ exited with 0 +++ [pid 301] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 301] getdents64(4, 0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 301] getdents64(4, 0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 301] close(4) = 0 [pid 301] rmdir("./7/ext4") = 0 [pid 301] getdents64(3, 0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 301] close(3) = 0 [pid 301] rmdir("./7" [pid 493] <... futex resumed>) = 0 [pid 301] <... rmdir resumed>) = 0 [pid 493] creat("./bus", 000 [pid 486] <... futex resumed>) = ? [pid 301] mkdir("./8", 0777 [pid 493] <... creat resumed>) = 3 [pid 492] <... futex resumed>) = 0 [pid 301] <... mkdir resumed>) = 0 [pid 301] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 493] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 492] mount("/dev/loop1", "./bus", NULL, MS_BIND, NULL [pid 301] <... openat resumed>) = 3 [pid 301] ioctl(3, LOOP_CLR_FD [pid 493] <... futex resumed>) = 1 [pid 489] <... futex resumed>) = 0 [pid 301] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 493] mount("/dev/loop3", "./bus", NULL, MS_BIND, NULL [pid 492] <... mount resumed>) = 0 [pid 489] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] close(3 [pid 489] <... futex resumed>) = 0 [pid 301] <... close resumed>) = 0 [pid 493] <... mount resumed>) = 0 [pid 492] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 489] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 493] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 492] <... futex resumed>) = 1 [pid 490] <... ioctl resumed>) = 0 ./strace-static-x86_64: Process 494 attached [pid 493] <... futex resumed>) = 1 [pid 489] <... futex resumed>) = 0 [pid 488] <... futex resumed>) = 0 [pid 494] set_robust_list(0x555556cc76a0, 24 [pid 493] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 492] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 490] close(3 [pid 489] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 488] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] <... clone resumed>, child_tidptr=0x555556cc7690) = 494 [pid 494] <... set_robust_list resumed>) = 0 [pid 493] <... open resumed>) = 5 [pid 492] <... open resumed>) = 6 [pid 490] <... close resumed>) = 0 [pid 489] <... futex resumed>) = 0 [pid 488] <... futex resumed>) = 0 [pid 494] chdir("./8" [pid 493] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 492] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 490] mkdir("./file0", 0777 [pid 489] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 488] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 494] <... chdir resumed>) = 0 [pid 493] <... futex resumed>) = 0 [pid 492] <... futex resumed>) = 0 [pid 489] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 488] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 494] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 493] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 489] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 488] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 494] <... prctl resumed>) = 0 [pid 493] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 492] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 489] <... futex resumed>) = 0 [pid 488] <... futex resumed>) = 0 [pid 494] setpgid(0, 0 [pid 493] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 489] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 488] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 494] <... setpgid resumed>) = 0 [pid 493] <... socket resumed>) = 6 [pid 492] <... socket resumed>) = 3 [pid 494] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 493] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 492] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 490] <... mkdir resumed>) = 0 [pid 494] <... openat resumed>) = 3 [pid 493] <... futex resumed>) = 1 [pid 492] <... futex resumed>) = 1 [pid 490] mount("/dev/loop1", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 489] <... futex resumed>) = 0 [pid 488] <... futex resumed>) = 0 [pid 494] write(3, "1000", 4 [pid 493] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 492] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 489] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 488] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 494] <... write resumed>) = 4 [pid 493] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 492] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 489] <... futex resumed>) = 0 [pid 488] <... futex resumed>) = 0 [pid 494] close(3 [pid 493] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 492] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 6, 0 [pid 489] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 488] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 494] <... close resumed>) = 0 [pid 493] <... mmap resumed>) = 0x20000000 [pid 492] <... mmap resumed>) = 0x20000000 [pid 479] +++ exited with 0 +++ [pid 469] +++ exited with 0 +++ [pid 494] symlink("/dev/binderfs", "./binderfs" [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=479, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 494] <... symlink resumed>) = 0 [pid 494] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 298] umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW [pid 494] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 494] <... rt_sigaction resumed>NULL, 8) = 0 [pid 298] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 494] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 298] <... openat resumed>) = 3 [pid 494] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 298] newfstatat(3, "", [pid 494] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 494] <... mmap resumed>) = 0x7f6220445000 [pid 298] getdents64(3, [pid 494] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 298] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 494] <... mprotect resumed>) = 0 [pid 298] umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 494] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 493] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... umount2 resumed>) = 0 [pid 494] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 298] umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 494] <... clone3 resumed> => {parent_tid=[495]}, 88) = 495 [pid 298] newfstatat(AT_FDCWD, "./6/bus", [pid 494] rt_sigprocmask(SIG_SETMASK, [], [pid 298] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 494] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 298] unlink("./6/bus" [pid 494] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... unlink resumed>) = 0 [pid 494] <... futex resumed>) = 0 [pid 298] umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 494] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 494] <... futex resumed>) = 0 [pid 298] newfstatat(AT_FDCWD, "./6/binderfs", [pid 494] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 494] <... mmap resumed>) = 0x7f6220424000 [pid 298] unlink("./6/binderfs" [pid 494] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 298] <... unlink resumed>) = 0 [pid 494] <... mprotect resumed>) = 0 [pid 298] umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 494] rt_sigprocmask(SIG_BLOCK, ~[], [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 494] <... rt_sigprocmask resumed>[], 8) = 0 [pid 298] newfstatat(AT_FDCWD, "./6/file0", [pid 494] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 494] <... clone3 resumed> => {parent_tid=[496]}, 88) = 496 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 494] rt_sigprocmask(SIG_SETMASK, [], [pid 298] openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 494] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 298] <... openat resumed>) = 4 [pid 494] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] newfstatat(4, "", [pid 494] <... futex resumed>) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 494] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 493] <... futex resumed>) = 1 [pid 489] <... futex resumed>) = 0 [pid 298] getdents64(4, [pid 489] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 489] <... futex resumed>) = 0 [pid 298] getdents64(4, [pid 493] memfd_create("syzkaller", 0 [pid 492] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=469, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- [pid 298] close(4 [pid 493] <... memfd_create resumed>) = 7 [pid 492] <... futex resumed>) = 1 [pid 488] <... futex resumed>) = 0 [pid 298] <... close resumed>) = 0 [pid 493] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 488] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] rmdir("./6/file0" [pid 493] <... mmap resumed>) = 0x7f620fc24000 [pid 492] memfd_create("syzkaller", 0 [pid 488] <... futex resumed>) = 0 [pid 298] <... rmdir resumed>) = 0 [pid 298] getdents64(3, 0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 298] close(3) = 0 [pid 298] rmdir("./6" [pid 493] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 492] <... memfd_create resumed>) = 7 [pid 298] <... rmdir resumed>) = 0 [pid 296] umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] mkdir("./7", 0777) = 0 [pid 298] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 298] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 298] close(3 [pid 492] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] <... close resumed>) = 0 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 493] <... write resumed>) = 65536 [pid 492] <... mmap resumed>) = 0x7f620fc64000 [pid 296] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 298] <... clone resumed>, child_tidptr=0x555556cc7690) = 498 ./strace-static-x86_64: Process 496 attached ./strace-static-x86_64: Process 495 attached [pid 492] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 493] munmap(0x7f620fc24000, 65536 [pid 296] <... openat resumed>) = 3 [pid 496] set_robust_list(0x7f62204449a0, 24 [pid 492] <... write resumed>) = 65536 [pid 296] newfstatat(3, "", [pid 493] <... munmap resumed>) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 492] munmap(0x7f620fc64000, 65536 [pid 493] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 296] getdents64(3, [pid 495] set_robust_list(0x7f62204659a0, 24 [pid 492] <... munmap resumed>) = 0 [pid 496] <... set_robust_list resumed>) = 0 [pid 296] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 493] <... openat resumed>) = 8 [pid 492] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 296] umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 495] <... set_robust_list resumed>) = 0 [pid 496] rt_sigprocmask(SIG_SETMASK, [], [pid 296] <... umount2 resumed>) = 0 [pid 493] ioctl(8, LOOP_SET_FD, 7 [pid 496] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 495] rt_sigprocmask(SIG_SETMASK, [], [pid 492] <... openat resumed>) = 8 [pid 296] umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 496] creat("./bus", 000 [pid 495] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 496] <... creat resumed>) = 3 [pid 495] memfd_create("syzkaller", 0 [pid 493] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 492] ioctl(8, LOOP_SET_FD, 7 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 496] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 495] <... memfd_create resumed>) = 4 [pid 493] ioctl(8, LOOP_CLR_FD [pid 492] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 296] newfstatat(AT_FDCWD, "./6/bus", [pid 496] <... futex resumed>) = 1 [pid 495] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 494] <... futex resumed>) = 0 [pid 493] <... ioctl resumed>) = 0 [pid 492] ioctl(8, LOOP_CLR_FD [pid 296] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 496] mount("/dev/loop5", "./bus", NULL, MS_BIND, NULL [pid 495] <... mmap resumed>) = 0x7f6218024000 [pid 494] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 492] <... ioctl resumed>) = 0 [pid 296] unlink("./6/bus" [pid 496] <... mount resumed>) = 0 [pid 495] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 265740 [pid 494] <... futex resumed>) = 0 [pid 496] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 494] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 296] <... unlink resumed>) = 0 [pid 496] <... futex resumed>) = 0 [pid 494] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 296] umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 498 attached [pid 496] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 494] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 498] set_robust_list(0x555556cc76a0, 24 [pid 496] <... open resumed>) = 5 [pid 494] <... futex resumed>) = 0 [pid 498] <... set_robust_list resumed>) = 0 [pid 496] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 494] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 296] newfstatat(AT_FDCWD, "./6/binderfs", [pid 498] chdir("./7" [pid 496] <... futex resumed>) = 0 [pid 494] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 493] ioctl(8, LOOP_SET_FD, 7 [pid 498] <... chdir resumed>) = 0 [pid 496] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [ 24.754307][ T486] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (47122!=0) [ 24.770076][ T486] EXT4-fs (loop4): group descriptors corrupted! [ 24.776774][ T491] loop3: detected capacity change from 0 to 512 [ 24.779586][ T490] loop1: detected capacity change from 0 to 512 [pid 494] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 493] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 492] ioctl(8, LOOP_SET_FD, 7 [pid 296] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 498] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 496] <... socket resumed>) = 6 [pid 495] <... write resumed>) = 265740 [pid 494] <... futex resumed>) = 0 [pid 498] <... prctl resumed>) = 0 [pid 496] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 494] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 498] setpgid(0, 0 [pid 496] <... futex resumed>) = 0 [pid 495] munmap(0x7f6218024000, 265740 [pid 494] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 498] <... setpgid resumed>) = 0 [pid 496] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 495] <... munmap resumed>) = 0 [pid 494] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 498] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 496] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 494] <... futex resumed>) = 0 [pid 498] <... openat resumed>) = 3 [pid 496] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 495] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 494] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 498] write(3, "1000", 4 [pid 496] <... mmap resumed>) = 0x20000000 [pid 495] <... openat resumed>) = 7 [pid 498] <... write resumed>) = 4 [pid 496] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 495] ioctl(7, LOOP_SET_FD, 4 [pid 498] close(3 [pid 496] <... futex resumed>) = 1 [pid 494] <... futex resumed>) = 0 [pid 493] close(8 [pid 492] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 296] unlink("./6/binderfs" [pid 498] <... close resumed>) = 0 [pid 496] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 494] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 498] symlink("/dev/binderfs", "./binderfs" [pid 496] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 494] <... futex resumed>) = 0 [pid 498] <... symlink resumed>) = 0 [pid 493] <... close resumed>) = 0 [pid 492] close(8 [pid 486] +++ exited with 0 +++ [pid 485] +++ exited with 0 +++ [pid 296] <... unlink resumed>) = 0 [pid 498] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=485, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 498] <... futex resumed>) = 0 [pid 492] <... close resumed>) = 0 [pid 493] close(7 [pid 498] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 492] close(7 [pid 296] umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 498] <... rt_sigaction resumed>NULL, 8) = 0 [pid 300] umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW [pid 498] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 498] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 300] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 498] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 300] <... openat resumed>) = 3 [pid 498] <... mmap resumed>) = 0x7f6220445000 [pid 493] <... close resumed>) = 0 [pid 492] <... close resumed>) = 0 [pid 300] newfstatat(3, "", [pid 498] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 300] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 498] <... mprotect resumed>) = 0 [pid 493] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 492] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] getdents64(3, [pid 498] rt_sigprocmask(SIG_BLOCK, ~[], [pid 493] <... futex resumed>) = 0 [pid 492] <... futex resumed>) = 0 [pid 300] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 296] newfstatat(AT_FDCWD, "./6/file0", [pid 498] <... rt_sigprocmask resumed>[], 8) = 0 [pid 493] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 492] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 300] umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 498] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 300] <... umount2 resumed>) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 498] <... clone3 resumed> => {parent_tid=[500]}, 88) = 500 [pid 498] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 498] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 498] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 498] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220424000 [pid 498] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 490] <... mount resumed>) = -1 EBADMSG (Bad message) [pid 300] umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 498] <... mprotect resumed>) = 0 [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 498] rt_sigprocmask(SIG_BLOCK, ~[], [pid 490] ioctl(4, LOOP_CLR_FD [pid 300] newfstatat(AT_FDCWD, "./9/bus", [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 498] <... rt_sigprocmask resumed>[], 8) = 0 [pid 300] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 498] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 490] <... ioctl resumed>) = 0 [ 24.813219][ T490] EXT4-fs warning (device loop1): read_mmp_block:115: Error -74 while reading MMP block 12 [ 24.815635][ T495] loop5: detected capacity change from 0 to 519 [ 24.829203][ T497] EXT4-fs warning (device loop3): kmmpd:170: kmmpd being stopped since MMP feature has been disabled. [ 24.830711][ T496] blk_update_request: I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 31 prio class 0 [ 24.854593][ T491] EXT4-fs (loop3): revision level too high, forcing read-only mode [pid 300] unlink("./9/bus" [pid 296] <... openat resumed>) = 4 [pid 498] <... clone3 resumed> => {parent_tid=[501]}, 88) = 501 [pid 490] close(4 [pid 300] <... unlink resumed>) = 0 [pid 296] newfstatat(4, "", [pid 300] umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] getdents64(4, [pid 300] newfstatat(AT_FDCWD, "./9/binderfs", [pid 296] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 490] <... close resumed>) = 0 [pid 300] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] getdents64(4, [pid 300] unlink("./9/binderfs" [pid 296] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 300] <... unlink resumed>) = 0 [pid 296] close(4 [pid 300] umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... close resumed>) = 0 ./strace-static-x86_64: Process 501 attached ./strace-static-x86_64: Process 500 attached [pid 498] rt_sigprocmask(SIG_SETMASK, [], [pid 490] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] rmdir("./6/file0" [pid 490] <... futex resumed>) = 0 [pid 300] newfstatat(AT_FDCWD, "./9/file0", [pid 296] <... rmdir resumed>) = 0 [pid 490] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 300] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] getdents64(3, [pid 300] umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] close(3 [pid 300] openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 296] <... close resumed>) = 0 [pid 300] <... openat resumed>) = 4 [pid 296] rmdir("./6" [pid 300] newfstatat(4, "", [pid 296] <... rmdir resumed>) = 0 [pid 300] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] mkdir("./7", 0777 [pid 501] set_robust_list(0x7f62204449a0, 24 [pid 500] set_robust_list(0x7f62204659a0, 24 [pid 498] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 488] exit_group(0 [pid 300] getdents64(4, [pid 296] <... mkdir resumed>) = 0 [pid 300] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 296] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 300] getdents64(4, [pid 296] <... openat resumed>) = 3 [pid 300] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 296] ioctl(3, LOOP_CLR_FD [pid 300] close(4 [pid 296] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 300] <... close resumed>) = 0 [pid 296] close(3 [pid 300] rmdir("./9/file0" [pid 296] <... close resumed>) = 0 [pid 300] <... rmdir resumed>) = 0 [ 24.865960][ T491] EXT4-fs error (device loop3): ext4_init_orphan_info:586: comm syz-executor172: inode #0: comm syz-executor172: iget: illegal inode # [ 24.880462][ T491] EXT4-fs (loop3): get orphan inode failed [ 24.880487][ T496] blk_update_request: I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 24.886440][ T491] EXT4-fs (loop3): mount failed [ 24.897086][ T496] Buffer I/O error on dev loop5, logical block 0, async page read [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 300] getdents64(3, 0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 296] <... clone resumed>, child_tidptr=0x555556cc7690) = 502 [pid 300] close(3) = 0 [pid 300] rmdir("./9") = 0 [pid 300] mkdir("./10", 0777) = 0 [pid 300] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 501] <... set_robust_list resumed>) = 0 [pid 500] <... set_robust_list resumed>) = 0 [pid 498] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 492] <... futex resumed>) = ? [pid 490] <... futex resumed>) = ? [pid 488] <... exit_group resumed>) = ? [pid 300] ioctl(3, LOOP_CLR_FD [pid 492] +++ exited with 0 +++ [pid 490] +++ exited with 0 +++ [pid 300] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 300] close(3) = 0 [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cc7690) = 503 ./strace-static-x86_64: Process 502 attached [pid 502] set_robust_list(0x555556cc76a0, 24) = 0 [pid 502] chdir("./7") = 0 [pid 502] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 502] setpgid(0, 0) = 0 [pid 502] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 502] write(3, "1000", 4) = 4 ./strace-static-x86_64: Process 503 attached [pid 501] rt_sigprocmask(SIG_SETMASK, [], [pid 500] rt_sigprocmask(SIG_SETMASK, [], [pid 498] <... futex resumed>) = 0 [pid 496] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000144} --- [pid 495] <... ioctl resumed>) = 0 [pid 503] set_robust_list(0x555556cc76a0, 24 [pid 495] +++ killed by SIGBUS +++ [pid 501] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 500] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 503] <... set_robust_list resumed>) = 0 [pid 496] +++ killed by SIGBUS +++ [pid 494] +++ killed by SIGBUS +++ [pid 503] chdir("./10") = 0 [pid 503] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 503] setpgid(0, 0) = 0 [pid 491] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=494, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=8} --- [pid 501] creat("./bus", 000 [pid 500] memfd_create("syzkaller", 0 [pid 498] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 503] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 491] ioctl(4, LOOP_CLR_FD [pid 501] <... creat resumed>) = 3 [pid 503] <... openat resumed>) = 3 [pid 501] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 500] <... memfd_create resumed>) = 4 [pid 491] <... ioctl resumed>) = 0 [pid 501] <... futex resumed>) = 1 [pid 500] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 498] <... futex resumed>) = 0 [pid 503] write(3, "1000", 4 [pid 498] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 491] close(4 [pid 501] mount("/dev/loop2", "./bus", NULL, MS_BIND, NULL [pid 500] <... mmap resumed>) = 0x7f6218024000 [pid 498] <... futex resumed>) = 0 [pid 503] <... write resumed>) = 4 [pid 501] <... mount resumed>) = 0 [pid 491] <... close resumed>) = 0 [pid 498] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 503] close(3 [pid 491] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 503] <... close resumed>) = 0 [pid 491] <... futex resumed>) = 0 [pid 503] symlink("/dev/binderfs", "./binderfs" [pid 491] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 503] <... symlink resumed>) = 0 [pid 503] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 503] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, NULL, 8) = 0 [pid 503] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 503] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220445000 [pid 503] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 503] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 503] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} => {parent_tid=[504]}, 88) = 504 [pid 503] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 503] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 503] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 503] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220424000 [pid 503] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 500] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 265747 [pid 501] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 503] <... mprotect resumed>) = 0 [pid 489] exit_group(0 [pid 501] <... futex resumed>) = 1 [pid 498] <... futex resumed>) = 0 [pid 503] rt_sigprocmask(SIG_BLOCK, ~[], [pid 501] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 498] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 493] <... futex resumed>) = ? [pid 491] <... futex resumed>) = ? [pid 489] <... exit_group resumed>) = ? [pid 503] <... rt_sigprocmask resumed>[], 8) = 0 [pid 498] <... futex resumed>) = 0 [pid 493] +++ exited with 0 +++ [pid 491] +++ exited with 0 +++ [pid 301] umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW [pid 503] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} => {parent_tid=[505]}, 88) = 505 [pid 503] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 503] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 503] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 505 attached [pid 505] set_robust_list(0x7f62204449a0, 24) = 0 [pid 505] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 498] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 501] <... open resumed>) = 5 [pid 505] creat("./bus", 000 [pid 301] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 501] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] <... openat resumed>) = 3 [pid 501] <... futex resumed>) = 1 [pid 498] <... futex resumed>) = 0 [pid 501] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 498] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] newfstatat(3, "", [pid 498] <... futex resumed>) = 0 [pid 301] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 501] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 498] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 501] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 301] getdents64(3, [pid 505] <... creat resumed>) = 3 [pid 505] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 503] <... futex resumed>) = 0 [pid 503] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 503] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 505] <... futex resumed>) = 1 [pid 505] mount("/dev/loop4", "./bus", NULL, MS_BIND, NULL) = 0 [pid 505] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 503] <... futex resumed>) = 0 [pid 503] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 503] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 505] <... futex resumed>) = 1 [pid 505] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 4 [pid 505] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 503] <... futex resumed>) = 0 [pid 503] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 503] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 505] <... futex resumed>) = 1 [pid 505] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE) = 5 [pid 505] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 503] <... futex resumed>) = 0 [pid 503] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 503] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 505] <... futex resumed>) = 1 [pid 505] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 4, 0 [pid 501] <... socket resumed>) = 6 [pid 301] <... getdents64 resumed>0x555556cc8730 /* 4 entries */, 32768) = 104 [pid 501] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 505] <... mmap resumed>) = 0x20000000 [pid 505] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 503] <... futex resumed>) = 0 [pid 503] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 505] <... futex resumed>) = 1 [pid 505] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000144} --- [pid 500] <... write resumed>) = 265747 [pid 501] <... futex resumed>) = 1 [pid 301] umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 501] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 500] munmap(0x7f6218024000, 265747 [pid 498] <... futex resumed>) = 0 [pid 301] <... umount2 resumed>) = 0 [pid 498] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 501] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 301] umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 498] <... futex resumed>) = 0 [pid 501] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 498] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 502] close(3 [pid 501] <... mmap resumed>) = 0x20000000 [pid 500] <... munmap resumed>) = 0 [pid 301] newfstatat(AT_FDCWD, "./8/bus", [pid 501] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 501] <... futex resumed>) = 1 [pid 500] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 498] <... futex resumed>) = 0 [pid 301] unlink("./8/bus" [pid 501] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 498] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 504 attached [pid 301] <... unlink resumed>) = 0 [pid 501] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 498] <... futex resumed>) = 0 [pid 301] umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 501] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000144} --- [pid 500] <... openat resumed>) = 7 [pid 498] ????() = ? [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 505] +++ killed by SIGBUS +++ [pid 301] newfstatat(AT_FDCWD, "./8/binderfs", [pid 500] +++ killed by SIGBUS +++ [pid 504] +++ killed by SIGBUS +++ [pid 503] +++ killed by SIGBUS +++ [pid 301] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 502] <... close resumed>) = 0 [pid 501] +++ killed by SIGBUS +++ [pid 498] +++ killed by SIGBUS +++ [pid 301] unlink("./8/binderfs" [pid 502] symlink("/dev/binderfs", "./binderfs" [pid 301] <... unlink resumed>) = 0 [pid 300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=503, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=498, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 301] getdents64(3, [pid 502] <... symlink resumed>) = 0 [pid 301] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 300] umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW [pid 301] close(3 [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 301] <... close resumed>) = 0 [pid 300] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 298] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 301] rmdir("./8" [pid 300] <... openat resumed>) = 3 [pid 300] newfstatat(3, "", [pid 298] <... openat resumed>) = 3 [pid 502] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] <... rmdir resumed>) = 0 [pid 300] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] newfstatat(3, "", [pid 301] mkdir("./9", 0777 [pid 300] getdents64(3, [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 502] <... futex resumed>) = 0 [pid 502] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, NULL, 8) = 0 [pid 502] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 502] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220445000 [pid 301] <... mkdir resumed>) = 0 [pid 502] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 300] <... getdents64 resumed>0x555556cc8730 /* 4 entries */, 32768) = 104 [pid 301] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 300] umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] getdents64(3, [pid 502] <... mprotect resumed>) = 0 [pid 502] rt_sigprocmask(SIG_BLOCK, ~[], [pid 300] <... umount2 resumed>) = 0 [pid 298] <... getdents64 resumed>0x555556cc8730 /* 4 entries */, 32768) = 104 [pid 300] umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 502] <... rt_sigprocmask resumed>[], 8) = 0 [pid 300] newfstatat(AT_FDCWD, "./10/bus", [pid 298] <... umount2 resumed>) = 0 [pid 300] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] unlink("./10/bus" [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 502] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 300] <... unlink resumed>) = 0 [pid 298] newfstatat(AT_FDCWD, "./7/bus", [pid 300] umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 502] <... clone3 resumed> => {parent_tid=[506]}, 88) = 506 [pid 298] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] unlink("./7/bus" [pid 502] rt_sigprocmask(SIG_SETMASK, [], [pid 300] newfstatat(AT_FDCWD, "./10/binderfs", [pid 298] <... unlink resumed>) = 0 [pid 300] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] unlink("./10/binderfs" [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 502] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 502] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] <... unlink resumed>) = 0 [pid 300] getdents64(3, [pid 298] newfstatat(AT_FDCWD, "./7/binderfs", [pid 300] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 300] close(3 [pid 502] <... futex resumed>) = 0 [pid 298] unlink("./7/binderfs" [pid 300] <... close resumed>) = 0 [pid 502] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 300] rmdir("./10" [pid 298] <... unlink resumed>) = 0 [pid 502] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220424000 [pid 502] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 502] rt_sigprocmask(SIG_BLOCK, ~[], [pid 300] <... rmdir resumed>) = 0 [pid 298] getdents64(3, [pid 300] mkdir("./11", 0777 [pid 298] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 502] <... rt_sigprocmask resumed>[], 8) = 0 [pid 502] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} => {parent_tid=[507]}, 88) = 507 [pid 502] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 300] <... mkdir resumed>) = 0 [pid 298] close(3 [pid 300] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 298] <... close resumed>) = 0 [pid 300] <... openat resumed>) = 3 [pid 298] rmdir("./7" [pid 300] ioctl(3, LOOP_CLR_FD [pid 502] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 502] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 507 attached [pid 507] set_robust_list(0x7f62204449a0, 24 [pid 298] <... rmdir resumed>) = 0 [pid 300] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 298] mkdir("./8", 0777 [pid 300] close(3 [pid 507] <... set_robust_list resumed>) = 0 [pid 507] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 507] creat("./bus", 000 [pid 298] <... mkdir resumed>) = 0 [pid 300] <... close resumed>) = 0 [pid 298] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 298] <... openat resumed>) = 3 [pid 507] <... creat resumed>) = 3 [pid 507] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 502] <... futex resumed>) = 0 [pid 298] ioctl(3, LOOP_CLR_FD [pid 300] <... clone resumed>, child_tidptr=0x555556cc7690) = 508 [pid 298] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 298] close(3 [pid 502] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... close resumed>) = 0 [pid 502] <... futex resumed>) = 0 [pid 502] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 507] <... futex resumed>) = 1 [pid 507] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 507] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... clone resumed>, child_tidptr=0x555556cc7690) = 509 [pid 502] <... futex resumed>) = 0 [pid 502] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 502] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 507] <... futex resumed>) = 1 [pid 507] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c./strace-static-x86_64: Process 508 attached ./strace-static-x86_64: Process 506 attached ) = 4 [pid 507] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 502] <... futex resumed>) = 0 [pid 502] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 508] set_robust_list(0x555556cc76a0, 24 [pid 506] set_robust_list(0x7f62204659a0, 24 [pid 502] <... futex resumed>) = 0 [pid 488] +++ exited with 0 +++ [pid 502] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 507] <... futex resumed>) = 1 [pid 507] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE) = 5 [pid 507] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 502] <... futex resumed>) = 0 [pid 502] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 502] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 507] <... futex resumed>) = 1 [pid 507] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 4, 0) = 0x20000000 [pid 508] <... set_robust_list resumed>) = 0 [pid 506] <... set_robust_list resumed>) = 0 [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=488, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 507] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 502] <... futex resumed>) = 0 [pid 502] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 507] <... futex resumed>) = 1 [pid 508] chdir("./11" [pid 506] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 509 attached [pid 509] set_robust_list(0x555556cc76a0, 24 [pid 297] umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW [pid 509] <... set_robust_list resumed>) = 0 [pid 509] chdir("./8" [pid 508] <... chdir resumed>) = 0 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 509] <... chdir resumed>) = 0 [pid 509] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 509] setpgid(0, 0) = 0 [pid 508] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 507] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000144} --- [pid 506] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 297] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 509] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 508] <... prctl resumed>) = 0 [pid 297] <... openat resumed>) = 3 [pid 509] <... openat resumed>) = 3 [pid 509] write(3, "1000", 4) = 4 [pid 509] close(3) = 0 [pid 509] symlink("/dev/binderfs", "./binderfs" [pid 508] setpgid(0, 0 [pid 506] +++ killed by SIGBUS +++ [pid 489] +++ exited with 0 +++ [pid 301] <... openat resumed>) = 3 [pid 297] newfstatat(3, "", [pid 301] ioctl(3, LOOP_CLR_FD) = 0 [pid 301] close(3 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 301] <... close resumed>) = 0 [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=489, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- [pid 301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 297] getdents64(3, [pid 299] umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 301] <... clone resumed>, child_tidptr=0x555556cc7690) = 510 [pid 299] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 508] <... setpgid resumed>) = 0 [pid 299] <... openat resumed>) = 3 [pid 297] umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] <... umount2 resumed>) = 0 [pid 299] getdents64(3, [pid 297] umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] newfstatat(AT_FDCWD, "./8/bus", [pid 508] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 299] <... umount2 resumed>) = 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] unlink("./8/bus" [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./8/bus", [pid 297] <... unlink resumed>) = 0 [pid 508] <... openat resumed>) = 3 [pid 299] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 508] write(3, "1000", 4 [pid 299] unlink("./8/bus" [pid 297] umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 508] <... write resumed>) = 4 ./strace-static-x86_64: Process 510 attached [pid 508] close(3 [pid 507] +++ killed by SIGBUS +++ [pid 502] +++ killed by SIGBUS +++ [pid 299] <... unlink resumed>) = 0 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 508] <... close resumed>) = 0 [pid 299] umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] newfstatat(AT_FDCWD, "./8/binderfs", [pid 510] set_robust_list(0x555556cc76a0, 24 [pid 508] symlink("/dev/binderfs", "./binderfs" [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=502, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 510] <... set_robust_list resumed>) = 0 [pid 299] newfstatat(AT_FDCWD, "./8/binderfs", [pid 297] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 510] chdir("./9" [pid 508] <... symlink resumed>) = 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] unlink("./8/binderfs" [pid 296] restart_syscall(<... resuming interrupted clone ...> [pid 510] <... chdir resumed>) = 0 [pid 508] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] unlink("./8/binderfs" [pid 297] <... unlink resumed>) = 0 [pid 296] <... restart_syscall resumed>) = 0 [pid 299] <... unlink resumed>) = 0 [pid 510] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 508] <... futex resumed>) = 0 [pid 299] umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 510] <... prctl resumed>) = 0 [pid 508] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 510] setpgid(0, 0 [pid 508] <... rt_sigaction resumed>NULL, 8) = 0 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./8/file0", [pid 296] umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW [pid 510] <... setpgid resumed>) = 0 [pid 508] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] newfstatat(AT_FDCWD, "./8/file0", [pid 508] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 299] umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 508] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 508] <... mmap resumed>) = 0x7f6220445000 [pid 299] openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 297] umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 510] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 508] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 299] <... openat resumed>) = 4 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 508] <... mprotect resumed>) = 0 [pid 299] newfstatat(4, "", [pid 297] openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 296] <... openat resumed>) = 3 [pid 508] rt_sigprocmask(SIG_BLOCK, ~[], [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] <... openat resumed>) = 4 [pid 296] newfstatat(3, "", [pid 510] <... openat resumed>) = 3 [pid 508] <... rt_sigprocmask resumed>[], 8) = 0 [pid 299] getdents64(4, [pid 297] newfstatat(4, "", [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 508] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 299] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] getdents64(3, [pid 509] <... symlink resumed>) = 0 [pid 508] <... clone3 resumed> => {parent_tid=[511]}, 88) = 511 [pid 299] getdents64(4, [pid 297] getdents64(4, [pid 296] <... getdents64 resumed>0x555556cc8730 /* 4 entries */, 32768) = 104 [pid 508] rt_sigprocmask(SIG_SETMASK, [], [pid 299] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 297] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 296] umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 508] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 299] close(4 [pid 297] getdents64(4, ./strace-static-x86_64: Process 511 attached [pid 510] write(3, "1000", 4 [pid 508] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... close resumed>) = 0 [pid 297] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 296] <... umount2 resumed>) = 0 [pid 508] <... futex resumed>) = 0 [pid 299] rmdir("./8/file0" [pid 297] close(4 [pid 296] umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 508] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [ 24.909661][ T496] blk_update_request: I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 24.920855][ T496] Buffer I/O error on dev loop5, logical block 0, async page read [pid 509] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 511] set_robust_list(0x7f62204659a0, 24 [pid 510] <... write resumed>) = 4 [pid 508] <... futex resumed>) = 0 [pid 299] <... rmdir resumed>) = 0 [pid 297] <... close resumed>) = 0 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 508] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 299] getdents64(3, [pid 297] rmdir("./8/file0" [pid 296] newfstatat(AT_FDCWD, "./7/bus", [pid 508] <... mmap resumed>) = 0x7f6220424000 [pid 299] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 511] <... set_robust_list resumed>) = 0 [pid 510] close(3 [pid 509] <... futex resumed>) = 0 [pid 508] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 299] close(3 [pid 297] <... rmdir resumed>) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 508] <... mprotect resumed>) = 0 [pid 299] <... close resumed>) = 0 [pid 296] unlink("./7/bus" [pid 508] rt_sigprocmask(SIG_BLOCK, ~[], [pid 297] getdents64(3, [pid 509] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, NULL, 8) = 0 [pid 296] <... unlink resumed>) = 0 [pid 508] <... rt_sigprocmask resumed>[], 8) = 0 [pid 299] rmdir("./8" [pid 296] umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 508] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 297] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 509] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 509] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220445000 [pid 299] <... rmdir resumed>) = 0 [pid 509] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 297] close(3 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 508] <... clone3 resumed> => {parent_tid=[512]}, 88) = 512 [pid 299] mkdir("./9", 0777 [pid 508] rt_sigprocmask(SIG_SETMASK, [], [pid 297] <... close resumed>) = 0 [pid 296] newfstatat(AT_FDCWD, "./7/binderfs", [pid 509] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 509] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 299] <... mkdir resumed>) = 0 [pid 508] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] rmdir("./8" [pid 508] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 296] unlink("./7/binderfs" [pid 511] rt_sigprocmask(SIG_SETMASK, [], [pid 510] <... close resumed>) = 0 [pid 509] <... clone3 resumed> => {parent_tid=[513]}, 88) = 513 [pid 508] <... futex resumed>) = 0 [pid 299] <... openat resumed>) = 3 [pid 297] <... rmdir resumed>) = 0 [pid 296] <... unlink resumed>) = 0 [pid 508] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] ioctl(3, LOOP_CLR_FD [pid 297] mkdir("./9", 0777 [pid 296] getdents64(3, ./strace-static-x86_64: Process 513 attached ./strace-static-x86_64: Process 512 attached [pid 511] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 510] symlink("/dev/binderfs", "./binderfs" [pid 509] rt_sigprocmask(SIG_SETMASK, [], [pid 299] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 297] <... mkdir resumed>) = 0 [pid 296] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 513] set_robust_list(0x7f62204659a0, 24 [pid 512] set_robust_list(0x7f62204449a0, 24 [pid 511] memfd_create("syzkaller", 0 [pid 510] <... symlink resumed>) = 0 [pid 509] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 299] close(3 [pid 297] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 296] close(3 [pid 513] <... set_robust_list resumed>) = 0 [pid 512] <... set_robust_list resumed>) = 0 [pid 511] <... memfd_create resumed>) = 3 [pid 510] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... close resumed>) = 0 [pid 297] <... openat resumed>) = 3 [pid 296] <... close resumed>) = 0 [pid 513] rt_sigprocmask(SIG_SETMASK, [], [pid 512] rt_sigprocmask(SIG_SETMASK, [], [pid 511] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 510] <... futex resumed>) = 0 [pid 509] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 297] ioctl(3, LOOP_CLR_FD [pid 296] rmdir("./7" [pid 513] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 512] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 511] <... mmap resumed>) = 0x7f6218024000 [pid 510] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 509] <... futex resumed>) = 0 [pid 297] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 296] <... rmdir resumed>) = 0 ./strace-static-x86_64: Process 514 attached [pid 513] memfd_create("syzkaller", 0 [pid 512] creat("./bus", 000 [pid 510] <... rt_sigaction resumed>NULL, 8) = 0 [pid 509] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... clone resumed>, child_tidptr=0x555556cc7690) = 514 [pid 297] close(3 [pid 296] mkdir("./8", 0777 [pid 514] set_robust_list(0x555556cc76a0, 24 [pid 510] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 513] <... memfd_create resumed>) = 3 [pid 512] <... creat resumed>) = 4 [pid 511] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 509] <... futex resumed>) = 0 [pid 297] <... close resumed>) = 0 [pid 296] <... mkdir resumed>) = 0 [pid 514] <... set_robust_list resumed>) = 0 [pid 513] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 512] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 511] <... write resumed>) = 262144 [pid 510] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 509] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 296] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 514] chdir("./9" [pid 513] <... mmap resumed>) = 0x7f6218045000 [pid 512] <... futex resumed>) = 1 [pid 511] munmap(0x7f6218024000, 262144 [pid 510] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 508] <... futex resumed>) = 0 [pid 296] <... openat resumed>) = 3 [pid 514] <... chdir resumed>) = 0 [pid 512] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 511] <... munmap resumed>) = 0 [pid 510] <... mmap resumed>) = 0x7f6220445000 [pid 509] <... mmap resumed>) = 0x7f6218024000 [pid 508] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... clone resumed>, child_tidptr=0x555556cc7690) = 515 [pid 296] ioctl(3, LOOP_CLR_FD [pid 514] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 512] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 511] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 510] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 508] <... futex resumed>) = 0 [pid 296] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 514] <... prctl resumed>) = 0 [pid 512] mount("/dev/loop4", "./bus", NULL, MS_BIND, NULL [pid 511] <... openat resumed>) = 5 [pid 510] <... mprotect resumed>) = 0 [pid 509] mprotect(0x7f6218025000, 131072, PROT_READ|PROT_WRITE [pid 508] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 296] close(3 [pid 514] setpgid(0, 0 [pid 512] <... mount resumed>) = 0 [pid 511] ioctl(5, LOOP_SET_FD, 3 [pid 510] rt_sigprocmask(SIG_BLOCK, ~[], [pid 509] <... mprotect resumed>) = 0 [pid 296] <... close resumed>) = 0 ./strace-static-x86_64: Process 515 attached [pid 514] <... setpgid resumed>) = 0 [pid 513] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 512] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 509] rt_sigprocmask(SIG_BLOCK, ~[], [pid 515] set_robust_list(0x555556cc76a0, 24 [pid 514] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 513] <... write resumed>) = 262144 [pid 512] <... futex resumed>) = 1 [pid 510] <... rt_sigprocmask resumed>[], 8) = 0 [pid 509] <... rt_sigprocmask resumed>[], 8) = 0 [pid 508] <... futex resumed>) = 0 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 515] <... set_robust_list resumed>) = 0 [pid 513] munmap(0x7f6218045000, 262144 [pid 512] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 510] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 509] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6218044990, parent_tid=0x7f6218044990, exit_signal=0, stack=0x7f6218024000, stack_size=0x20300, tls=0x7f62180446c0} [pid 508] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 515] chdir("./9" [pid 514] <... openat resumed>) = 3 [pid 513] <... munmap resumed>) = 0 [pid 512] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 508] <... futex resumed>) = 0 [pid 515] <... chdir resumed>) = 0 [pid 514] write(3, "1000", 4 [pid 513] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 512] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 510] <... clone3 resumed> => {parent_tid=[517]}, 88) = 517 [pid 509] <... clone3 resumed> => {parent_tid=[518]}, 88) = 518 [pid 508] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 296] <... clone resumed>, child_tidptr=0x555556cc7690) = 516 [pid 515] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 514] <... write resumed>) = 4 [pid 513] <... openat resumed>) = 4 [pid 510] rt_sigprocmask(SIG_SETMASK, [], [pid 509] rt_sigprocmask(SIG_SETMASK, [], [pid 515] <... prctl resumed>) = 0 [pid 514] close(3 [pid 513] ioctl(4, LOOP_SET_FD, 3 [pid 510] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 509] <... rt_sigprocmask resumed>NULL, 8) = 0 ./strace-static-x86_64: Process 518 attached ./strace-static-x86_64: Process 517 attached ./strace-static-x86_64: Process 516 attached [pid 514] <... close resumed>) = 0 [pid 512] <... open resumed>) = 6 [pid 511] <... ioctl resumed>) = 0 [pid 510] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 518] set_robust_list(0x7f62180449a0, 24 [pid 517] set_robust_list(0x7f62204659a0, 24 [pid 516] set_robust_list(0x555556cc76a0, 24 [pid 514] symlink("/dev/binderfs", "./binderfs" [pid 512] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 511] close(3 [pid 510] <... futex resumed>) = 0 [pid 518] <... set_robust_list resumed>) = 0 [pid 517] <... set_robust_list resumed>) = 0 [pid 516] <... set_robust_list resumed>) = 0 [pid 514] <... symlink resumed>) = 0 [pid 512] <... futex resumed>) = 1 [pid 511] <... close resumed>) = 0 [pid 510] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 508] <... futex resumed>) = 0 [pid 518] rt_sigprocmask(SIG_SETMASK, [], [pid 517] rt_sigprocmask(SIG_SETMASK, [], [pid 516] chdir("./8" [pid 514] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 512] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 511] mkdir("./file0", 0777 [pid 510] <... futex resumed>) = 0 [pid 508] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 518] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 517] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 516] <... chdir resumed>) = 0 [pid 514] <... futex resumed>) = 0 [pid 512] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 511] <... mkdir resumed>) = 0 [pid 510] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 508] <... futex resumed>) = 0 [pid 518] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 517] memfd_create("syzkaller", 0 [pid 516] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 514] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 512] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 511] mount("/dev/loop4", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 510] <... mmap resumed>) = 0x7f6220424000 [pid 509] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 508] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 518] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 517] <... memfd_create resumed>) = 3 [pid 516] <... prctl resumed>) = 0 [pid 515] setpgid(0, 0 [pid 514] <... rt_sigaction resumed>NULL, 8) = 0 [pid 513] <... ioctl resumed>) = 0 [pid 512] <... socket resumed>) = 3 [pid 509] <... futex resumed>) = 0 [pid 518] creat("./bus", 000 [pid 517] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 516] setpgid(0, 0 [pid 515] <... setpgid resumed>) = 0 [pid 514] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 512] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 510] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 518] <... creat resumed>) = 5 [pid 517] <... mmap resumed>) = 0x7f6218024000 [pid 516] <... setpgid resumed>) = 0 [pid 515] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 514] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 513] close(3 [pid 512] <... futex resumed>) = 1 [pid 510] <... mprotect resumed>) = 0 [pid 509] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 508] <... futex resumed>) = 0 [pid 515] <... openat resumed>) = 3 [pid 513] <... close resumed>) = 0 [pid 515] write(3, "1000", 4) = 4 [pid 513] mkdir("./file0", 0777 [pid 515] close(3) = 0 [pid 513] <... mkdir resumed>) = 0 [pid 515] symlink("/dev/binderfs", "./binderfs" [pid 517] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 515] <... symlink resumed>) = 0 [pid 514] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 513] mount("/dev/loop2", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 508] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 512] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 6, 0 [pid 516] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 515] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 514] <... mmap resumed>) = 0x7f6220445000 [pid 510] rt_sigprocmask(SIG_BLOCK, ~[], [pid 517] <... write resumed>) = 262144 [pid 515] <... futex resumed>) = 0 [pid 508] <... futex resumed>) = 0 [pid 515] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 514] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 512] <... mmap resumed>) = 0x20000000 [pid 510] <... rt_sigprocmask resumed>[], 8) = 0 [pid 516] <... openat resumed>) = 3 [pid 515] <... rt_sigaction resumed>NULL, 8) = 0 [pid 508] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 517] munmap(0x7f6218024000, 262144 [pid 516] write(3, "1000", 4 [pid 515] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 514] <... mprotect resumed>) = 0 [pid 512] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 510] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 508] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 515] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 514] rt_sigprocmask(SIG_BLOCK, ~[], [pid 515] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 508] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 515] <... mmap resumed>) = 0x7f6220445000 [pid 515] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 516] <... write resumed>) = 4 [pid 515] <... mprotect resumed>) = 0 [pid 514] <... rt_sigprocmask resumed>[], 8) = 0 [pid 512] <... futex resumed>) = 0 [pid 510] <... clone3 resumed> => {parent_tid=[519]}, 88) = 519 [pid 508] <... futex resumed>) = 0 [pid 517] <... munmap resumed>) = 0 [pid 516] close(3 [pid 515] rt_sigprocmask(SIG_BLOCK, ~[], [pid 514] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 512] memfd_create("syzkaller", 0 [pid 517] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 516] <... close resumed>) = 0 [pid 515] <... rt_sigprocmask resumed>[], 8) = 0 [pid 510] rt_sigprocmask(SIG_SETMASK, [], [pid 515] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 512] <... memfd_create resumed>) = 7 [pid 517] <... openat resumed>) = 4 [pid 516] symlink("/dev/binderfs", "./binderfs" [pid 514] <... clone3 resumed> => {parent_tid=[520]}, 88) = 520 [pid 512] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 510] <... rt_sigprocmask resumed>NULL, 8) = 0 ./strace-static-x86_64: Process 520 attached [pid 518] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 517] ioctl(4, LOOP_SET_FD, 3 [pid 516] <... symlink resumed>) = 0 [pid 515] <... clone3 resumed> => {parent_tid=[521]}, 88) = 521 [pid 514] rt_sigprocmask(SIG_SETMASK, [], [pid 512] <... mmap resumed>) = 0x7f620fc64000 [pid 510] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 515] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 515] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 515] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 515] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220424000 [pid 515] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 515] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 515] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 516] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 514] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 512] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 510] <... futex resumed>) = 0 ./strace-static-x86_64: Process 519 attached [pid 515] <... clone3 resumed> => {parent_tid=[522]}, 88) = 522 [pid 519] set_robust_list(0x7f62204449a0, 24 [pid 515] rt_sigprocmask(SIG_SETMASK, [], [pid 519] <... set_robust_list resumed>) = 0 [pid 515] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 519] rt_sigprocmask(SIG_SETMASK, [], [pid 515] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 519] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 515] <... futex resumed>) = 0 [pid 519] creat("./bus", 000 [pid 515] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 519] <... creat resumed>) = 5 [pid 519] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 519] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 522 attached [pid 522] set_robust_list(0x7f62204449a0, 24) = 0 [pid 522] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 522] creat("./bus", 000) = 3 [pid 522] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 515] <... futex resumed>) = 0 [pid 515] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 515] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 522] <... futex resumed>) = 1 [pid 522] mount("/dev/loop1", "./bus", NULL, MS_BIND, NULL) = 0 ./strace-static-x86_64: Process 521 attached [pid 521] set_robust_list(0x7f62204659a0, 24) = 0 [pid 521] rt_sigprocmask(SIG_SETMASK, [], [pid 522] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 521] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 515] <... futex resumed>) = 0 [pid 515] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 515] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 521] memfd_create("syzkaller", 0 [pid 522] <... futex resumed>) = 1 [pid 522] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 4 [pid 521] <... memfd_create resumed>) = 5 [pid 522] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 515] <... futex resumed>) = 0 [pid 515] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 515] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 522] <... futex resumed>) = 1 [pid 522] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 521] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 522] <... socket resumed>) = 6 [pid 521] <... mmap resumed>) = 0x7f6218024000 [pid 521] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 522] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 515] <... futex resumed>) = 0 [pid 515] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 515] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 522] <... futex resumed>) = 1 [pid 522] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 4, 0) = 0x20000000 [pid 522] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 515] <... futex resumed>) = 0 [pid 515] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 522] <... futex resumed>) = 1 [pid 522] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000144} --- [pid 521] <... write resumed>) = ? [pid 522] +++ killed by SIGBUS +++ [pid 521] +++ killed by SIGBUS +++ [pid 520] set_robust_list(0x7f62204659a0, 24 [pid 518] <... futex resumed>) = 1 [pid 517] <... ioctl resumed>) = 0 [pid 516] <... futex resumed>) = 0 [pid 515] +++ killed by SIGBUS +++ [pid 514] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 512] <... write resumed>) = 65536 [pid 510] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 509] <... futex resumed>) = 0 [pid 520] <... set_robust_list resumed>) = 0 [pid 518] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 516] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 514] <... futex resumed>) = 0 [pid 512] munmap(0x7f620fc64000, 65536 [pid 511] <... mount resumed>) = -1 EBADMSG (Bad message) [pid 510] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 509] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 520] rt_sigprocmask(SIG_SETMASK, [], [pid 518] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 516] <... rt_sigaction resumed>NULL, 8) = 0 [pid 514] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 512] <... munmap resumed>) = 0 [pid 510] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=515, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 520] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 518] mount("/dev/loop2", "./bus", NULL, MS_BIND, NULL [pid 516] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 514] <... futex resumed>) = 0 [pid 512] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 510] <... futex resumed>) = 1 [pid 297] restart_syscall(<... resuming interrupted clone ...> [pid 520] memfd_create("syzkaller", 0 [pid 518] <... mount resumed>) = 0 [pid 517] close(3 [pid 516] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 514] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 512] <... openat resumed>) = 8 [pid 510] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] <... restart_syscall resumed>) = 0 [pid 520] <... memfd_create resumed>) = 3 [pid 518] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 517] <... close resumed>) = 0 [pid 516] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 514] <... mmap resumed>) = 0x7f6220424000 [ 25.004859][ T511] loop4: detected capacity change from 0 to 512 [ 25.013565][ T513] loop2: detected capacity change from 0 to 512 [ 25.027757][ T511] EXT4-fs warning (device loop4): read_mmp_block:115: Error -74 while reading MMP block 12 [ 25.028037][ T517] loop5: detected capacity change from 0 to 512 [pid 512] ioctl(8, LOOP_SET_FD, 7 [pid 520] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 518] <... futex resumed>) = 0 [pid 517] mkdir("./file0", 0777 [pid 516] <... mmap resumed>) = 0x7f6220445000 [pid 514] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 512] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 520] <... mmap resumed>) = 0x7f6218024000 [pid 518] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 517] <... mkdir resumed>) = 0 [pid 516] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 514] <... mprotect resumed>) = 0 [pid 512] ioctl(8, LOOP_CLR_FD [pid 297] umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW [pid 520] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 517] mount("/dev/loop5", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 516] <... mprotect resumed>) = 0 [pid 514] rt_sigprocmask(SIG_BLOCK, ~[], [pid 512] <... ioctl resumed>) = 0 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 520] <... write resumed>) = 262144 [pid 516] rt_sigprocmask(SIG_BLOCK, ~[], [pid 514] <... rt_sigprocmask resumed>[], 8) = 0 [pid 297] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 520] munmap(0x7f6218024000, 262144 [pid 516] <... rt_sigprocmask resumed>[], 8) = 0 [pid 514] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 297] <... openat resumed>) = 3 [pid 520] <... munmap resumed>) = 0 [pid 516] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 297] newfstatat(3, "", [pid 520] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 514] <... clone3 resumed> => {parent_tid=[525]}, 88) = 525 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 520] <... openat resumed>) = 4 [pid 516] <... clone3 resumed> => {parent_tid=[526]}, 88) = 526 [pid 514] rt_sigprocmask(SIG_SETMASK, [], [pid 512] ioctl(8, LOOP_SET_FD, 7 [pid 297] getdents64(3, ./strace-static-x86_64: Process 526 attached ./strace-static-x86_64: Process 525 attached [pid 520] ioctl(4, LOOP_SET_FD, 3 [pid 519] <... futex resumed>) = 0 [pid 518] <... futex resumed>) = 0 [pid 516] rt_sigprocmask(SIG_SETMASK, [], [pid 514] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 513] <... mount resumed>) = 0 [pid 512] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 511] ioctl(5, LOOP_CLR_FD [pid 509] <... futex resumed>) = 1 [pid 297] <... getdents64 resumed>0x555556cc8730 /* 4 entries */, 32768) = 104 [pid 526] set_robust_list(0x7f62204659a0, 24 [pid 525] set_robust_list(0x7f62204449a0, 24 [pid 519] mount("/dev/loop5", "./bus", NULL, MS_BIND, NULL [pid 518] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 511] <... ioctl resumed>) = 0 [pid 509] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 519] <... mount resumed>) = 0 [pid 511] close(5 [pid 509] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 526] <... set_robust_list resumed>) = 0 [pid 525] <... set_robust_list resumed>) = 0 [pid 520] <... ioctl resumed>) = 0 [pid 519] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 516] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 514] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 513] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 512] close(8 [pid 511] <... close resumed>) = 0 [pid 297] umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 526] rt_sigprocmask(SIG_SETMASK, [], [pid 525] rt_sigprocmask(SIG_SETMASK, [], [pid 520] close(3 [pid 519] <... futex resumed>) = 1 [pid 516] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 514] <... futex resumed>) = 0 [pid 513] <... openat resumed>) = 3 [pid 512] <... close resumed>) = 0 [pid 511] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 510] <... futex resumed>) = 0 [pid 509] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... umount2 resumed>) = 0 [pid 526] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 525] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 520] <... close resumed>) = 0 [pid 519] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 518] <... futex resumed>) = 0 [pid 516] <... futex resumed>) = 0 [pid 514] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 513] chdir("./file0" [pid 512] close(7 [pid 511] <... futex resumed>) = 0 [pid 510] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 509] <... futex resumed>) = 1 [pid 297] umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 526] memfd_create("syzkaller", 0 [pid 525] creat("./bus", 000 [pid 520] mkdir("./file0", 0777 [pid 519] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 518] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 516] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 513] <... chdir resumed>) = 0 [pid 512] <... close resumed>) = 0 [pid 511] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 510] <... futex resumed>) = 0 [pid 509] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 526] <... memfd_create resumed>) = 3 [pid 525] <... creat resumed>) = 3 [pid 520] <... mkdir resumed>) = 0 [pid 519] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 516] <... futex resumed>) = 0 [pid 513] ioctl(4, LOOP_CLR_FD [pid 512] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 510] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 508] exit_group(0 [pid 297] newfstatat(AT_FDCWD, "./9/bus", [pid 526] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 525] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 520] mount("/dev/loop3", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 519] <... open resumed>) = 3 [pid 518] <... open resumed>) = -1 ENOENT (No such file or directory) [pid 516] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 513] <... ioctl resumed>) = 0 [pid 512] <... futex resumed>) = ? [pid 511] <... futex resumed>) = ? [pid 508] <... exit_group resumed>) = ? [pid 297] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 526] <... mmap resumed>) = 0x7f6218045000 [pid 525] <... futex resumed>) = 1 [pid 519] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 518] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 516] <... mmap resumed>) = 0x7f6218024000 [pid 514] <... futex resumed>) = 0 [pid 513] close(4 [pid 512] +++ exited with 0 +++ [pid 511] +++ exited with 0 +++ [pid 297] unlink("./9/bus" [pid 525] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 519] <... futex resumed>) = 1 [pid 518] <... futex resumed>) = 1 [pid 516] mprotect(0x7f6218025000, 131072, PROT_READ|PROT_WRITE [pid 514] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 513] <... close resumed>) = 0 [pid 510] <... futex resumed>) = 0 [pid 509] <... futex resumed>) = 0 [pid 525] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 519] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 518] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 516] <... mprotect resumed>) = 0 [pid 514] <... futex resumed>) = 0 [pid 513] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 510] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 509] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... unlink resumed>) = 0 [pid 525] mount("/dev/loop3", "./bus", NULL, MS_BIND, NULL [pid 519] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 516] rt_sigprocmask(SIG_BLOCK, ~[], [pid 514] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 513] <... futex resumed>) = 0 [pid 510] <... futex resumed>) = 0 [pid 509] <... futex resumed>) = 0 [pid 297] umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 525] <... mount resumed>) = 0 [pid 519] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 516] <... rt_sigprocmask resumed>[], 8) = 0 [pid 513] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 510] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 509] futex(0x7f62205316cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 525] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 519] <... socket resumed>) = 6 [pid 516] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6218044990, parent_tid=0x7f6218044990, exit_signal=0, stack=0x7f6218024000, stack_size=0x20300, tls=0x7f62180446c0} [pid 513] <... socket resumed>) = 4 [pid 297] newfstatat(AT_FDCWD, "./9/binderfs", [pid 525] <... futex resumed>) = 1 [pid 519] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 514] <... futex resumed>) = 0 [pid 513] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 519] <... futex resumed>) = 1 [pid 516] <... clone3 resumed> => {parent_tid=[528]}, 88) = 528 [pid 513] <... futex resumed>) = 1 [pid 510] <... futex resumed>) = 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 514] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 525] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 519] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 516] rt_sigprocmask(SIG_SETMASK, [], [pid 514] <... futex resumed>) = 0 [pid 513] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 510] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 509] <... futex resumed>) = 0 [pid 297] unlink("./9/binderfs" [pid 525] <... open resumed>) = 5 [pid 519] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 516] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 514] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 510] <... futex resumed>) = 0 [pid 509] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 516] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... unlink resumed>) = 0 [pid 525] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 519] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 3, 0 [pid 516] <... futex resumed>) = 0 [pid 513] <... futex resumed>) = 0 [pid 510] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 509] <... futex resumed>) = 1 [pid 297] getdents64(3, [pid 525] <... futex resumed>) = 1 [pid 519] <... mmap resumed>) = 0x20000000 [pid 516] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 514] <... futex resumed>) = 0 [pid 513] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, -1, 0 [pid 509] futex(0x7f62205316cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 526] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 525] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 519] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 514] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 513] <... mmap resumed>) = -1 EBADF (Bad file descriptor) [pid 297] close(3 [pid 514] <... futex resumed>) = 0 [pid 513] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 519] <... futex resumed>) = 1 [pid 510] <... futex resumed>) = 0 [pid 525] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 519] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 514] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 513] <... futex resumed>) = 1 [pid 510] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 509] <... futex resumed>) = 0 [pid 297] <... close resumed>) = 0 [pid 525] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 519] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 513] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 510] <... futex resumed>) = 0 [pid 509] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] rmdir("./9" [pid 525] <... socket resumed>) = 6 [pid 513] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 509] <... futex resumed>) = 0 [pid 519] memfd_create("syzkaller", 0 [pid 513] memfd_create("syzkaller", 0./strace-static-x86_64: Process 528 attached [pid 528] set_robust_list(0x7f62180449a0, 24) = 0 [pid 528] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 297] <... rmdir resumed>) = 0 [pid 528] creat("./bus", 000 [pid 513] <... memfd_create resumed>) = 6 [pid 525] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 519] <... memfd_create resumed>) = 7 [pid 513] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 297] mkdir("./10", 0777 [pid 525] <... futex resumed>) = 1 [pid 519] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 514] <... futex resumed>) = 0 [pid 513] <... mmap resumed>) = 0x7f620fc24000 [pid 528] <... creat resumed>) = 4 [pid 526] <... write resumed>) = 262144 [pid 525] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 519] <... mmap resumed>) = 0x7f620fc64000 [pid 514] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 513] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 297] <... mkdir resumed>) = 0 [pid 519] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 514] <... futex resumed>) = 0 [pid 513] <... write resumed>) = 65536 [pid 519] <... write resumed>) = 65536 [pid 514] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 513] munmap(0x7f620fc24000, 65536 [pid 519] munmap(0x7f620fc64000, 65536 [pid 513] <... munmap resumed>) = 0 [pid 525] <... mmap resumed>) = 0x20000000 [pid 519] <... munmap resumed>) = 0 [pid 513] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 297] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 525] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 519] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 513] <... openat resumed>) = 7 [pid 297] <... openat resumed>) = 3 [pid 525] <... futex resumed>) = 1 [pid 519] <... openat resumed>) = 8 [pid 514] <... futex resumed>) = 0 [pid 513] ioctl(7, LOOP_SET_FD, 6 [pid 297] ioctl(3, LOOP_CLR_FD [pid 525] memfd_create("syzkaller", 0 [pid 519] ioctl(8, LOOP_SET_FD, 7 [pid 514] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 513] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 297] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 525] <... memfd_create resumed>) = 7 [pid 519] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 514] <... futex resumed>) = 0 [pid 513] ioctl(7, LOOP_CLR_FD [pid 297] close(3 [pid 525] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 519] ioctl(8, LOOP_CLR_FD [pid 513] <... ioctl resumed>) = 0 [pid 297] <... close resumed>) = 0 [pid 525] <... mmap resumed>) = 0x7f620fc64000 [pid 519] <... ioctl resumed>) = 0 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 525] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536) = 65536 [pid 297] <... clone resumed>, child_tidptr=0x555556cc7690) = 529 [pid 525] munmap(0x7f620fc64000, 65536) = 0 [pid 513] ioctl(7, LOOP_SET_FD, 6 [pid 525] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 513] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 525] <... openat resumed>) = 8 [pid 513] close(7 [pid 525] ioctl(8, LOOP_SET_FD, 7 [pid 513] <... close resumed>) = 0 [pid 525] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 513] close(6 [pid 525] ioctl(8, LOOP_CLR_FD [pid 513] <... close resumed>) = 0 [pid 525] <... ioctl resumed>) = 0 [pid 519] ioctl(8, LOOP_SET_FD, 7 [pid 513] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 509] exit_group(0 [pid 519] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 518] <... futex resumed>) = ? [pid 509] <... exit_group resumed>) = ? [pid 519] close(8 [pid 518] +++ exited with 0 +++ [pid 513] <... futex resumed>) = ? [pid 519] <... close resumed>) = 0 [pid 513] +++ exited with 0 +++ [pid 509] +++ exited with 0 +++ [pid 519] close(7 [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=509, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- [pid 519] <... close resumed>) = 0 [pid 298] restart_syscall(<... resuming interrupted clone ...> [pid 519] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 519] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 526] munmap(0x7f6218045000, 262144 [pid 298] <... restart_syscall resumed>) = 0 [pid 298] umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 525] ioctl(8, LOOP_SET_FD, 7 [pid 298] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 525] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 298] <... openat resumed>) = 3 [pid 525] close(8 [pid 298] newfstatat(3, "", [pid 525] <... close resumed>) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 525] close(7 [pid 298] getdents64(3, [pid 525] <... close resumed>) = 0 [pid 298] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 525] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 525] <... futex resumed>) = 0 [pid 525] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 526] <... munmap resumed>) = 0 [ 25.050043][ T513] EXT4-fs (loop2): mounted filesystem without journal. Opts: nodiscard,barrier,nouid32,grpquota,,errors=continue. Quota mode: writeback. [ 25.064020][ T513] ext4 filesystem being mounted at /root/syzkaller.4RDDfu/8/file0 supports timestamps until 2038 (0x7fffffff) [ 25.076103][ T520] loop3: detected capacity change from 0 to 512 [ 25.092485][ T527] EXT4-fs warning (device loop5): kmmpd:170: kmmpd being stopped since MMP feature has been disabled. [pid 526] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 526] ioctl(5, LOOP_SET_FD, 3./strace-static-x86_64: Process 529 attached [pid 528] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 526] <... ioctl resumed>) = 0 [pid 520] <... mount resumed>) = -1 EBADMSG (Bad message) [pid 298] <... umount2 resumed>) = 0 [pid 529] set_robust_list(0x555556cc76a0, 24 [pid 528] <... futex resumed>) = 1 [pid 520] ioctl(4, LOOP_CLR_FD [pid 516] <... futex resumed>) = 0 [pid 298] umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 529] <... set_robust_list resumed>) = 0 [pid 528] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 520] <... ioctl resumed>) = 0 [pid 516] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 529] chdir("./10" [pid 528] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 520] close(4 [pid 516] <... futex resumed>) = 0 [pid 529] <... chdir resumed>) = 0 [pid 528] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 520] <... close resumed>) = 0 [pid 516] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 529] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 528] <... mount resumed>) = 0 [pid 526] close(3 [pid 520] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 529] <... prctl resumed>) = 0 [pid 528] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 526] <... close resumed>) = 0 [pid 520] <... futex resumed>) = 0 [pid 529] setpgid(0, 0 [pid 528] <... futex resumed>) = 1 [pid 526] mkdir("./file0", 0777 [pid 520] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 516] <... futex resumed>) = 0 [pid 529] <... setpgid resumed>) = 0 [pid 528] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 526] <... mkdir resumed>) = 0 [pid 516] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 529] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 528] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 526] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 516] <... futex resumed>) = 0 [pid 529] <... openat resumed>) = 3 [pid 528] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 516] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 529] write(3, "1000", 4 [pid 528] <... open resumed>) = 3 [pid 508] +++ exited with 0 +++ [pid 298] newfstatat(AT_FDCWD, "./8/bus", [pid 529] <... write resumed>) = 4 [pid 528] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 529] close(3 [pid 528] <... futex resumed>) = 1 [pid 516] <... futex resumed>) = 0 [pid 529] <... close resumed>) = 0 [pid 528] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 516] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 529] symlink("/dev/binderfs", "./binderfs" [pid 528] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 516] <... futex resumed>) = 0 [pid 529] <... symlink resumed>) = 0 [pid 528] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 516] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 529] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 528] <... socket resumed>) = 6 [pid 529] <... futex resumed>) = 0 [pid 528] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 529] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 528] <... futex resumed>) = 1 [pid 516] <... futex resumed>) = 0 [pid 529] <... rt_sigaction resumed>NULL, 8) = 0 [pid 528] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 516] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 529] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 528] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 516] <... futex resumed>) = 0 [pid 529] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 528] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 3, 0 [pid 516] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 529] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 528] <... mmap resumed>) = 0x20000000 [pid 529] <... mmap resumed>) = 0x7f6220445000 [pid 528] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 529] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 528] <... futex resumed>) = 1 [pid 516] <... futex resumed>) = 0 [pid 529] <... mprotect resumed>) = 0 [pid 528] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 516] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 529] rt_sigprocmask(SIG_BLOCK, ~[], [pid 528] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 516] <... futex resumed>) = 0 [pid 529] <... rt_sigprocmask resumed>[], 8) = 0 [pid 528] memfd_create("syzkaller", 0 [pid 529] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 528] <... memfd_create resumed>) = 7 [pid 528] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 529] <... clone3 resumed> => {parent_tid=[531]}, 88) = 531 [pid 528] <... mmap resumed>) = 0x7f620fc24000 [pid 529] rt_sigprocmask(SIG_SETMASK, [], [pid 528] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 529] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 528] <... write resumed>) = 65536 [pid 529] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 528] munmap(0x7f620fc24000, 65536 [pid 529] <... futex resumed>) = 0 [pid 528] <... munmap resumed>) = 0 [pid 529] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 528] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 529] <... futex resumed>) = 0 [pid 528] <... openat resumed>) = 8 [pid 529] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 528] ioctl(8, LOOP_SET_FD, 7 [pid 529] <... mmap resumed>) = 0x7f6220424000 [pid 528] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 529] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 528] ioctl(8, LOOP_CLR_FD [pid 529] <... mprotect resumed>) = 0 [pid 528] <... ioctl resumed>) = 0 [pid 529] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 529] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} => {parent_tid=[532]}, 88) = 532 [pid 529] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 529] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 529] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 528] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy) [pid 528] close(8) = 0 [pid 528] close(7) = 0 [pid 528] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 528] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 532 attached ./strace-static-x86_64: Process 531 attached [pid 514] exit_group(0 [pid 298] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 25.103591][ T520] EXT4-fs warning (device loop3): read_mmp_block:115: Error -74 while reading MMP block 12 [ 25.106669][ T526] loop0: detected capacity change from 0 to 512 [ 25.120525][ T517] EXT4-fs (loop5): revision level too high, forcing read-only mode [ 25.129466][ T517] EXT4-fs error (device loop5): ext4_init_orphan_info:586: comm syz-executor172: inode #0: comm syz-executor172: iget: illegal inode # [ 25.145662][ T517] EXT4-fs (loop5): get orphan inode failed [pid 532] set_robust_list(0x7f62204449a0, 24 [pid 531] set_robust_list(0x7f62204659a0, 24 [pid 514] <... exit_group resumed>) = ? [pid 300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=508, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 298] unlink("./8/bus" [pid 532] <... set_robust_list resumed>) = 0 [pid 531] <... set_robust_list resumed>) = 0 [pid 525] <... futex resumed>) = ? [pid 520] <... futex resumed>) = ? [pid 300] restart_syscall(<... resuming interrupted clone ...> [pid 298] <... unlink resumed>) = 0 [pid 531] rt_sigprocmask(SIG_SETMASK, [], [pid 520] +++ exited with 0 +++ [pid 531] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 300] <... restart_syscall resumed>) = 0 [pid 532] rt_sigprocmask(SIG_SETMASK, [], [pid 531] memfd_create("syzkaller", 0 [pid 532] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 532] creat("./bus", 000) = 3 [pid 300] umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW [pid 531] <... memfd_create resumed>) = 4 [pid 298] umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 531] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 300] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 531] <... mmap resumed>) = 0x7f6218024000 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 300] <... openat resumed>) = 3 [pid 532] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 531] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 300] newfstatat(3, "", [pid 298] newfstatat(AT_FDCWD, "./8/binderfs", [pid 532] <... futex resumed>) = 1 [pid 529] <... futex resumed>) = 0 [pid 529] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 532] mount("/dev/loop1", "./bus", NULL, MS_BIND, NULL [pid 529] <... futex resumed>) = 0 [pid 300] getdents64(3, [pid 298] unlink("./8/binderfs" [pid 532] <... mount resumed>) = 0 [pid 529] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 532] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 298] <... unlink resumed>) = 0 [pid 532] <... futex resumed>) = 1 [pid 529] <... futex resumed>) = 0 [pid 300] umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 532] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 529] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 300] <... umount2 resumed>) = 0 [pid 532] <... open resumed>) = 5 [pid 529] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 532] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 529] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 517] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 517] ioctl(4, LOOP_CLR_FD) = 0 [pid 517] close(4) = 0 [pid 517] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 517] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 529] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 532] <... futex resumed>) = 0 [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 529] <... futex resumed>) = 0 [pid 529] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 510] exit_group(0 [pid 532] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 300] newfstatat(AT_FDCWD, "./11/bus", [pid 510] <... exit_group resumed>) = ? [pid 532] <... socket resumed>) = 6 [pid 519] <... futex resumed>) = ? [pid 519] +++ exited with 0 +++ [pid 532] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 532] <... futex resumed>) = 1 [pid 529] <... futex resumed>) = 0 [pid 300] unlink("./11/bus" [pid 532] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 529] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] <... unlink resumed>) = 0 [pid 532] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 529] <... futex resumed>) = 0 [pid 532] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 531] <... write resumed>) = 262144 [pid 529] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 300] umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] <... umount2 resumed>) = 0 [pid 531] munmap(0x7f6218024000, 262144) = 0 [pid 531] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 7 [pid 531] ioctl(7, LOOP_SET_FD, 4 [pid 532] <... mmap resumed>) = 0x20000000 [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] newfstatat(AT_FDCWD, "./11/binderfs", [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 300] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 300] unlink("./11/binderfs" [pid 298] newfstatat(AT_FDCWD, "./8/file0", [pid 300] <... unlink resumed>) = 0 [pid 532] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 532] <... futex resumed>) = 1 [pid 529] <... futex resumed>) = 0 [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 529] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 529] <... futex resumed>) = 0 [pid 300] newfstatat(AT_FDCWD, "./11/file0", [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 300] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 300] umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 517] <... futex resumed>) = ? [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] <... openat resumed>) = 4 [pid 300] openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 298] newfstatat(4, "", [pid 531] <... ioctl resumed>) = 0 [pid 525] +++ exited with 0 +++ [pid 514] +++ exited with 0 +++ [pid 300] <... openat resumed>) = 4 [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=514, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 300] newfstatat(4, "", [pid 298] getdents64(4, [pid 300] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 300] getdents64(4, [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] getdents64(4, [pid 300] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 299] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 298] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 300] getdents64(4, [pid 299] <... openat resumed>) = 3 [pid 298] close(4 [pid 300] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 299] newfstatat(3, "", [pid 298] <... close resumed>) = 0 [pid 300] close(4 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] rmdir("./8/file0" [pid 300] <... close resumed>) = 0 [pid 532] memfd_create("syzkaller", 0 [pid 300] rmdir("./11/file0" [pid 299] getdents64(3, [pid 298] <... rmdir resumed>) = 0 [pid 532] <... memfd_create resumed>) = 8 [pid 300] <... rmdir resumed>) = 0 [pid 299] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 298] getdents64(3, [pid 532] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 300] getdents64(3, [pid 299] umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 532] <... mmap resumed>) = 0x7f620fc64000 [pid 300] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 298] close(3 [pid 532] write(8, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 300] close(3 [pid 298] <... close resumed>) = 0 [pid 532] <... write resumed>) = 65536 [pid 300] <... close resumed>) = 0 [pid 298] rmdir("./8" [pid 532] munmap(0x7f620fc64000, 65536 [pid 300] rmdir("./11" [pid 298] <... rmdir resumed>) = 0 [pid 532] <... munmap resumed>) = 0 [pid 300] <... rmdir resumed>) = 0 [pid 298] mkdir("./9", 0777 [pid 532] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 300] mkdir("./12", 0777 [pid 298] <... mkdir resumed>) = 0 [pid 300] <... mkdir resumed>) = 0 [pid 298] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 300] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 298] <... openat resumed>) = 3 [pid 300] <... openat resumed>) = 3 [pid 298] ioctl(3, LOOP_CLR_FD [pid 300] ioctl(3, LOOP_CLR_FD [pid 298] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 300] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 298] close(3 [pid 300] close(3 [pid 298] <... close resumed>) = 0 [pid 300] <... close resumed>) = 0 [ 25.153249][ T517] EXT4-fs (loop5): mount failed [ 25.169859][ T531] loop1: detected capacity change from 0 to 512 [ 25.179279][ T526] EXT4-fs (loop0): mounted filesystem without journal. Opts: nodiscard,barrier,nouid32,grpquota,,errors=continue. Quota mode: writeback. [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 298] <... clone resumed>, child_tidptr=0x555556cc7690) = 535 [pid 300] <... clone resumed>, child_tidptr=0x555556cc7690) = 536 ./strace-static-x86_64: Process 536 attached ./strace-static-x86_64: Process 535 attached [pid 531] close(4 [pid 526] <... mount resumed>) = 0 [pid 299] <... umount2 resumed>) = 0 [pid 535] set_robust_list(0x555556cc76a0, 24 [pid 531] <... close resumed>) = 0 [pid 526] openat(AT_FDCWD, 0x20000000, O_RDONLY|O_DIRECTORY [pid 535] <... set_robust_list resumed>) = 0 [pid 531] mkdir(0x20000000, 0777 [pid 526] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 535] chdir("./9" [pid 531] <... mkdir resumed>) = 0 [pid 526] ioctl(5, LOOP_CLR_FD [pid 535] <... chdir resumed>) = 0 [pid 531] mount("/dev/loop1", 0x20000000, 0x200005c0, MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"... [pid 526] <... ioctl resumed>) = 0 [pid 536] set_robust_list(0x555556cc76a0, 24 [pid 535] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 531] <... mount resumed>) = -1 ENODEV (No such device) [pid 526] close(5 [pid 299] umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 536] <... set_robust_list resumed>) = 0 [pid 535] <... prctl resumed>) = 0 [pid 531] ioctl(7, LOOP_CLR_FD [pid 526] <... close resumed>) = 0 [pid 536] chdir("./12" [pid 535] setpgid(0, 0 [pid 531] <... ioctl resumed>) = 0 [pid 526] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 536] <... chdir resumed>) = 0 [pid 535] <... setpgid resumed>) = 0 [pid 531] close(7 [pid 526] <... futex resumed>) = 0 [pid 536] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 535] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 526] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 536] <... prctl resumed>) = 0 [pid 535] <... openat resumed>) = 3 [pid 536] setpgid(0, 0 [pid 535] write(3, "1000", 4 [pid 536] <... setpgid resumed>) = 0 [pid 535] <... write resumed>) = 4 [pid 536] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 535] close(3 [pid 536] <... openat resumed>) = 3 [pid 535] <... close resumed>) = 0 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 536] write(3, "1000", 4 [pid 535] symlink("/dev/binderfs", "./binderfs" [pid 532] <... openat resumed>) = 9 [pid 299] newfstatat(AT_FDCWD, "./9/bus", [pid 532] ioctl(9, LOOP_SET_FD, 8 [pid 531] <... close resumed>) = 0 [pid 516] exit_group(0 [pid 299] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 532] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 531] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 528] <... futex resumed>) = ? [pid 526] <... futex resumed>) = ? [pid 299] unlink("./9/bus" [pid 516] <... exit_group resumed>) = ? [pid 532] ioctl(9, LOOP_CLR_FD [pid 531] <... futex resumed>) = 0 [pid 528] +++ exited with 0 +++ [pid 526] +++ exited with 0 +++ [pid 536] <... write resumed>) = 4 [pid 535] <... symlink resumed>) = 0 [pid 532] <... ioctl resumed>) = 0 [pid 531] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 299] <... unlink resumed>) = 0 [pid 536] close(3 [pid 535] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 536] <... close resumed>) = 0 [pid 535] <... futex resumed>) = 0 [pid 536] symlink("/dev/binderfs", "./binderfs" [pid 535] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 536] <... symlink resumed>) = 0 [pid 535] <... rt_sigaction resumed>NULL, 8) = 0 [pid 299] newfstatat(AT_FDCWD, "./9/binderfs", [pid 536] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 535] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 299] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 536] <... futex resumed>) = 0 [pid 535] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 516] +++ exited with 0 +++ [pid 536] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 535] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 299] unlink("./9/binderfs" [pid 536] <... rt_sigaction resumed>NULL, 8) = 0 [pid 535] <... mmap resumed>) = 0x7f6220445000 [pid 536] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 535] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 536] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 535] <... mprotect resumed>) = 0 [pid 299] <... unlink resumed>) = 0 [pid 536] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 535] rt_sigprocmask(SIG_BLOCK, ~[], [pid 299] umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=516, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- [pid 536] <... mmap resumed>) = 0x7f6220445000 [pid 535] <... rt_sigprocmask resumed>[], 8) = 0 [pid 532] ioctl(9, LOOP_SET_FD, 8 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW [pid 536] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 535] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 532] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 299] newfstatat(AT_FDCWD, "./9/file0", [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 537 attached [pid 536] <... mprotect resumed>) = 0 [pid 532] close(9 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 536] rt_sigprocmask(SIG_BLOCK, ~[], [pid 535] <... clone3 resumed> => {parent_tid=[537]}, 88) = 537 [pid 532] <... close resumed>) = 0 [pid 299] umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 536] <... rt_sigprocmask resumed>[], 8) = 0 [pid 535] rt_sigprocmask(SIG_SETMASK, [], [pid 532] close(8 [pid 296] <... openat resumed>) = 3 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 536] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 535] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 535] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 536] <... clone3 resumed> => {parent_tid=[538]}, 88) = 538 [pid 535] <... futex resumed>) = 0 [pid 532] <... close resumed>) = 0 [pid 299] openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 296] newfstatat(3, "", [pid 536] rt_sigprocmask(SIG_SETMASK, [], [pid 535] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 532] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 529] exit_group(0 [pid 536] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 535] <... futex resumed>) = 0 [pid 531] <... futex resumed>) = ? [pid 529] <... exit_group resumed>) = ? [pid 299] <... openat resumed>) = 4 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 536] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 535] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 532] <... futex resumed>) = ? [pid 531] +++ exited with 0 +++ [pid 536] <... futex resumed>) = 0 [pid 535] <... mmap resumed>) = 0x7f6220424000 [pid 536] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 535] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 299] newfstatat(4, "", [pid 296] getdents64(3, [pid 536] <... futex resumed>) = 0 [pid 535] <... mprotect resumed>) = 0 [pid 536] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 535] rt_sigprocmask(SIG_BLOCK, ~[], [pid 536] <... mmap resumed>) = 0x7f6220424000 [pid 535] <... rt_sigprocmask resumed>[], 8) = 0 [pid 536] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 535] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 536] <... mprotect resumed>) = 0 [pid 536] rt_sigprocmask(SIG_BLOCK, ~[], [pid 535] <... clone3 resumed> => {parent_tid=[539]}, 88) = 539 [pid 536] <... rt_sigprocmask resumed>[], 8) = 0 [pid 535] rt_sigprocmask(SIG_SETMASK, [], [pid 536] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 535] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 535] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 536] <... clone3 resumed> => {parent_tid=[540]}, 88) = 540 [pid 535] <... futex resumed>) = 0 [pid 299] getdents64(4, [pid 296] umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 537] set_robust_list(0x7f62204659a0, 24 [pid 536] rt_sigprocmask(SIG_SETMASK, [], [pid 535] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 537] <... set_robust_list resumed>) = 0 [pid 536] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 299] getdents64(4, [pid 296] <... umount2 resumed>) = 0 [pid 537] rt_sigprocmask(SIG_SETMASK, [], [pid 536] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 296] umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 537] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 536] <... futex resumed>) = 0 [pid 299] close(4 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 540 attached ./strace-static-x86_64: Process 539 attached ./strace-static-x86_64: Process 538 attached [pid 536] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 537] memfd_create("syzkaller", 0) = 3 [pid 537] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 299] <... close resumed>) = 0 [pid 296] newfstatat(AT_FDCWD, "./8/bus", [pid 537] <... mmap resumed>) = 0x7f6218024000 [pid 540] set_robust_list(0x7f62204449a0, 24 [pid 539] set_robust_list(0x7f62204449a0, 24 [pid 538] set_robust_list(0x7f62204659a0, 24 [pid 299] rmdir("./9/file0" [pid 296] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 540] <... set_robust_list resumed>) = 0 [pid 537] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 539] <... set_robust_list resumed>) = 0 [pid 299] <... rmdir resumed>) = 0 [pid 538] <... set_robust_list resumed>) = 0 [pid 296] unlink("./8/bus" [pid 299] getdents64(3, [pid 296] <... unlink resumed>) = 0 [pid 299] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 296] umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] close(3 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] <... close resumed>) = 0 [pid 296] newfstatat(AT_FDCWD, "./8/binderfs", [pid 299] rmdir("./9" [pid 296] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 540] rt_sigprocmask(SIG_SETMASK, [], [pid 539] rt_sigprocmask(SIG_SETMASK, [], [pid 538] rt_sigprocmask(SIG_SETMASK, [], [pid 537] <... write resumed>) = 262144 [pid 299] <... rmdir resumed>) = 0 [pid 296] unlink("./8/binderfs" [pid 540] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 539] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 538] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 537] munmap(0x7f6218024000, 262144 [pid 299] mkdir("./10", 0777 [pid 296] <... unlink resumed>) = 0 [pid 540] creat("./bus", 000 [pid 539] creat("./bus", 000 [pid 538] memfd_create("syzkaller", 0 [pid 537] <... munmap resumed>) = 0 [pid 299] <... mkdir resumed>) = 0 [pid 296] umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 539] <... creat resumed>) = 4 [pid 538] <... memfd_create resumed>) = 3 [pid 537] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 299] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 539] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 538] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 537] <... openat resumed>) = 5 [pid 299] <... openat resumed>) = 3 [pid 299] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 25.196736][ T526] ext4 filesystem being mounted at /root/syzkaller.sY6u5M/8/file0 supports timestamps until 2038 (0x7fffffff) [pid 299] close(3) = 0 [pid 537] ioctl(5, LOOP_SET_FD, 3 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cc7690) = 541 [pid 540] <... creat resumed>) = 4 [pid 540] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 540] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 541 attached [pid 541] set_robust_list(0x555556cc76a0, 24) = 0 [pid 541] chdir("./10") = 0 [pid 541] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 541] setpgid(0, 0 [pid 539] <... futex resumed>) = 1 [pid 539] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 541] <... setpgid resumed>) = 0 [pid 541] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 541] write(3, "1000", 4) = 4 [pid 541] close(3) = 0 [pid 541] symlink("/dev/binderfs", "./binderfs") = 0 [pid 541] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 541] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, NULL, 8) = 0 [pid 541] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 541] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220445000 [pid 541] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 536] <... futex resumed>) = 0 [pid 535] <... futex resumed>) = 0 [pid 538] <... mmap resumed>) = 0x7f6218024000 [pid 537] <... ioctl resumed>) = 0 [pid 536] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 541] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 541] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 517] +++ exited with 0 +++ [pid 510] +++ exited with 0 +++ [pid 535] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 540] <... futex resumed>) = 0 [pid 536] <... futex resumed>) = 1 [pid 301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=510, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- [pid 540] mount("/dev/loop4", "./bus", NULL, MS_BIND, NULL [pid 301] restart_syscall(<... resuming interrupted clone ...> [pid 540] <... mount resumed>) = 0 [pid 301] <... restart_syscall resumed>) = 0 [pid 540] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 540] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 301] umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 301] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 301] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 301] getdents64(3, 0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 301] umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 301] umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 301] newfstatat(AT_FDCWD, "./9/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 301] unlink("./9/bus" [pid 539] <... futex resumed>) = 0 [pid 538] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 265740 [pid 536] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 535] <... futex resumed>) = 1 [pid 532] +++ exited with 0 +++ [pid 529] +++ exited with 0 +++ [pid 301] <... unlink resumed>) = 0 [pid 296] <... umount2 resumed>) = 0 [pid 539] mount("/dev/loop2", "./bus", NULL, MS_BIND, NULL [pid 536] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 535] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=529, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 296] umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 539] <... mount resumed>) = 0 [pid 536] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 540] <... futex resumed>) = 0 [pid 539] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 538] <... write resumed>) = 265740 [pid 536] <... futex resumed>) = 1 [pid 301] newfstatat(AT_FDCWD, "./9/binderfs", [pid 296] newfstatat(AT_FDCWD, "./8/file0", [pid 540] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 539] <... futex resumed>) = 1 [pid 538] munmap(0x7f6218024000, 265740 [pid 537] close(3 [pid 536] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 535] <... futex resumed>) = 0 [pid 301] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 541] <... clone3 resumed> => {parent_tid=[542]}, 88) = 542 [pid 540] <... open resumed>) = 5 [pid 539] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 538] <... munmap resumed>) = 0 [pid 537] <... close resumed>) = 0 [pid 535] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] unlink("./9/binderfs" [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 541] rt_sigprocmask(SIG_SETMASK, [], [pid 540] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 539] <... open resumed>) = 3 [pid 538] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 537] mkdir("./file0", 0777 [pid 535] <... futex resumed>) = 0 [pid 301] <... unlink resumed>) = 0 [pid 297] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 541] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 540] <... futex resumed>) = 1 [pid 539] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 538] <... openat resumed>) = 6 [pid 537] <... mkdir resumed>) = 0 [pid 536] <... futex resumed>) = 0 [pid 535] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] <... openat resumed>) = 3 [pid 296] openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 541] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 540] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 539] <... futex resumed>) = 0 [pid 538] ioctl(6, LOOP_SET_FD, 3 [pid 537] mount("/dev/loop2", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 536] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 535] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(3, "", [pid 296] <... openat resumed>) = 4 [pid 541] <... futex resumed>) = 0 [pid 540] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 539] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 536] <... futex resumed>) = 0 [pid 535] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] newfstatat(AT_FDCWD, "./9/file0", [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] newfstatat(4, "", [pid 541] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 540] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 539] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 301] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] getdents64(3, [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 541] <... futex resumed>) = 0 [pid 540] <... socket resumed>) = 7 [pid 539] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 301] umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 128 [pid 296] getdents64(4, [pid 541] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 540] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 539] <... socket resumed>) = 6 [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 541] <... mmap resumed>) = 0x7f6220424000 [pid 540] <... futex resumed>) = 0 [pid 539] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 296] getdents64(4, [pid 541] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 540] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 539] <... futex resumed>) = 0 [pid 301] <... openat resumed>) = 4 [pid 296] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 541] <... mprotect resumed>) = 0 [pid 539] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 301] newfstatat(4, "", [pid 296] close(4 [pid 541] rt_sigprocmask(SIG_BLOCK, ~[], [pid 301] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] <... close resumed>) = 0 [pid 541] <... rt_sigprocmask resumed>[], 8) = 0 [pid 301] getdents64(4, [pid 296] rmdir("./8/file0" [pid 541] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 301] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 296] <... rmdir resumed>) = 0 [pid 301] getdents64(4, [pid 296] getdents64(3, [pid 541] <... clone3 resumed> => {parent_tid=[543]}, 88) = 543 [pid 301] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 296] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 541] rt_sigprocmask(SIG_SETMASK, [], [pid 301] close(4 [pid 296] close(3 [pid 541] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 301] <... close resumed>) = 0 [pid 296] <... close resumed>) = 0 [pid 541] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] rmdir("./9/file0" [pid 296] rmdir("./8" [pid 541] <... futex resumed>) = 0 [pid 301] <... rmdir resumed>) = 0 [pid 296] <... rmdir resumed>) = 0 ./strace-static-x86_64: Process 542 attached [pid 541] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 539] <... futex resumed>) = 0 [pid 536] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 535] <... futex resumed>) = 1 [pid 301] getdents64(3, [pid 297] <... umount2 resumed>) = 0 [pid 296] mkdir("./9", 0777 [pid 539] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 536] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 535] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 297] umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... mkdir resumed>) = 0 [pid 542] set_robust_list(0x7f62204659a0, 24 [pid 536] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 535] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 301] close(3 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 542] <... set_robust_list resumed>) = 0 [pid 540] <... futex resumed>) = 0 [pid 536] <... futex resumed>) = 1 [pid 535] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] <... close resumed>) = 0 [pid 297] newfstatat(AT_FDCWD, "./10/bus", [pid 296] <... openat resumed>) = 3 [pid 542] rt_sigprocmask(SIG_SETMASK, [], [pid 540] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 539] <... futex resumed>) = 0 [pid 538] <... ioctl resumed>) = 0 [pid 536] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 535] <... futex resumed>) = 1 [pid 301] rmdir("./9" [pid 297] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 25.226090][ T537] loop2: detected capacity change from 0 to 512 [ 25.247765][ T538] loop4: detected capacity change from 0 to 519 [pid 296] ioctl(3, LOOP_CLR_FD [pid 542] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 540] <... mmap resumed>) = 0x20000000 [pid 539] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 3, 0 [pid 538] close(3 [pid 535] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] <... rmdir resumed>) = 0 [pid 297] unlink("./10/bus"./strace-static-x86_64: Process 543 attached [pid 540] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 538] <... close resumed>) = 0 [pid 296] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 543] set_robust_list(0x7f62204449a0, 24 [pid 538] mkdir(0x20000000, 0777 [pid 543] <... set_robust_list resumed>) = 0 [pid 538] <... mkdir resumed>) = -1 ENOENT (No such file or directory) [pid 543] rt_sigprocmask(SIG_SETMASK, [], [pid 538] mount("/dev/loop4", 0x20000000, 0x200005c0, MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"... [pid 543] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 538] <... mount resumed>) = -1 ENOENT (No such file or directory) [pid 543] creat("./bus", 000 [pid 538] ioctl(6, LOOP_CLR_FD [pid 543] <... creat resumed>) = 3 [pid 540] <... futex resumed>) = 1 [pid 538] <... ioctl resumed>) = 0 [pid 536] <... futex resumed>) = 0 [pid 301] mkdir("./10", 0777 [pid 297] <... unlink resumed>) = 0 [pid 296] close(3 [pid 543] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 538] close(6 [pid 543] <... futex resumed>) = 1 [pid 538] <... close resumed>) = 0 [pid 543] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 538] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 538] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 539] <... mmap resumed>) = 0x20000000 [pid 539] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 535] <... futex resumed>) = 0 [pid 535] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 539] <... futex resumed>) = 1 [pid 539] memfd_create("syzkaller", 0) = 7 [pid 539] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f620fc64000 [pid 539] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536) = 65536 [pid 536] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 538] <... futex resumed>) = 0 [pid 536] <... futex resumed>) = 1 [pid 540] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 296] <... close resumed>) = 0 [pid 538] memfd_create("syzkaller", 0 [pid 297] umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 538] <... memfd_create resumed>) = 3 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 539] munmap(0x7f620fc64000, 65536) = 0 [pid 538] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 297] newfstatat(AT_FDCWD, "./10/binderfs", [pid 539] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 8 [pid 539] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy) [pid 539] ioctl(8, LOOP_CLR_FD) = 0 [pid 301] <... mkdir resumed>) = 0 [pid 538] <... mmap resumed>) = 0x7f620fc65000 [pid 297] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 301] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 296] <... clone resumed>, child_tidptr=0x555556cc7690) = 546 ./strace-static-x86_64: Process 546 attached [pid 546] set_robust_list(0x555556cc76a0, 24) = 0 [pid 546] chdir("./9") = 0 [pid 538] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 297] unlink("./10/binderfs" [pid 546] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 538] <... write resumed>) = 65536 [pid 546] <... prctl resumed>) = 0 [pid 546] setpgid(0, 0) = 0 [pid 297] <... unlink resumed>) = 0 [pid 297] umount2("./10/ext4", MNT_DETACH|UMOUNT_NOFOLLOW [pid 301] <... openat resumed>) = 3 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 541] <... futex resumed>) = 0 [pid 538] munmap(0x7f620fc65000, 65536 [pid 301] ioctl(3, LOOP_CLR_FD [pid 546] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 539] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy) [pid 539] close(8 [pid 541] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 538] <... munmap resumed>) = 0 [pid 301] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 297] newfstatat(AT_FDCWD, "./10/ext4", [pid 539] <... close resumed>) = 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 538] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 301] close(3 [pid 297] umount2("./10/ext4", MNT_DETACH|UMOUNT_NOFOLLOW [pid 541] <... futex resumed>) = 1 [pid 543] <... futex resumed>) = 0 [pid 538] <... openat resumed>) = 6 [pid 301] <... close resumed>) = 0 [pid 543] mount("/dev/loop3", "./bus", NULL, MS_BIND, NULL [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 541] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 538] ioctl(6, LOOP_SET_FD, 3 [pid 301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 543] <... mount resumed>) = 0 [pid 538] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 297] openat(AT_FDCWD, "./10/ext4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 543] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 538] ioctl(6, LOOP_CLR_FD [pid 297] <... openat resumed>) = 4 [pid 543] <... futex resumed>) = 1 [pid 538] <... ioctl resumed>) = 0 [pid 541] <... futex resumed>) = 0 [pid 301] <... clone resumed>, child_tidptr=0x555556cc7690) = 547 [pid 297] newfstatat(4, "", [pid 543] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(4, 0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 297] getdents64(4, 0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 541] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] close(4 [pid 543] <... futex resumed>) = 0 [pid 541] <... futex resumed>) = 1 [pid 538] ioctl(6, LOOP_SET_FD, 3 [pid 297] <... close resumed>) = 0 [pid 543] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 541] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 538] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 297] rmdir("./10/ext4" [pid 543] <... open resumed>) = 4 [pid 538] close(6 [pid 543] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 538] <... close resumed>) = 0 [pid 297] <... rmdir resumed>) = 0 [pid 543] <... futex resumed>) = 1 [pid 541] <... futex resumed>) = 0 [pid 538] close(3 [pid 297] getdents64(3, [pid 543] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 541] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 539] close(7 [pid 543] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 541] <... futex resumed>) = 0 [pid 539] <... close resumed>) = 0 [pid 538] <... close resumed>) = 0 [pid 297] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 543] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 541] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 538] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] close(3 [pid 543] <... socket resumed>) = 5 [pid 538] <... futex resumed>) = 0 [pid 543] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 538] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 297] <... close resumed>) = 0 [pid 543] <... futex resumed>) = 1 [pid 541] <... futex resumed>) = 0 [pid 297] rmdir("./10" [pid 543] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 541] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 539] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 539] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 543] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 541] <... futex resumed>) = 0 [pid 297] <... rmdir resumed>) = 0 [pid 543] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 4, 0 [pid 536] exit_group(0 [pid 543] <... mmap resumed>) = 0x20000000 [pid 541] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 540] <... futex resumed>) = ? [pid 538] <... futex resumed>) = ? [pid 536] <... exit_group resumed>) = ? [pid 297] mkdir("./11", 0777 [pid 543] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 541] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 540] +++ exited with 0 +++ [pid 546] <... openat resumed>) = 3 [pid 546] write(3, "1000", 4) = 4 [pid 546] close(3) = 0 [pid 546] symlink("/dev/binderfs", "./binderfs") = 0 [pid 546] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 546] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 543] <... futex resumed>) = 0 [pid 541] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 546] <... rt_sigaction resumed>NULL, 8) = 0 [pid 546] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 546] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220445000 [pid 297] <... mkdir resumed>) = 0 [pid 543] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000144} --- [pid 541] <... futex resumed>) = 0 [pid 546] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 546] rt_sigprocmask(SIG_BLOCK, ~[], [pid 297] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 546] <... rt_sigprocmask resumed>[], 8) = 0 [pid 297] <... openat resumed>) = 3 [pid 546] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 297] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 297] close(3 [pid 546] <... clone3 resumed> => {parent_tid=[548]}, 88) = 548 [pid 297] <... close resumed>) = 0 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 546] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 546] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 546] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 297] <... clone resumed>, child_tidptr=0x555556cc7690) = 549 [pid 546] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220424000 [pid 546] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 546] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 546] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} => {parent_tid=[550]}, 88) = 550 [pid 546] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 546] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 546] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 550 attached [pid 550] set_robust_list(0x7f62204449a0, 24) = 0 [pid 550] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 550] creat("./bus", 000) = 3 [pid 550] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 546] <... futex resumed>) = 0 [pid 546] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 546] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 550] <... futex resumed>) = 1 [pid 550] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 550] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 546] <... futex resumed>) = 0 [pid 546] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 546] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 550] <... futex resumed>) = 1 [pid 550] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 4 ./strace-static-x86_64: Process 547 attached [ 25.267659][ T537] EXT4-fs (loop2): mounted filesystem without journal. Opts: nodiscard,barrier,nouid32,grpquota,,errors=continue. Quota mode: writeback. ./strace-static-x86_64: Process 549 attached ./strace-static-x86_64: Process 548 attached [pid 547] set_robust_list(0x555556cc76a0, 24 [pid 550] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 546] <... futex resumed>) = 0 [pid 546] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 546] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 550] <... futex resumed>) = 1 [pid 550] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE) = 5 [pid 550] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 546] <... futex resumed>) = 0 [pid 546] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 546] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 550] <... futex resumed>) = 1 [pid 550] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 4, 0) = 0x20000000 [pid 550] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 546] <... futex resumed>) = 0 [pid 546] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 550] <... futex resumed>) = 1 [pid 550] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000144} --- [pid 549] set_robust_list(0x555556cc76a0, 24) = 0 [pid 549] chdir("./11") = 0 [pid 549] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 549] setpgid(0, 0) = 0 [pid 549] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 549] write(3, "1000", 4) = 4 [pid 549] close(3) = 0 [pid 549] symlink("/dev/binderfs", "./binderfs") = 0 [pid 549] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 549] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, NULL, 8) = 0 [pid 549] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 549] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220445000 [pid 549] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 549] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 549] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} => {parent_tid=[551]}, 88) = 551 [pid 549] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 547] <... set_robust_list resumed>) = 0 ./strace-static-x86_64: Process 551 attached [pid 549] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 547] chdir("./10" [pid 542] +++ killed by SIGBUS +++ [pid 537] <... mount resumed>) = 0 [pid 551] set_robust_list(0x7f62204659a0, 24 [pid 549] <... futex resumed>) = 0 [pid 548] +++ killed by SIGBUS +++ [pid 547] <... chdir resumed>) = 0 [pid 543] +++ killed by SIGBUS +++ [pid 541] +++ killed by SIGBUS +++ [pid 547] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=541, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 547] <... prctl resumed>) = 0 [pid 547] setpgid(0, 0) = 0 [pid 547] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 547] write(3, "1000", 4) = 4 [pid 547] close(3) = 0 [pid 547] symlink("/dev/binderfs", "./binderfs" [pid 549] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 547] <... symlink resumed>) = 0 [pid 547] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 547] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, NULL, 8) = 0 [pid 547] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 547] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 299] umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW [pid 550] +++ killed by SIGBUS +++ [pid 547] <... mmap resumed>) = 0x7f6220445000 [pid 546] +++ killed by SIGBUS +++ [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 549] <... futex resumed>) = 0 [pid 547] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 299] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=546, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 549] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 547] <... mprotect resumed>) = 0 [pid 299] <... openat resumed>) = 3 [pid 296] restart_syscall(<... resuming interrupted clone ...> [pid 547] rt_sigprocmask(SIG_BLOCK, ~[], [pid 299] newfstatat(3, "", [pid 547] <... rt_sigprocmask resumed>[], 8) = 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 547] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 299] getdents64(3, [pid 549] <... mmap resumed>) = 0x7f6220424000 [pid 299] <... getdents64 resumed>0x555556cc8730 /* 4 entries */, 32768) = 104 [pid 547] <... clone3 resumed> => {parent_tid=[552]}, 88) = 552 [pid 299] umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... restart_syscall resumed>) = 0 [pid 547] rt_sigprocmask(SIG_SETMASK, [], [pid 299] <... umount2 resumed>) = 0 [pid 547] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 299] umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 549] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 547] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW [pid 551] <... set_robust_list resumed>) = 0 [pid 549] <... mprotect resumed>) = 0 [pid 547] <... futex resumed>) = 0 [pid 299] newfstatat(AT_FDCWD, "./10/bus", [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 551] rt_sigprocmask(SIG_SETMASK, [], [pid 549] rt_sigprocmask(SIG_BLOCK, ~[], [pid 547] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 551] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 549] <... rt_sigprocmask resumed>[], 8) = 0 [pid 547] <... futex resumed>) = 0 [pid 299] unlink("./10/bus" [pid 296] <... openat resumed>) = 3 [pid 551] memfd_create("syzkaller", 0 [pid 549] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 547] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 537] openat(AT_FDCWD, 0x20000000, O_RDONLY|O_DIRECTORY [pid 299] <... unlink resumed>) = 0 [pid 296] newfstatat(3, "", ./strace-static-x86_64: Process 552 attached [pid 551] <... memfd_create resumed>) = 3 [pid 547] <... mmap resumed>) = 0x7f6220424000 [pid 299] umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 551] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 547] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] getdents64(3, [pid 551] <... mmap resumed>) = 0x7f6218024000 [pid 547] <... mprotect resumed>) = 0 [pid 299] newfstatat(AT_FDCWD, "./10/binderfs", [pid 296] <... getdents64 resumed>0x555556cc8730 /* 4 entries */, 32768) = 104 [pid 552] set_robust_list(0x7f62204659a0, 24 [pid 551] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 547] rt_sigprocmask(SIG_BLOCK, ~[], [pid 537] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 299] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 552] <... set_robust_list resumed>) = 0 [pid 551] <... write resumed>) = 262144 [pid 549] <... clone3 resumed> => {parent_tid=[553]}, 88) = 553 [pid 547] <... rt_sigprocmask resumed>[], 8) = 0 [pid 537] ioctl(5, LOOP_CLR_FD [pid 299] unlink("./10/binderfs" [pid 296] <... umount2 resumed>) = 0 [pid 551] munmap(0x7f6218024000, 262144 [pid 549] rt_sigprocmask(SIG_SETMASK, [], [pid 547] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 299] <... unlink resumed>) = 0 [pid 296] umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 552] rt_sigprocmask(SIG_SETMASK, [], [pid 551] <... munmap resumed>) = 0 [pid 549] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 537] <... ioctl resumed>) = 0 [pid 299] getdents64(3, [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 551] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 547] <... clone3 resumed> => {parent_tid=[554]}, 88) = 554 [pid 299] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 296] newfstatat(AT_FDCWD, "./9/bus", [pid 551] <... openat resumed>) = 4 [pid 547] rt_sigprocmask(SIG_SETMASK, [], [pid 299] close(3 [pid 296] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 551] ioctl(4, LOOP_SET_FD, 3 [pid 547] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 299] <... close resumed>) = 0 [pid 296] unlink("./9/bus"./strace-static-x86_64: Process 553 attached ./strace-static-x86_64: Process 554 attached [pid 552] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 551] <... ioctl resumed>) = 0 [pid 549] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 547] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 537] close(5 [pid 299] rmdir("./10" [pid 296] <... unlink resumed>) = 0 [pid 553] set_robust_list(0x7f62204449a0, 24 [pid 547] <... futex resumed>) = 0 [pid 299] <... rmdir resumed>) = 0 [pid 296] umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 552] memfd_create("syzkaller", 0 [pid 549] <... futex resumed>) = 0 [pid 547] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 537] <... close resumed>) = 0 [pid 299] mkdir("./11", 0777 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 553] <... set_robust_list resumed>) = 0 [pid 554] set_robust_list(0x7f62204449a0, 24 [pid 552] <... memfd_create resumed>) = 3 [pid 551] close(3 [pid 549] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 537] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... mkdir resumed>) = 0 [pid 296] newfstatat(AT_FDCWD, "./9/binderfs", [pid 299] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 296] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] <... openat resumed>) = 3 [pid 296] unlink("./9/binderfs" [pid 299] ioctl(3, LOOP_CLR_FD [pid 296] <... unlink resumed>) = 0 [pid 554] <... set_robust_list resumed>) = 0 [pid 553] rt_sigprocmask(SIG_SETMASK, [], [pid 552] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 537] <... futex resumed>) = 0 [pid 299] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 296] getdents64(3, [pid 299] close(3 [pid 296] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 299] <... close resumed>) = 0 [pid 296] close(3 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 296] <... close resumed>) = 0 [pid 554] rt_sigprocmask(SIG_SETMASK, [], [pid 553] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 552] <... mmap resumed>) = 0x7f6218024000 [pid 551] <... close resumed>) = 0 [pid 537] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 555 attached [pid 554] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 553] creat("./bus", 000 [pid 552] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 538] +++ exited with 0 +++ [pid 536] +++ exited with 0 +++ [pid 296] rmdir("./9" [pid 555] set_robust_list(0x555556cc76a0, 24 [pid 299] <... clone resumed>, child_tidptr=0x555556cc7690) = 555 [pid 296] <... rmdir resumed>) = 0 [pid 555] <... set_robust_list resumed>) = 0 [pid 296] mkdir("./10", 0777 [pid 555] chdir("./11" [pid 296] <... mkdir resumed>) = 0 [pid 555] <... chdir resumed>) = 0 [pid 296] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 555] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 296] <... openat resumed>) = 3 [pid 555] <... prctl resumed>) = 0 [pid 296] ioctl(3, LOOP_CLR_FD [pid 555] setpgid(0, 0 [pid 296] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 555] <... setpgid resumed>) = 0 [pid 296] close(3 [pid 555] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 296] <... close resumed>) = 0 [pid 555] <... openat resumed>) = 3 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 555] write(3, "1000", 4) = 4 [pid 296] <... clone resumed>, child_tidptr=0x555556cc7690) = 556 [pid 555] close(3) = 0 ./strace-static-x86_64: Process 556 attached [pid 555] symlink("/dev/binderfs", "./binderfs" [pid 554] creat("./bus", 000 [pid 553] <... creat resumed>) = 3 [pid 552] <... write resumed>) = 262144 [pid 535] exit_group(0 [pid 300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=536, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 556] set_robust_list(0x555556cc76a0, 24) = 0 [pid 556] chdir("./10") = 0 [pid 556] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 556] setpgid(0, 0) = 0 [pid 556] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 556] write(3, "1000", 4) = 4 [pid 556] close(3) = 0 [pid 556] symlink("/dev/binderfs", "./binderfs") = 0 [pid 556] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 556] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, NULL, 8) = 0 [pid 556] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 539] <... futex resumed>) = ? [pid 537] <... futex resumed>) = ? [pid 535] <... exit_group resumed>) = ? [pid 553] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 556] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 556] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220445000 [pid 554] <... creat resumed>) = 4 [pid 539] +++ exited with 0 +++ [pid 537] +++ exited with 0 +++ [pid 556] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 556] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 556] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} => {parent_tid=[557]}, 88) = 557 [pid 556] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 556] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 554] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 553] <... futex resumed>) = 1 [pid 549] <... futex resumed>) = 0 [pid 535] +++ exited with 0 +++ [pid 300] umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW [pid 556] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 556] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220424000 [pid 556] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 556] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 556] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} => {parent_tid=[558]}, 88) = 558 [pid 556] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 556] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 556] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 557 attached [pid 549] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=535, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- [pid 549] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 554] <... futex resumed>) = 1 [pid 553] mount("/dev/loop1", "./bus", NULL, MS_BIND, NULL [pid 547] <... futex resumed>) = 0 [pid 547] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 298] umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW [pid 547] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 557] set_robust_list(0x7f62204659a0, 24) = 0 [pid 557] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 300] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 300] <... openat resumed>) = 3 [pid 298] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 300] newfstatat(3, "", [pid 298] <... openat resumed>) = 3 [pid 300] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 553] <... mount resumed>) = 0 [pid 298] newfstatat(3, "", [pid 554] mount("/dev/loop5", "./bus", NULL, MS_BIND, NULL [pid 553] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] getdents64(3, [pid 557] memfd_create("syzkaller", 0) = 3 [pid 557] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6218024000 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 300] <... getdents64 resumed>0x555556cc8730 /* 4 entries */, 32768) = 104 [pid 298] getdents64(3, 0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 300] umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 553] <... futex resumed>) = 1 [pid 549] <... futex resumed>) = 0 [pid 553] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 549] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] <... umount2 resumed>) = 0 [pid 554] <... mount resumed>) = 0 [pid 549] <... futex resumed>) = 0 [pid 553] <... open resumed>) = 5 [pid 298] <... umount2 resumed>) = 0 [pid 549] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 554] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 557] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 557] munmap(0x7f6218024000, 262144) = 0 [pid 557] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 25.305375][ T537] ext4 filesystem being mounted at /root/syzkaller.4RDDfu/9/file0 supports timestamps until 2038 (0x7fffffff) [ 25.328467][ T551] loop1: detected capacity change from 0 to 512 [pid 557] ioctl(4, LOOP_SET_FD, 3 [pid 554] <... futex resumed>) = 1 [pid 553] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 552] munmap(0x7f6218024000, 262144 [pid 547] <... futex resumed>) = 0 [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 554] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 553] <... futex resumed>) = 1 [pid 552] <... munmap resumed>) = 0 [pid 549] <... futex resumed>) = 0 [pid 547] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] newfstatat(AT_FDCWD, "./12/bus", [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 549] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 547] <... futex resumed>) = 0 [pid 553] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 549] <... futex resumed>) = 0 [pid 547] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 300] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] newfstatat(AT_FDCWD, "./9/bus", [pid 553] <... socket resumed>) = 6 [pid 549] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 300] unlink("./12/bus" [pid 298] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 553] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 549] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 557] <... ioctl resumed>) = 0 [pid 557] close(3 [pid 553] <... futex resumed>) = 0 [pid 549] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] <... unlink resumed>) = 0 [pid 298] unlink("./9/bus" [pid 553] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 549] <... futex resumed>) = 0 [pid 300] umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 557] <... close resumed>) = 0 [pid 557] mkdir("./file0", 0777 [pid 298] <... unlink resumed>) = 0 [pid 549] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 553] <... mmap resumed>) = 0x20000000 [pid 298] umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 553] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 553] <... futex resumed>) = 1 [pid 549] <... futex resumed>) = 0 [pid 300] newfstatat(AT_FDCWD, "./12/binderfs", [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 554] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 553] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 549] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] newfstatat(AT_FDCWD, "./9/binderfs", [pid 554] <... open resumed>) = 5 [pid 553] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 549] <... futex resumed>) = 0 [pid 300] unlink("./12/binderfs" [pid 298] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 554] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 553] memfd_create("syzkaller", 0 [pid 298] unlink("./9/binderfs" [pid 553] <... memfd_create resumed>) = 7 [pid 298] <... unlink resumed>) = 0 [pid 553] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 300] <... unlink resumed>) = 0 [pid 553] <... mmap resumed>) = 0x7f620fc64000 [pid 554] <... futex resumed>) = 1 [pid 547] <... futex resumed>) = 0 [pid 298] umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 557] <... mkdir resumed>) = 0 [pid 557] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 553] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 547] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 554] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 300] getdents64(3, [pid 547] <... futex resumed>) = 0 [pid 554] <... socket resumed>) = 6 [pid 547] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 554] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 547] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 300] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 547] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 554] <... futex resumed>) = 0 [pid 300] close(3 [pid 547] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 554] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 300] <... close resumed>) = 0 [pid 554] <... mmap resumed>) = 0x20000000 [pid 554] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] rmdir("./12" [pid 553] <... write resumed>) = 65536 [pid 300] <... rmdir resumed>) = 0 [pid 554] <... futex resumed>) = 1 [pid 553] munmap(0x7f620fc64000, 65536 [pid 547] <... futex resumed>) = 0 [pid 300] mkdir("./13", 0777 [pid 547] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 554] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000144} --- [pid 547] <... futex resumed>) = 0 [pid 300] <... mkdir resumed>) = 0 [pid 553] <... munmap resumed>) = 0 [pid 553] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 8 [pid 553] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy) [pid 300] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 553] ioctl(8, LOOP_CLR_FD [pid 300] <... openat resumed>) = 3 [pid 553] <... ioctl resumed>) = 0 [pid 300] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 300] close(3 [pid 298] <... umount2 resumed>) = 0 [pid 554] +++ killed by SIGBUS +++ [pid 552] +++ killed by SIGBUS +++ [pid 547] +++ killed by SIGBUS +++ [pid 300] <... close resumed>) = 0 [pid 298] umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 553] ioctl(8, LOOP_SET_FD, 7 [pid 301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=547, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 553] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 558 attached [pid 555] <... symlink resumed>) = 0 [pid 553] close(8 [pid 551] mkdir(0x20000000, 0777 [pid 298] newfstatat(AT_FDCWD, "./9/file0", [pid 555] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 553] <... close resumed>) = 0 [pid 301] umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] <... clone resumed>, child_tidptr=0x555556cc7690) = 559 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 558] set_robust_list(0x7f62204449a0, 24 [pid 555] <... futex resumed>) = 0 [pid 553] close(7 [pid 551] <... mkdir resumed>) = 0 [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 555] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 553] <... close resumed>) = 0 [pid 551] mount("/dev/loop1", 0x20000000, 0x200005c0, MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"... [pid 301] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 559 attached [pid 558] <... set_robust_list resumed>) = 0 [pid 555] <... rt_sigaction resumed>NULL, 8) = 0 [pid 553] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 551] <... mount resumed>) = -1 ENODEV (No such device) [pid 301] <... openat resumed>) = 3 [pid 298] openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 559] set_robust_list(0x555556cc76a0, 24 [pid 558] rt_sigprocmask(SIG_SETMASK, [], [pid 555] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 553] <... futex resumed>) = 0 [pid 551] ioctl(4, LOOP_CLR_FD [pid 301] newfstatat(3, "", [pid 298] <... openat resumed>) = 4 [pid 559] <... set_robust_list resumed>) = 0 [pid 558] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 555] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 553] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 551] <... ioctl resumed>) = 0 [pid 301] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] newfstatat(4, "", [pid 558] creat("./bus", 000 [pid 555] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 559] chdir("./13" [pid 555] <... mmap resumed>) = 0x7f6220445000 [pid 551] close(4 [pid 301] getdents64(3, [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 559] <... chdir resumed>) = 0 [pid 559] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 551] <... close resumed>) = 0 [pid 298] getdents64(4, [pid 559] <... prctl resumed>) = 0 [pid 301] <... getdents64 resumed>0x555556cc8730 /* 4 entries */, 32768) = 104 [pid 555] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 551] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 301] umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 559] setpgid(0, 0) = 0 [pid 559] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 555] <... mprotect resumed>) = 0 [pid 558] <... creat resumed>) = 3 [pid 551] <... futex resumed>) = 0 [pid 301] <... umount2 resumed>) = 0 [pid 298] getdents64(4, [pid 559] <... openat resumed>) = 3 [pid 559] write(3, "1000", 4) = 4 [pid 558] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 555] rt_sigprocmask(SIG_BLOCK, ~[], [pid 551] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 301] umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 559] close(3) = 0 [pid 559] symlink("/dev/binderfs", "./binderfs") = 0 [pid 558] <... futex resumed>) = 1 [pid 556] <... futex resumed>) = 0 [pid 555] <... rt_sigprocmask resumed>[], 8) = 0 [pid 549] exit_group(0 [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] close(4 [pid 559] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 556] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 559] <... futex resumed>) = 0 [pid 558] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 556] <... futex resumed>) = 0 [pid 555] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 553] <... futex resumed>) = ? [pid 551] <... futex resumed>) = ? [pid 549] <... exit_group resumed>) = ? [pid 301] newfstatat(AT_FDCWD, "./10/bus", [pid 298] <... close resumed>) = 0 [pid 559] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 556] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 559] <... rt_sigaction resumed>NULL, 8) = 0 [pid 553] +++ exited with 0 +++ [pid 551] +++ exited with 0 +++ [pid 559] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 559] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220445000 [pid 559] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 559] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 559] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 549] +++ exited with 0 +++ [pid 301] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] rmdir("./9/file0" [pid 559] <... clone3 resumed> => {parent_tid=[562]}, 88) = 562 [pid 559] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 559] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 559] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 559] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 298] <... rmdir resumed>) = 0 [pid 555] <... clone3 resumed> => {parent_tid=[561]}, 88) = 561 [pid 301] unlink("./10/bus" [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=549, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 559] <... mmap resumed>) = 0x7f6220424000 [pid 559] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 301] <... unlink resumed>) = 0 [pid 297] restart_syscall(<... resuming interrupted clone ...> [pid 555] rt_sigprocmask(SIG_SETMASK, [], [pid 298] getdents64(3, [pid 555] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 301] umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 555] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 555] <... futex resumed>) = 0 [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 555] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] newfstatat(AT_FDCWD, "./10/binderfs", [pid 298] close(3 [pid 555] <... futex resumed>) = 0 [pid 297] <... restart_syscall resumed>) = 0 [pid 555] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 301] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 555] <... mmap resumed>) = 0x7f6220424000 [pid 301] unlink("./10/binderfs" [pid 298] <... close resumed>) = 0 [pid 555] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE./strace-static-x86_64: Process 561 attached [pid 559] rt_sigprocmask(SIG_BLOCK, ~[], [pid 558] <... mount resumed>) = 0 [pid 555] <... mprotect resumed>) = 0 [pid 301] <... unlink resumed>) = 0 [pid 298] rmdir("./9" [pid 297] umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW [pid 561] set_robust_list(0x7f62204659a0, 24 [pid 559] <... rt_sigprocmask resumed>[], 8) = 0 [pid 558] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 555] rt_sigprocmask(SIG_BLOCK, ~[], [pid 301] getdents64(3, [pid 561] <... set_robust_list resumed>) = 0 [pid 559] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 561] rt_sigprocmask(SIG_SETMASK, [], [pid 558] <... futex resumed>) = 1 [pid 556] <... futex resumed>) = 0 [pid 555] <... rt_sigprocmask resumed>[], 8) = 0 [pid 301] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 298] <... rmdir resumed>) = 0 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 561] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 559] <... clone3 resumed> => {parent_tid=[564]}, 88) = 564 [pid 556] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 555] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 301] close(3 [pid 558] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 298] mkdir("./10", 0777 [pid 297] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 561] memfd_create("syzkaller", 0 [pid 559] rt_sigprocmask(SIG_SETMASK, [], [pid 558] <... open resumed>) = 5 [pid 556] <... futex resumed>) = 0 [pid 301] <... close resumed>) = 0 [pid 561] <... memfd_create resumed>) = 3 [pid 559] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 556] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] <... openat resumed>) = 3 [pid 561] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 559] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 561] <... mmap resumed>) = 0x7f6218024000 [pid 559] <... futex resumed>) = 0 [pid 298] <... mkdir resumed>) = 0 [pid 297] newfstatat(3, "", ./strace-static-x86_64: Process 565 attached ./strace-static-x86_64: Process 564 attached ./strace-static-x86_64: Process 562 attached [pid 559] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 558] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 555] <... clone3 resumed> => {parent_tid=[565]}, 88) = 565 [pid 301] rmdir("./10" [pid 298] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 565] set_robust_list(0x7f62204449a0, 24 [pid 564] set_robust_list(0x7f62204449a0, 24 [pid 562] set_robust_list(0x7f62204659a0, 24 [pid 558] <... futex resumed>) = 1 [pid 555] rt_sigprocmask(SIG_SETMASK, [], [pid 301] <... rmdir resumed>) = 0 [pid 297] getdents64(3, [pid 565] <... set_robust_list resumed>) = 0 [pid 564] <... set_robust_list resumed>) = 0 [pid 562] <... set_robust_list resumed>) = 0 [pid 558] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 555] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 301] mkdir("./11", 0777 [pid 297] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 128 [pid 565] rt_sigprocmask(SIG_SETMASK, [], [pid 564] rt_sigprocmask(SIG_SETMASK, [], [pid 562] rt_sigprocmask(SIG_SETMASK, [], [pid 555] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] <... mkdir resumed>) = 0 [pid 297] umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 565] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 564] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 562] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 555] <... futex resumed>) = 0 [pid 301] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 565] creat("./bus", 000 [pid 564] creat("./bus", 000 [pid 562] memfd_create("syzkaller", 0 [pid 555] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] <... openat resumed>) = 3 [pid 565] <... creat resumed>) = 4 [pid 564] <... creat resumed>) = 3 [pid 562] <... memfd_create resumed>) = 4 [pid 301] ioctl(3, LOOP_CLR_FD [pid 565] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 564] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 562] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 301] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 565] <... futex resumed>) = 1 [pid 564] <... futex resumed>) = 0 [pid 562] <... mmap resumed>) = 0x7f6218024000 [pid 555] <... futex resumed>) = 0 [pid 301] close(3 [pid 565] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 564] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 562] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 555] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] <... close resumed>) = 0 [pid 565] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 562] <... write resumed>) = 262144 [pid 555] <... futex resumed>) = 0 [pid 301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 565] mount("/dev/loop3", "./bus", NULL, MS_BIND, NULL [pid 562] munmap(0x7f6218024000, 262144 [pid 555] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 565] <... mount resumed>) = 0 [pid 562] <... munmap resumed>) = 0 [pid 301] <... clone resumed>, child_tidptr=0x555556cc7690) = 566 [pid 565] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [ 25.362073][ T557] loop0: detected capacity change from 0 to 512 [pid 562] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 565] <... futex resumed>) = 1 [pid 562] <... openat resumed>) = 5 [pid 559] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 556] <... futex resumed>) = 0 [pid 555] <... futex resumed>) = 0 [pid 297] <... umount2 resumed>) = 0 [pid 565] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 562] ioctl(5, LOOP_SET_FD, 4 [pid 559] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 556] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 555] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 566 attached [pid 565] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 562] <... ioctl resumed>) = 0 [pid 561] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 555] <... futex resumed>) = 0 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 565] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 562] close(4 [pid 555] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] newfstatat(AT_FDCWD, "./11/bus", [pid 565] <... open resumed>) = 5 [pid 562] <... close resumed>) = 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 565] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 562] mkdir("./file0", 0777 [pid 297] unlink("./11/bus" [pid 565] <... futex resumed>) = 1 [pid 562] <... mkdir resumed>) = 0 [pid 555] <... futex resumed>) = 0 [pid 297] <... unlink resumed>) = 0 [pid 565] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 562] mount("/dev/loop4", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 555] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 565] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 555] <... futex resumed>) = 0 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 565] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 555] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] newfstatat(AT_FDCWD, "./11/binderfs", [pid 565] <... socket resumed>) = 6 [pid 298] <... openat resumed>) = 3 [pid 297] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 565] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] ioctl(3, LOOP_CLR_FD [pid 297] unlink("./11/binderfs" [pid 565] <... futex resumed>) = 1 [pid 555] <... futex resumed>) = 0 [pid 298] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 297] <... unlink resumed>) = 0 [pid 565] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 555] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] close(3 [pid 297] umount2("./11/ext4", MNT_DETACH|UMOUNT_NOFOLLOW [pid 565] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 555] <... futex resumed>) = 0 [pid 298] <... close resumed>) = 0 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 565] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 555] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 297] newfstatat(AT_FDCWD, "./11/ext4", [pid 565] <... mmap resumed>) = 0x20000000 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 565] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... clone resumed>, child_tidptr=0x555556cc7690) = 568 [pid 297] umount2("./11/ext4", MNT_DETACH|UMOUNT_NOFOLLOW [pid 565] <... futex resumed>) = 1 [pid 555] <... futex resumed>) = 0 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 565] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 555] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] openat(AT_FDCWD, "./11/ext4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 565] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 555] <... futex resumed>) = 0 [pid 297] <... openat resumed>) = 4 [pid 565] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000144} --- [pid 555] stat(NULL, [pid 297] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(4, [pid 559] <... futex resumed>) = 1 [pid 297] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 566] set_robust_list(0x555556cc76a0, 24 [pid 556] <... futex resumed>) = 1 [pid 297] getdents64(4, 0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 297] close(4) = 0 [pid 297] rmdir("./11/ext4" [pid 566] <... set_robust_list resumed>) = 0 [pid 564] <... futex resumed>) = 0 [pid 561] <... write resumed>) = ? [pid 559] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 558] <... futex resumed>) = 0 [pid 556] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] <... rmdir resumed>) = 0 [pid 566] chdir("./11" [pid 564] mount("/dev/loop4", "./bus", NULL, MS_BIND, NULL [pid 561] +++ killed by SIGBUS +++ [pid 558] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 297] getdents64(3, 0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 297] close(3) = 0 [pid 297] rmdir("./11") = 0 [pid 297] mkdir("./12", 0777 [pid 558] <... socket resumed>) = 6 [pid 297] <... mkdir resumed>) = 0 [pid 564] <... mount resumed>) = 0 [pid 297] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 297] ioctl(3, LOOP_CLR_FD [pid 566] <... chdir resumed>) = 0 [pid 565] +++ killed by SIGBUS +++ [pid 564] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 558] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 555] +++ killed by SIGBUS +++ [pid 297] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 566] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 564] <... futex resumed>) = 1 [pid 559] <... futex resumed>) = 0 [pid 558] <... futex resumed>) = 1 [pid 556] <... futex resumed>) = 0 [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=555, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 297] close(3 [pid 566] <... prctl resumed>) = 0 [pid 564] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 559] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 558] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 556] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] restart_syscall(<... resuming interrupted clone ...> [pid 297] <... close resumed>) = 0 [pid 566] setpgid(0, 0 [pid 564] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 559] <... futex resumed>) = 0 [pid 558] <... mmap resumed>) = 0x20000000 [pid 556] <... futex resumed>) = 0 [pid 299] <... restart_syscall resumed>) = 0 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 566] <... setpgid resumed>) = 0 [pid 564] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 559] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 558] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 556] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 566] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 564] <... open resumed>) = 4 [pid 558] <... futex resumed>) = 0 [pid 556] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 297] <... clone resumed>, child_tidptr=0x555556cc7690) = 569 [pid 566] <... openat resumed>) = 3 [pid 564] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 558] memfd_create("syzkaller", 0 [pid 556] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW [pid 566] write(3, "1000", 4 [pid 564] <... futex resumed>) = 1 [pid 559] <... futex resumed>) = 0 [pid 558] <... memfd_create resumed>) = 7 [pid 556] <... futex resumed>) = 0 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 566] <... write resumed>) = 4 [pid 564] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 559] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 558] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 299] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 566] close(3 [pid 564] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 559] <... futex resumed>) = 0 [pid 558] <... mmap resumed>) = 0x7f620fc64000 [pid 299] <... openat resumed>) = 3 ./strace-static-x86_64: Process 569 attached ./strace-static-x86_64: Process 568 attached [pid 566] <... close resumed>) = 0 [pid 564] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 559] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 558] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 557] <... mount resumed>) = 0 [pid 299] newfstatat(3, "", [pid 568] set_robust_list(0x555556cc76a0, 24 [pid 566] symlink("/dev/binderfs", "./binderfs" [pid 564] <... socket resumed>) = 6 [pid 558] <... write resumed>) = 65536 [pid 566] <... symlink resumed>) = 0 [pid 564] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 558] munmap(0x7f620fc64000, 65536 [pid 557] openat(AT_FDCWD, 0x20000000, O_RDONLY|O_DIRECTORY [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 568] <... set_robust_list resumed>) = 0 [pid 566] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 564] <... futex resumed>) = 1 [pid 559] <... futex resumed>) = 0 [pid 558] <... munmap resumed>) = 0 [pid 566] <... futex resumed>) = 0 [pid 564] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 559] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 558] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 566] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 564] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 559] <... futex resumed>) = 0 [pid 558] <... openat resumed>) = 8 [pid 557] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 299] getdents64(3, [pid 568] chdir("./10" [pid 566] <... rt_sigaction resumed>NULL, 8) = 0 [pid 564] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 4, 0 [pid 559] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 558] ioctl(8, LOOP_SET_FD, 7 [pid 557] ioctl(4, LOOP_CLR_FD [pid 299] <... getdents64 resumed>0x555556cc8730 /* 4 entries */, 32768) = 104 [pid 568] <... chdir resumed>) = 0 [pid 566] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 564] <... mmap resumed>) = 0x20000000 [pid 558] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 557] <... ioctl resumed>) = 0 [pid 299] umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 568] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 566] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 564] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 558] ioctl(8, LOOP_CLR_FD [pid 557] close(4 [pid 566] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 564] <... futex resumed>) = 1 [pid 559] <... futex resumed>) = 0 [pid 558] <... ioctl resumed>) = 0 [pid 299] <... umount2 resumed>) = 0 [pid 557] <... close resumed>) = 0 [pid 566] <... mmap resumed>) = 0x7f6220445000 [pid 564] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 559] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 557] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 568] <... prctl resumed>) = 0 [pid 566] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 564] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 559] <... futex resumed>) = 0 [pid 557] <... futex resumed>) = 0 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 566] <... mprotect resumed>) = 0 [pid 564] memfd_create("syzkaller", 0 [pid 566] rt_sigprocmask(SIG_BLOCK, ~[], [pid 564] <... memfd_create resumed>) = 7 [pid 566] <... rt_sigprocmask resumed>[], 8) = 0 [pid 564] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 566] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 564] <... mmap resumed>) = 0x7f620fc64000 [pid 564] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 566] <... clone3 resumed> => {parent_tid=[571]}, 88) = 571 [pid 564] <... write resumed>) = 65536 [pid 558] ioctl(8, LOOP_SET_FD, 7 [pid 566] rt_sigprocmask(SIG_SETMASK, [], [pid 564] munmap(0x7f620fc64000, 65536 [pid 558] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 566] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 564] <... munmap resumed>) = 0 [pid 558] close(8 [pid 557] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 299] newfstatat(AT_FDCWD, "./11/bus", [pid 568] setpgid(0, 0 [pid 566] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 564] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 558] <... close resumed>) = 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 568] <... setpgid resumed>) = 0 [pid 566] <... futex resumed>) = 0 [pid 564] <... openat resumed>) = 8 [pid 558] close(7 [pid 299] unlink("./11/bus" [pid 568] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 566] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 564] ioctl(8, LOOP_SET_FD, 7 [pid 558] <... close resumed>) = 0 [pid 566] <... futex resumed>) = 0 [pid 564] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 558] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 556] exit_group(0 [pid 299] <... unlink resumed>) = 0 [pid 568] <... openat resumed>) = 3 [pid 566] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 564] ioctl(8, LOOP_CLR_FD [pid 558] <... futex resumed>) = ? [ 25.398297][ T557] EXT4-fs (loop0): mounted filesystem without journal. Opts: nodiscard,barrier,nouid32,grpquota,,errors=continue. Quota mode: writeback. [ 25.414628][ T562] loop4: detected capacity change from 0 to 512 [ 25.416466][ T557] ext4 filesystem being mounted at /root/syzkaller.sY6u5M/10/file0 supports timestamps until 2038 (0x7fffffff) [pid 557] <... futex resumed>) = ? [pid 556] <... exit_group resumed>) = ? [pid 299] umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 569] set_robust_list(0x555556cc76a0, 24 [pid 566] <... mmap resumed>) = 0x7f6220424000 [pid 564] <... ioctl resumed>) = 0 [pid 558] +++ exited with 0 +++ [pid 557] +++ exited with 0 +++ [pid 556] +++ exited with 0 +++ [pid 566] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 566] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 566] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} => {parent_tid=[572]}, 88) = 572 [pid 566] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 566] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 566] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 571 attached [pid 571] set_robust_list(0x7f62204659a0, 24) = 0 [pid 571] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 571] memfd_create("syzkaller", 0) = 3 [pid 571] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6218024000 [pid 564] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy) [pid 564] close(8) = 0 [pid 564] close(7) = 0 [pid 564] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 564] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 571] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 571] munmap(0x7f6218024000, 262144) = 0 [pid 571] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 571] ioctl(4, LOOP_SET_FD, 3 [pid 569] <... set_robust_list resumed>) = 0 [pid 568] write(3, "1000", 4 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=556, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 571] <... ioctl resumed>) = 0 [pid 571] close(3) = 0 [pid 571] mkdir("./file0", 0777) = 0 [pid 571] mount("/dev/loop5", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue"./strace-static-x86_64: Process 572 attached [pid 572] set_robust_list(0x7f62204449a0, 24) = 0 [pid 572] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 572] creat("./bus", 000) = 3 [pid 572] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 566] <... futex resumed>) = 0 [pid 566] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 566] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 572] <... futex resumed>) = 1 [pid 572] mount("/dev/loop5", "./bus", NULL, MS_BIND, NULL) = 0 [pid 572] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 566] <... futex resumed>) = 0 [pid 566] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 566] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 572] <... futex resumed>) = 1 [pid 572] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5 [pid 572] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 566] <... futex resumed>) = 0 [pid 566] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 566] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 572] <... futex resumed>) = 1 [pid 572] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE) = 6 [pid 572] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 566] <... futex resumed>) = 0 [pid 566] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 566] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 572] <... futex resumed>) = 1 [pid 572] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000 [pid 572] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 566] <... futex resumed>) = 0 [pid 566] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 572] <... futex resumed>) = 1 [pid 569] chdir("./12") = 0 [pid 569] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 569] setpgid(0, 0) = 0 [pid 569] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 569] write(3, "1000", 4) = 4 [pid 569] close(3) = 0 [pid 569] symlink("/dev/binderfs", "./binderfs") = 0 [pid 569] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 569] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, NULL, 8) = 0 [pid 569] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 569] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220445000 [pid 569] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 568] <... write resumed>) = 4 [pid 299] newfstatat(AT_FDCWD, "./11/binderfs", [pid 569] <... mprotect resumed>) = 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 568] close(3 [pid 299] unlink("./11/binderfs" [pid 568] <... close resumed>) = 0 [pid 299] <... unlink resumed>) = 0 [pid 568] symlink("/dev/binderfs", "./binderfs" [pid 569] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 568] <... symlink resumed>) = 0 [pid 569] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 572] memfd_create("syzkaller", 0) = 7 [pid 296] umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW [pid 572] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 568] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] getdents64(3, [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 569] <... clone3 resumed> => {parent_tid=[574]}, 88) = 574 [pid 569] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 569] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 569] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 569] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220424000 [pid 569] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 569] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 569] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} => {parent_tid=[575]}, 88) = 575 [pid 569] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 569] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 569] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 572] <... mmap resumed>) = 0x7f620fc64000 [pid 568] <... futex resumed>) = 0 [pid 568] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, NULL, 8) = 0 [pid 568] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 568] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220445000 [pid 296] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 568] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 296] <... openat resumed>) = 3 [pid 296] newfstatat(3, "", [pid 299] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] close(3 [pid 296] getdents64(3, [pid 568] <... mprotect resumed>) = 0 [pid 299] <... close resumed>) = 0 [pid 296] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 299] rmdir("./11" [pid 296] umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 568] rt_sigprocmask(SIG_BLOCK, ~[], [pid 299] <... rmdir resumed>) = 0 [pid 568] <... rt_sigprocmask resumed>[], 8) = 0 [pid 299] mkdir("./12", 0777 [pid 572] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 296] <... umount2 resumed>) = 0 [pid 568] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} => {parent_tid=[576]}, 88) = 576 [pid 568] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 568] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 568] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 568] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220424000 [pid 568] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 568] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 568] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} => {parent_tid=[577]}, 88) = 577 [pid 568] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 568] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 568] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 574 attached [pid 574] set_robust_list(0x7f62204659a0, 24) = 0 [pid 574] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 574] memfd_create("syzkaller", 0) = 3 [pid 574] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6218024000 [pid 296] umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] <... mkdir resumed>) = 0 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 296] newfstatat(AT_FDCWD, "./10/bus", [pid 299] <... openat resumed>) = 3 [pid 296] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 ./strace-static-x86_64: Process 575 attached [pid 572] <... write resumed>) = 65536 [pid 299] ioctl(3, LOOP_CLR_FD [pid 296] unlink("./10/bus"./strace-static-x86_64: Process 577 attached ./strace-static-x86_64: Process 576 attached [pid 575] set_robust_list(0x7f62204449a0, 24 [pid 572] munmap(0x7f620fc64000, 65536 [pid 299] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 296] <... unlink resumed>) = 0 [pid 577] set_robust_list(0x7f62204449a0, 24 [pid 576] set_robust_list(0x7f62204659a0, 24 [pid 575] <... set_robust_list resumed>) = 0 [pid 572] <... munmap resumed>) = 0 [pid 299] close(3 [pid 296] umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 577] <... set_robust_list resumed>) = 0 [pid 575] rt_sigprocmask(SIG_SETMASK, [], [pid 572] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 299] <... close resumed>) = 0 [pid 577] rt_sigprocmask(SIG_SETMASK, [], [pid 576] <... set_robust_list resumed>) = 0 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 577] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 576] rt_sigprocmask(SIG_SETMASK, [], [pid 575] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 572] <... openat resumed>) = 8 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 296] newfstatat(AT_FDCWD, "./10/binderfs", [pid 575] creat("./bus", 000 [pid 572] ioctl(8, LOOP_SET_FD, 7 [pid 296] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 572] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 299] <... clone resumed>, child_tidptr=0x555556cc7690) = 578 [pid 296] unlink("./10/binderfs" [pid 576] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 572] ioctl(8, LOOP_CLR_FD) = 0 [pid 296] <... unlink resumed>) = 0 [pid 296] umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 577] creat("./bus", 000) = 3 [pid 575] <... creat resumed>) = 4 [pid 576] memfd_create("syzkaller", 0 [pid 575] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [ 25.460254][ T562] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 25.465023][ T571] loop5: detected capacity change from 0 to 512 [ 25.473823][ T562] EXT4-fs error (device loop4): ext4_init_orphan_info:586: comm syz-executor172: inode #0: comm syz-executor172: iget: illegal inode # [ 25.489883][ T571] EXT4-fs warning (device loop5): read_mmp_block:115: Error -74 while reading MMP block 12 [ 25.502047][ T562] EXT4-fs (loop4): get orphan inode failed [pid 572] ioctl(8, LOOP_SET_FD, 7 [pid 577] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 576] <... memfd_create resumed>) = 4 [pid 575] <... futex resumed>) = 1 [pid 572] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 569] <... futex resumed>) = 0 ./strace-static-x86_64: Process 578 attached [pid 577] <... futex resumed>) = 1 [pid 576] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 575] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 574] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 572] close(8 [pid 571] <... mount resumed>) = -1 EBADMSG (Bad message) [pid 569] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 562] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 568] <... futex resumed>) = 0 [pid 568] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 568] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 571] ioctl(4, LOOP_CLR_FD [pid 577] mount("/dev/loop2", "./bus", NULL, MS_BIND, NULL [pid 576] <... mmap resumed>) = 0x7f6218024000 [pid 575] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 572] <... close resumed>) = 0 [pid 571] <... ioctl resumed>) = 0 [pid 569] <... futex resumed>) = 0 [pid 578] set_robust_list(0x555556cc76a0, 24 [pid 577] <... mount resumed>) = 0 [pid 576] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 265747 [pid 575] mount("/dev/loop1", "./bus", NULL, MS_BIND, NULL [pid 574] <... write resumed>) = 262144 [pid 572] close(7 [pid 571] close(4 [pid 569] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 562] ioctl(5, LOOP_CLR_FD [pid 578] <... set_robust_list resumed>) = 0 [pid 577] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 576] <... write resumed>) = 265747 [pid 575] <... mount resumed>) = 0 [pid 572] <... close resumed>) = 0 [pid 571] <... close resumed>) = 0 [pid 578] chdir("./12" [pid 577] <... futex resumed>) = 1 [pid 576] munmap(0x7f6218024000, 265747 [pid 575] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 574] munmap(0x7f6218024000, 262144 [pid 572] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 571] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 568] <... futex resumed>) = 0 [pid 578] <... chdir resumed>) = 0 [pid 577] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 576] <... munmap resumed>) = 0 [pid 575] <... futex resumed>) = 1 [pid 572] <... futex resumed>) = 0 [pid 571] <... futex resumed>) = 0 [pid 569] <... futex resumed>) = 0 [pid 568] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 578] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 577] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 576] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 575] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 574] <... munmap resumed>) = 0 [pid 572] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 571] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 569] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 568] <... futex resumed>) = 0 [pid 566] exit_group(0 [pid 578] <... prctl resumed>) = 0 [pid 577] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 576] <... openat resumed>) = 5 [pid 575] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 574] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 572] <... futex resumed>) = ? [pid 571] <... futex resumed>) = ? [pid 569] <... futex resumed>) = 0 [pid 568] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 566] <... exit_group resumed>) = ? [pid 578] setpgid(0, 0 [pid 577] <... open resumed>) = 6 [ 25.513636][ T562] EXT4-fs (loop4): mount failed [pid 576] ioctl(5, LOOP_SET_FD, 4 [pid 575] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 572] +++ exited with 0 +++ [pid 571] +++ exited with 0 +++ [pid 569] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 566] +++ exited with 0 +++ [pid 578] <... setpgid resumed>) = 0 [pid 577] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 574] <... openat resumed>) = 5 [pid 562] <... ioctl resumed>) = 0 [pid 574] ioctl(5, LOOP_SET_FD, 3 [pid 578] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 577] <... futex resumed>) = 1 [pid 576] <... ioctl resumed>) = 0 [pid 562] close(5 [pid 578] <... openat resumed>) = 3 [pid 577] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=566, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 578] write(3, "1000", 4 [pid 301] restart_syscall(<... resuming interrupted clone ...> [pid 578] <... write resumed>) = 4 [pid 301] <... restart_syscall resumed>) = 0 [pid 578] close(3) = 0 [pid 578] symlink("/dev/binderfs", "./binderfs" [pid 301] umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW [pid 578] <... symlink resumed>) = 0 [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 578] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 578] <... futex resumed>) = 0 [pid 562] <... close resumed>) = 0 [pid 301] <... openat resumed>) = 3 [pid 578] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 562] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] newfstatat(3, "", [pid 578] <... rt_sigaction resumed>NULL, 8) = 0 [pid 562] <... futex resumed>) = 0 [pid 301] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 578] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 562] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 301] getdents64(3, [pid 578] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 576] close(4 [pid 568] <... futex resumed>) = 0 [pid 301] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 578] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 576] <... close resumed>) = 0 [pid 568] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 559] exit_group(0 [pid 301] umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 578] <... mmap resumed>) = 0x7f6220445000 [pid 577] <... futex resumed>) = 0 [pid 576] mkdir("./file0", 0777 [pid 568] <... futex resumed>) = 1 [pid 564] <... futex resumed>) = ? [pid 562] <... futex resumed>) = ? [pid 559] <... exit_group resumed>) = ? [pid 301] <... umount2 resumed>) = 0 [pid 578] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 577] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 576] <... mkdir resumed>) = 0 [pid 568] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 564] +++ exited with 0 +++ [pid 301] umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 578] <... mprotect resumed>) = 0 [pid 577] <... socket resumed>) = 4 [pid 576] mount("/dev/loop2", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 578] rt_sigprocmask(SIG_BLOCK, ~[], [pid 577] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] newfstatat(AT_FDCWD, "./11/bus", [pid 578] <... rt_sigprocmask resumed>[], 8) = 0 [pid 577] <... futex resumed>) = 1 [pid 575] <... open resumed>) = 6 [pid 574] <... ioctl resumed>) = 0 [pid 568] <... futex resumed>) = 0 [pid 578] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 577] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 575] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 574] close(3 [pid 568] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 577] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 575] <... futex resumed>) = 1 [pid 574] <... close resumed>) = 0 [pid 569] <... futex resumed>) = 0 [pid 568] <... futex resumed>) = 0 [pid 301] unlink("./11/bus" [pid 578] <... clone3 resumed> => {parent_tid=[579]}, 88) = 579 [pid 577] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 6, 0 [pid 575] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 574] mkdir("./file0", 0777 [pid 569] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 568] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 579 attached [pid 578] rt_sigprocmask(SIG_SETMASK, [], [pid 577] <... mmap resumed>) = 0x20000000 [pid 575] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 569] <... futex resumed>) = 0 [pid 301] <... unlink resumed>) = 0 [pid 579] set_robust_list(0x7f62204659a0, 24 [pid 578] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 577] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 575] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 574] <... mkdir resumed>) = 0 [pid 569] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 578] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 577] <... futex resumed>) = 1 [pid 575] <... socket resumed>) = 3 [pid 568] <... futex resumed>) = 0 [pid 301] umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 578] <... futex resumed>) = 0 [pid 577] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 575] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 574] mount("/dev/loop1", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 568] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 579] <... set_robust_list resumed>) = 0 [pid 578] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 577] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 575] <... futex resumed>) = 1 [pid 569] <... futex resumed>) = 0 [pid 568] <... futex resumed>) = 0 [pid 301] newfstatat(AT_FDCWD, "./11/binderfs", [pid 579] rt_sigprocmask(SIG_SETMASK, [], [pid 578] <... futex resumed>) = 0 [pid 577] memfd_create("syzkaller", 0 [pid 575] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 569] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 578] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 577] <... memfd_create resumed>) = 7 [pid 575] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 569] <... futex resumed>) = 0 [pid 578] <... mmap resumed>) = 0x7f6220424000 [pid 577] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 575] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 6, 0 [pid 579] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 569] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] unlink("./11/binderfs" [pid 579] memfd_create("syzkaller", 0 [pid 578] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 575] <... mmap resumed>) = 0x20000000 [pid 301] <... unlink resumed>) = 0 [pid 579] <... memfd_create resumed>) = 3 [pid 578] <... mprotect resumed>) = 0 [pid 575] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 579] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 578] rt_sigprocmask(SIG_BLOCK, ~[], [pid 575] <... futex resumed>) = 1 [pid 569] <... futex resumed>) = 0 [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 579] <... mmap resumed>) = 0x7f6218024000 [pid 578] <... rt_sigprocmask resumed>[], 8) = 0 [pid 575] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 569] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] newfstatat(AT_FDCWD, "./11/file0", [pid 579] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 578] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 575] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 569] <... futex resumed>) = 0 [pid 301] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 579] <... write resumed>) = 262144 [pid 575] memfd_create("syzkaller", 0 [pid 301] umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 578] <... clone3 resumed> => {parent_tid=[580]}, 88) = 580 [pid 575] <... memfd_create resumed>) = 7 [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 579] munmap(0x7f6218024000, 262144 [pid 578] rt_sigprocmask(SIG_SETMASK, [], [pid 575] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 301] openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 579] <... munmap resumed>) = 0 [pid 578] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 575] <... mmap resumed>) = 0x7f620fc64000 [pid 301] <... openat resumed>) = 4 [pid 579] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 578] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 575] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 301] newfstatat(4, "", [pid 579] <... openat resumed>) = 4 [pid 578] <... futex resumed>) = 0 [pid 575] <... write resumed>) = 65536 [pid 301] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 579] ioctl(4, LOOP_SET_FD, 3 [pid 578] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 575] munmap(0x7f620fc64000, 65536 [pid 301] getdents64(4, ./strace-static-x86_64: Process 580 attached [pid 579] <... ioctl resumed>) = 0 [pid 577] <... mmap resumed>) = 0x7f620fc65000 [pid 575] <... munmap resumed>) = 0 [pid 562] +++ exited with 0 +++ [pid 559] +++ exited with 0 +++ [pid 301] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 296] <... umount2 resumed>) = 0 [pid 580] set_robust_list(0x7f62204449a0, 24 [pid 579] close(3 [pid 575] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 301] getdents64(4, [pid 300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=559, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- [pid 580] <... set_robust_list resumed>) = 0 [pid 579] <... close resumed>) = 0 [pid 575] <... openat resumed>) = 8 [pid 301] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 580] rt_sigprocmask(SIG_SETMASK, [], [pid 579] mkdir("./file0", 0777 [pid 575] ioctl(8, LOOP_SET_FD, 7 [pid 301] close(4 [pid 580] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 579] <... mkdir resumed>) = 0 [pid 575] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 301] <... close resumed>) = 0 [pid 300] umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW [pid 580] creat("./bus", 000 [pid 579] mount("/dev/loop3", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 575] ioctl(8, LOOP_CLR_FD [pid 301] rmdir("./11/file0" [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 580] <... creat resumed>) = 3 [pid 577] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 576] <... mount resumed>) = -1 EBADMSG (Bad message) [pid 575] <... ioctl resumed>) = 0 [pid 301] <... rmdir resumed>) = 0 [pid 300] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 296] umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 580] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 577] <... write resumed>) = 65536 [pid 576] ioctl(5, LOOP_CLR_FD [pid 301] getdents64(3, [pid 300] <... openat resumed>) = 3 [pid 580] <... futex resumed>) = 1 [pid 578] <... futex resumed>) = 0 [pid 577] munmap(0x7f620fc65000, 65536 [pid 576] <... ioctl resumed>) = 0 [pid 301] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 300] newfstatat(3, "", [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 580] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 578] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 577] <... munmap resumed>) = 0 [pid 576] close(5 [pid 301] close(3 [pid 300] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] newfstatat(AT_FDCWD, "./10/file0", [pid 580] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 578] <... futex resumed>) = 0 [pid 577] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 576] <... close resumed>) = 0 [pid 575] ioctl(8, LOOP_SET_FD, 7 [pid 301] <... close resumed>) = 0 [pid 300] getdents64(3, [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 580] mount("/dev/loop3", "./bus", NULL, MS_BIND, NULL [pid 578] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 577] <... openat resumed>) = 5 [pid 576] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 575] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 301] rmdir("./11" [pid 300] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 296] umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 580] <... mount resumed>) = 0 [pid 577] ioctl(5, LOOP_SET_FD, 7 [pid 576] <... futex resumed>) = 0 [pid 575] close(8 [pid 301] <... rmdir resumed>) = 0 [pid 300] umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 580] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 577] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 576] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 575] <... close resumed>) = 0 [pid 301] mkdir("./12", 0777 [pid 300] <... umount2 resumed>) = 0 [pid 296] openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 580] <... futex resumed>) = 1 [pid 578] <... futex resumed>) = 0 [pid 577] ioctl(5, LOOP_CLR_FD [pid 575] close(7 [pid 301] <... mkdir resumed>) = 0 [pid 300] umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 580] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 578] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 577] <... ioctl resumed>) = 0 [pid 575] <... close resumed>) = 0 [pid 301] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... openat resumed>) = 4 [pid 580] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 578] <... futex resumed>) = 0 [pid 575] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] <... openat resumed>) = 3 [pid 300] newfstatat(AT_FDCWD, "./13/bus", [pid 296] newfstatat(4, "", [pid 580] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 578] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 575] <... futex resumed>) = 0 [pid 301] ioctl(3, LOOP_CLR_FD [pid 300] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 580] <... open resumed>) = 5 [pid 575] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 301] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 300] unlink("./13/bus" [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 580] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 577] ioctl(5, LOOP_SET_FD, 7 [pid 301] close(3 [pid 300] <... unlink resumed>) = 0 [pid 296] getdents64(4, [pid 580] <... futex resumed>) = 1 [pid 578] <... futex resumed>) = 0 [pid 577] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 301] <... close resumed>) = 0 [pid 300] umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 580] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 578] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 577] close(5 [pid 301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 580] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 578] <... futex resumed>) = 0 [pid 577] <... close resumed>) = 0 [pid 300] newfstatat(AT_FDCWD, "./13/binderfs", [pid 580] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 578] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 577] close(7 [pid 301] <... clone resumed>, child_tidptr=0x555556cc7690) = 583 [pid 300] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] getdents64(4, [pid 580] <... socket resumed>) = 6 [pid 577] <... close resumed>) = 0 [pid 300] unlink("./13/binderfs" [pid 296] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 580] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 577] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] <... unlink resumed>) = 0 [pid 296] close(4 [pid 580] <... futex resumed>) = 1 [pid 578] <... futex resumed>) = 0 [pid 577] <... futex resumed>) = 0 [pid 300] umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 580] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 578] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 577] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 568] exit_group(0 [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... close resumed>) = 0 [pid 580] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 578] <... futex resumed>) = 0 [pid 577] <... futex resumed>) = ? [pid 576] <... futex resumed>) = ? [pid 568] <... exit_group resumed>) = ? [pid 300] newfstatat(AT_FDCWD, "./13/file0", [pid 296] rmdir("./10/file0" [pid 580] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 578] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 577] +++ exited with 0 +++ [pid 576] +++ exited with 0 +++ [pid 300] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 25.535678][ T576] loop2: detected capacity change from 0 to 519 [ 25.536287][ T574] loop1: detected capacity change from 0 to 512 [ 25.557712][ T576] EXT4-fs warning (device loop2): read_mmp_block:115: Error -74 while reading MMP block 12 [ 25.566663][ T579] loop3: detected capacity change from 0 to 512 [ 25.569293][ T574] EXT4-fs warning (device loop1): read_mmp_block:115: Error -74 while reading MMP block 12 [pid 580] <... mmap resumed>) = 0x20000000 [pid 300] umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 580] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 580] <... futex resumed>) = 1 [pid 578] <... futex resumed>) = 0 [pid 300] openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 296] <... rmdir resumed>) = 0 [pid 580] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 578] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] <... openat resumed>) = 4 [pid 580] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 578] <... futex resumed>) = 0 [pid 300] newfstatat(4, "", [pid 296] getdents64(3, [pid 580] memfd_create("syzkaller", 0 [pid 300] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 580] <... memfd_create resumed>) = 7 [pid 300] getdents64(4, [pid 296] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 580] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 300] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 580] <... mmap resumed>) = 0x7f620fc64000 [pid 300] getdents64(4, [pid 296] close(3 [pid 580] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 300] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 296] <... close resumed>) = 0 [pid 580] <... write resumed>) = 65536 [pid 300] close(4 [pid 580] munmap(0x7f620fc64000, 65536 [pid 300] <... close resumed>) = 0 ./strace-static-x86_64: Process 583 attached [pid 300] rmdir("./13/file0" [pid 583] set_robust_list(0x555556cc76a0, 24 [pid 300] <... rmdir resumed>) = 0 [pid 296] rmdir("./10" [pid 583] <... set_robust_list resumed>) = 0 [pid 300] getdents64(3, [pid 583] chdir("./12" [pid 568] +++ exited with 0 +++ [pid 300] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 583] <... chdir resumed>) = 0 [pid 300] close(3 [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=568, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 296] <... rmdir resumed>) = 0 [pid 583] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 300] <... close resumed>) = 0 [pid 296] mkdir("./11", 0777 [pid 583] <... prctl resumed>) = 0 [pid 300] rmdir("./13" [pid 583] setpgid(0, 0 [pid 580] <... munmap resumed>) = 0 [pid 300] <... rmdir resumed>) = 0 [pid 298] umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... mkdir resumed>) = 0 [pid 583] <... setpgid resumed>) = 0 [pid 580] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 300] mkdir("./14", 0777 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 583] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 580] <... openat resumed>) = 8 [pid 300] <... mkdir resumed>) = 0 [pid 298] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 296] <... openat resumed>) = 3 [pid 583] <... openat resumed>) = 3 [pid 580] ioctl(8, LOOP_SET_FD, 7 [pid 300] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 298] <... openat resumed>) = 3 [pid 296] ioctl(3, LOOP_CLR_FD [pid 583] write(3, "1000", 4 [pid 580] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 300] <... openat resumed>) = 3 [pid 298] newfstatat(3, "", [pid 583] <... write resumed>) = 4 [pid 580] ioctl(8, LOOP_CLR_FD [pid 300] ioctl(3, LOOP_CLR_FD [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 583] close(3 [pid 580] <... ioctl resumed>) = 0 [pid 300] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 298] getdents64(3, [pid 583] <... close resumed>) = 0 [pid 300] close(3 [pid 298] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 296] close(3 [pid 583] symlink("/dev/binderfs", "./binderfs" [pid 300] <... close resumed>) = 0 [pid 298] umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 583] <... symlink resumed>) = 0 [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 296] <... close resumed>) = 0 [pid 583] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... umount2 resumed>) = 0 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 583] <... futex resumed>) = 0 [pid 580] ioctl(8, LOOP_SET_FD, 7 [pid 300] <... clone resumed>, child_tidptr=0x555556cc7690) = 584 [pid 298] umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 583] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 580] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 583] <... rt_sigaction resumed>NULL, 8) = 0 [pid 580] close(8 [pid 298] newfstatat(AT_FDCWD, "./10/bus", [pid 583] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 580] <... close resumed>) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 583] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 580] close(7 [pid 298] unlink("./10/bus" [pid 583] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 580] <... close resumed>) = 0 [pid 298] <... unlink resumed>) = 0 [pid 583] <... mmap resumed>) = 0x7f6220445000 [pid 580] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 583] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 580] <... futex resumed>) = 0 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 583] <... mprotect resumed>) = 0 [pid 580] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 298] newfstatat(AT_FDCWD, "./10/binderfs", [pid 583] rt_sigprocmask(SIG_BLOCK, ~[], [pid 298] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 583] <... rt_sigprocmask resumed>[], 8) = 0 [pid 298] unlink("./10/binderfs" [pid 583] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 298] <... unlink resumed>) = 0 [pid 298] umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 584 attached [pid 583] <... clone3 resumed> => {parent_tid=[585]}, 88) = 585 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 584] set_robust_list(0x555556cc76a0, 24 [pid 583] rt_sigprocmask(SIG_SETMASK, [], [pid 298] newfstatat(AT_FDCWD, "./10/file0", [pid 584] <... set_robust_list resumed>) = 0 [pid 583] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 584] chdir("./14" [pid 583] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 584] <... chdir resumed>) = 0 [pid 583] <... futex resumed>) = 0 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 584] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 583] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 584] <... prctl resumed>) = 0 [pid 583] <... futex resumed>) = 0 [pid 298] <... openat resumed>) = 4 [pid 584] setpgid(0, 0 [pid 583] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 298] newfstatat(4, "", [pid 584] <... setpgid resumed>) = 0 [pid 583] <... mmap resumed>) = 0x7f6220424000 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 584] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 583] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 298] getdents64(4, [pid 584] <... openat resumed>) = 3 [pid 583] <... mprotect resumed>) = 0 [pid 298] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 584] write(3, "1000", 4 [pid 583] rt_sigprocmask(SIG_BLOCK, ~[], [pid 298] getdents64(4, [pid 584] <... write resumed>) = 4 [pid 583] <... rt_sigprocmask resumed>[], 8) = 0 [pid 298] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 584] close(3 [pid 583] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 298] close(4 [pid 584] <... close resumed>) = 0 [pid 298] <... close resumed>) = 0 [pid 583] <... clone3 resumed> => {parent_tid=[586]}, 88) = 586 [pid 298] rmdir("./10/file0" [pid 296] <... clone resumed>, child_tidptr=0x555556cc7690) = 587 [pid 583] rt_sigprocmask(SIG_SETMASK, [], [pid 298] <... rmdir resumed>) = 0 ./strace-static-x86_64: Process 587 attached ./strace-static-x86_64: Process 586 attached ./strace-static-x86_64: Process 585 attached [pid 584] symlink("/dev/binderfs", "./binderfs" [pid 583] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 574] <... mount resumed>) = -1 EBADMSG (Bad message) [pid 298] getdents64(3, [pid 587] set_robust_list(0x555556cc76a0, 24 [pid 586] set_robust_list(0x7f62204449a0, 24 [pid 585] set_robust_list(0x7f62204659a0, 24 [pid 584] <... symlink resumed>) = 0 [pid 583] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 574] ioctl(5, LOOP_CLR_FD [pid 298] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 587] <... set_robust_list resumed>) = 0 [pid 586] <... set_robust_list resumed>) = 0 [pid 585] <... set_robust_list resumed>) = 0 [pid 584] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 583] <... futex resumed>) = 0 [pid 574] <... ioctl resumed>) = 0 [pid 298] close(3 [pid 587] chdir("./11" [pid 586] rt_sigprocmask(SIG_SETMASK, [], [pid 585] rt_sigprocmask(SIG_SETMASK, [], [pid 584] <... futex resumed>) = 0 [pid 583] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 574] close(5 [pid 298] <... close resumed>) = 0 [pid 587] <... chdir resumed>) = 0 [pid 586] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 585] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 584] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 587] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 586] creat("./bus", 000 [pid 585] memfd_create("syzkaller", 0 [pid 574] <... close resumed>) = 0 [pid 584] <... rt_sigaction resumed>NULL, 8) = 0 [pid 298] rmdir("./10" [pid 587] <... prctl resumed>) = 0 [pid 586] <... creat resumed>) = 3 [pid 585] <... memfd_create resumed>) = 4 [pid 584] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 574] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 587] setpgid(0, 0 [pid 586] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 585] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 587] <... setpgid resumed>) = 0 [pid 586] <... futex resumed>) = 1 [pid 585] <... mmap resumed>) = 0x7f6218024000 [pid 583] <... futex resumed>) = 0 [pid 298] <... rmdir resumed>) = 0 [pid 587] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 586] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 585] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 584] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 583] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 574] <... futex resumed>) = 0 [pid 298] mkdir("./11", 0777 [pid 587] <... openat resumed>) = 3 [pid 586] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 585] <... write resumed>) = 262144 [pid 584] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 583] <... futex resumed>) = 0 [pid 579] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 574] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 569] exit_group(0 [pid 587] write(3, "1000", 4 [pid 586] mount("/dev/loop5", "./bus", NULL, MS_BIND, NULL [pid 585] munmap(0x7f6218024000, 262144 [pid 587] <... write resumed>) = 4 [pid 586] <... mount resumed>) = 0 [pid 585] <... munmap resumed>) = 0 [pid 584] <... mmap resumed>) = 0x7f6220445000 [pid 583] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 579] ioctl(4, LOOP_CLR_FD [pid 575] <... futex resumed>) = ? [pid 574] <... futex resumed>) = ? [pid 569] <... exit_group resumed>) = ? [pid 298] <... mkdir resumed>) = 0 [pid 587] close(3 [pid 586] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 585] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 587] <... close resumed>) = 0 [pid 586] <... futex resumed>) = 0 [pid 585] <... openat resumed>) = 5 [pid 579] <... ioctl resumed>) = 0 [ 25.620215][ T579] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 25.637186][ T579] EXT4-fs error (device loop3): ext4_init_orphan_info:586: comm syz-executor172: inode #0: comm syz-executor172: iget: illegal inode # [ 25.653736][ T579] EXT4-fs (loop3): get orphan inode failed [ 25.665517][ T579] EXT4-fs (loop3): mount failed [pid 587] symlink("/dev/binderfs", "./binderfs" [pid 586] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 585] ioctl(5, LOOP_SET_FD, 4 [pid 587] <... symlink resumed>) = 0 [pid 584] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 583] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 579] close(4 [pid 575] +++ exited with 0 +++ [pid 298] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 587] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 579] <... close resumed>) = 0 [pid 587] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, NULL, 8) = 0 [pid 579] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 587] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 579] <... futex resumed>) = 0 [pid 587] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220445000 [pid 579] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 578] exit_group(0 [pid 583] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 587] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 584] <... mprotect resumed>) = 0 [pid 586] <... futex resumed>) = 0 [pid 583] <... futex resumed>) = 1 [pid 580] <... futex resumed>) = ? [pid 579] <... futex resumed>) = ? [pid 578] <... exit_group resumed>) = ? [pid 298] <... openat resumed>) = 3 [pid 587] <... mprotect resumed>) = 0 [pid 586] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 584] rt_sigprocmask(SIG_BLOCK, ~[], [pid 587] rt_sigprocmask(SIG_BLOCK, ~[], [pid 586] <... open resumed>) = 6 [pid 585] <... ioctl resumed>) = 0 [pid 584] <... rt_sigprocmask resumed>[], 8) = 0 [pid 583] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 580] +++ exited with 0 +++ [pid 298] ioctl(3, LOOP_CLR_FD [pid 587] <... rt_sigprocmask resumed>[], 8) = 0 [pid 586] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 584] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 583] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 298] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 587] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 586] <... futex resumed>) = 0 [pid 583] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] close(3 [pid 586] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 584] <... clone3 resumed> => {parent_tid=[588]}, 88) = 588 [pid 583] <... futex resumed>) = 0 [pid 587] <... clone3 resumed> => {parent_tid=[589]}, 88) = 589 [pid 586] <... socket resumed>) = 7 [pid 584] rt_sigprocmask(SIG_SETMASK, [], [pid 583] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] <... close resumed>) = 0 [pid 587] rt_sigprocmask(SIG_SETMASK, [], [pid 586] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 584] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 583] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 587] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 586] <... futex resumed>) = 0 [pid 587] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 586] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 587] <... futex resumed>) = 0 [pid 587] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 587] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220424000 [pid 587] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 583] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 587] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 587] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} => {parent_tid=[591]}, 88) = 591 [pid 586] <... futex resumed>) = 0 [pid 583] <... futex resumed>) = 1 [pid 584] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... clone resumed>, child_tidptr=0x555556cc7690) = 590 [pid 587] rt_sigprocmask(SIG_SETMASK, [], [pid 586] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 6, 0 [pid 584] <... futex resumed>) = 0 [pid 583] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 591 attached ./strace-static-x86_64: Process 589 attached ./strace-static-x86_64: Process 588 attached [pid 587] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 586] <... mmap resumed>) = 0x20000000 [pid 585] close(4 [pid 584] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 587] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 586] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 584] <... futex resumed>) = 0 [pid 587] <... futex resumed>) = 0 [pid 586] <... futex resumed>) = 1 [pid 584] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 583] <... futex resumed>) = 0 [pid 587] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 586] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 584] <... mmap resumed>) = 0x7f6220424000 [pid 583] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 586] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 584] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 583] <... futex resumed>) = 0 [pid 588] set_robust_list(0x7f62204659a0, 24) = 0 [pid 588] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 588] memfd_create("syzkaller", 0 [pid 589] set_robust_list(0x7f62204659a0, 24 [pid 588] <... memfd_create resumed>) = 3 [pid 589] <... set_robust_list resumed>) = 0 [pid 589] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 584] <... mprotect resumed>) = 0 [pid 585] <... close resumed>) = 0 [pid 584] rt_sigprocmask(SIG_BLOCK, ~[], [pid 586] memfd_create("syzkaller", 0 [pid 584] <... rt_sigprocmask resumed>[], 8) = 0 [pid 589] memfd_create("syzkaller", 0 [pid 586] <... memfd_create resumed>) = 4 [pid 584] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 586] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 585] mkdir(0x20000000, 0777./strace-static-x86_64: Process 592 attached ./strace-static-x86_64: Process 590 attached [pid 586] <... mmap resumed>) = 0x7f620fc64000 [pid 585] <... mkdir resumed>) = 0 [pid 588] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6218024000 [pid 588] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 589] <... memfd_create resumed>) = 3 [pid 589] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6218024000 [pid 589] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 586] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 584] <... clone3 resumed> => {parent_tid=[592]}, 88) = 592 [pid 591] set_robust_list(0x7f62204449a0, 24) = 0 [pid 591] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 591] creat("./bus", 000) = 4 [pid 585] mount("/dev/loop5", 0x20000000, 0x200005c0, MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"...) = -1 ENODEV (No such device) [pid 585] ioctl(5, LOOP_CLR_FD) = 0 [pid 585] close(5 [pid 591] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 585] <... close resumed>) = 0 [pid 591] <... futex resumed>) = 1 [pid 587] <... futex resumed>) = 0 [pid 585] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 591] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 587] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 591] <... mount resumed>) = 0 [pid 587] <... futex resumed>) = 0 [pid 585] <... futex resumed>) = 0 [pid 591] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 587] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 591] <... futex resumed>) = 0 [pid 587] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 585] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 591] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 587] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 591] <... open resumed>) = 5 [pid 587] <... futex resumed>) = 0 [pid 591] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 587] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 584] rt_sigprocmask(SIG_SETMASK, [], [pid 592] set_robust_list(0x7f62204449a0, 24 [pid 591] <... futex resumed>) = 0 [pid 590] set_robust_list(0x555556cc76a0, 24 [pid 588] <... write resumed>) = 262144 [pid 587] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 586] <... write resumed>) = 65536 [pid 584] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 592] <... set_robust_list resumed>) = 0 [pid 591] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 590] <... set_robust_list resumed>) = 0 [pid 587] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 586] munmap(0x7f620fc64000, 65536 [pid 584] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 574] +++ exited with 0 +++ [pid 569] +++ exited with 0 +++ [pid 592] rt_sigprocmask(SIG_SETMASK, [], [pid 591] <... socket resumed>) = 6 [pid 590] chdir("./11" [pid 589] <... write resumed>) = 262144 [pid 588] munmap(0x7f6218024000, 262144 [pid 587] <... futex resumed>) = 0 [pid 586] <... munmap resumed>) = 0 [pid 592] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 591] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 590] <... chdir resumed>) = 0 [pid 589] munmap(0x7f6218024000, 262144 [pid 588] <... munmap resumed>) = 0 [pid 587] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 586] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 584] <... futex resumed>) = 0 [pid 592] creat("./bus", 000 [pid 591] <... futex resumed>) = 0 [pid 590] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 589] <... munmap resumed>) = 0 [pid 588] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 587] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 586] <... openat resumed>) = 5 [pid 584] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=569, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- [pid 591] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 589] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 588] <... openat resumed>) = 4 [pid 587] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 586] ioctl(5, LOOP_SET_FD, 4 [pid 297] restart_syscall(<... resuming interrupted clone ...> [pid 591] <... mmap resumed>) = 0x20000000 [pid 589] <... openat resumed>) = 7 [pid 588] ioctl(4, LOOP_SET_FD, 3 [pid 587] <... futex resumed>) = 0 [pid 586] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 297] <... restart_syscall resumed>) = 0 [pid 592] <... creat resumed>) = 5 [pid 591] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 590] <... prctl resumed>) = 0 [pid 587] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 586] ioctl(5, LOOP_CLR_FD [pid 592] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 590] setpgid(0, 0 [pid 586] <... ioctl resumed>) = 0 [pid 592] <... futex resumed>) = 1 [pid 590] <... setpgid resumed>) = 0 [pid 584] <... futex resumed>) = 0 [pid 297] umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW [pid 592] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 590] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 584] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 592] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 590] <... openat resumed>) = 3 [pid 584] <... futex resumed>) = 0 [pid 297] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 592] mount("/dev/loop4", "./bus", NULL, MS_BIND, NULL [pid 590] write(3, "1000", 4 [pid 584] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] <... openat resumed>) = 3 [pid 592] <... mount resumed>) = 0 [pid 590] <... write resumed>) = 4 [pid 586] ioctl(5, LOOP_SET_FD, 4 [pid 297] newfstatat(3, "", [pid 592] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 590] close(3 [pid 586] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 592] <... futex resumed>) = 1 [pid 590] <... close resumed>) = 0 [pid 586] close(5 [pid 584] <... futex resumed>) = 0 [pid 297] getdents64(3, [pid 592] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 590] symlink("/dev/binderfs", "./binderfs" [pid 586] <... close resumed>) = 0 [pid 584] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 592] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 590] <... symlink resumed>) = 0 [pid 586] close(4 [pid 584] <... futex resumed>) = 0 [pid 297] umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 592] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 591] <... futex resumed>) = 0 [pid 590] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 589] ioctl(7, LOOP_SET_FD, 3 [pid 588] <... ioctl resumed>) = 0 [pid 587] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 586] <... close resumed>) = 0 [pid 584] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 592] <... open resumed>) = 6 [pid 591] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 590] <... futex resumed>) = 0 [pid 586] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... umount2 resumed>) = 0 [pid 592] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 590] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 586] <... futex resumed>) = 0 [pid 297] umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 592] <... futex resumed>) = 1 [pid 590] <... rt_sigaction resumed>NULL, 8) = 0 [pid 586] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 584] <... futex resumed>) = 0 [pid 583] exit_group(0 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 592] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 590] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 586] <... futex resumed>) = ? [pid 584] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 583] <... exit_group resumed>) = ? [pid 297] newfstatat(AT_FDCWD, "./12/bus", [pid 592] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 590] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 586] +++ exited with 0 +++ [pid 584] <... futex resumed>) = 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 592] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 590] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 584] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] unlink("./12/bus" [pid 592] <... socket resumed>) = 7 [pid 590] <... mmap resumed>) = 0x7f6220445000 [pid 297] <... unlink resumed>) = 0 [pid 592] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 590] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 297] umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 592] <... futex resumed>) = 1 [pid 590] <... mprotect resumed>) = 0 [pid 584] <... futex resumed>) = 0 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 592] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 591] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 590] rt_sigprocmask(SIG_BLOCK, ~[], [pid 587] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 584] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] newfstatat(AT_FDCWD, "./12/binderfs", [pid 592] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 590] <... rt_sigprocmask resumed>[], 8) = 0 [pid 585] <... futex resumed>) = ? [pid 584] <... futex resumed>) = 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 592] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 6, 0 [pid 590] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 584] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] unlink("./12/binderfs" [pid 592] <... mmap resumed>) = 0x20000000 [pid 297] <... unlink resumed>) = 0 [pid 592] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 590] <... clone3 resumed> => {parent_tid=[593]}, 88) = 593 [pid 297] umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 592] <... futex resumed>) = 1 [pid 590] rt_sigprocmask(SIG_SETMASK, [], [pid 584] <... futex resumed>) = 0 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 592] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 590] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 584] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] newfstatat(AT_FDCWD, "./12/file0", [pid 592] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 590] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 584] <... futex resumed>) = 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 592] memfd_create("syzkaller", 0 [pid 590] <... futex resumed>) = 0 [pid 297] umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 592] <... memfd_create resumed>) = 8 [pid 590] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 592] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 590] <... futex resumed>) = 0 [pid 297] openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 592] <... mmap resumed>) = 0x7f620fc64000 [pid 590] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 297] <... openat resumed>) = 4 [pid 592] write(8, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 590] <... mmap resumed>) = 0x7f6220424000 [pid 297] newfstatat(4, "", [pid 592] <... write resumed>) = 65536 [pid 590] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 592] munmap(0x7f620fc64000, 65536 [pid 590] <... mprotect resumed>) = 0 [pid 297] getdents64(4, [pid 592] <... munmap resumed>) = 0 [pid 590] rt_sigprocmask(SIG_BLOCK, ~[], [pid 297] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 592] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 590] <... rt_sigprocmask resumed>[], 8) = 0 [pid 297] getdents64(4, [pid 592] <... openat resumed>) = 9 [pid 590] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 297] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 592] ioctl(9, LOOP_SET_FD, 8 [pid 297] close(4 [pid 592] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 590] <... clone3 resumed> => {parent_tid=[594]}, 88) = 594 [pid 297] <... close resumed>) = 0 [pid 592] ioctl(9, LOOP_CLR_FD [pid 590] rt_sigprocmask(SIG_SETMASK, [], [pid 297] rmdir("./12/file0" [pid 592] <... ioctl resumed>) = 0 [pid 590] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 297] <... rmdir resumed>) = 0 [pid 590] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] getdents64(3, [pid 590] <... futex resumed>) = 0 [pid 297] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 593 attached [pid 590] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] close(3 [pid 593] set_robust_list(0x7f62204659a0, 24 [pid 297] <... close resumed>) = 0 [pid 593] <... set_robust_list resumed>) = 0 [pid 297] rmdir("./12" [pid 593] rt_sigprocmask(SIG_SETMASK, [], [pid 592] ioctl(9, LOOP_SET_FD, 8 [pid 587] <... futex resumed>) = 0 [pid 297] <... rmdir resumed>) = 0 [pid 593] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 592] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 297] mkdir("./13", 0777./strace-static-x86_64: Process 594 attached [pid 593] memfd_create("syzkaller", 0 [pid 592] close(9 [pid 589] <... ioctl resumed>) = 0 [pid 588] close(3 [pid 297] <... mkdir resumed>) = 0 [pid 594] set_robust_list(0x7f62204449a0, 24 [pid 593] <... memfd_create resumed>) = 3 [pid 592] <... close resumed>) = 0 [pid 591] memfd_create("syzkaller", 0 [pid 589] close(3 [pid 588] <... close resumed>) = 0 [pid 297] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 594] <... set_robust_list resumed>) = 0 [pid 592] close(8 [pid 589] <... close resumed>) = 0 [pid 588] mkdir(0x20000000, 0777 [pid 594] rt_sigprocmask(SIG_SETMASK, [], [pid 593] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 592] <... close resumed>) = 0 [pid 591] <... memfd_create resumed>) = 3 [pid 589] mkdir(0x20000000, 0777 [pid 588] <... mkdir resumed>) = 0 [pid 297] <... openat resumed>) = 3 [pid 594] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 593] <... mmap resumed>) = 0x7f6218024000 [pid 592] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 591] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 589] <... mkdir resumed>) = 0 [pid 588] mount("/dev/loop4", 0x20000000, 0x200005c0, MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"... [pid 297] ioctl(3, LOOP_CLR_FD [pid 594] creat("./bus", 000 [pid 592] <... futex resumed>) = 0 [pid 591] <... mmap resumed>) = 0x7f620fc64000 [pid 589] mount("/dev/loop0", 0x20000000, 0x200005c0, MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"... [pid 588] <... mount resumed>) = -1 ENODEV (No such device) [pid 297] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 594] <... creat resumed>) = 4 [pid 592] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 589] <... mount resumed>) = -1 ENODEV (No such device) [pid 588] ioctl(4, LOOP_CLR_FD [pid 297] close(3 [pid 594] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 589] ioctl(7, LOOP_CLR_FD [pid 588] <... ioctl resumed>) = 0 [pid 594] <... futex resumed>) = 1 [pid 590] <... futex resumed>) = 0 [pid 589] <... ioctl resumed>) = 0 [pid 588] close(4 [pid 297] <... close resumed>) = 0 [pid 594] mount("/dev/loop2", "./bus", NULL, MS_BIND, NULL [pid 590] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 589] close(7 [pid 588] <... close resumed>) = 0 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 594] <... mount resumed>) = 0 [pid 591] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 590] <... futex resumed>) = 0 [pid 589] <... close resumed>) = 0 [pid 588] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 594] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 589] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 588] <... futex resumed>) = 0 [pid 594] <... futex resumed>) = 0 [pid 589] <... futex resumed>) = 0 [pid 588] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 594] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 589] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 590] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 297] <... clone resumed>, child_tidptr=0x555556cc7690) = 595 [pid 590] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 584] exit_group(0 [pid 594] <... futex resumed>) = 0 [pid 592] <... futex resumed>) = ? [pid 590] <... futex resumed>) = 1 [pid 588] <... futex resumed>) = ? [pid 584] <... exit_group resumed>) = ? [pid 594] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 592] +++ exited with 0 +++ [pid 590] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 588] +++ exited with 0 +++ [pid 594] <... open resumed>) = 5 [pid 594] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 594] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 595 attached [pid 595] set_robust_list(0x555556cc76a0, 24) = 0 [pid 595] chdir("./13") = 0 [pid 590] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 595] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 595] setpgid(0, 0) = 0 [pid 595] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 590] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 594] <... futex resumed>) = 0 [pid 591] <... write resumed>) = 65536 [pid 590] <... futex resumed>) = 1 [pid 594] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 590] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 591] munmap(0x7f620fc64000, 65536 [pid 594] <... socket resumed>) = 6 [pid 593] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 594] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 591] <... munmap resumed>) = 0 [pid 594] <... futex resumed>) = 1 [pid 590] <... futex resumed>) = 0 [pid 594] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 591] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 590] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 594] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 594] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 590] <... futex resumed>) = 0 [pid 594] <... mmap resumed>) = 0x20000000 [pid 594] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 590] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 594] <... futex resumed>) = 0 [pid 590] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 595] <... openat resumed>) = 3 [pid 594] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 591] <... openat resumed>) = 7 [pid 590] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 595] write(3, "1000", 4 [pid 594] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 590] <... futex resumed>) = 0 [pid 591] ioctl(7, LOOP_SET_FD, 3 [pid 595] <... write resumed>) = 4 [pid 594] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000144} --- [pid 590] stat(NULL, [pid 595] close(3 [pid 591] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 595] <... close resumed>) = 0 [pid 591] ioctl(7, LOOP_CLR_FD [pid 595] symlink("/dev/binderfs", "./binderfs" [pid 593] <... write resumed>) = ? [pid 591] <... ioctl resumed>) = 0 [pid 595] <... symlink resumed>) = 0 [pid 593] +++ killed by SIGBUS +++ [pid 595] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 594] +++ killed by SIGBUS +++ [pid 590] +++ killed by SIGBUS +++ [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=590, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 595] <... futex resumed>) = 0 [pid 298] umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW [pid 595] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 595] <... rt_sigaction resumed>NULL, 8) = 0 [pid 298] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 579] +++ exited with 0 +++ [pid 578] +++ exited with 0 +++ [pid 595] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 595] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220445000 [pid 595] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 595] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 595] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} => {parent_tid=[596]}, 88) = 596 [pid 595] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 595] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 595] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 595] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220424000 [pid 595] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 595] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 595] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} => {parent_tid=[597]}, 88) = 597 [pid 595] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 595] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 595] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 597 attached [pid 597] set_robust_list(0x7f62204449a0, 24) = 0 [pid 597] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 597] creat("./bus", 000) = 3 [pid 597] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 595] <... futex resumed>) = 0 [pid 595] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 595] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 597] <... futex resumed>) = 1 [pid 597] mount("/dev/loop1", "./bus", NULL, MS_BIND, NULL) = 0 [pid 597] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 595] <... futex resumed>) = 0 [pid 595] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 595] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 597] <... futex resumed>) = 1 [pid 597] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 4 [pid 597] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 595] <... futex resumed>) = 0 [pid 595] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 595] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 597] <... futex resumed>) = 1 [pid 597] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE) = 5 [pid 597] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 595] <... futex resumed>) = 0 [pid 595] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 595] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 597] <... futex resumed>) = 1 [pid 597] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 4, 0) = 0x20000000 [pid 597] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 595] <... futex resumed>) = 0 [pid 595] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 597] <... futex resumed>) = 1 [pid 597] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000144} --- ./strace-static-x86_64: Process 596 attached [pid 597] +++ killed by SIGBUS +++ [pid 596] +++ killed by SIGBUS +++ [pid 595] +++ killed by SIGBUS +++ [pid 298] <... openat resumed>) = 3 [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=595, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=578, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- [pid 298] newfstatat(3, "", [pid 591] ioctl(7, LOOP_SET_FD, 3 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW [pid 591] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] getdents64(3, [pid 591] close(7 [pid 299] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 585] +++ exited with 0 +++ [pid 584] +++ exited with 0 +++ [pid 583] +++ exited with 0 +++ [pid 299] <... openat resumed>) = 3 [pid 298] <... getdents64 resumed>0x555556cc8730 /* 4 entries */, 32768) = 104 [pid 297] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=583, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=584, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 298] umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] newfstatat(3, "", [pid 297] <... openat resumed>) = 3 [pid 591] <... close resumed>) = 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] <... umount2 resumed>) = 0 [pid 297] newfstatat(3, "", [pid 591] close(3 [pid 301] umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] getdents64(3, [pid 298] umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] getdents64(3, [pid 300] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 298] newfstatat(AT_FDCWD, "./11/bus", [pid 301] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 297] <... getdents64 resumed>0x555556cc8730 /* 4 entries */, 32768) = 104 [pid 300] <... openat resumed>) = 3 [pid 298] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 301] <... openat resumed>) = 3 [pid 300] newfstatat(3, "", [pid 299] umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] unlink("./11/bus" [pid 297] umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 301] newfstatat(3, "", [pid 300] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 301] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 300] getdents64(3, [pid 298] <... unlink resumed>) = 0 [pid 301] getdents64(3, [pid 299] <... umount2 resumed>) = 0 [pid 297] <... umount2 resumed>) = 0 [pid 300] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 128 [pid 301] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 128 [pid 299] umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 301] umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./12/bus", [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 301] <... umount2 resumed>) = 0 [pid 300] <... umount2 resumed>) = 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 301] umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] unlink("./12/bus" [pid 298] newfstatat(AT_FDCWD, "./11/binderfs", [pid 297] newfstatat(AT_FDCWD, "./13/bus", [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 25.676727][ T585] loop5: detected capacity change from 0 to 512 [ 25.700624][ T588] loop4: detected capacity change from 0 to 512 [ 25.707472][ T589] loop0: detected capacity change from 0 to 512 [ 25.714480][ T591] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 31 prio class 0 [pid 591] <... close resumed>) = 0 [pid 301] newfstatat(AT_FDCWD, "./12/bus", [pid 300] newfstatat(AT_FDCWD, "./14/bus", [pid 299] <... unlink resumed>) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 591] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 300] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] unlink("./11/binderfs" [pid 297] unlink("./13/bus" [pid 591] <... futex resumed>) = 0 [pid 587] exit_group(0 [pid 301] unlink("./12/bus" [pid 300] unlink("./14/bus" [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] <... unlink resumed>) = 0 [pid 589] <... futex resumed>) = ? [pid 587] <... exit_group resumed>) = ? [pid 297] <... unlink resumed>) = 0 [pid 589] +++ exited with 0 +++ [pid 301] <... unlink resumed>) = 0 [pid 300] <... unlink resumed>) = 0 [pid 299] newfstatat(AT_FDCWD, "./12/binderfs", [pid 298] getdents64(3, [pid 301] umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] unlink("./12/binderfs" [pid 298] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 301] newfstatat(AT_FDCWD, "./12/binderfs", [pid 300] newfstatat(AT_FDCWD, "./14/binderfs", [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 301] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 300] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] <... unlink resumed>) = 0 [pid 298] close(3 [pid 297] newfstatat(AT_FDCWD, "./13/binderfs", [pid 301] unlink("./12/binderfs" [pid 300] unlink("./14/binderfs" [pid 299] umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] <... close resumed>) = 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 301] <... unlink resumed>) = 0 [pid 300] <... unlink resumed>) = 0 [pid 298] rmdir("./11" [pid 297] unlink("./13/binderfs" [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 301] umount2("./12/ext4", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] umount2("./14/ext4", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] <... rmdir resumed>) = 0 [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./12/file0", [pid 297] <... unlink resumed>) = 0 [pid 298] mkdir("./12", 0777 [pid 301] newfstatat(AT_FDCWD, "./12/ext4", [pid 300] newfstatat(AT_FDCWD, "./14/ext4", [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] getdents64(3, [pid 298] <... mkdir resumed>) = 0 [pid 301] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 300] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 297] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 301] umount2("./12/ext4", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] umount2("./14/ext4", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] <... openat resumed>) = 3 [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 298] ioctl(3, LOOP_CLR_FD [pid 297] close(3 [pid 301] openat(AT_FDCWD, "./12/ext4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 300] openat(AT_FDCWD, "./14/ext4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 299] <... openat resumed>) = 4 [pid 298] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 301] <... openat resumed>) = 4 [pid 300] <... openat resumed>) = 4 [pid 299] newfstatat(4, "", [pid 298] close(3 [pid 297] <... close resumed>) = 0 [pid 301] newfstatat(4, "", [pid 300] newfstatat(4, "", [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 301] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 300] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] <... close resumed>) = 0 [pid 297] rmdir("./13" [pid 299] getdents64(4, [pid 301] getdents64(4, [pid 300] getdents64(4, [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 598 attached [pid 301] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 300] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 299] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 297] <... rmdir resumed>) = 0 [pid 301] getdents64(4, [pid 300] getdents64(4, [pid 299] getdents64(4, [pid 298] <... clone resumed>, child_tidptr=0x555556cc7690) = 598 [pid 297] mkdir("./14", 0777 [pid 301] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 300] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 299] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 297] <... mkdir resumed>) = 0 [pid 301] close(4 [pid 300] close(4 [pid 299] close(4 [pid 297] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 301] <... close resumed>) = 0 [pid 300] <... close resumed>) = 0 [pid 299] <... close resumed>) = 0 [pid 297] <... openat resumed>) = 3 [pid 301] rmdir("./12/ext4" [pid 300] rmdir("./14/ext4" [pid 299] rmdir("./12/file0" [pid 297] ioctl(3, LOOP_CLR_FD [pid 301] <... rmdir resumed>) = 0 [pid 300] <... rmdir resumed>) = 0 [pid 299] <... rmdir resumed>) = 0 [pid 297] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 301] getdents64(3, [pid 300] getdents64(3, [pid 299] getdents64(3, [pid 297] close(3 [pid 598] set_robust_list(0x555556cc76a0, 24 [pid 301] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 300] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 299] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 297] <... close resumed>) = 0 [pid 598] <... set_robust_list resumed>) = 0 [pid 301] close(3 [pid 300] close(3 [pid 299] close(3 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 598] chdir("./12" [pid 301] <... close resumed>) = 0 [pid 300] <... close resumed>) = 0 [pid 299] <... close resumed>) = 0 [pid 598] <... chdir resumed>) = 0 [pid 301] rmdir("./12" [pid 300] rmdir("./14" [pid 299] rmdir("./12" [pid 297] <... clone resumed>, child_tidptr=0x555556cc7690) = 599 [pid 598] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 301] <... rmdir resumed>) = 0 [pid 300] <... rmdir resumed>) = 0 [pid 299] <... rmdir resumed>) = 0 [pid 598] <... prctl resumed>) = 0 [pid 301] mkdir("./13", 0777 [pid 300] mkdir("./15", 0777 [pid 299] mkdir("./13", 0777./strace-static-x86_64: Process 599 attached [pid 598] setpgid(0, 0 [pid 301] <... mkdir resumed>) = 0 [pid 300] <... mkdir resumed>) = 0 [pid 299] <... mkdir resumed>) = 0 [pid 598] <... setpgid resumed>) = 0 [pid 301] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 300] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 299] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 599] set_robust_list(0x555556cc76a0, 24 [pid 598] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 301] <... openat resumed>) = 3 [pid 300] <... openat resumed>) = 3 [pid 299] <... openat resumed>) = 3 [pid 598] <... openat resumed>) = 3 [pid 301] ioctl(3, LOOP_CLR_FD [pid 300] ioctl(3, LOOP_CLR_FD [pid 299] ioctl(3, LOOP_CLR_FD [pid 598] write(3, "1000", 4 [pid 301] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 300] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 299] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 598] <... write resumed>) = 4 [pid 301] close(3 [pid 300] close(3 [pid 299] close(3 [pid 598] close(3 [pid 301] <... close resumed>) = 0 [pid 300] <... close resumed>) = 0 [pid 299] <... close resumed>) = 0 [pid 598] <... close resumed>) = 0 [pid 301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 601 attached ./strace-static-x86_64: Process 600 attached [pid 599] <... set_robust_list resumed>) = 0 [pid 598] symlink("/dev/binderfs", "./binderfs") = 0 [pid 301] <... clone resumed>, child_tidptr=0x555556cc7690) = 600 [pid 300] <... clone resumed>, child_tidptr=0x555556cc7690) = 601 [pid 299] <... clone resumed>, child_tidptr=0x555556cc7690) = 602 [pid 598] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 598] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, NULL, 8) = 0 [pid 598] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 598] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220445000 [pid 598] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 598] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 598] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} => {parent_tid=[603]}, 88) = 603 [pid 598] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 598] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 598] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 598] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220424000 [pid 598] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 598] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 598] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} => {parent_tid=[604]}, 88) = 604 [pid 598] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 598] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 598] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 604 attached [pid 604] set_robust_list(0x7f62204449a0, 24) = 0 [pid 604] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 604] creat("./bus", 000 [pid 599] chdir("./14" [pid 600] set_robust_list(0x555556cc76a0, 24 [pid 599] <... chdir resumed>) = 0 [pid 600] <... set_robust_list resumed>) = 0 [pid 604] <... creat resumed>) = 3 [pid 604] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 598] <... futex resumed>) = 0 [pid 598] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 598] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 604] <... futex resumed>) = 1 [pid 604] mount("/dev/loop2", "./bus", NULL, MS_BIND, NULL) = 0 [pid 599] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 604] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 598] <... futex resumed>) = 0 [pid 599] setpgid(0, 0 [pid 598] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 599] <... setpgid resumed>) = 0 [pid 598] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 604] <... futex resumed>) = 1 [pid 604] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 4 [pid 599] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 604] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 598] <... futex resumed>) = 0 [pid 598] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 598] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 604] <... futex resumed>) = 1 [pid 604] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE) = 5 [pid 604] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 602 attached [pid 601] set_robust_list(0x555556cc76a0, 24 [pid 600] chdir("./13" [pid 599] <... openat resumed>) = 3 [pid 591] +++ exited with 0 +++ [pid 587] +++ exited with 0 +++ [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=587, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- [pid 296] umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 296] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] getdents64(3, 0x555556cc8730 /* 5 entries */, 32768) = 128 [pid 296] umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 296] umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./11/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] unlink("./11/bus") = 0 [pid 296] umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] unlink("./11/binderfs" [pid 598] <... futex resumed>) = 0 [pid 296] <... unlink resumed>) = 0 [pid 604] <... futex resumed>) = 1 [pid 598] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] umount2("./11/ext4", MNT_DETACH|UMOUNT_NOFOLLOW [pid 604] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 4, 0 [pid 598] <... futex resumed>) = 0 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 604] <... mmap resumed>) = 0x20000000 [pid 598] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 296] newfstatat(AT_FDCWD, "./11/ext4", [pid 604] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 604] <... futex resumed>) = 1 [pid 598] <... futex resumed>) = 0 [pid 296] umount2("./11/ext4", MNT_DETACH|UMOUNT_NOFOLLOW [pid 604] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000144} --- [pid 598] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 598] <... futex resumed>) = ? [pid 296] openat(AT_FDCWD, "./11/ext4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 296] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] getdents64(4, 0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 296] getdents64(4, 0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 296] close(4) = 0 [pid 296] rmdir("./11/ext4") = 0 [pid 296] getdents64(3, 0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 296] close(3) = 0 [pid 296] rmdir("./11") = 0 [pid 296] mkdir("./12", 0777 [pid 600] <... chdir resumed>) = 0 [pid 599] write(3, "1000", 4 [pid 296] <... mkdir resumed>) = 0 [pid 296] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 600] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 599] <... write resumed>) = 4 [pid 296] <... openat resumed>) = 3 [pid 296] ioctl(3, LOOP_CLR_FD./strace-static-x86_64: Process 603 attached ) = -1 ENXIO (No such device or address) [pid 603] +++ killed by SIGBUS +++ [pid 296] close(3 [pid 604] +++ killed by SIGBUS +++ [pid 601] <... set_robust_list resumed>) = 0 [pid 600] <... prctl resumed>) = 0 [pid 599] close(3 [pid 598] +++ killed by SIGBUS +++ [pid 296] <... close resumed>) = 0 [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=598, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 599] <... close resumed>) = 0 [pid 600] setpgid(0, 0 [pid 296] <... clone resumed>, child_tidptr=0x555556cc7690) = 605 [pid 601] chdir("./15" [pid 599] symlink("/dev/binderfs", "./binderfs" [pid 298] umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 298] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(3, 0x555556cc8730 /* 4 entries */, 32768) = 104 [pid 298] umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 298] umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./12/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] unlink("./12/bus") = 0 [pid 600] <... setpgid resumed>) = 0 [pid 599] <... symlink resumed>) = 0 [pid 298] umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./12/binderfs", [pid 599] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] unlink("./12/binderfs" [pid 600] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 599] <... futex resumed>) = 0 [pid 298] <... unlink resumed>) = 0 [pid 298] getdents64(3, 0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 298] close(3) = 0 [pid 298] rmdir("./12" [pid 600] <... openat resumed>) = 3 [pid 601] <... chdir resumed>) = 0 [pid 599] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 298] <... rmdir resumed>) = 0 [pid 602] set_robust_list(0x555556cc76a0, 24 [pid 298] mkdir("./13", 0777 [pid 602] <... set_robust_list resumed>) = 0 [pid 601] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 600] write(3, "1000", 4 [pid 599] <... rt_sigaction resumed>NULL, 8) = 0 [pid 298] <... mkdir resumed>) = 0 [pid 601] <... prctl resumed>) = 0 [pid 600] <... write resumed>) = 4 [pid 599] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 298] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 601] setpgid(0, 0 [pid 600] close(3 [pid 599] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 298] <... openat resumed>) = 3 [pid 601] <... setpgid resumed>) = 0 [pid 600] <... close resumed>) = 0 [pid 599] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 298] ioctl(3, LOOP_CLR_FD [pid 600] symlink("/dev/binderfs", "./binderfs" [pid 599] <... mmap resumed>) = 0x7f6220445000 [pid 298] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 601] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 599] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 298] close(3 [pid 600] <... symlink resumed>) = 0 [pid 599] <... mprotect resumed>) = 0 [pid 298] <... close resumed>) = 0 [pid 601] <... openat resumed>) = 3 [pid 600] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 601] write(3, "1000", 4 [pid 600] <... futex resumed>) = 0 [pid 599] rt_sigprocmask(SIG_BLOCK, ~[], [pid 601] <... write resumed>) = 4 [pid 600] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 599] <... rt_sigprocmask resumed>[], 8) = 0 [pid 298] <... clone resumed>, child_tidptr=0x555556cc7690) = 606 ./strace-static-x86_64: Process 606 attached [pid 602] chdir("./13" [pid 601] close(3 [pid 600] <... rt_sigaction resumed>NULL, 8) = 0 [pid 599] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 600] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 606] set_robust_list(0x555556cc76a0, 24 [pid 602] <... chdir resumed>) = 0 [pid 601] <... close resumed>) = 0 [pid 600] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 599] <... clone3 resumed> => {parent_tid=[607]}, 88) = 607 [pid 600] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 606] <... set_robust_list resumed>) = 0 [pid 602] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 601] symlink("/dev/binderfs", "./binderfs" [pid 600] <... mmap resumed>) = 0x7f6220445000 [pid 599] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 605 attached [pid 605] set_robust_list(0x555556cc76a0, 24) = 0 [pid 605] chdir("./12") = 0 [pid 599] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 600] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 605] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 605] setpgid(0, 0 [pid 601] <... symlink resumed>) = 0 [pid 600] <... mprotect resumed>) = 0 [pid 599] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 605] <... setpgid resumed>) = 0 [pid 605] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 599] <... futex resumed>) = 0 [pid 602] <... prctl resumed>) = 0 [pid 601] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 600] rt_sigprocmask(SIG_BLOCK, ~[], [pid 599] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 605] <... openat resumed>) = 3 [pid 601] <... futex resumed>) = 0 [pid 600] <... rt_sigprocmask resumed>[], 8) = 0 [pid 599] <... futex resumed>) = 0 [pid 606] chdir("./13" [pid 605] write(3, "1000", 4 [pid 602] setpgid(0, 0 [pid 601] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 600] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 599] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 605] <... write resumed>) = 4 [pid 605] close(3) = 0 [pid 605] symlink("/dev/binderfs", "./binderfs") = 0 [pid 605] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 605] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 599] <... mmap resumed>) = 0x7f6220424000 [pid 601] <... rt_sigaction resumed>NULL, 8) = 0 [pid 605] <... rt_sigaction resumed>NULL, 8) = 0 [pid 601] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 600] <... clone3 resumed> => {parent_tid=[608]}, 88) = 608 [pid 599] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 605] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 601] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 600] rt_sigprocmask(SIG_SETMASK, [], [pid 599] <... mprotect resumed>) = 0 [pid 602] <... setpgid resumed>) = 0 ./strace-static-x86_64: Process 607 attached [pid 606] <... chdir resumed>) = 0 [pid 605] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 601] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 600] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 599] rt_sigprocmask(SIG_BLOCK, ~[], [pid 607] set_robust_list(0x7f62204659a0, 24 [pid 605] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 601] <... mmap resumed>) = 0x7f6220445000 [pid 600] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 599] <... rt_sigprocmask resumed>[], 8) = 0 [pid 607] <... set_robust_list resumed>) = 0 [pid 605] <... mmap resumed>) = 0x7f6220445000 [pid 601] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 600] <... futex resumed>) = 0 [pid 599] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 607] rt_sigprocmask(SIG_SETMASK, [], [pid 605] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 601] <... mprotect resumed>) = 0 [pid 607] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 605] <... mprotect resumed>) = 0 [pid 600] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 607] memfd_create("syzkaller", 0 [pid 605] rt_sigprocmask(SIG_BLOCK, ~[], [pid 601] rt_sigprocmask(SIG_BLOCK, ~[], [pid 600] <... futex resumed>) = 0 [pid 599] <... clone3 resumed> => {parent_tid=[609]}, 88) = 609 [pid 607] <... memfd_create resumed>) = 3 [pid 605] <... rt_sigprocmask resumed>[], 8) = 0 [pid 602] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 601] <... rt_sigprocmask resumed>[], 8) = 0 [pid 600] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 599] rt_sigprocmask(SIG_SETMASK, [], [pid 607] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 606] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 605] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 602] <... openat resumed>) = 3 [pid 601] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 600] <... mmap resumed>) = 0x7f6220424000 [pid 599] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 607] <... mmap resumed>) = 0x7f6218024000 [pid 606] <... prctl resumed>) = 0 ./strace-static-x86_64: Process 611 attached [pid 607] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 606] setpgid(0, 0 [pid 605] <... clone3 resumed> => {parent_tid=[610]}, 88) = 610 [pid 602] write(3, "1000", 4 [pid 600] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 599] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 608 attached [pid 611] set_robust_list(0x7f62204659a0, 24 [pid 607] <... write resumed>) = 262144 [pid 606] <... setpgid resumed>) = 0 [pid 605] rt_sigprocmask(SIG_SETMASK, [], [pid 602] <... write resumed>) = 4 [pid 601] <... clone3 resumed> => {parent_tid=[611]}, 88) = 611 [pid 600] <... mprotect resumed>) = 0 [pid 599] <... futex resumed>) = 0 [pid 608] set_robust_list(0x7f62204659a0, 24 [pid 607] munmap(0x7f6218024000, 262144 [pid 605] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 602] close(3 [pid 601] rt_sigprocmask(SIG_SETMASK, [], [pid 600] rt_sigprocmask(SIG_BLOCK, ~[], [pid 608] <... set_robust_list resumed>) = 0 [pid 607] <... munmap resumed>) = 0 [pid 605] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 602] <... close resumed>) = 0 [pid 601] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 600] <... rt_sigprocmask resumed>[], 8) = 0 [pid 599] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 609 attached [pid 608] rt_sigprocmask(SIG_SETMASK, [], [pid 607] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 605] <... futex resumed>) = 0 [pid 602] symlink("/dev/binderfs", "./binderfs" [pid 601] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 600] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 609] set_robust_list(0x7f62204449a0, 24 [pid 608] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 607] <... openat resumed>) = 4 [pid 605] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 601] <... futex resumed>) = 0 ./strace-static-x86_64: Process 612 attached [pid 611] <... set_robust_list resumed>) = 0 [pid 609] <... set_robust_list resumed>) = 0 [pid 608] memfd_create("syzkaller", 0 [pid 607] ioctl(4, LOOP_SET_FD, 3 [pid 606] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 605] <... futex resumed>) = 0 [pid 602] <... symlink resumed>) = 0 [pid 601] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 610 attached [pid 612] set_robust_list(0x7f62204449a0, 24 [pid 611] rt_sigprocmask(SIG_SETMASK, [], [pid 609] rt_sigprocmask(SIG_SETMASK, [], [pid 608] <... memfd_create resumed>) = 3 [pid 607] <... ioctl resumed>) = 0 [pid 606] <... openat resumed>) = 3 [pid 605] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 602] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 601] <... futex resumed>) = 0 [pid 600] <... clone3 resumed> => {parent_tid=[612]}, 88) = 612 [pid 612] <... set_robust_list resumed>) = 0 [pid 611] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 610] set_robust_list(0x7f62204659a0, 24 [pid 609] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 606] write(3, "1000", 4 [pid 602] <... futex resumed>) = 0 [pid 601] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 600] rt_sigprocmask(SIG_SETMASK, [], [pid 612] rt_sigprocmask(SIG_SETMASK, [], [pid 611] memfd_create("syzkaller", 0 [pid 610] <... set_robust_list resumed>) = 0 [pid 606] <... write resumed>) = 4 [pid 605] <... mmap resumed>) = 0x7f6220424000 [pid 602] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 601] <... mmap resumed>) = 0x7f6220424000 [pid 600] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 612] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 611] <... memfd_create resumed>) = 3 [pid 610] rt_sigprocmask(SIG_SETMASK, [], [pid 609] creat("./bus", 000 [pid 608] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 606] close(3 [pid 602] <... rt_sigaction resumed>NULL, 8) = 0 [pid 605] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 601] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 600] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 612] creat("./bus", 000 [pid 611] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 610] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 609] <... creat resumed>) = 5 [pid 608] <... mmap resumed>) = 0x7f6218024000 [pid 606] <... close resumed>) = 0 [pid 605] <... mprotect resumed>) = 0 [pid 602] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 601] <... mprotect resumed>) = 0 [pid 600] <... futex resumed>) = 0 [pid 612] <... creat resumed>) = 4 [pid 611] <... mmap resumed>) = 0x7f6218024000 [pid 610] memfd_create("syzkaller", 0 [pid 606] symlink("/dev/binderfs", "./binderfs" [pid 605] rt_sigprocmask(SIG_BLOCK, ~[], [pid 602] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 601] rt_sigprocmask(SIG_BLOCK, ~[], [pid 600] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 612] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 611] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 610] <... memfd_create resumed>) = 3 [pid 609] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 608] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 606] <... symlink resumed>) = 0 [pid 605] <... rt_sigprocmask resumed>[], 8) = 0 [pid 602] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 601] <... rt_sigprocmask resumed>[], 8) = 0 [pid 600] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 612] <... futex resumed>) = 0 [pid 611] <... write resumed>) = 262144 [pid 610] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 606] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 605] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 602] <... mmap resumed>) = 0x7f6220445000 [pid 609] <... futex resumed>) = 1 [pid 601] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 600] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 599] <... futex resumed>) = 0 [pid 612] mount("/dev/loop5", "./bus", NULL, MS_BIND, NULL [pid 611] munmap(0x7f6218024000, 262144 [pid 610] <... mmap resumed>) = 0x7f6218024000 [pid 609] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 608] <... write resumed>) = 262144 [pid 606] <... futex resumed>) = 0 [pid 602] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 600] <... futex resumed>) = 0 [pid 599] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 612] <... mount resumed>) = 0 [pid 611] <... munmap resumed>) = 0 [pid 610] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 609] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 608] munmap(0x7f6218024000, 262144 [pid 606] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 605] <... clone3 resumed> => {parent_tid=[613]}, 88) = 613 [pid 602] <... mprotect resumed>) = 0 [pid 601] <... clone3 resumed> => {parent_tid=[614]}, 88) = 614 [pid 600] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 599] <... futex resumed>) = 0 [pid 612] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 611] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 610] <... write resumed>) = 262144 [pid 609] mount("/dev/loop1", "./bus", NULL, MS_BIND, NULL [pid 608] <... munmap resumed>) = 0 [pid 606] <... rt_sigaction resumed>NULL, 8) = 0 [pid 605] rt_sigprocmask(SIG_SETMASK, [], [pid 602] rt_sigprocmask(SIG_BLOCK, ~[], [pid 601] rt_sigprocmask(SIG_SETMASK, [], [pid 600] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 599] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 612] <... futex resumed>) = 0 [pid 611] <... openat resumed>) = 4 [pid 610] munmap(0x7f6218024000, 262144 [pid 606] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 605] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 602] <... rt_sigprocmask resumed>[], 8) = 0 [pid 601] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 600] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 612] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 611] ioctl(4, LOOP_SET_FD, 3 [pid 610] <... munmap resumed>) = 0 [pid 609] <... mount resumed>) = 0 [pid 608] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 606] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 605] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 602] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 601] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 600] <... futex resumed>) = 0 ./strace-static-x86_64: Process 614 attached ./strace-static-x86_64: Process 613 attached [pid 612] <... open resumed>) = 5 [pid 609] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 608] <... openat resumed>) = 6 [pid 607] close(3 [pid 605] <... futex resumed>) = 0 [pid 614] set_robust_list(0x7f62204449a0, 24 [pid 609] <... futex resumed>) = 1 [pid 608] ioctl(6, LOOP_SET_FD, 3 [pid 607] <... close resumed>) = 0 [pid 605] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 599] <... futex resumed>) = 0 ./strace-static-x86_64: Process 615 attached [pid 614] <... set_robust_list resumed>) = 0 [pid 613] set_robust_list(0x7f62204449a0, 24 [pid 612] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 611] <... ioctl resumed>) = 0 [pid 610] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 609] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 606] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 601] <... futex resumed>) = 0 [pid 600] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 615] set_robust_list(0x7f62204659a0, 24 [pid 613] <... set_robust_list resumed>) = 0 [pid 612] <... futex resumed>) = 0 [pid 611] close(3 [pid 610] <... openat resumed>) = 4 [pid 606] <... mmap resumed>) = 0x7f6220445000 [pid 602] <... clone3 resumed> => {parent_tid=[615]}, 88) = 615 [pid 601] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 600] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 615] <... set_robust_list resumed>) = 0 [pid 613] rt_sigprocmask(SIG_SETMASK, [], [pid 612] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 611] <... close resumed>) = 0 [pid 610] ioctl(4, LOOP_SET_FD, 3 [pid 606] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 602] rt_sigprocmask(SIG_SETMASK, [], [pid 600] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 615] rt_sigprocmask(SIG_SETMASK, [], [pid 614] rt_sigprocmask(SIG_SETMASK, [], [pid 613] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 612] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 609] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 608] <... ioctl resumed>) = 0 [pid 607] mkdir("./file0", 0777 [pid 599] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 614] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 609] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 608] close(3 [pid 607] <... mkdir resumed>) = 0 [pid 599] <... futex resumed>) = 0 [pid 614] creat("./bus", 000 [pid 609] <... open resumed>) = 3 [pid 608] <... close resumed>) = 0 [pid 607] mount("/dev/loop1", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 599] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 614] <... creat resumed>) = 3 [pid 609] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 608] mkdir("./file0", 0777 [pid 599] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 614] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 609] <... futex resumed>) = 0 [pid 608] <... mkdir resumed>) = 0 [pid 599] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 614] <... futex resumed>) = 1 [pid 609] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 608] mount("/dev/loop5", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 599] <... futex resumed>) = 0 [pid 614] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 609] <... socket resumed>) = 6 [pid 599] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 609] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 599] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 609] <... futex resumed>) = 0 [pid 599] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 609] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 3, 0 [pid 599] <... futex resumed>) = 0 [pid 609] <... mmap resumed>) = 0x20000000 [pid 599] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 609] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 599] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 609] <... futex resumed>) = 0 [pid 599] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 25.811066][ T607] loop1: detected capacity change from 0 to 512 [ 25.843024][ T611] loop4: detected capacity change from 0 to 512 [ 25.848745][ T608] loop5: detected capacity change from 0 to 512 [ 25.852235][ T610] loop0: detected capacity change from 0 to 512 [pid 611] mkdir("./file0", 0777 [pid 612] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 611] <... mkdir resumed>) = 0 [pid 606] <... mprotect resumed>) = 0 [pid 602] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 615] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 613] creat("./bus", 000 [pid 610] <... ioctl resumed>) = 0 [pid 609] memfd_create("syzkaller", 0 [pid 601] <... futex resumed>) = 0 [pid 600] <... futex resumed>) = 0 [pid 615] memfd_create("syzkaller", 0 [pid 613] <... creat resumed>) = 5 [pid 612] <... socket resumed>) = 3 [pid 611] mount("/dev/loop4", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 610] close(3 [pid 609] <... memfd_create resumed>) = 7 [pid 607] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 606] rt_sigprocmask(SIG_BLOCK, ~[], [pid 602] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 601] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 600] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 615] <... memfd_create resumed>) = 3 [pid 614] <... futex resumed>) = 0 [pid 613] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 612] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 610] <... close resumed>) = 0 [pid 609] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 606] <... rt_sigprocmask resumed>[], 8) = 0 [pid 602] <... futex resumed>) = 0 [pid 601] <... futex resumed>) = 1 [pid 600] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 615] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 614] mount("/dev/loop4", "./bus", NULL, MS_BIND, NULL [pid 613] <... futex resumed>) = 1 [pid 612] <... futex resumed>) = 0 [pid 610] mkdir("./file0", 0777 [pid 609] <... mmap resumed>) = 0x7f620fc64000 [pid 606] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 605] <... futex resumed>) = 0 [pid 602] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 601] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 600] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 615] <... mmap resumed>) = 0x7f6218045000 [pid 614] <... mount resumed>) = 0 [pid 613] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 612] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 609] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 607] ioctl(4, LOOP_CLR_FD [pid 605] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 602] <... futex resumed>) = 0 [pid 600] <... futex resumed>) = 0 [pid 614] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 607] <... ioctl resumed>) = 0 [pid 605] <... futex resumed>) = 0 [pid 614] <... futex resumed>) = 1 [pid 607] close(4 [pid 605] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 616 attached [pid 615] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 614] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 613] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 612] <... mmap resumed>) = 0x20000000 [pid 610] <... mkdir resumed>) = 0 [pid 609] <... write resumed>) = 65536 [pid 606] <... clone3 resumed> => {parent_tid=[616]}, 88) = 616 [pid 602] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 601] <... futex resumed>) = 0 [pid 600] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 616] set_robust_list(0x7f62204659a0, 24 [pid 615] <... write resumed>) = 262144 [pid 613] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 612] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 610] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 609] munmap(0x7f620fc64000, 65536 [pid 606] rt_sigprocmask(SIG_SETMASK, [], [pid 602] <... mmap resumed>) = 0x7f6218024000 [pid 601] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 600] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 614] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 616] <... set_robust_list resumed>) = 0 [pid 615] munmap(0x7f6218045000, 262144 [pid 614] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 613] <... mount resumed>) = 0 [pid 612] <... futex resumed>) = 0 [pid 609] <... munmap resumed>) = 0 [pid 607] <... close resumed>) = 0 [pid 606] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 602] mprotect(0x7f6218025000, 131072, PROT_READ|PROT_WRITE [pid 601] <... futex resumed>) = 0 [pid 600] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 616] rt_sigprocmask(SIG_SETMASK, [], [pid 615] <... munmap resumed>) = 0 [pid 614] <... open resumed>) = 5 [pid 613] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 612] memfd_create("syzkaller", 0 [pid 609] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 607] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 606] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 602] <... mprotect resumed>) = 0 [pid 601] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 600] <... futex resumed>) = 0 [pid 616] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 615] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 614] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 613] <... futex resumed>) = 1 [pid 612] <... memfd_create resumed>) = 7 [pid 609] <... openat resumed>) = 4 [pid 607] <... futex resumed>) = 0 [pid 606] <... futex resumed>) = 0 [pid 605] <... futex resumed>) = 0 [pid 602] rt_sigprocmask(SIG_BLOCK, ~[], [pid 601] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 616] memfd_create("syzkaller", 0 [pid 615] <... openat resumed>) = 4 [pid 613] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 612] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 609] ioctl(4, LOOP_SET_FD, 7 [pid 606] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 602] <... rt_sigprocmask resumed>[], 8) = 0 [pid 601] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 616] <... memfd_create resumed>) = 3 [pid 615] ioctl(4, LOOP_SET_FD, 3 [pid 614] <... futex resumed>) = 0 [pid 613] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 612] <... mmap resumed>) = 0x7f620fc64000 [pid 609] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 606] <... futex resumed>) = 0 [pid 605] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 602] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6218044990, parent_tid=0x7f6218044990, exit_signal=0, stack=0x7f6218024000, stack_size=0x20300, tls=0x7f62180446c0} [pid 601] <... futex resumed>) = 0 [pid 616] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 615] <... ioctl resumed>) = 0 [pid 614] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 613] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 612] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 609] ioctl(4, LOOP_CLR_FD [pid 607] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 606] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 605] <... futex resumed>) = 0 [pid 601] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 616] <... mmap resumed>) = 0x7f6218045000 [pid 615] close(3 [pid 614] <... socket resumed>) = 6 [pid 613] <... open resumed>) = 3 [pid 609] <... ioctl resumed>) = 0 [pid 606] <... mmap resumed>) = 0x7f6218024000 [pid 605] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 602] <... clone3 resumed> => {parent_tid=[619]}, 88) = 619 [pid 616] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 615] <... close resumed>) = 0 [pid 614] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 613] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 606] mprotect(0x7f6218025000, 131072, PROT_READ|PROT_WRITE [pid 605] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 602] rt_sigprocmask(SIG_SETMASK, [], [pid 616] <... write resumed>) = 262144 [pid 615] mkdir("./file0", 0777 [pid 614] <... futex resumed>) = 1 [pid 613] <... futex resumed>) = 0 [ 25.862036][ T607] EXT4-fs (loop1): VFS: Can't find ext4 filesystem [ 25.878744][ T615] loop3: detected capacity change from 0 to 512 [ 25.878751][ T608] EXT4-fs warning (device loop5): read_mmp_block:115: Error -74 while reading MMP block 12 [pid 606] <... mprotect resumed>) = 0 [pid 605] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 602] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 601] <... futex resumed>) = 0 [pid 616] munmap(0x7f6218045000, 262144 [pid 615] <... mkdir resumed>) = 0 [pid 614] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 613] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 606] rt_sigprocmask(SIG_BLOCK, ~[], [pid 605] <... futex resumed>) = 0 [pid 602] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 601] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 616] <... munmap resumed>) = 0 [pid 615] mount("/dev/loop3", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 614] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 613] <... socket resumed>) = 6 [pid 609] ioctl(4, LOOP_SET_FD, 7 [pid 606] <... rt_sigprocmask resumed>[], 8) = 0 [pid 605] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 602] <... futex resumed>) = 0 [pid 601] <... futex resumed>) = 0 [pid 616] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 614] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 613] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 609] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 606] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6218044990, parent_tid=0x7f6218044990, exit_signal=0, stack=0x7f6218024000, stack_size=0x20300, tls=0x7f62180446c0} [pid 605] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 602] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 601] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 622 attached ./strace-static-x86_64: Process 619 attached [pid 616] <... openat resumed>) = 4 [pid 614] <... mmap resumed>) = 0x20000000 [pid 613] <... futex resumed>) = 0 [pid 612] <... write resumed>) = 65536 [pid 611] <... mount resumed>) = 0 [pid 609] close(4 [pid 608] <... mount resumed>) = -1 EBADMSG (Bad message) [pid 605] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 622] set_robust_list(0x7f62180449a0, 24 [pid 614] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 612] munmap(0x7f620fc64000, 65536 [pid 605] <... futex resumed>) = 0 [pid 622] <... set_robust_list resumed>) = 0 [pid 614] <... futex resumed>) = 1 [pid 612] <... munmap resumed>) = 0 [pid 605] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 601] <... futex resumed>) = 0 [pid 622] rt_sigprocmask(SIG_SETMASK, [], [pid 614] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 612] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 601] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 622] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 614] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 612] <... openat resumed>) = 8 [pid 601] <... futex resumed>) = 0 [pid 622] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 614] memfd_create("syzkaller", 0 [pid 612] ioctl(8, LOOP_SET_FD, 7 [pid 614] <... memfd_create resumed>) = 7 [pid 612] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 614] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 612] ioctl(8, LOOP_CLR_FD [pid 614] <... mmap resumed>) = 0x7f620fc64000 [pid 612] <... ioctl resumed>) = 0 [pid 614] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536) = 65536 [pid 614] munmap(0x7f620fc64000, 65536) = 0 [pid 614] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 8 [pid 614] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy) [pid 614] ioctl(8, LOOP_CLR_FD) = 0 [pid 612] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy) [pid 612] close(8 [pid 619] set_robust_list(0x7f62180449a0, 24 [pid 616] ioctl(4, LOOP_SET_FD, 3 [pid 613] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 3, 0 [pid 612] <... close resumed>) = 0 [pid 611] openat(AT_FDCWD, 0x20000000, O_RDONLY|O_DIRECTORY [pid 610] <... mount resumed>) = 0 [pid 609] <... close resumed>) = 0 [pid 608] ioctl(6, LOOP_CLR_FD [pid 606] <... clone3 resumed> => {parent_tid=[622]}, 88) = 622 [pid 619] <... set_robust_list resumed>) = 0 [pid 614] ioctl(8, LOOP_SET_FD, 7 [pid 612] close(7 [pid 614] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 612] <... close resumed>) = 0 [ 25.900603][ T611] EXT4-fs (loop4): mounted filesystem without journal. Opts: nodiscard,barrier,nouid32,grpquota,,errors=continue. Quota mode: writeback. [ 25.915685][ T611] ext4 filesystem being mounted at /root/syzkaller.Zpv55J/15/file0 supports timestamps until 2038 (0x7fffffff) [ 25.916375][ T610] EXT4-fs (loop0): mounted filesystem without journal. Opts: nodiscard,barrier,nouid32,grpquota,,errors=continue. Quota mode: writeback. [ 25.942148][ T610] ext4 filesystem being mounted at /root/syzkaller.sY6u5M/12/file0 supports timestamps until 2038 (0x7fffffff) [ 25.954997][ T616] loop2: detected capacity change from 0 to 512 [pid 614] close(8 [pid 612] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 619] rt_sigprocmask(SIG_SETMASK, [], [pid 616] <... ioctl resumed>) = 0 [pid 614] <... close resumed>) = 0 [pid 613] <... mmap resumed>) = 0x20000000 [pid 612] <... futex resumed>) = 0 [pid 611] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 610] openat(AT_FDCWD, 0x20000000, O_RDONLY|O_DIRECTORY [pid 609] close(7 [pid 608] <... ioctl resumed>) = 0 [pid 606] rt_sigprocmask(SIG_SETMASK, [], [pid 614] close(7 [pid 612] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 614] <... close resumed>) = 0 [pid 614] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 614] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 619] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 619] creat("./bus", 000) = 3 [pid 619] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 619] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 616] close(3) = 0 [pid 616] mkdir("./file0", 0777) = 0 [pid 616] mount("/dev/loop2", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 613] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 611] ioctl(4, LOOP_CLR_FD [pid 610] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 609] <... close resumed>) = 0 [pid 608] close(6 [pid 606] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 602] <... futex resumed>) = 0 [pid 613] <... futex resumed>) = 1 [pid 611] <... ioctl resumed>) = 0 [pid 609] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 605] <... futex resumed>) = 0 [pid 602] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 619] <... futex resumed>) = 0 [pid 613] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 611] close(4 [pid 609] <... futex resumed>) = 0 [pid 605] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 602] <... futex resumed>) = 1 [pid 619] mount("/dev/loop3", "./bus", NULL, MS_BIND, NULL [pid 613] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 611] <... close resumed>) = 0 [pid 609] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 605] <... futex resumed>) = 0 [pid 602] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 619] <... mount resumed>) = 0 [pid 613] memfd_create("syzkaller", 0 [pid 611] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 619] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 613] <... memfd_create resumed>) = 7 [pid 611] <... futex resumed>) = 0 [pid 619] <... futex resumed>) = 1 [pid 613] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 611] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 602] <... futex resumed>) = 0 [pid 619] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 613] <... mmap resumed>) = 0x7f620fc64000 [pid 602] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 619] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 613] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 602] <... futex resumed>) = 0 [pid 619] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 613] <... write resumed>) = 65536 [pid 602] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 619] <... open resumed>) = 5 [pid 613] munmap(0x7f620fc64000, 65536 [pid 619] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 613] <... munmap resumed>) = 0 [pid 619] <... futex resumed>) = 1 [pid 613] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 602] <... futex resumed>) = 0 [pid 619] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 613] <... openat resumed>) = 8 [pid 602] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 619] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 613] ioctl(8, LOOP_SET_FD, 7 [pid 602] <... futex resumed>) = 0 [pid 619] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 613] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 602] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 619] <... socket resumed>) = 6 [pid 613] ioctl(8, LOOP_CLR_FD [pid 619] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 613] <... ioctl resumed>) = 0 [pid 619] <... futex resumed>) = 1 [pid 602] <... futex resumed>) = 0 [pid 619] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 602] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 619] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 602] <... futex resumed>) = 0 [pid 619] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 602] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 619] <... mmap resumed>) = 0x20000000 [pid 613] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy) [pid 613] close(8) = 0 [pid 613] close(7) = 0 [pid 613] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 613] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 619] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 602] <... futex resumed>) = 0 [pid 602] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 619] <... futex resumed>) = 1 [pid 619] memfd_create("syzkaller", 0) = 7 [pid 610] ioctl(4, LOOP_CLR_FD [pid 619] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 608] <... close resumed>) = 0 [pid 606] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 619] <... mmap resumed>) = 0x7f620fc24000 [pid 619] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536) = 65536 [pid 619] munmap(0x7f620fc24000, 65536) = 0 [pid 619] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 8 [pid 619] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy) [pid 619] ioctl(8, LOOP_CLR_FD) = 0 [pid 615] <... mount resumed>) = 0 [pid 615] openat(AT_FDCWD, 0x20000000, O_RDONLY|O_DIRECTORY) = -1 ENOENT (No such file or directory) [pid 615] ioctl(4, LOOP_CLR_FD) = 0 [pid 615] close(4) = 0 [pid 615] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 615] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 610] <... ioctl resumed>) = 0 [pid 610] close(4 [pid 619] ioctl(8, LOOP_SET_FD, 7 [pid 610] <... close resumed>) = 0 [pid 619] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 610] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 619] close(8 [pid 610] <... futex resumed>) = 0 [pid 619] <... close resumed>) = 0 [pid 610] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 619] close(7) = 0 [pid 619] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 619] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 605] exit_group(0 [pid 601] exit_group(0 [pid 614] <... futex resumed>) = ? [pid 613] <... futex resumed>) = ? [pid 611] <... futex resumed>) = ? [pid 610] <... futex resumed>) = ? [pid 605] <... exit_group resumed>) = ? [pid 601] <... exit_group resumed>) = ? [pid 614] +++ exited with 0 +++ [pid 613] +++ exited with 0 +++ [pid 611] +++ exited with 0 +++ [pid 610] +++ exited with 0 +++ [pid 605] +++ exited with 0 +++ [pid 601] +++ exited with 0 +++ [pid 602] exit_group(0 [pid 619] <... futex resumed>) = ? [pid 602] <... exit_group resumed>) = ? [pid 619] +++ exited with 0 +++ [pid 615] <... futex resumed>) = ? [pid 615] +++ exited with 0 +++ [pid 602] +++ exited with 0 +++ [pid 622] <... futex resumed>) = 0 [pid 608] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 606] <... futex resumed>) = 1 [pid 622] creat("./bus", 000 [pid 608] <... futex resumed>) = 0 [pid 606] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 600] exit_group(0 [pid 599] exit_group(0 [pid 300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=601, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=602, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=605, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 622] <... creat resumed>) = 3 [pid 612] <... futex resumed>) = ? [pid 609] <... futex resumed>) = ? [pid 607] <... futex resumed>) = ? [pid 600] <... exit_group resumed>) = ? [pid 599] <... exit_group resumed>) = ? [pid 300] restart_syscall(<... resuming interrupted clone ...> [pid 299] restart_syscall(<... resuming interrupted clone ...> [pid 296] umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW [pid 607] +++ exited with 0 +++ [pid 622] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 612] +++ exited with 0 +++ [pid 609] +++ exited with 0 +++ [pid 300] <... restart_syscall resumed>) = 0 [pid 299] <... restart_syscall resumed>) = 0 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 622] <... futex resumed>) = 1 [pid 606] <... futex resumed>) = 0 [pid 296] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 622] mount("/dev/loop2", "./bus", NULL, MS_BIND, NULL [pid 606] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... openat resumed>) = 3 [pid 622] <... mount resumed>) = 0 [pid 606] <... futex resumed>) = 0 [pid 300] umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] newfstatat(3, "", [pid 622] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 606] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 622] <... futex resumed>) = 0 [pid 606] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 300] openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 299] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 296] getdents64(3, [pid 622] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 606] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] <... openat resumed>) = 3 [pid 299] <... openat resumed>) = 3 [pid 296] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 622] <... open resumed>) = 5 [pid 606] <... futex resumed>) = 0 [pid 300] newfstatat(3, "", [pid 299] newfstatat(3, "", [pid 296] umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 622] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 606] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 300] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] <... umount2 resumed>) = 0 [pid 622] <... futex resumed>) = 0 [pid 606] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 300] getdents64(3, [pid 299] getdents64(3, [pid 296] umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 622] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 606] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 299] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 622] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 606] <... futex resumed>) = 0 [pid 300] umount2("./15/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] newfstatat(AT_FDCWD, "./12/bus", [pid 622] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 606] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 300] <... umount2 resumed>) = 0 [pid 299] <... umount2 resumed>) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 622] <... socket resumed>) = 6 [pid 300] umount2("./15/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] unlink("./12/bus" [pid 622] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... unlink resumed>) = 0 [pid 622] <... futex resumed>) = 1 [pid 606] <... futex resumed>) = 0 [pid 300] newfstatat(AT_FDCWD, "./15/bus", [pid 299] newfstatat(AT_FDCWD, "./13/bus", [pid 296] umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 622] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 606] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 622] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 606] <... futex resumed>) = 0 [pid 300] unlink("./15/bus" [pid 299] unlink("./13/bus" [pid 296] newfstatat(AT_FDCWD, "./12/binderfs", [pid 622] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 606] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 300] <... unlink resumed>) = 0 [pid 299] <... unlink resumed>) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] unlink("./12/binderfs") = 0 [pid 296] umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 622] <... mmap resumed>) = 0x20000000 [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] newfstatat(AT_FDCWD, "./15/binderfs", [pid 622] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 300] unlink("./15/binderfs" [pid 622] <... futex resumed>) = 1 [pid 606] <... futex resumed>) = 0 [pid 300] <... unlink resumed>) = 0 [pid 299] newfstatat(AT_FDCWD, "./13/binderfs", [pid 300] umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 606] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 622] memfd_create("syzkaller", 0 [pid 606] <... futex resumed>) = 0 [ 25.962978][ T615] EXT4-fs (loop3): mounted filesystem without journal. Opts: nodiscard,barrier,nouid32,grpquota,,errors=continue. Quota mode: writeback. [ 25.977111][ T615] ext4 filesystem being mounted at /root/syzkaller.4NT5vc/13/file0 supports timestamps until 2038 (0x7fffffff) [pid 299] unlink("./13/binderfs" [pid 622] <... memfd_create resumed>) = 7 [pid 299] <... unlink resumed>) = 0 [pid 622] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 299] umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 622] <... mmap resumed>) = 0x7f620fc24000 [pid 622] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 616] <... mount resumed>) = 0 [pid 608] +++ exited with 0 +++ [pid 600] +++ exited with 0 +++ [pid 599] +++ exited with 0 +++ [pid 301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=600, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 301] restart_syscall(<... resuming interrupted clone ...> [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=599, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 297] restart_syscall(<... resuming interrupted clone ...> [pid 622] <... write resumed>) = 65536 [pid 622] munmap(0x7f620fc24000, 65536) = 0 [pid 622] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 8 [pid 622] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy) [pid 622] ioctl(8, LOOP_CLR_FD) = 0 [pid 301] <... restart_syscall resumed>) = 0 [pid 297] <... restart_syscall resumed>) = 0 [pid 301] umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 622] ioctl(8, LOOP_SET_FD, 7 [pid 301] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 297] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 622] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 301] <... openat resumed>) = 3 [pid 297] <... openat resumed>) = 3 [pid 622] close(8 [pid 616] openat(AT_FDCWD, 0x20000000, O_RDONLY|O_DIRECTORY [pid 301] newfstatat(3, "", [pid 297] newfstatat(3, "", [pid 622] <... close resumed>) = 0 [pid 616] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 301] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] <... umount2 resumed>) = 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 622] close(7 [pid 616] ioctl(4, LOOP_CLR_FD [pid 301] getdents64(3, [pid 299] umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] getdents64(3, [pid 622] <... close resumed>) = 0 [pid 616] <... ioctl resumed>) = 0 [pid 301] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 622] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 616] close(4 [pid 301] umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] newfstatat(AT_FDCWD, "./13/file0", [pid 297] umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 622] <... futex resumed>) = 0 [pid 616] <... close resumed>) = 0 [pid 301] <... umount2 resumed>) = 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 616] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] <... umount2 resumed>) = 0 [pid 616] <... futex resumed>) = 0 [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 616] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 606] exit_group(0 [pid 301] newfstatat(AT_FDCWD, "./13/bus", [pid 299] openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 616] <... futex resumed>) = ? [pid 606] <... exit_group resumed>) = ? [pid 301] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 616] +++ exited with 0 +++ [pid 299] <... openat resumed>) = 4 [pid 297] newfstatat(AT_FDCWD, "./14/bus", [pid 301] unlink("./13/bus" [pid 299] newfstatat(4, "", [pid 297] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 301] <... unlink resumed>) = 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] unlink("./14/bus" [pid 301] umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] getdents64(4, [pid 297] <... unlink resumed>) = 0 [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 297] umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 301] newfstatat(AT_FDCWD, "./13/binderfs", [pid 299] getdents64(4, [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 622] +++ exited with 0 +++ [pid 606] +++ exited with 0 +++ [pid 301] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 297] newfstatat(AT_FDCWD, "./14/binderfs", [pid 301] unlink("./13/binderfs" [pid 299] close(4 [pid 297] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 301] <... unlink resumed>) = 0 [pid 299] <... close resumed>) = 0 [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=606, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 297] unlink("./14/binderfs" [pid 301] umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] rmdir("./13/file0" [pid 298] restart_syscall(<... resuming interrupted clone ...> [pid 297] <... unlink resumed>) = 0 [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] <... rmdir resumed>) = 0 [pid 298] <... restart_syscall resumed>) = 0 [pid 297] umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 301] newfstatat(AT_FDCWD, "./13/file0", [pid 299] getdents64(3, [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 301] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 297] newfstatat(AT_FDCWD, "./14/file0", [pid 301] umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] close(3 [pid 298] umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] <... close resumed>) = 0 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 301] openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 299] rmdir("./13" [pid 298] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 301] <... openat resumed>) = 4 [pid 299] <... rmdir resumed>) = 0 [pid 298] <... openat resumed>) = 3 [pid 297] openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 301] newfstatat(4, "", [pid 299] mkdir("./14", 0777 [pid 298] newfstatat(3, "", [pid 297] <... openat resumed>) = 4 [pid 301] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] <... mkdir resumed>) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] newfstatat(4, "", [pid 301] getdents64(4, [pid 299] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 298] getdents64(3, [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 301] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 298] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 297] getdents64(4, [pid 301] getdents64(4, [pid 298] umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 301] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 298] <... umount2 resumed>) = 0 [pid 297] getdents64(4, [pid 301] close(4 [pid 298] umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 301] <... close resumed>) = 0 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] close(4 [pid 301] rmdir("./13/file0" [pid 298] newfstatat(AT_FDCWD, "./13/bus", [pid 297] <... close resumed>) = 0 [pid 301] <... rmdir resumed>) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] rmdir("./14/file0" [pid 301] getdents64(3, [pid 298] unlink("./13/bus" [pid 297] <... rmdir resumed>) = 0 [pid 301] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 298] <... unlink resumed>) = 0 [pid 297] getdents64(3, [pid 301] close(3 [pid 298] umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 301] <... close resumed>) = 0 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] close(3 [pid 301] rmdir("./13" [pid 298] newfstatat(AT_FDCWD, "./13/binderfs", [pid 297] <... close resumed>) = 0 [pid 301] <... rmdir resumed>) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] rmdir("./14" [pid 301] mkdir("./14", 0777 [pid 298] unlink("./13/binderfs" [pid 297] <... rmdir resumed>) = 0 [pid 301] <... mkdir resumed>) = 0 [pid 298] <... unlink resumed>) = 0 [pid 297] mkdir("./15", 0777 [pid 301] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 298] umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] <... mkdir resumed>) = 0 [pid 301] <... openat resumed>) = 3 [pid 297] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 301] ioctl(3, LOOP_CLR_FD [pid 297] <... openat resumed>) = 3 [pid 301] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 297] ioctl(3, LOOP_CLR_FD [pid 301] close(3 [pid 297] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 301] <... close resumed>) = 0 [pid 297] close(3 [pid 301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 297] <... close resumed>) = 0 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 301] <... clone resumed>, child_tidptr=0x555556cc7690) = 627 [pid 297] <... clone resumed>, child_tidptr=0x555556cc7690) = 628 ./strace-static-x86_64: Process 628 attached [pid 628] set_robust_list(0x555556cc76a0, 24) = 0 [pid 628] chdir("./15") = 0 [pid 628] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 628] setpgid(0, 0) = 0 [pid 628] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 628] write(3, "1000", 4) = 4 [pid 628] close(3) = 0 [pid 628] symlink("/dev/binderfs", "./binderfs") = 0 [pid 628] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 628] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, NULL, 8) = 0 [pid 628] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 628] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220445000 [pid 628] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 628] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 628] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0}./strace-static-x86_64: Process 627 attached [pid 627] set_robust_list(0x555556cc76a0, 24 [pid 628] <... clone3 resumed> => {parent_tid=[629]}, 88) = 629 [pid 627] <... set_robust_list resumed>) = 0 [pid 628] rt_sigprocmask(SIG_SETMASK, [], [pid 627] chdir("./14" [pid 628] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 628] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 628] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 628] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220424000 [pid 628] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 627] <... chdir resumed>) = 0 [pid 628] rt_sigprocmask(SIG_BLOCK, ~[], [pid 627] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 627] setpgid(0, 0 [pid 628] <... rt_sigprocmask resumed>[], 8) = 0 [pid 628] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 627] <... setpgid resumed>) = 0 [pid 627] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 628] <... clone3 resumed> => {parent_tid=[630]}, 88) = 630 [pid 628] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 628] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 628] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 627] write(3, "1000", 4) = 4 [pid 627] close(3) = 0 [pid 627] symlink("/dev/binderfs", "./binderfs") = 0 [pid 627] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 627] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, NULL, 8) = 0 [pid 627] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 627] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220445000 [pid 627] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 627] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 627] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} => {parent_tid=[631]}, 88) = 631 [pid 627] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 627] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 627] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 627] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220424000 [pid 627] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 627] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 627] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} => {parent_tid=[632]}, 88) = 632 [pid 627] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 627] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 627] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 630 attached [pid 630] set_robust_list(0x7f62204449a0, 24) = 0 [pid 630] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 630] creat("./bus", 000./strace-static-x86_64: Process 632 attached [pid 632] set_robust_list(0x7f62204449a0, 24) = 0 [pid 632] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 632] creat("./bus", 000) = 3 ./strace-static-x86_64: Process 629 attached [pid 630] <... creat resumed>) = 3 [pid 629] set_robust_list(0x7f62204659a0, 24 [pid 630] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 628] <... futex resumed>) = 0 [pid 628] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 628] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 631 attached [pid 632] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 630] <... futex resumed>) = 1 [pid 629] <... set_robust_list resumed>) = 0 [pid 631] set_robust_list(0x7f62204659a0, 24 [pid 629] rt_sigprocmask(SIG_SETMASK, [], [pid 630] mount("/dev/loop1", "./bus", NULL, MS_BIND, NULL [pid 632] <... futex resumed>) = 1 [pid 631] <... set_robust_list resumed>) = 0 [pid 629] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 627] <... futex resumed>) = 0 [pid 630] <... mount resumed>) = 0 [pid 627] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 630] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 628] <... futex resumed>) = 0 [pid 628] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 628] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 630] <... futex resumed>) = 1 [pid 630] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 627] <... futex resumed>) = 0 [pid 632] mount("/dev/loop5", "./bus", NULL, MS_BIND, NULL [pid 631] rt_sigprocmask(SIG_SETMASK, [], [pid 629] memfd_create("syzkaller", 0 [pid 627] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 631] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 629] <... memfd_create resumed>) = 4 [pid 630] <... open resumed>) = 5 [pid 629] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 630] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 628] <... futex resumed>) = 0 [pid 628] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 628] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 630] <... futex resumed>) = 1 [pid 630] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE) = 6 [pid 630] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 628] <... futex resumed>) = 0 [pid 628] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 628] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 632] <... mount resumed>) = -1 ENOENT (No such file or directory) [pid 631] memfd_create("syzkaller", 0 [pid 630] <... futex resumed>) = 1 [pid 629] <... mmap resumed>) = 0x7f6218024000 [pid 632] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 631] <... memfd_create resumed>) = 4 [pid 630] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 631] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 627] <... futex resumed>) = 0 [pid 632] <... futex resumed>) = 1 [pid 631] <... mmap resumed>) = 0x7f6218024000 [pid 627] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 632] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 627] <... futex resumed>) = 0 [pid 632] <... open resumed>) = 5 [pid 627] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 630] <... mmap resumed>) = 0x20000000 [pid 632] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 629] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20001364} --- [pid 630] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 627] <... futex resumed>) = 0 [pid 627] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 632] <... futex resumed>) = 1 [pid 631] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 630] <... futex resumed>) = ? [pid 628] <... futex resumed>) = ? [pid 627] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 632] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE) = 6 [pid 629] +++ killed by SIGBUS +++ [pid 632] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 631] <... write resumed>) = 262144 [pid 630] +++ killed by SIGBUS +++ [pid 628] +++ killed by SIGBUS +++ [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=628, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 297] umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 297] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(3, 0x555556cc8730 /* 4 entries */, 32768) = 104 [pid 632] <... futex resumed>) = 1 [pid 627] <... futex resumed>) = 0 [pid 297] umount2("./15/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 632] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 631] munmap(0x7f6218024000, 262144 [pid 627] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... umount2 resumed>) = 0 [pid 632] <... mmap resumed>) = 0x20000000 [pid 631] <... munmap resumed>) = 0 [pid 627] <... futex resumed>) = 0 [pid 627] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] umount2("./15/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./15/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] unlink("./15/bus" [pid 632] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... unlink resumed>) = 0 [pid 297] umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 631] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] unlink("./15/binderfs" [pid 632] <... futex resumed>) = 1 [pid 627] <... futex resumed>) = 0 [pid 297] <... unlink resumed>) = 0 [pid 297] getdents64(3, [pid 627] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 627] <... futex resumed>) = 0 [pid 297] close(3 [pid 631] <... openat resumed>) = 7 [pid 297] <... close resumed>) = 0 [pid 631] ioctl(7, LOOP_SET_FD, 4 [pid 297] rmdir("./15" [pid 632] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000144} --- [pid 297] <... rmdir resumed>) = 0 [ 26.015253][ T616] EXT4-fs (loop2): mounted filesystem without journal. Opts: nodiscard,barrier,nouid32,grpquota,,errors=continue. Quota mode: writeback. [ 26.029747][ T616] ext4 filesystem being mounted at /root/syzkaller.4RDDfu/13/file0 supports timestamps until 2038 (0x7fffffff) [pid 297] mkdir("./16", 0777) = 0 [pid 297] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 297] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 297] close(3) = 0 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cc7690) = 633 [pid 300] <... umount2 resumed>) = 0 [pid 299] <... openat resumed>) = 3 [pid 296] <... umount2 resumed>) = 0 [pid 300] umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] ioctl(3, LOOP_CLR_FD [pid 296] umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 633 attached [pid 631] <... ioctl resumed>) = ? [pid 300] newfstatat(AT_FDCWD, "./15/file0", [pid 299] close(3 [pid 296] newfstatat(AT_FDCWD, "./12/file0", [pid 300] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] <... close resumed>) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 300] umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 296] umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 633] set_robust_list(0x555556cc76a0, 24 [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 632] +++ killed by SIGBUS +++ [pid 300] openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 299] <... clone resumed>, child_tidptr=0x555556cc7690) = 634 [pid 296] openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 633] <... set_robust_list resumed>) = 0 [pid 300] <... openat resumed>) = 4 [pid 296] <... openat resumed>) = 4 [pid 300] newfstatat(4, "", [pid 633] chdir("./16" [pid 296] newfstatat(4, "", ./strace-static-x86_64: Process 634 attached [pid 633] <... chdir resumed>) = 0 [pid 300] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 634] set_robust_list(0x555556cc76a0, 24 [pid 633] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 300] getdents64(4, [pid 296] getdents64(4, [pid 634] <... set_robust_list resumed>) = 0 [pid 633] <... prctl resumed>) = 0 [pid 634] chdir("./14" [pid 633] setpgid(0, 0 [pid 300] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 296] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 634] <... chdir resumed>) = 0 [pid 633] <... setpgid resumed>) = 0 [pid 300] getdents64(4, [pid 296] getdents64(4, [pid 300] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 634] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 633] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 296] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 300] close(4 [pid 296] close(4 [pid 634] <... prctl resumed>) = 0 [pid 633] <... openat resumed>) = 3 [pid 300] <... close resumed>) = 0 [pid 296] <... close resumed>) = 0 [pid 634] setpgid(0, 0 [pid 633] write(3, "1000", 4 [pid 300] rmdir("./15/file0" [pid 296] rmdir("./12/file0" [pid 634] <... setpgid resumed>) = 0 [pid 633] <... write resumed>) = 4 [pid 634] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 633] close(3 [pid 300] <... rmdir resumed>) = 0 [pid 634] <... openat resumed>) = 3 [pid 633] <... close resumed>) = 0 [pid 300] getdents64(3, [pid 296] <... rmdir resumed>) = 0 [pid 634] write(3, "1000", 4 [pid 633] symlink("/dev/binderfs", "./binderfs" [pid 300] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 296] getdents64(3, [pid 300] close(3 [pid 296] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 634] <... write resumed>) = 4 [pid 633] <... symlink resumed>) = 0 [pid 300] <... close resumed>) = 0 [pid 296] close(3 [pid 634] close(3 [pid 633] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] rmdir("./15" [pid 296] <... close resumed>) = 0 [pid 634] <... close resumed>) = 0 [pid 633] <... futex resumed>) = 0 [pid 634] symlink("/dev/binderfs", "./binderfs" [pid 633] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, NULL, 8) = 0 [pid 300] <... rmdir resumed>) = 0 [pid 296] rmdir("./12" [pid 634] <... symlink resumed>) = 0 [pid 633] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 300] mkdir("./16", 0777 [pid 634] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 633] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 634] <... futex resumed>) = 0 [pid 633] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 296] <... rmdir resumed>) = 0 [pid 634] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 633] <... mmap resumed>) = 0x7f6220445000 [pid 634] <... rt_sigaction resumed>NULL, 8) = 0 [pid 633] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 300] <... mkdir resumed>) = 0 [pid 296] mkdir("./13", 0777 [pid 634] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 633] <... mprotect resumed>) = 0 [pid 634] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 633] rt_sigprocmask(SIG_BLOCK, ~[], [pid 634] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 633] <... rt_sigprocmask resumed>[], 8) = 0 [pid 634] <... mmap resumed>) = 0x7f6220445000 [pid 633] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 296] <... mkdir resumed>) = 0 [pid 634] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 300] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 296] openat(AT_FDCWD, "/dev/loop0", O_RDWR./strace-static-x86_64: Process 635 attached [pid 634] <... mprotect resumed>) = 0 [pid 633] <... clone3 resumed> => {parent_tid=[635]}, 88) = 635 [pid 634] rt_sigprocmask(SIG_BLOCK, ~[], [pid 633] rt_sigprocmask(SIG_SETMASK, [], [pid 300] <... openat resumed>) = 3 [pid 296] <... openat resumed>) = 3 [pid 634] <... rt_sigprocmask resumed>[], 8) = 0 [pid 633] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 300] ioctl(3, LOOP_CLR_FD [pid 296] ioctl(3, LOOP_CLR_FD [pid 634] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 633] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 296] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 633] <... futex resumed>) = 0 [pid 634] <... clone3 resumed> => {parent_tid=[636]}, 88) = 636 [pid 633] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] close(3 [pid 634] rt_sigprocmask(SIG_SETMASK, [], [pid 633] <... futex resumed>) = 0 [pid 296] close(3 [pid 634] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 633] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 300] <... close resumed>) = 0 [pid 634] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 633] <... mmap resumed>) = 0x7f6220424000 [pid 296] <... close resumed>) = 0 [pid 634] <... futex resumed>) = 0 [pid 633] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 634] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 633] <... mprotect resumed>) = 0 [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 634] <... futex resumed>) = 0 [pid 633] rt_sigprocmask(SIG_BLOCK, ~[], [pid 634] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 633] <... rt_sigprocmask resumed>[], 8) = 0 [pid 634] <... mmap resumed>) = 0x7f6220424000 [pid 633] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 634] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 633] <... clone3 resumed> => {parent_tid=[638]}, 88) = 638 [pid 634] rt_sigprocmask(SIG_BLOCK, ~[], [pid 633] rt_sigprocmask(SIG_SETMASK, [], [pid 634] <... rt_sigprocmask resumed>[], 8) = 0 [pid 633] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 300] <... clone resumed>, child_tidptr=0x555556cc7690) = 637 [pid 296] <... clone resumed>, child_tidptr=0x555556cc7690) = 639 [pid 634] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 633] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 635] set_robust_list(0x7f62204659a0, 24 [pid 634] <... clone3 resumed> => {parent_tid=[640]}, 88) = 640 [pid 633] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 634] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 634] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 634] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 640 attached [pid 640] set_robust_list(0x7f62204449a0, 24) = 0 [pid 640] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 640] creat("./bus", 000 [pid 635] <... set_robust_list resumed>) = 0 ./strace-static-x86_64: Process 639 attached ./strace-static-x86_64: Process 637 attached [pid 640] <... creat resumed>) = 3 [pid 635] rt_sigprocmask(SIG_SETMASK, [], [pid 640] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 634] <... futex resumed>) = 0 [pid 634] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 634] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 640] <... futex resumed>) = 1 [pid 640] mount("/dev/loop3", "./bus", NULL, MS_BIND, NULL) = 0 [pid 640] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 634] <... futex resumed>) = 0 [pid 634] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 634] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 640] <... futex resumed>) = 1 [pid 640] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 4 [pid 640] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 634] <... futex resumed>) = 0 [pid 634] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 634] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 640] <... futex resumed>) = 1 [pid 640] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE./strace-static-x86_64: Process 638 attached [pid 638] set_robust_list(0x7f62204449a0, 24) = 0 [pid 638] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 638] creat("./bus", 000) = 3 [pid 638] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 633] <... futex resumed>) = 0 ./strace-static-x86_64: Process 636 attached [pid 640] <... socket resumed>) = 5 [pid 639] set_robust_list(0x555556cc76a0, 24 [pid 638] <... futex resumed>) = 1 [pid 637] set_robust_list(0x555556cc76a0, 24 [pid 635] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 633] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... umount2 resumed>) = 0 [pid 640] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 639] <... set_robust_list resumed>) = 0 [pid 633] <... futex resumed>) = 0 [pid 633] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 634] <... futex resumed>) = 0 [pid 634] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 634] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 640] <... futex resumed>) = 1 [pid 640] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 4, 0) = 0x20000000 [pid 298] umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 640] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 634] <... futex resumed>) = 0 [pid 634] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 640] <... futex resumed>) = 1 [pid 640] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000144} --- [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 635] memfd_create("syzkaller", 0 [pid 298] newfstatat(AT_FDCWD, "./13/file0", [pid 638] mount("/dev/loop1", "./bus", NULL, MS_BIND, NULL) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 638] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 633] <... futex resumed>) = 0 [pid 635] <... memfd_create resumed>) = 4 [pid 633] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 633] <... futex resumed>) = 0 [pid 635] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 633] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 638] <... futex resumed>) = 1 [pid 298] openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 638] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 635] <... mmap resumed>) = 0x7f6218024000 [pid 298] <... openat resumed>) = 4 [pid 638] <... open resumed>) = 5 [pid 298] newfstatat(4, "", [pid 638] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 633] <... futex resumed>) = 0 [pid 633] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 633] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(4, [pid 638] <... futex resumed>) = 1 [pid 638] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 298] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 298] getdents64(4, 0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 298] close(4 [pid 638] <... socket resumed>) = 6 [pid 298] <... close resumed>) = 0 [pid 638] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] rmdir("./13/file0" [pid 638] <... futex resumed>) = 1 [pid 633] <... futex resumed>) = 0 [pid 638] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 633] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 638] <... mmap resumed>) = 0x20000000 [pid 633] <... futex resumed>) = 0 [pid 638] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 633] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 638] <... futex resumed>) = 0 [pid 633] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 298] <... rmdir resumed>) = 0 [pid 638] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000144} --- [pid 635] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20001167} --- [pid 633] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = ? [pid 637] <... set_robust_list resumed>) = 0 [pid 637] chdir("./16") = 0 [pid 637] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 298] getdents64(3, [pid 637] <... prctl resumed>) = 0 [pid 298] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 637] setpgid(0, 0 [pid 298] close(3 [pid 637] <... setpgid resumed>) = 0 [pid 298] <... close resumed>) = 0 [pid 637] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 298] rmdir("./13" [pid 637] <... openat resumed>) = 3 [pid 637] write(3, "1000", 4) = 4 [pid 637] close(3) = 0 [pid 637] symlink("/dev/binderfs", "./binderfs") = 0 [pid 298] <... rmdir resumed>) = 0 [pid 639] chdir("./13" [pid 637] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 298] mkdir("./14", 0777 [pid 637] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, NULL, 8) = 0 [pid 637] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 637] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220445000 [pid 637] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 637] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 637] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 298] <... mkdir resumed>) = 0 [pid 639] <... chdir resumed>) = 0 [pid 298] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 637] <... clone3 resumed> => {parent_tid=[641]}, 88) = 641 [pid 637] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 298] <... openat resumed>) = 3 [pid 639] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 637] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] ioctl(3, LOOP_CLR_FD [pid 639] <... prctl resumed>) = 0 [pid 637] <... futex resumed>) = 0 [pid 298] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 637] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] close(3 [pid 639] setpgid(0, 0 [pid 637] <... futex resumed>) = 0 [pid 637] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 298] <... close resumed>) = 0 [pid 639] <... setpgid resumed>) = 0 [pid 637] <... mmap resumed>) = 0x7f6220424000 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 637] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 637] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 637] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} => {parent_tid=[642]}, 88) = 642 [pid 637] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 639] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 637] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 639] <... openat resumed>) = 3 [pid 637] <... futex resumed>) = 0 [pid 631] +++ killed by SIGBUS +++ [pid 627] +++ killed by SIGBUS +++ [pid 298] <... clone resumed>, child_tidptr=0x555556cc7690) = 643 [pid 639] write(3, "1000", 4 [pid 637] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 635] +++ killed by SIGBUS +++ [pid 301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=627, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 639] <... write resumed>) = 4 ./strace-static-x86_64: Process 641 attached [pid 639] close(3 [pid 301] umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW [pid 641] set_robust_list(0x7f62204659a0, 24) = 0 [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 639] <... close resumed>) = 0 [pid 301] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 641] rt_sigprocmask(SIG_SETMASK, [], [pid 301] <... openat resumed>) = 3 [pid 639] symlink("/dev/binderfs", "./binderfs" [pid 301] newfstatat(3, "", [pid 641] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 301] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 641] memfd_create("syzkaller", 0 [pid 301] getdents64(3, [pid 641] <... memfd_create resumed>) = 3 [pid 301] <... getdents64 resumed>0x555556cc8730 /* 4 entries */, 32768) = 104 [pid 641] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 301] umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 639] <... symlink resumed>) = 0 [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 641] <... mmap resumed>) = 0x7f6218024000 [pid 639] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] newfstatat(AT_FDCWD, "./14/bus", ./strace-static-x86_64: Process 643 attached ./strace-static-x86_64: Process 642 attached [pid 639] <... futex resumed>) = 0 [pid 301] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 641] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 639] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 301] unlink("./14/bus" [pid 638] +++ killed by SIGBUS +++ [pid 633] +++ killed by SIGBUS +++ [pid 301] <... unlink resumed>) = 0 [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=633, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 301] umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 639] <... rt_sigaction resumed>NULL, 8) = 0 [pid 297] umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW [pid 639] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 643] set_robust_list(0x555556cc76a0, 24 [pid 642] set_robust_list(0x7f62204449a0, 24 [pid 639] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 636] +++ killed by SIGBUS +++ [pid 301] newfstatat(AT_FDCWD, "./14/binderfs", [pid 297] openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 643] <... set_robust_list resumed>) = 0 [pid 642] <... set_robust_list resumed>) = 0 [pid 641] <... write resumed>) = 262144 [pid 640] +++ killed by SIGBUS +++ [pid 634] +++ killed by SIGBUS +++ [pid 301] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 639] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 301] unlink("./14/binderfs" [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=634, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 297] <... openat resumed>) = 3 [pid 643] chdir("./14" [pid 301] <... unlink resumed>) = 0 [pid 643] <... chdir resumed>) = 0 [pid 301] getdents64(3, [pid 639] <... mmap resumed>) = 0x7f6220445000 [pid 297] newfstatat(3, "", [pid 643] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 639] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 301] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 299] umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW [pid 639] <... mprotect resumed>) = 0 [pid 301] close(3 [pid 297] getdents64(3, [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 301] <... close resumed>) = 0 [pid 643] <... prctl resumed>) = 0 [pid 297] <... getdents64 resumed>0x555556cc8730 /* 4 entries */, 32768) = 104 [pid 301] rmdir("./14" [pid 299] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 643] setpgid(0, 0 [pid 639] rt_sigprocmask(SIG_BLOCK, ~[], [pid 299] <... openat resumed>) = 3 [pid 297] umount2("./16/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 643] <... setpgid resumed>) = 0 [pid 643] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 301] <... rmdir resumed>) = 0 [pid 299] newfstatat(3, "", [pid 643] <... openat resumed>) = 3 [pid 639] <... rt_sigprocmask resumed>[], 8) = 0 [pid 301] mkdir("./15", 0777 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] <... umount2 resumed>) = 0 [pid 643] write(3, "1000", 4) = 4 [pid 643] close(3) = 0 [pid 643] symlink("/dev/binderfs", "./binderfs") = 0 [pid 301] <... mkdir resumed>) = 0 [pid 639] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 299] getdents64(3, [pid 297] umount2("./16/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 301] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 643] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... getdents64 resumed>0x555556cc8730 /* 4 entries */, 32768) = 104 [pid 299] umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 639] <... clone3 resumed> => {parent_tid=[644]}, 88) = 644 [pid 643] <... futex resumed>) = 0 [pid 299] <... umount2 resumed>) = 0 [pid 297] newfstatat(AT_FDCWD, "./16/bus", [pid 643] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 299] umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 643] <... rt_sigaction resumed>NULL, 8) = 0 [pid 639] rt_sigprocmask(SIG_SETMASK, [], [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 643] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 639] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 299] newfstatat(AT_FDCWD, "./14/bus", [pid 643] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 639] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] unlink("./16/bus" [pid 643] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 639] <... futex resumed>) = 0 [pid 299] unlink("./14/bus" [pid 643] <... mmap resumed>) = 0x7f6220445000 [pid 299] <... unlink resumed>) = 0 [pid 643] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 639] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] <... unlink resumed>) = 0 [pid 643] <... mprotect resumed>) = 0 [pid 639] <... futex resumed>) = 0 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 643] rt_sigprocmask(SIG_BLOCK, ~[], [pid 639] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 299] newfstatat(AT_FDCWD, "./14/binderfs", [pid 297] umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 643] <... rt_sigprocmask resumed>[], 8) = 0 [pid 639] <... mmap resumed>) = 0x7f6220424000 [pid 299] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 643] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 299] unlink("./14/binderfs" [pid 639] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] <... unlink resumed>) = 0 [pid 297] newfstatat(AT_FDCWD, "./16/binderfs", [pid 643] <... clone3 resumed> => {parent_tid=[645]}, 88) = 645 [pid 639] <... mprotect resumed>) = 0 [pid 299] getdents64(3, ./strace-static-x86_64: Process 644 attached [pid 643] rt_sigprocmask(SIG_SETMASK, [], [pid 639] rt_sigprocmask(SIG_BLOCK, ~[], [pid 299] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 644] set_robust_list(0x7f62204659a0, 24 [pid 643] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 639] <... rt_sigprocmask resumed>[], 8) = 0 [pid 299] close(3 [pid 644] <... set_robust_list resumed>) = 0 [pid 643] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 639] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 299] <... close resumed>) = 0 [pid 297] unlink("./16/binderfs" [pid 644] rt_sigprocmask(SIG_SETMASK, [], [pid 643] <... futex resumed>) = 0 [pid 299] rmdir("./14" [pid 644] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 643] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... rmdir resumed>) = 0 [pid 644] memfd_create("syzkaller", 0 [pid 643] <... futex resumed>) = 0 [pid 639] <... clone3 resumed> => {parent_tid=[646]}, 88) = 646 [pid 299] mkdir("./15", 0777 [pid 297] <... unlink resumed>) = 0 ./strace-static-x86_64: Process 646 attached ./strace-static-x86_64: Process 645 attached [pid 644] <... memfd_create resumed>) = 3 [pid 643] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 642] rt_sigprocmask(SIG_SETMASK, [], [pid 641] munmap(0x7f6218024000, 262144 [pid 639] rt_sigprocmask(SIG_SETMASK, [], [pid 299] <... mkdir resumed>) = 0 [pid 644] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 643] <... mmap resumed>) = 0x7f6220424000 [pid 299] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 644] <... mmap resumed>) = 0x7f6218024000 [pid 643] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 299] <... openat resumed>) = 3 [pid 646] set_robust_list(0x7f62204449a0, 24 [pid 645] set_robust_list(0x7f62204659a0, 24 [pid 643] <... mprotect resumed>) = 0 [pid 642] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 641] <... munmap resumed>) = 0 [pid 639] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 299] ioctl(3, LOOP_CLR_FD [pid 297] getdents64(3, [pid 646] <... set_robust_list resumed>) = 0 [pid 645] <... set_robust_list resumed>) = 0 [pid 644] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 643] rt_sigprocmask(SIG_BLOCK, ~[], [pid 299] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 646] rt_sigprocmask(SIG_SETMASK, [], [pid 645] rt_sigprocmask(SIG_SETMASK, [], [pid 643] <... rt_sigprocmask resumed>[], 8) = 0 [pid 642] creat("./bus", 000 [pid 641] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 639] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] close(3 [pid 297] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 646] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 644] <... write resumed>) = 262144 [pid 643] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 299] <... close resumed>) = 0 [pid 644] munmap(0x7f6218024000, 262144 [pid 639] <... futex resumed>) = 0 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 647 attached ./strace-static-x86_64: Process 648 attached [pid 646] creat("./bus", 000 [pid 645] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 644] <... munmap resumed>) = 0 [pid 643] <... clone3 resumed> => {parent_tid=[647]}, 88) = 647 [pid 642] <... creat resumed>) = 4 [pid 641] <... openat resumed>) = 5 [pid 639] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] close(3 [pid 648] set_robust_list(0x555556cc76a0, 24 [pid 647] set_robust_list(0x7f62204449a0, 24 [pid 646] <... creat resumed>) = 4 [pid 645] memfd_create("syzkaller", 0 [pid 644] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 643] rt_sigprocmask(SIG_SETMASK, [], [pid 299] <... clone resumed>, child_tidptr=0x555556cc7690) = 648 [pid 648] <... set_robust_list resumed>) = 0 [pid 644] <... openat resumed>) = 5 [pid 643] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 648] chdir("./15" [ 26.092834][ T631] loop5: detected capacity change from 0 to 512 [pid 644] ioctl(5, LOOP_SET_FD, 3 [pid 643] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 647] <... set_robust_list resumed>) = 0 [pid 646] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 645] <... memfd_create resumed>) = 3 [pid 642] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 641] ioctl(5, LOOP_SET_FD, 3 [pid 297] <... close resumed>) = 0 [pid 648] <... chdir resumed>) = 0 [pid 647] rt_sigprocmask(SIG_SETMASK, [], [pid 646] <... futex resumed>) = 1 [pid 645] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 643] <... futex resumed>) = 0 [pid 642] <... futex resumed>) = 1 [pid 639] <... futex resumed>) = 0 [pid 637] <... futex resumed>) = 0 [pid 648] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 644] <... ioctl resumed>) = 0 [pid 643] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 637] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 648] <... prctl resumed>) = 0 [pid 644] close(3 [pid 637] <... futex resumed>) = 0 [pid 648] setpgid(0, 0 [pid 644] <... close resumed>) = 0 [pid 637] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 648] <... setpgid resumed>) = 0 [pid 644] mkdir("./file0", 0777 [pid 648] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 644] <... mkdir resumed>) = 0 [pid 648] <... openat resumed>) = 3 [pid 644] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 648] write(3, "1000", 4) = 4 [pid 648] close(3) = 0 [pid 648] symlink("/dev/binderfs", "./binderfs") = 0 [pid 648] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 648] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, NULL, 8) = 0 [pid 648] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 648] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220445000 [pid 648] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 648] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 648] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} => {parent_tid=[649]}, 88) = 649 [pid 648] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 648] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 648] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 648] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220424000 [pid 648] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 648] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 648] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} => {parent_tid=[650]}, 88) = 650 [pid 648] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 648] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 648] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 650 attached [pid 650] set_robust_list(0x7f62204449a0, 24) = 0 [pid 650] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 650] creat("./bus", 000) = 3 [pid 650] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 648] <... futex resumed>) = 0 [pid 648] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 648] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 650] <... futex resumed>) = 1 [pid 650] mount("/dev/loop3", "./bus", NULL, MS_BIND, NULL) = 0 [pid 650] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 648] <... futex resumed>) = 0 [pid 648] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 648] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 650] <... futex resumed>) = 1 [pid 650] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 4 [pid 650] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 648] <... futex resumed>) = 0 [pid 648] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 648] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 649 attached [pid 650] <... futex resumed>) = 1 [pid 647] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 646] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 645] <... mmap resumed>) = 0x7f6218024000 [pid 642] mount("/dev/loop4", "./bus", NULL, MS_BIND, NULL [pid 641] <... ioctl resumed>) = 0 [pid 639] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] rmdir("./16" [pid 646] <... mount resumed>) = 0 [pid 650] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 649] set_robust_list(0x7f62204659a0, 24 [pid 647] creat("./bus", 000 [pid 646] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 645] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 642] <... mount resumed>) = 0 [pid 641] close(3 [pid 639] <... futex resumed>) = 0 [pid 301] <... openat resumed>) = 3 [pid 297] <... rmdir resumed>) = 0 [pid 646] <... futex resumed>) = 0 [pid 645] <... write resumed>) = 262144 [pid 642] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 639] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] ioctl(3, LOOP_CLR_FD [pid 297] mkdir("./17", 0777 [pid 646] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 645] munmap(0x7f6218024000, 262144 [pid 642] <... futex resumed>) = 1 [pid 639] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 637] <... futex resumed>) = 0 [pid 297] <... mkdir resumed>) = 0 [pid 642] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 639] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 646] <... futex resumed>) = 0 [pid 645] <... munmap resumed>) = 0 [pid 641] <... close resumed>) = 0 [pid 639] <... futex resumed>) = 1 [pid 297] <... openat resumed>) = 3 [pid 646] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 639] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] ioctl(3, LOOP_CLR_FD [pid 646] <... open resumed>) = 3 [pid 297] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 646] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] close(3 [pid 646] <... futex resumed>) = 1 [pid 639] <... futex resumed>) = 0 [pid 297] <... close resumed>) = 0 [pid 646] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 639] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 646] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 639] <... futex resumed>) = 0 [pid 637] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 646] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 639] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 637] <... futex resumed>) = 1 [pid 642] <... futex resumed>) = 0 [pid 297] <... clone resumed>, child_tidptr=0x555556cc7690) = 651 [pid 646] <... socket resumed>) = 6 [pid 642] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 637] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 651 attached [pid 647] <... creat resumed>) = 4 [pid 646] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 645] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 642] <... open resumed>) = 3 [pid 641] mkdir("./file0", 0777 [pid 650] <... socket resumed>) = 5 [pid 647] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 646] <... futex resumed>) = 1 [pid 645] <... openat resumed>) = 5 [pid 642] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 641] <... mkdir resumed>) = 0 [pid 639] <... futex resumed>) = 0 [pid 649] <... set_robust_list resumed>) = 0 [pid 647] <... futex resumed>) = 1 [pid 646] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 645] ioctl(5, LOOP_SET_FD, 3 [pid 641] mount("/dev/loop4", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 639] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 651] set_robust_list(0x555556cc76a0, 24 [pid 650] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 649] rt_sigprocmask(SIG_SETMASK, [], [pid 647] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 646] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 643] <... futex resumed>) = 0 [pid 642] <... futex resumed>) = 1 [pid 639] <... futex resumed>) = 0 [pid 637] <... futex resumed>) = 0 [pid 651] <... set_robust_list resumed>) = 0 [pid 649] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 646] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 3, 0 [pid 643] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 642] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 639] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 637] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 649] memfd_create("syzkaller", 0 [pid 647] <... futex resumed>) = 0 [pid 646] <... mmap resumed>) = 0x20000000 [pid 643] <... futex resumed>) = 1 [pid 642] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 637] <... futex resumed>) = 0 [pid 649] <... memfd_create resumed>) = 6 [pid 647] mount("/dev/loop2", "./bus", NULL, MS_BIND, NULL [pid 646] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 643] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 642] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 637] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 651] chdir("./17" [pid 650] <... futex resumed>) = 1 [pid 649] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 648] <... futex resumed>) = 0 [pid 647] <... mount resumed>) = 0 [pid 646] <... futex resumed>) = 1 [pid 642] <... socket resumed>) = 6 [pid 639] <... futex resumed>) = 0 [pid 651] <... chdir resumed>) = 0 [pid 649] <... mmap resumed>) = 0x7f6218024000 [pid 648] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 647] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 646] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 642] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 639] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 651] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 650] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 4, 0 [pid 649] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 648] <... futex resumed>) = 0 [pid 647] <... futex resumed>) = 1 [pid 646] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 643] <... futex resumed>) = 0 [pid 642] <... futex resumed>) = 1 [pid 639] <... futex resumed>) = 0 [pid 637] <... futex resumed>) = 0 [pid 651] <... prctl resumed>) = 0 [pid 650] <... mmap resumed>) = 0x20000000 [pid 649] <... write resumed>) = 262144 [pid 648] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 647] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 646] memfd_create("syzkaller", 0 [pid 643] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 642] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 637] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 651] setpgid(0, 0 [pid 650] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 649] munmap(0x7f6218024000, 262144 [pid 647] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 26.144367][ T644] loop0: detected capacity change from 0 to 512 [ 26.145653][ T641] loop4: detected capacity change from 0 to 512 [ 26.179634][ T645] loop2: detected capacity change from 0 to 512 [pid 646] <... memfd_create resumed>) = 7 [pid 643] <... futex resumed>) = 0 [pid 649] <... munmap resumed>) = 0 [pid 647] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 646] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 643] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 649] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 646] <... mmap resumed>) = 0x7f620fc64000 [pid 649] <... openat resumed>) = 7 [pid 646] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 649] ioctl(7, LOOP_SET_FD, 6 [pid 646] <... write resumed>) = 65536 [pid 301] <... ioctl resumed>) = 0 [pid 651] <... setpgid resumed>) = 0 [pid 650] <... futex resumed>) = 1 [pid 648] <... futex resumed>) = 0 [pid 646] munmap(0x7f620fc64000, 65536 [pid 642] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 637] <... futex resumed>) = 0 [pid 301] close(3 [pid 651] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 648] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 646] <... munmap resumed>) = 0 [pid 642] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 3, 0 [pid 637] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] <... close resumed>) = 0 [pid 647] <... open resumed>) = 6 [pid 646] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 645] <... ioctl resumed>) = 0 [pid 301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 647] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 646] <... openat resumed>) = 8 [pid 645] close(3 [pid 647] <... futex resumed>) = 1 [pid 646] ioctl(8, LOOP_SET_FD, 7 [pid 645] <... close resumed>) = 0 [pid 643] <... futex resumed>) = 0 [pid 301] <... clone resumed>, child_tidptr=0x555556cc7690) = 656 [pid 647] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 646] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 645] mkdir("./file0", 0777 [pid 643] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 647] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 646] ioctl(8, LOOP_CLR_FD [pid 645] <... mkdir resumed>) = 0 [pid 643] <... futex resumed>) = 0 [pid 647] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 646] <... ioctl resumed>) = 0 [pid 645] mount("/dev/loop2", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 643] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 647] <... socket resumed>) = 3 [pid 647] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 643] <... futex resumed>) = 0 [pid 647] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 643] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 647] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 643] <... futex resumed>) = 0 [pid 651] <... openat resumed>) = 3 [pid 648] <... futex resumed>) = 0 [pid 647] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 6, 0 [pid 643] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 642] <... mmap resumed>) = 0x20000000 [pid 651] write(3, "1000", 4 [pid 647] <... mmap resumed>) = 0x20000000 [pid 646] ioctl(8, LOOP_SET_FD, 7./strace-static-x86_64: Process 656 attached [pid 647] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 646] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 656] set_robust_list(0x555556cc76a0, 24 [pid 647] <... futex resumed>) = 1 [pid 646] close(8 [pid 643] <... futex resumed>) = 0 [pid 656] <... set_robust_list resumed>) = 0 [pid 647] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 646] <... close resumed>) = 0 [pid 643] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 656] chdir("./15" [pid 647] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 646] close(7 [pid 643] <... futex resumed>) = 0 [pid 656] <... chdir resumed>) = 0 [pid 647] memfd_create("syzkaller", 0 [pid 646] <... close resumed>) = 0 [pid 656] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 647] <... memfd_create resumed>) = 7 [pid 646] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 656] <... prctl resumed>) = 0 [pid 647] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 646] <... futex resumed>) = 0 [pid 656] setpgid(0, 0 [pid 647] <... mmap resumed>) = 0x7f620fc64000 [pid 646] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 656] <... setpgid resumed>) = 0 [pid 647] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 656] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 647] <... write resumed>) = 65536 [pid 656] <... openat resumed>) = 3 [pid 647] munmap(0x7f620fc64000, 65536 [pid 656] write(3, "1000", 4 [pid 647] <... munmap resumed>) = 0 [pid 656] <... write resumed>) = 4 [pid 647] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 656] close(3 [pid 647] <... openat resumed>) = 8 [pid 656] <... close resumed>) = 0 [pid 651] <... write resumed>) = 4 [pid 647] ioctl(8, LOOP_SET_FD, 7 [pid 642] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 656] symlink("/dev/binderfs", "./binderfs" [pid 647] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 656] <... symlink resumed>) = 0 [pid 647] ioctl(8, LOOP_CLR_FD [pid 656] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 647] <... ioctl resumed>) = 0 [pid 656] <... futex resumed>) = 0 [pid 656] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, NULL, 8) = 0 [pid 656] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 656] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220445000 [pid 656] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 647] ioctl(8, LOOP_SET_FD, 7 [pid 656] rt_sigprocmask(SIG_BLOCK, ~[], [pid 647] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 656] <... rt_sigprocmask resumed>[], 8) = 0 [pid 647] close(8 [pid 656] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 647] <... close resumed>) = 0 [pid 647] close(7 [pid 656] <... clone3 resumed> => {parent_tid=[657]}, 88) = 657 [pid 647] <... close resumed>) = 0 [pid 656] rt_sigprocmask(SIG_SETMASK, [], [pid 647] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 656] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 647] <... futex resumed>) = 0 [pid 656] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 647] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 656] <... futex resumed>) = 0 [pid 656] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 656] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220424000 [pid 656] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 656] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 656] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} => {parent_tid=[658]}, 88) = 658 [pid 656] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 656] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 656] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 649] <... ioctl resumed>) = 0 [pid 649] close(6) = 0 [pid 649] mkdir(0x20000000, 0777 [pid 651] close(3 [pid 642] <... futex resumed>) = 1 [pid 642] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 637] <... futex resumed>) = 0 [pid 649] <... mkdir resumed>) = -1 ENOENT (No such file or directory) [pid 651] <... close resumed>) = 0 [pid 649] mount("/dev/loop3", 0x20000000, 0x200005c0, MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"... [pid 642] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 637] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 651] symlink("/dev/binderfs", "./binderfs" [pid 642] memfd_create("syzkaller", 0 [pid 637] <... futex resumed>) = 0 [ 26.195134][ T652] EXT4-fs warning (device loop0): kmmpd:170: kmmpd being stopped since MMP feature has been disabled. [ 26.199027][ T649] loop3: detected capacity change from 0 to 512 [ 26.213482][ T650] blk_update_request: I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 32 prio class 0 [ 26.226065][ T644] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 26.233980][ T645] EXT4-fs warning (device loop2): read_mmp_block:115: Error -74 while reading MMP block 12 [pid 651] <... symlink resumed>) = 0 [pid 649] <... mount resumed>) = -1 ENOENT (No such file or directory) [pid 642] <... memfd_create resumed>) = 7 [pid 651] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 649] ioctl(7, LOOP_CLR_FD [pid 642] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 651] <... futex resumed>) = 0 [pid 649] <... ioctl resumed>) = 0 [pid 642] <... mmap resumed>) = 0x7f620fc64000 [pid 651] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 649] close(7 [pid 642] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 651] <... rt_sigaction resumed>NULL, 8) = 0 [pid 649] <... close resumed>) = 0 [pid 642] <... write resumed>) = 65536 [pid 651] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 649] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 642] munmap(0x7f620fc64000, 65536 [pid 651] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 649] <... futex resumed>) = 0 [pid 642] <... munmap resumed>) = 0 [pid 651] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 649] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 642] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 651] <... mmap resumed>) = 0x7f6220445000 [pid 642] <... openat resumed>) = 8 [pid 651] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 642] ioctl(8, LOOP_SET_FD, 7 [pid 651] <... mprotect resumed>) = 0 [pid 642] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 651] rt_sigprocmask(SIG_BLOCK, ~[], [pid 642] ioctl(8, LOOP_CLR_FD [pid 651] <... rt_sigprocmask resumed>[], 8) = 0 [pid 651] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} => {parent_tid=[659]}, 88) = 659 [pid 651] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 651] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 642] <... ioctl resumed>) = 0 [pid 651] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 651] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220424000 [pid 651] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 651] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 651] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} => {parent_tid=[660]}, 88) = 660 [pid 651] rt_sigprocmask(SIG_SETMASK, [], [pid 642] ioctl(8, LOOP_SET_FD, 7 [pid 651] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 642] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 651] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 642] close(8 [pid 651] <... futex resumed>) = 0 [pid 642] <... close resumed>) = 0 [pid 651] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 642] close(7./strace-static-x86_64: Process 660 attached ./strace-static-x86_64: Process 659 attached ./strace-static-x86_64: Process 658 attached ./strace-static-x86_64: Process 657 attached [pid 650] memfd_create("syzkaller", 0 [pid 642] <... close resumed>) = 0 [pid 658] set_robust_list(0x7f62204449a0, 24 [pid 657] set_robust_list(0x7f62204659a0, 24 [pid 650] <... memfd_create resumed>) = 6 [pid 659] set_robust_list(0x7f62204659a0, 24 [pid 658] <... set_robust_list resumed>) = 0 [pid 657] <... set_robust_list resumed>) = 0 [pid 650] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 642] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 659] <... set_robust_list resumed>) = 0 [pid 658] rt_sigprocmask(SIG_SETMASK, [], [pid 657] rt_sigprocmask(SIG_SETMASK, [], [pid 650] <... mmap resumed>) = 0x7f620fc64000 [pid 659] rt_sigprocmask(SIG_SETMASK, [], [pid 658] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 657] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 650] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 642] <... futex resumed>) = 0 [pid 659] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 658] creat("./bus", 000 [pid 657] memfd_create("syzkaller", 0 [pid 650] <... write resumed>) = 65536 [pid 659] memfd_create("syzkaller", 0 [pid 658] <... creat resumed>) = 3 [pid 657] <... memfd_create resumed>) = 4 [pid 650] munmap(0x7f620fc64000, 65536 [pid 659] <... memfd_create resumed>) = 3 [pid 658] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 657] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 650] <... munmap resumed>) = 0 [pid 642] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 659] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 658] <... futex resumed>) = 1 [pid 657] <... mmap resumed>) = 0x7f6218024000 [pid 656] <... futex resumed>) = 0 [pid 650] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 659] <... mmap resumed>) = 0x7f6218024000 [pid 658] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 657] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 656] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 660] set_robust_list(0x7f62204449a0, 24 [pid 659] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 658] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 657] <... write resumed>) = 262144 [pid 650] <... openat resumed>) = 7 [pid 660] <... set_robust_list resumed>) = 0 [pid 659] <... write resumed>) = 262144 [pid 658] mount("/dev/loop5", "./bus", NULL, MS_BIND, NULL [pid 657] munmap(0x7f6218024000, 262144 [pid 660] rt_sigprocmask(SIG_SETMASK, [], [pid 659] munmap(0x7f6218024000, 262144 [pid 658] <... mount resumed>) = 0 [pid 657] <... munmap resumed>) = 0 [pid 660] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 659] <... munmap resumed>) = 0 [pid 658] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 657] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 660] creat("./bus", 000 [pid 659] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 658] <... futex resumed>) = 0 [pid 657] <... openat resumed>) = 5 [pid 660] <... creat resumed>) = 4 [pid 659] <... openat resumed>) = 5 [pid 658] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [ 26.246864][ T644] EXT4-fs error (device loop0): ext4_init_orphan_info:586: comm syz-executor172: inode #0: comm syz-executor172: iget: illegal inode # [ 26.258545][ T641] EXT4-fs error (device loop4): ext4_init_orphan_info:586: comm syz-executor172: inode #0: comm syz-executor172: iget: illegal inode # [ 26.282795][ T657] loop5: detected capacity change from 0 to 512 [ 26.288150][ T644] EXT4-fs (loop0): get orphan inode failed [pid 657] ioctl(5, LOOP_SET_FD, 4 [pid 656] <... futex resumed>) = 0 [pid 650] ioctl(7, LOOP_SET_FD, 6 [pid 660] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 659] ioctl(5, LOOP_SET_FD, 3 [pid 660] <... futex resumed>) = 1 [pid 660] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 657] <... ioctl resumed>) = 0 [pid 657] close(4) = 0 [pid 657] mkdir("./file0", 0777) = 0 [pid 657] mount("/dev/loop5", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 659] <... ioctl resumed>) = 0 [pid 659] close(3) = 0 [pid 659] mkdir("./file0", 0777) = 0 [pid 659] mount("/dev/loop1", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 656] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 656] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 658] <... futex resumed>) = 0 [pid 656] <... futex resumed>) = 1 [pid 651] <... futex resumed>) = 0 [pid 650] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 656] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 651] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 650] ioctl(7, LOOP_CLR_FD [pid 651] <... futex resumed>) = 1 [pid 660] <... futex resumed>) = 0 [pid 658] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 651] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 660] mount("/dev/loop1", "./bus", NULL, MS_BIND, NULL [pid 658] <... open resumed>) = 4 [pid 650] <... ioctl resumed>) = 0 [pid 660] <... mount resumed>) = 0 [pid 658] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 660] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 658] <... futex resumed>) = 1 [pid 656] <... futex resumed>) = 0 [pid 660] <... futex resumed>) = 1 [pid 658] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 656] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 651] <... futex resumed>) = 0 [pid 660] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 658] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 656] <... futex resumed>) = 0 [pid 651] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 660] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 658] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 656] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 651] <... futex resumed>) = 0 [pid 660] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 658] <... socket resumed>) = 6 [pid 651] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 660] <... open resumed>) = 3 [pid 658] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 650] ioctl(7, LOOP_SET_FD, 6) = -1 EBUSY (Device or resource busy) [pid 650] close(7) = 0 [pid 650] close(6 [pid 660] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 658] <... futex resumed>) = 1 [pid 656] <... futex resumed>) = 0 [pid 660] <... futex resumed>) = 1 [pid 658] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 656] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 651] <... futex resumed>) = 0 [pid 660] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 658] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 656] <... futex resumed>) = 0 [pid 651] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 650] <... close resumed>) = 0 [pid 660] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 658] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 4, 0 [pid 656] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 651] <... futex resumed>) = 0 [pid 645] <... mount resumed>) = -1 EBADMSG (Bad message) [pid 660] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 658] <... mmap resumed>) = 0x20000000 [pid 651] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 660] <... socket resumed>) = 6 [pid 658] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 660] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 658] <... futex resumed>) = 1 [pid 656] <... futex resumed>) = 0 [pid 660] <... futex resumed>) = 1 [pid 658] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 656] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 651] <... futex resumed>) = 0 [pid 660] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 658] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 656] <... futex resumed>) = 0 [pid 651] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 660] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 658] memfd_create("syzkaller", 0 [pid 651] <... futex resumed>) = 0 [pid 660] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 3, 0 [pid 658] <... memfd_create resumed>) = 7 [pid 651] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 660] <... mmap resumed>) = 0x20000000 [pid 658] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 650] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 648] exit_group(0 [pid 645] ioctl(5, LOOP_CLR_FD [pid 660] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 658] <... mmap resumed>) = 0x7f620fc64000 [pid 660] <... futex resumed>) = 1 [pid 658] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 651] <... futex resumed>) = 0 [pid 650] <... futex resumed>) = ? [pid 649] <... futex resumed>) = ? [pid 648] <... exit_group resumed>) = ? [pid 645] <... ioctl resumed>) = 0 [pid 660] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 658] <... write resumed>) = 65536 [pid 651] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 660] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 658] munmap(0x7f620fc64000, 65536 [pid 651] <... futex resumed>) = 0 [pid 660] memfd_create("syzkaller", 0 [pid 658] <... munmap resumed>) = 0 [pid 650] +++ exited with 0 +++ [pid 649] +++ exited with 0 +++ [pid 660] <... memfd_create resumed>) = 7 [pid 658] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 644] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 660] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 658] <... openat resumed>) = 8 [pid 660] <... mmap resumed>) = 0x7f620fc64000 [pid 658] ioctl(8, LOOP_SET_FD, 7 [pid 644] ioctl(5, LOOP_CLR_FD [pid 660] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 658] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 645] close(5 [pid 660] <... write resumed>) = 65536 [pid 658] ioctl(8, LOOP_CLR_FD [pid 644] <... ioctl resumed>) = 0 [pid 660] munmap(0x7f620fc64000, 65536 [pid 658] <... ioctl resumed>) = 0 [pid 660] <... munmap resumed>) = 0 [pid 645] <... close resumed>) = 0 [pid 644] close(5 [pid 660] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 8 [pid 644] <... close resumed>) = 0 [pid 660] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy) [pid 644] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 660] ioctl(8, LOOP_CLR_FD) = 0 [pid 644] <... futex resumed>) = 0 [pid 644] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 645] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 660] ioctl(8, LOOP_SET_FD, 7 [pid 658] ioctl(8, LOOP_SET_FD, 7 [pid 660] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 658] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 660] close(8 [pid 658] close(8 [pid 660] <... close resumed>) = 0 [pid 658] <... close resumed>) = 0 [pid 660] close(7 [pid 658] close(7 [pid 660] <... close resumed>) = 0 [pid 658] <... close resumed>) = 0 [pid 660] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 658] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 660] <... futex resumed>) = 0 [pid 658] <... futex resumed>) = 0 [pid 660] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [ 26.289336][ T659] loop1: detected capacity change from 0 to 512 [ 26.296328][ T644] EXT4-fs (loop0): mount failed [ 26.316522][ T641] EXT4-fs (loop4): get orphan inode failed [ 26.326626][ T659] EXT4-fs (loop1): revision level too high, forcing read-only mode [ 26.326884][ T641] EXT4-fs (loop4): mount failed [pid 658] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 645] <... futex resumed>) = 0 [pid 643] exit_group(0 [pid 639] exit_group(0 [pid 645] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 643] <... exit_group resumed>) = ? [pid 645] +++ exited with 0 +++ [pid 644] <... futex resumed>) = ? [pid 639] <... exit_group resumed>) = ? [pid 644] +++ exited with 0 +++ [pid 657] <... mount resumed>) = -1 EBADMSG (Bad message) [pid 647] <... futex resumed>) = ? [pid 646] <... futex resumed>) = ? [pid 657] ioctl(5, LOOP_CLR_FD) = 0 [pid 657] close(5) = 0 [pid 657] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 657] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 641] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 641] ioctl(5, LOOP_CLR_FD) = 0 [pid 641] close(5) = 0 [pid 641] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 641] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 648] +++ exited with 0 +++ [pid 656] exit_group(0 [pid 637] exit_group(0 [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=648, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 658] <... futex resumed>) = ? [pid 656] <... exit_group resumed>) = ? [pid 637] <... exit_group resumed>) = ? [pid 658] +++ exited with 0 +++ [pid 299] umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 642] <... futex resumed>) = ? [pid 299] <... openat resumed>) = 3 [pid 642] +++ exited with 0 +++ [pid 299] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(3, 0x555556cc8730 /* 4 entries */, 32768) = 104 [pid 299] umount2("./15/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 657] <... futex resumed>) = ? [pid 641] <... futex resumed>) = ? [pid 299] <... umount2 resumed>) = 0 [pid 299] umount2("./15/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./15/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] unlink("./15/bus") = 0 [pid 299] umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] unlink("./15/binderfs" [pid 659] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 299] <... unlink resumed>) = 0 [pid 299] getdents64(3, 0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 299] close(3) = 0 [pid 299] rmdir("./15" [pid 659] ioctl(5, LOOP_CLR_FD [pid 299] <... rmdir resumed>) = 0 [pid 299] mkdir("./16", 0777 [pid 659] <... ioctl resumed>) = 0 [pid 299] <... mkdir resumed>) = 0 [pid 299] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 659] close(5 [pid 299] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 299] close(3) = 0 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 659] <... close resumed>) = 0 [pid 299] <... clone resumed>, child_tidptr=0x555556cc7690) = 663 [pid 659] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 663 attached ) = 0 [pid 663] set_robust_list(0x555556cc76a0, 24 [pid 651] exit_group(0 [pid 660] <... futex resumed>) = ? [pid 651] <... exit_group resumed>) = ? [pid 663] <... set_robust_list resumed>) = 0 [pid 660] +++ exited with 0 +++ [pid 663] chdir("./16") = 0 [pid 663] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 663] setpgid(0, 0) = 0 [pid 663] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 663] write(3, "1000", 4) = 4 [pid 663] close(3) = 0 [pid 663] symlink("/dev/binderfs", "./binderfs") = 0 [pid 663] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 663] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, NULL, 8) = 0 [pid 663] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 663] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220445000 [pid 663] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 663] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 663] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} => {parent_tid=[664]}, 88) = 664 [pid 663] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 663] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 663] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 663] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220424000 [pid 663] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 663] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 663] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} => {parent_tid=[665]}, 88) = 665 ./strace-static-x86_64: Process 665 attached ./strace-static-x86_64: Process 664 attached [pid 664] set_robust_list(0x7f62204659a0, 24) = 0 [pid 664] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 664] memfd_create("syzkaller", 0 [pid 665] set_robust_list(0x7f62204449a0, 24 [pid 663] rt_sigprocmask(SIG_SETMASK, [], [pid 664] <... memfd_create resumed>) = 3 [pid 664] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6218024000 [pid 663] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 665] <... set_robust_list resumed>) = 0 [pid 665] rt_sigprocmask(SIG_SETMASK, [], [pid 663] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 647] +++ exited with 0 +++ [pid 643] +++ exited with 0 +++ [pid 665] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 663] <... futex resumed>) = 0 [pid 646] +++ exited with 0 +++ [pid 639] +++ exited with 0 +++ [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=643, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 298] umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW [pid 665] creat("./bus", 000 [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=639, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- [pid 296] restart_syscall(<... resuming interrupted clone ...> [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 298] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 663] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 664] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 296] <... restart_syscall resumed>) = 0 [pid 298] getdents64(3, [pid 296] umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 298] umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... openat resumed>) = 3 [pid 664] <... write resumed>) = 262144 [pid 296] newfstatat(3, "", [pid 298] <... umount2 resumed>) = 0 [pid 664] munmap(0x7f6218024000, 262144 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 664] <... munmap resumed>) = 0 [pid 664] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 5 [ 26.336459][ T659] EXT4-fs error (device loop1): ext4_init_orphan_info:586: comm syz-executor172: inode #0: comm syz-executor172: iget: illegal inode # [ 26.339925][ T657] EXT4-fs warning (device loop5): read_mmp_block:115: Error -74 while reading MMP block 12 [ 26.355633][ T659] EXT4-fs (loop1): get orphan inode failed [ 26.369920][ T659] EXT4-fs (loop1): mount failed [pid 664] ioctl(5, LOOP_SET_FD, 3 [pid 665] <... creat resumed>) = 4 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] getdents64(3, 0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 298] newfstatat(AT_FDCWD, "./14/bus", [pid 296] umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] unlink("./14/bus") = 0 [pid 298] umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] unlink("./14/binderfs") = 0 [pid 298] umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 298] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(4, 0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 298] getdents64(4, 0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 298] close(4) = 0 [pid 298] rmdir("./14/file0") = 0 [pid 298] getdents64(3, 0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 298] close(3) = 0 [pid 298] rmdir("./14") = 0 [pid 298] mkdir("./15", 0777) = 0 [pid 296] <... umount2 resumed>) = 0 [pid 298] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 296] umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] <... openat resumed>) = 3 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] ioctl(3, LOOP_CLR_FD [pid 296] newfstatat(AT_FDCWD, "./13/bus", [pid 298] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 296] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] close(3 [pid 296] unlink("./13/bus" [pid 641] +++ exited with 0 +++ [pid 637] +++ exited with 0 +++ [pid 298] <... close resumed>) = 0 [pid 296] <... unlink resumed>) = 0 [pid 300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=637, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- [pid 659] +++ exited with 0 +++ [pid 651] +++ exited with 0 +++ [pid 300] restart_syscall(<... resuming interrupted clone ...> [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 296] umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] <... restart_syscall resumed>) = 0 [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=651, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- [pid 298] <... clone resumed>, child_tidptr=0x555556cc7690) = 666 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./13/binderfs", [pid 300] umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 ./strace-static-x86_64: Process 666 attached [pid 665] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 664] <... ioctl resumed>) = 0 [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] unlink("./13/binderfs" [pid 300] openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 297] openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 664] close(3) = 0 [pid 664] mkdir("./file0", 0777 [pid 296] <... unlink resumed>) = 0 [pid 297] <... openat resumed>) = 3 [pid 300] <... openat resumed>) = 3 [pid 296] umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] newfstatat(3, "", [pid 300] newfstatat(3, "", [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 300] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] newfstatat(AT_FDCWD, "./13/file0", [pid 300] getdents64(3, [pid 297] getdents64(3, [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 300] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 666] set_robust_list(0x555556cc76a0, 24 [pid 665] <... futex resumed>) = 1 [pid 664] <... mkdir resumed>) = 0 [pid 300] umount2("./16/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 296] umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] umount2("./17/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] <... umount2 resumed>) = 0 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 664] mount("/dev/loop3", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 300] umount2("./16/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] <... umount2 resumed>) = 0 [pid 296] openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] umount2("./17/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... openat resumed>) = 4 [pid 666] <... set_robust_list resumed>) = 0 [pid 665] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 663] <... futex resumed>) = 0 [pid 300] newfstatat(AT_FDCWD, "./16/bus", [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(4, "", [pid 300] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] newfstatat(AT_FDCWD, "./17/bus", [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 300] unlink("./16/bus" [pid 297] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] getdents64(4, [pid 300] <... unlink resumed>) = 0 [pid 297] unlink("./17/bus" [pid 296] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 666] chdir("./15" [pid 665] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 663] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 657] +++ exited with 0 +++ [pid 656] +++ exited with 0 +++ [pid 300] umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] <... unlink resumed>) = 0 [pid 296] getdents64(4, [pid 301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=656, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 300] newfstatat(AT_FDCWD, "./16/binderfs", [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] close(4 [pid 300] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] newfstatat(AT_FDCWD, "./17/binderfs", [pid 296] <... close resumed>) = 0 [pid 301] umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] unlink("./16/binderfs" [pid 297] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] rmdir("./13/file0" [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 300] <... unlink resumed>) = 0 [pid 297] unlink("./17/binderfs" [pid 296] <... rmdir resumed>) = 0 [pid 301] openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 300] umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] <... unlink resumed>) = 0 [pid 296] getdents64(3, [pid 663] <... futex resumed>) = 0 [pid 301] <... openat resumed>) = 3 [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 666] <... chdir resumed>) = 0 [pid 665] mount("/dev/loop3", "./bus", NULL, MS_BIND, NULL [pid 663] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] newfstatat(3, "", [pid 300] newfstatat(AT_FDCWD, "./16/file0", [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] close(3 [pid 666] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 665] <... mount resumed>) = 0 [pid 301] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 300] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] newfstatat(AT_FDCWD, "./17/file0", [pid 296] <... close resumed>) = 0 [pid 666] <... prctl resumed>) = 0 [pid 665] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] getdents64(3, [pid 300] umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] rmdir("./13" [pid 666] setpgid(0, 0 [pid 665] <... futex resumed>) = 1 [pid 663] <... futex resumed>) = 0 [pid 301] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... rmdir resumed>) = 0 [pid 666] <... setpgid resumed>) = 0 [pid 665] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 663] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] umount2("./15/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] mkdir("./14", 0777 [pid 666] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 665] <... open resumed>) = 3 [pid 663] <... futex resumed>) = 0 [pid 301] <... umount2 resumed>) = 0 [pid 300] <... openat resumed>) = 4 [pid 297] openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 296] <... mkdir resumed>) = 0 [pid 666] <... openat resumed>) = 3 [pid 665] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 663] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] umount2("./15/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] newfstatat(4, "", [pid 297] <... openat resumed>) = 4 [pid 296] openat(AT_FDCWD, "/dev/loop0", O_RDWR [ 26.394986][ T664] loop3: detected capacity change from 0 to 512 [pid 666] write(3, "1000", 4) = 4 [pid 665] <... futex resumed>) = 0 [pid 663] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 300] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] newfstatat(4, "", [pid 296] <... openat resumed>) = 3 [pid 666] close(3 [pid 665] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 663] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] newfstatat(AT_FDCWD, "./15/bus", [pid 300] getdents64(4, [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] ioctl(3, LOOP_CLR_FD [pid 666] <... close resumed>) = 0 [pid 665] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 663] <... futex resumed>) = 0 [pid 301] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 300] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 297] getdents64(4, [pid 296] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 665] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 663] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 296] close(3 [pid 297] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 665] <... socket resumed>) = 6 [pid 296] <... close resumed>) = 0 [pid 666] symlink("/dev/binderfs", "./binderfs" [pid 665] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] unlink("./15/bus" [pid 300] getdents64(4, [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 666] <... symlink resumed>) = 0 [pid 665] <... futex resumed>) = 1 [pid 663] <... futex resumed>) = 0 [pid 301] <... unlink resumed>) = 0 [pid 300] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 297] getdents64(4, [pid 666] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 665] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 3, 0 [pid 663] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] close(4 [pid 301] umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 296] <... clone resumed>, child_tidptr=0x555556cc7690) = 669 [pid 666] <... futex resumed>) = 0 [pid 665] <... mmap resumed>) = 0x20000000 [pid 663] <... futex resumed>) = 0 [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 300] <... close resumed>) = 0 [pid 297] close(4 [pid 666] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 665] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 663] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] newfstatat(AT_FDCWD, "./15/binderfs", [pid 300] rmdir("./16/file0" [pid 297] <... close resumed>) = 0 [pid 666] <... rt_sigaction resumed>NULL, 8) = 0 [pid 665] <... futex resumed>) = 0 [pid 663] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 301] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 300] <... rmdir resumed>) = 0 [pid 297] rmdir("./17/file0"./strace-static-x86_64: Process 669 attached [pid 669] set_robust_list(0x555556cc76a0, 24) = 0 [pid 669] chdir("./14") = 0 [pid 669] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 669] setpgid(0, 0) = 0 [pid 669] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 666] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 665] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 663] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] unlink("./15/binderfs" [pid 300] getdents64(3, [pid 669] <... openat resumed>) = 3 [pid 669] write(3, "1000", 4) = 4 [pid 297] <... rmdir resumed>) = 0 [pid 669] close(3) = 0 [pid 669] symlink("/dev/binderfs", "./binderfs" [pid 301] <... unlink resumed>) = 0 [pid 666] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 665] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 663] <... futex resumed>) = 0 [pid 300] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 301] umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] getdents64(3, [pid 666] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 665] memfd_create("syzkaller", 0 [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 300] close(3 [pid 297] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 669] <... symlink resumed>) = 0 [pid 669] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 669] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, NULL, 8) = 0 [pid 669] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 669] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220445000 [pid 669] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 669] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 669] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} => {parent_tid=[670]}, 88) = 670 [pid 669] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 669] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 669] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 669] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220424000 [pid 669] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 669] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 669] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} => {parent_tid=[671]}, 88) = 671 [pid 669] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 669] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 669] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 670 attached [pid 670] set_robust_list(0x7f62204659a0, 24) = 0 [pid 670] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 670] memfd_create("syzkaller", 0 [pid 666] <... mmap resumed>) = 0x7f6220445000 [pid 665] <... memfd_create resumed>) = 7 [pid 301] newfstatat(AT_FDCWD, "./15/file0", [pid 300] <... close resumed>) = 0 [pid 297] close(3 [pid 301] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 666] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 300] rmdir("./16" [pid 297] <... close resumed>) = 0 [pid 301] umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 665] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 670] <... memfd_create resumed>) = 3 [pid 666] <... mprotect resumed>) = 0 [pid 297] rmdir("./17" [pid 670] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6218024000 [pid 300] <... rmdir resumed>) = 0 [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 671 attached [pid 671] set_robust_list(0x7f62204449a0, 24) = 0 [pid 671] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 671] creat("./bus", 000 [pid 297] <... rmdir resumed>) = 0 [pid 665] <... mmap resumed>) = 0x7f620fc64000 [pid 666] rt_sigprocmask(SIG_BLOCK, ~[], [pid 301] openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 671] <... creat resumed>) = 4 [pid 665] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 301] <... openat resumed>) = 4 [pid 301] newfstatat(4, "", [pid 666] <... rt_sigprocmask resumed>[], 8) = 0 [pid 300] mkdir("./17", 0777 [pid 297] mkdir("./18", 0777 [pid 671] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 669] <... futex resumed>) = 0 [pid 665] <... write resumed>) = 65536 [pid 301] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 666] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 669] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 669] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 671] <... futex resumed>) = 1 [pid 671] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 297] <... mkdir resumed>) = 0 [pid 301] getdents64(4, [pid 671] <... mount resumed>) = 0 [pid 301] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 666] <... clone3 resumed> => {parent_tid=[672]}, 88) = 672 [pid 671] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 669] <... futex resumed>) = 0 [pid 669] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 669] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 300] <... mkdir resumed>) = 0 [pid 666] rt_sigprocmask(SIG_SETMASK, [], [pid 301] getdents64(4, [pid 671] <... futex resumed>) = 1 [pid 671] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5 [pid 666] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 301] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 665] munmap(0x7f620fc64000, 65536 [pid 300] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 297] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 671] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 669] <... futex resumed>) = 0 [pid 669] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 669] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 671] <... futex resumed>) = 1 [pid 671] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE) = 6 [pid 301] close(4 [pid 666] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 671] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 665] <... munmap resumed>) = 0 [pid 666] <... futex resumed>) = 0 [pid 301] <... close resumed>) = 0 [pid 297] <... openat resumed>) = 3 [pid 666] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] rmdir("./15/file0" [pid 666] <... futex resumed>) = 0 [pid 665] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 300] <... openat resumed>) = 3 [pid 297] ioctl(3, LOOP_CLR_FD [pid 669] <... futex resumed>) = 0 [pid 669] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 669] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 671] <... futex resumed>) = 1 [pid 671] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000 [pid 666] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 670] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20001357} --- [pid 671] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 669] <... futex resumed>) = 0 [pid 669] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] <... rmdir resumed>) = 0 [pid 666] <... mmap resumed>) = 0x7f6220424000 [pid 301] getdents64(3, [pid 666] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 297] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 300] ioctl(3, LOOP_CLR_FD [pid 666] <... mprotect resumed>) = 0 [pid 665] <... openat resumed>) = 8 [pid 301] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 300] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 297] close(3 [pid 669] <... futex resumed>) = 0 [pid 671] <... futex resumed>) = ? ./strace-static-x86_64: Process 672 attached [pid 671] +++ killed by SIGBUS +++ [pid 666] rt_sigprocmask(SIG_BLOCK, ~[], [pid 665] ioctl(8, LOOP_SET_FD, 7 [pid 664] <... mount resumed>) = 0 [pid 301] close(3 [pid 300] close(3 [pid 297] <... close resumed>) = 0 [pid 666] <... rt_sigprocmask resumed>[], 8) = 0 [pid 665] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 301] <... close resumed>) = 0 [pid 300] <... close resumed>) = 0 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 666] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 665] ioctl(8, LOOP_CLR_FD [pid 301] rmdir("./15" [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 665] <... ioctl resumed>) = 0 [pid 301] <... rmdir resumed>) = 0 [pid 297] <... clone resumed>, child_tidptr=0x555556cc7690) = 673 [pid 666] <... clone3 resumed> => {parent_tid=[674]}, 88) = 674 [pid 301] mkdir("./16", 0777 [pid 300] <... clone resumed>, child_tidptr=0x555556cc7690) = 675 [pid 666] rt_sigprocmask(SIG_SETMASK, [], [pid 301] <... mkdir resumed>) = 0 [pid 666] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 301] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 666] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 665] ioctl(8, LOOP_SET_FD, 7 [pid 301] <... openat resumed>) = 3 ./strace-static-x86_64: Process 675 attached [pid 666] <... futex resumed>) = 0 [pid 665] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 301] ioctl(3, LOOP_CLR_FD./strace-static-x86_64: Process 674 attached ./strace-static-x86_64: Process 673 attached [pid 675] set_robust_list(0x555556cc76a0, 24 [pid 666] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 665] close(8 [pid 301] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 675] <... set_robust_list resumed>) = 0 [pid 674] set_robust_list(0x7f62204449a0, 24 [pid 673] set_robust_list(0x555556cc76a0, 24 [pid 665] <... close resumed>) = 0 [pid 664] openat(AT_FDCWD, 0x20000000, O_RDONLY|O_DIRECTORY [pid 301] close(3 [pid 665] close(7 [pid 664] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 301] <... close resumed>) = 0 [pid 665] <... close resumed>) = 0 [pid 664] ioctl(5, LOOP_CLR_FD [pid 301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 665] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 664] <... ioctl resumed>) = 0 [pid 665] <... futex resumed>) = 0 [pid 664] close(5 [pid 301] <... clone resumed>, child_tidptr=0x555556cc7690) = 677 [pid 665] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 664] <... close resumed>) = 0 [pid 664] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 664] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 663] exit_group(0 [pid 665] <... futex resumed>) = ? [pid 664] <... futex resumed>) = ? [pid 663] <... exit_group resumed>) = ? [pid 665] +++ exited with 0 +++ [pid 664] +++ exited with 0 +++ [pid 663] +++ exited with 0 +++ [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=663, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- [pid 672] set_robust_list(0x7f62204659a0, 24) = 0 [pid 672] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 672] memfd_create("syzkaller", 0) = 3 [pid 672] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6218024000 [pid 675] chdir("./17" [pid 674] <... set_robust_list resumed>) = 0 [pid 673] <... set_robust_list resumed>) = 0 [pid 672] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 670] +++ killed by SIGBUS +++ [pid 669] +++ killed by SIGBUS +++ [pid 675] <... chdir resumed>) = 0 [pid 674] rt_sigprocmask(SIG_SETMASK, [], [pid 299] umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 677 attached [pid 675] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 674] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 673] chdir("./18" [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=669, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 677] set_robust_list(0x555556cc76a0, 24 [pid 675] <... prctl resumed>) = 0 [pid 674] creat("./bus", 000 [pid 673] <... chdir resumed>) = 0 [pid 299] openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 296] restart_syscall(<... resuming interrupted clone ...> [pid 677] <... set_robust_list resumed>) = 0 [pid 675] setpgid(0, 0 [pid 674] <... creat resumed>) = 4 [pid 673] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 299] <... openat resumed>) = 3 [pid 296] <... restart_syscall resumed>) = 0 [pid 677] chdir("./16" [pid 675] <... setpgid resumed>) = 0 [pid 674] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 673] <... prctl resumed>) = 0 [pid 672] <... write resumed>) = 262144 [pid 299] newfstatat(3, "", [pid 677] <... chdir resumed>) = 0 [pid 675] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 674] <... futex resumed>) = 1 [pid 673] setpgid(0, 0 [pid 666] <... futex resumed>) = 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 677] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 675] <... openat resumed>) = 3 [pid 674] mount("/dev/loop2", "./bus", NULL, MS_BIND, NULL [pid 673] <... setpgid resumed>) = 0 [pid 666] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] getdents64(3, [pid 296] umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW [pid 677] <... prctl resumed>) = 0 [pid 675] write(3, "1000", 4 [pid 674] <... mount resumed>) = 0 [pid 673] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 672] munmap(0x7f6218024000, 262144 [pid 666] <... futex resumed>) = 0 [pid 299] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [ 26.420799][ T664] EXT4-fs (loop3): mounted filesystem without journal. Opts: nodiscard,barrier,nouid32,grpquota,,errors=continue. Quota mode: writeback. [ 26.458335][ T664] ext4 filesystem being mounted at /root/syzkaller.4NT5vc/16/file0 supports timestamps until 2038 (0x7fffffff) [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 672] <... munmap resumed>) = 0 [pid 299] umount2("./16/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 672] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 666] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] <... umount2 resumed>) = 0 [pid 296] <... openat resumed>) = 3 [pid 677] setpgid(0, 0 [pid 675] <... write resumed>) = 4 [pid 674] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 673] <... openat resumed>) = 3 [pid 672] <... openat resumed>) = 5 [pid 299] umount2("./16/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] newfstatat(3, "", [pid 677] <... setpgid resumed>) = 0 [pid 675] close(3 [pid 674] <... futex resumed>) = 1 [pid 673] write(3, "1000", 4 [pid 666] <... futex resumed>) = 0 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 677] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 675] <... close resumed>) = 0 [pid 674] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 673] <... write resumed>) = 4 [pid 666] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 677] <... openat resumed>) = 3 [pid 675] symlink("/dev/binderfs", "./binderfs" [pid 674] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 673] close(3 [pid 672] ioctl(5, LOOP_SET_FD, 3 [pid 666] <... futex resumed>) = 0 [pid 299] newfstatat(AT_FDCWD, "./16/bus", [pid 296] getdents64(3, [pid 677] write(3, "1000", 4 [pid 675] <... symlink resumed>) = 0 [pid 674] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 673] <... close resumed>) = 0 [pid 666] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 677] <... write resumed>) = 4 [pid 675] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 673] symlink("/dev/binderfs", "./binderfs" [pid 296] <... getdents64 resumed>0x555556cc8730 /* 4 entries */, 32768) = 104 [pid 677] close(3 [pid 675] <... futex resumed>) = 0 [pid 673] <... symlink resumed>) = 0 [pid 677] <... close resumed>) = 0 [pid 675] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 673] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 677] symlink("/dev/binderfs", "./binderfs" [pid 675] <... rt_sigaction resumed>NULL, 8) = 0 [pid 673] <... futex resumed>) = 0 [pid 677] <... symlink resumed>) = 0 [pid 675] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 673] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 677] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 675] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 673] <... rt_sigaction resumed>NULL, 8) = 0 [pid 677] <... futex resumed>) = 0 [pid 675] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 673] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 677] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 675] <... mmap resumed>) = 0x7f6220445000 [pid 673] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 677] <... rt_sigaction resumed>NULL, 8) = 0 [pid 675] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 673] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 677] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 675] <... mprotect resumed>) = 0 [pid 673] <... mmap resumed>) = 0x7f6220445000 [pid 677] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 675] rt_sigprocmask(SIG_BLOCK, ~[], [pid 673] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 677] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 675] <... rt_sigprocmask resumed>[], 8) = 0 [pid 673] <... mprotect resumed>) = 0 [pid 677] <... mmap resumed>) = 0x7f6220445000 [pid 675] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 673] rt_sigprocmask(SIG_BLOCK, ~[], [pid 677] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 673] <... rt_sigprocmask resumed>[], 8) = 0 [pid 677] <... mprotect resumed>) = 0 [pid 675] <... clone3 resumed> => {parent_tid=[678]}, 88) = 678 [pid 673] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 677] rt_sigprocmask(SIG_BLOCK, ~[], [pid 675] rt_sigprocmask(SIG_SETMASK, [], [pid 677] <... rt_sigprocmask resumed>[], 8) = 0 [pid 675] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 673] <... clone3 resumed> => {parent_tid=[679]}, 88) = 679 [pid 677] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 675] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 673] rt_sigprocmask(SIG_SETMASK, [], [pid 675] <... futex resumed>) = 0 [pid 673] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 677] <... clone3 resumed> => {parent_tid=[680]}, 88) = 680 [pid 675] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 673] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 677] rt_sigprocmask(SIG_SETMASK, [], [pid 675] <... futex resumed>) = 0 [pid 673] <... futex resumed>) = 0 [pid 677] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 675] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 673] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 677] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 675] <... mmap resumed>) = 0x7f6220424000 [pid 673] <... futex resumed>) = 0 [pid 677] <... futex resumed>) = 0 [pid 675] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 673] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 677] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 675] <... mprotect resumed>) = 0 [pid 673] <... mmap resumed>) = 0x7f6220424000 [pid 677] <... futex resumed>) = 0 [pid 675] rt_sigprocmask(SIG_BLOCK, ~[], [pid 673] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 677] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 675] <... rt_sigprocmask resumed>[], 8) = 0 [pid 673] <... mprotect resumed>) = 0 [pid 677] <... mmap resumed>) = 0x7f6220424000 [pid 675] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 673] rt_sigprocmask(SIG_BLOCK, ~[], [pid 677] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 673] <... rt_sigprocmask resumed>[], 8) = 0 [pid 677] <... mprotect resumed>) = 0 [pid 675] <... clone3 resumed> => {parent_tid=[681]}, 88) = 681 [pid 673] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 677] rt_sigprocmask(SIG_BLOCK, ~[], [pid 675] rt_sigprocmask(SIG_SETMASK, [], [pid 677] <... rt_sigprocmask resumed>[], 8) = 0 [pid 675] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 673] <... clone3 resumed> => {parent_tid=[682]}, 88) = 682 [pid 677] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 675] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 673] rt_sigprocmask(SIG_SETMASK, [], [pid 675] <... futex resumed>) = 0 [pid 673] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 677] <... clone3 resumed> => {parent_tid=[683]}, 88) = 683 [pid 675] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 673] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 677] rt_sigprocmask(SIG_SETMASK, [], [pid 673] <... futex resumed>) = 0 [pid 677] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 673] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 677] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 677] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 680 attached [pid 680] set_robust_list(0x7f62204659a0, 24) = 0 [pid 680] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 680] memfd_create("syzkaller", 0) = 3 ./strace-static-x86_64: Process 683 attached [pid 683] set_robust_list(0x7f62204449a0, 24 [pid 680] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0./strace-static-x86_64: Process 682 attached [pid 683] <... set_robust_list resumed>) = 0 [pid 680] <... mmap resumed>) = 0x7f6218024000 [pid 683] rt_sigprocmask(SIG_SETMASK, [], [pid 682] set_robust_list(0x7f62204449a0, 24 [pid 683] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 682] <... set_robust_list resumed>) = 0 [pid 299] unlink("./16/bus" [pid 296] umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 683] creat("./bus", 000 [pid 682] rt_sigprocmask(SIG_SETMASK, [], [pid 299] <... unlink resumed>) = 0 [pid 296] <... umount2 resumed>) = 0 [pid 299] umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./16/binderfs", [pid 296] newfstatat(AT_FDCWD, "./14/bus", [pid 299] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] unlink("./16/binderfs" [pid 296] unlink("./14/bus" [pid 683] <... creat resumed>) = 4 [pid 682] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 299] <... unlink resumed>) = 0 [pid 296] <... unlink resumed>) = 0 [pid 299] umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 681 attached ./strace-static-x86_64: Process 679 attached ./strace-static-x86_64: Process 678 attached [pid 683] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 682] creat("./bus", 000 [pid 680] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 674] <... open resumed>) = 6 [pid 672] <... ioctl resumed>) = 0 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 681] set_robust_list(0x7f62204449a0, 24 [pid 679] set_robust_list(0x7f62204659a0, 24 [pid 678] set_robust_list(0x7f62204659a0, 24 [pid 674] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 672] close(3 [pid 683] <... futex resumed>) = 1 [pid 677] <... futex resumed>) = 0 [pid 296] newfstatat(AT_FDCWD, "./14/binderfs", [pid 681] <... set_robust_list resumed>) = 0 [pid 679] <... set_robust_list resumed>) = 0 [pid 678] <... set_robust_list resumed>) = 0 [pid 677] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 674] <... futex resumed>) = 1 [pid 672] <... close resumed>) = 0 [pid 666] <... futex resumed>) = 0 [pid 683] mount("/dev/loop5", "./bus", NULL, MS_BIND, NULL [pid 681] rt_sigprocmask(SIG_SETMASK, [], [pid 679] rt_sigprocmask(SIG_SETMASK, [], [pid 678] rt_sigprocmask(SIG_SETMASK, [], [pid 677] <... futex resumed>) = 0 [pid 674] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 672] mkdir("./file0", 0777 [pid 666] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 677] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 674] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 666] <... futex resumed>) = 0 [pid 296] unlink("./14/binderfs" [pid 674] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 666] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 674] <... socket resumed>) = 3 [pid 296] <... unlink resumed>) = 0 [pid 674] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] getdents64(3, [pid 674] <... futex resumed>) = 1 [pid 666] <... futex resumed>) = 0 [pid 674] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 666] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 681] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 679] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 678] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 674] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 672] <... mkdir resumed>) = 0 [pid 666] <... futex resumed>) = 0 [pid 296] close(3 [pid 683] <... mount resumed>) = 0 [pid 681] creat("./bus", 000 [pid 678] memfd_create("syzkaller", 0 [pid 674] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 6, 0 [pid 666] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 683] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 681] <... creat resumed>) = 4 [pid 679] memfd_create("syzkaller", 0 [pid 678] <... memfd_create resumed>) = 3 [pid 674] <... mmap resumed>) = 0x20000000 [pid 672] mount("/dev/loop2", 0x20000000, 0x200005c0, MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 296] <... close resumed>) = 0 [pid 683] <... futex resumed>) = 1 [pid 682] <... creat resumed>) = 3 [pid 681] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 680] <... write resumed>) = 262144 [pid 679] <... memfd_create resumed>) = 4 [pid 678] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 677] <... futex resumed>) = 0 [pid 674] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 666] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 299] <... umount2 resumed>) = 0 [pid 682] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 680] munmap(0x7f6218024000, 262144 [pid 677] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 666] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 682] <... futex resumed>) = 1 [pid 680] <... munmap resumed>) = 0 [pid 677] <... futex resumed>) = 0 [pid 674] <... futex resumed>) = 0 [pid 673] <... futex resumed>) = 0 [pid 666] <... futex resumed>) = 0 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] rmdir("./14" [pid 682] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 680] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 677] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 673] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] newfstatat(AT_FDCWD, "./16/file0", [pid 682] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 680] <... openat resumed>) = 5 [pid 673] <... futex resumed>) = 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] <... rmdir resumed>) = 0 [pid 682] mount("/dev/loop1", "./bus", NULL, MS_BIND, NULL [pid 680] ioctl(5, LOOP_SET_FD, 3 [pid 673] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] mkdir("./15", 0777 [pid 683] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 682] <... mount resumed>) = 0 [pid 681] <... futex resumed>) = 1 [pid 679] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 678] <... mmap resumed>) = 0x7f6218024000 [pid 296] <... mkdir resumed>) = 0 [pid 681] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 679] <... mmap resumed>) = 0x7f6218024000 [pid 678] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 296] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 679] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 265739 [pid 678] <... write resumed>) = 262144 [pid 296] <... openat resumed>) = 3 [pid 679] <... write resumed>) = 265739 [pid 678] munmap(0x7f6218024000, 262144 [pid 296] ioctl(3, LOOP_CLR_FD [pid 678] <... munmap resumed>) = 0 [pid 296] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 678] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 675] <... futex resumed>) = 0 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] close(3 [pid 682] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 680] <... ioctl resumed>) = 0 [pid 679] munmap(0x7f6218024000, 265739 [pid 675] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 674] memfd_create("syzkaller", 0 [pid 672] <... mount resumed>) = -1 ENOENT (No such file or directory) [pid 299] openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 296] <... close resumed>) = 0 [pid 682] <... futex resumed>) = 1 [pid 680] close(3 [pid 679] <... munmap resumed>) = 0 [pid 675] <... futex resumed>) = 1 [pid 674] <... memfd_create resumed>) = 7 [pid 673] <... futex resumed>) = 0 [pid 672] ioctl(5, LOOP_CLR_FD [pid 299] <... openat resumed>) = 4 [pid 682] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 680] <... close resumed>) = 0 [pid 679] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 675] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 674] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 673] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 672] <... ioctl resumed>) = 0 [pid 299] newfstatat(4, "", [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 682] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 681] <... futex resumed>) = 0 [pid 680] mkdir("./file0", 0777 [pid 679] <... openat resumed>) = 5 [pid 674] <... mmap resumed>) = 0x7f620fc64000 [pid 673] <... futex resumed>) = 0 [pid 672] close(5 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 ./strace-static-x86_64: Process 684 attached [pid 683] <... open resumed>) = 6 [pid 682] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 681] mount("/dev/loop4", "./bus", NULL, MS_BIND, NULL [pid 678] <... openat resumed>) = 5 [pid 684] set_robust_list(0x555556cc76a0, 24 [pid 683] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 682] <... open resumed>) = 6 [pid 681] <... mount resumed>) = 0 [pid 680] <... mkdir resumed>) = 0 [pid 679] ioctl(5, LOOP_SET_FD, 4 [pid 674] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 673] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 672] <... close resumed>) = 0 [pid 299] getdents64(4, [pid 684] <... set_robust_list resumed>) = 0 [pid 683] <... futex resumed>) = 1 [pid 682] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 681] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 680] mount("/dev/loop5", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 678] ioctl(5, LOOP_SET_FD, 3 [pid 296] <... clone resumed>, child_tidptr=0x555556cc7690) = 684 [pid 684] chdir("./15" [pid 683] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 682] <... futex resumed>) = 0 [pid 681] <... futex resumed>) = 1 [pid 679] <... ioctl resumed>) = 0 [pid 677] <... futex resumed>) = 0 [pid 675] <... futex resumed>) = 0 [pid 674] <... write resumed>) = 65536 [pid 673] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 672] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 682] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 679] close(4 [pid 677] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 675] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 674] munmap(0x7f620fc64000, 65536 [pid 673] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 672] <... futex resumed>) = 0 [pid 299] getdents64(4, [pid 682] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 679] <... close resumed>) = 0 [pid 677] <... futex resumed>) = 0 [pid 675] <... futex resumed>) = 0 [pid 674] <... munmap resumed>) = 0 [pid 673] <... futex resumed>) = 0 [pid 672] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 299] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 682] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 679] mkdir("./file0", 0777 [pid 677] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 675] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 674] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 673] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] close(4 [pid 682] <... socket resumed>) = 4 [pid 679] <... mkdir resumed>) = 0 [pid 674] <... openat resumed>) = 5 [pid 299] <... close resumed>) = 0 [pid 684] <... chdir resumed>) = 0 [pid 683] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 682] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 681] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 678] <... ioctl resumed>) = 0 [pid 674] ioctl(5, LOOP_SET_FD, 7 [pid 299] rmdir("./16/file0" [pid 684] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 683] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 682] <... futex resumed>) = 1 [pid 681] <... open resumed>) = 6 [pid 678] close(3 [pid 674] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 673] <... futex resumed>) = 0 [pid 684] <... prctl resumed>) = 0 [pid 683] <... socket resumed>) = 3 [pid 682] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 681] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 678] <... close resumed>) = 0 [pid 674] ioctl(5, LOOP_CLR_FD [pid 673] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... rmdir resumed>) = 0 [pid 684] setpgid(0, 0 [pid 683] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 682] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 681] <... futex resumed>) = 1 [pid 678] mkdir("./file0", 0777 [pid 675] <... futex resumed>) = 0 [pid 674] <... ioctl resumed>) = 0 [pid 673] <... futex resumed>) = 0 [pid 299] getdents64(3, [pid 679] mount("/dev/loop1", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 684] <... setpgid resumed>) = 0 [pid 683] <... futex resumed>) = 1 [pid 682] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 6, 0 [pid 681] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 677] <... futex resumed>) = 0 [pid 675] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 673] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 678] <... mkdir resumed>) = 0 [pid 299] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 684] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 683] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 682] <... mmap resumed>) = 0x20000000 [pid 681] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 678] mount("/dev/loop4", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 677] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 675] <... futex resumed>) = 0 [pid 299] close(3 [pid 684] <... openat resumed>) = 3 [pid 683] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 682] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 681] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 677] <... futex resumed>) = 0 [pid 675] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] <... close resumed>) = 0 [pid 684] write(3, "1000", 4 [pid 683] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 6, 0 [pid 682] <... futex resumed>) = 1 [pid 681] <... socket resumed>) = 3 [pid 677] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 673] <... futex resumed>) = 0 [pid 299] rmdir("./16" [pid 684] <... write resumed>) = 4 [pid 683] <... mmap resumed>) = 0x20000000 [pid 682] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 681] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 674] ioctl(5, LOOP_SET_FD, 7 [pid 673] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 684] close(3 [pid 683] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 681] <... futex resumed>) = 1 [pid 684] <... close resumed>) = 0 [pid 683] <... futex resumed>) = 1 [pid 682] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 681] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 677] <... futex resumed>) = 0 [pid 675] <... futex resumed>) = 0 [pid 674] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 673] <... futex resumed>) = 0 [pid 299] <... rmdir resumed>) = 0 [pid 684] symlink("/dev/binderfs", "./binderfs" [pid 683] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 682] memfd_create("syzkaller", 0 [pid 677] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 675] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 674] close(5 [pid 299] mkdir("./17", 0777 [pid 684] <... symlink resumed>) = 0 [pid 683] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 682] <... memfd_create resumed>) = 7 [pid 681] <... futex resumed>) = 0 [pid 677] <... futex resumed>) = 0 [ 26.506570][ T672] loop2: detected capacity change from 0 to 512 [ 26.523163][ T680] loop5: detected capacity change from 0 to 512 [ 26.537941][ T679] loop1: detected capacity change from 0 to 519 [ 26.542184][ T678] loop4: detected capacity change from 0 to 512 [pid 675] <... futex resumed>) = 1 [pid 674] <... close resumed>) = 0 [pid 299] <... mkdir resumed>) = 0 [pid 684] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 683] memfd_create("syzkaller", 0 [pid 682] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 681] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 6, 0 [pid 675] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 684] <... futex resumed>) = 0 [pid 683] <... memfd_create resumed>) = 7 [pid 681] <... mmap resumed>) = 0x20000000 [pid 684] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 683] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 681] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 684] <... rt_sigaction resumed>NULL, 8) = 0 [pid 683] <... mmap resumed>) = 0x7f620fc64000 [pid 681] <... futex resumed>) = 0 [pid 684] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 683] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 681] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 684] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 683] <... write resumed>) = 65536 [pid 684] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 683] munmap(0x7f620fc64000, 65536 [pid 684] <... mmap resumed>) = 0x7f6220445000 [pid 683] <... munmap resumed>) = 0 [pid 684] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 683] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 684] <... mprotect resumed>) = 0 [pid 683] <... openat resumed>) = 8 [pid 684] rt_sigprocmask(SIG_BLOCK, ~[], [pid 683] ioctl(8, LOOP_SET_FD, 7 [pid 684] <... rt_sigprocmask resumed>[], 8) = 0 [pid 683] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 684] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 683] ioctl(8, LOOP_CLR_FD) = 0 [pid 684] <... clone3 resumed> => {parent_tid=[686]}, 88) = 686 [pid 684] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 684] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 684] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 684] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220424000 [pid 684] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 684] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 684] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} => {parent_tid=[687]}, 88) = 687 [pid 684] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 684] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 683] ioctl(8, LOOP_SET_FD, 7 [pid 684] <... futex resumed>) = 0 [pid 683] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 684] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 683] close(8) = 0 [pid 683] close(7) = 0 [pid 683] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 683] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 687 attached [pid 687] set_robust_list(0x7f62204449a0, 24) = 0 [pid 687] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 687] creat("./bus", 000 [pid 682] <... mmap resumed>) = 0x7f620fc65000 [pid 675] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 674] close(7 [pid 299] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 687] <... creat resumed>) = 3 [pid 687] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 684] <... futex resumed>) = 0 [pid 684] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 684] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 687] <... futex resumed>) = 1 [pid 687] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 687] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 684] <... futex resumed>) = 0 [pid 684] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 684] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 687] <... futex resumed>) = 1 [pid 687] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 4 [pid 687] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 684] <... futex resumed>) = 0 [pid 684] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 687] <... futex resumed>) = 1 [pid 684] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 687] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE) = 5 [pid 687] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 684] <... futex resumed>) = 0 [pid 687] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 4, 0 [pid 684] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 687] <... mmap resumed>) = 0x20000000 [pid 684] <... futex resumed>) = 0 [pid 687] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 684] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 687] <... futex resumed>) = 0 [pid 684] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 687] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000144} --- [pid 684] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = ? [pid 682] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 675] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 674] <... close resumed>) = 0 [pid 675] <... futex resumed>) = 1 [pid 299] <... openat resumed>) = 3 [pid 299] ioctl(3, LOOP_CLR_FD [pid 674] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 681] <... futex resumed>) = 0 [pid 682] <... write resumed>) = 65536 [pid 681] memfd_create("syzkaller", 0 [pid 682] munmap(0x7f620fc65000, 65536 [pid 674] <... futex resumed>) = 0 [pid 299] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 682] <... munmap resumed>) = 0 [pid 681] <... memfd_create resumed>) = 7 [pid 299] close(3 [pid 674] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 682] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 299] <... close resumed>) = 0 [pid 682] <... openat resumed>) = 8 [pid 681] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 681] <... mmap resumed>) = 0x7f620fc64000 [pid 681] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536) = 65536 [pid 681] munmap(0x7f620fc64000, 65536) = 0 [pid 681] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 8 [pid 681] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy) [pid 681] ioctl(8, LOOP_CLR_FD) = 0 [pid 666] exit_group(0) = ? [pid 679] <... mount resumed>) = -1 EBADMSG (Bad message) [pid 679] ioctl(5, LOOP_CLR_FD) = 0 [pid 679] close(5 [pid 681] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy) [pid 681] close(8) = 0 [pid 681] close(7) = 0 [pid 681] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 681] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 679] <... close resumed>) = 0 [pid 679] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 679] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 686 attached ./strace-static-x86_64: Process 691 attached [pid 682] ioctl(8, LOOP_SET_FD, 7 [pid 674] <... futex resumed>) = ? [pid 672] <... futex resumed>) = ? [ 26.557959][ T679] EXT4-fs warning (device loop1): read_mmp_block:115: Error -74 while reading MMP block 12 [ 26.571866][ T685] EXT4-fs warning (device loop5): kmmpd:170: kmmpd being stopped since MMP feature has been disabled. [ 26.574303][ T680] EXT4-fs (loop5): revision level too high, forcing read-only mode [ 26.592328][ T689] EXT4-fs warning (device loop4): kmmpd:170: kmmpd being stopped since MMP feature has been disabled. [pid 691] set_robust_list(0x555556cc76a0, 24 [pid 682] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 674] +++ exited with 0 +++ [pid 299] <... clone resumed>, child_tidptr=0x555556cc7690) = 691 [pid 691] <... set_robust_list resumed>) = 0 [pid 682] ioctl(8, LOOP_CLR_FD [pid 691] chdir("./17" [pid 682] <... ioctl resumed>) = 0 [pid 691] <... chdir resumed>) = 0 [pid 691] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 691] setpgid(0, 0) = 0 [pid 691] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 691] write(3, "1000", 4) = 4 [pid 691] close(3 [pid 682] ioctl(8, LOOP_SET_FD, 7 [pid 691] <... close resumed>) = 0 [pid 682] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 691] symlink("/dev/binderfs", "./binderfs" [pid 682] close(8 [pid 691] <... symlink resumed>) = 0 [pid 682] <... close resumed>) = 0 [pid 691] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 682] close(7 [pid 691] <... futex resumed>) = 0 [pid 682] <... close resumed>) = 0 [pid 691] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 682] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 691] <... rt_sigaction resumed>NULL, 8) = 0 [pid 682] <... futex resumed>) = 0 [pid 691] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 682] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 691] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 691] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220445000 [pid 691] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 673] exit_group(0 [pid 691] <... mprotect resumed>) = 0 [pid 682] <... futex resumed>) = ? [pid 679] <... futex resumed>) = ? [pid 673] <... exit_group resumed>) = ? [pid 691] rt_sigprocmask(SIG_BLOCK, ~[], [pid 686] +++ killed by SIGBUS +++ [pid 682] +++ exited with 0 +++ [pid 679] +++ exited with 0 +++ [pid 673] +++ exited with 0 +++ [pid 691] <... rt_sigprocmask resumed>[], 8) = 0 [pid 687] +++ killed by SIGBUS +++ [pid 684] +++ killed by SIGBUS +++ [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=673, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 691] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=684, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 691] <... clone3 resumed> => {parent_tid=[692]}, 88) = 692 [pid 297] umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW [pid 691] rt_sigprocmask(SIG_SETMASK, [], [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 691] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 297] openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 296] openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 691] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... openat resumed>) = 3 [pid 296] <... openat resumed>) = 3 [pid 691] <... futex resumed>) = 0 [pid 297] newfstatat(3, "", [pid 296] newfstatat(3, "", [pid 691] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 691] <... futex resumed>) = 0 [pid 297] getdents64(3, [pid 296] getdents64(3, [pid 691] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 297] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 296] <... getdents64 resumed>0x555556cc8730 /* 4 entries */, 32768) = 104 [pid 691] <... mmap resumed>) = 0x7f6220424000 [pid 297] umount2("./18/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] umount2("./15/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 691] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 691] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 691] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} => {parent_tid=[693]}, 88) = 693 [pid 691] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 691] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 691] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 693 attached [pid 693] set_robust_list(0x7f62204449a0, 24) = 0 [pid 693] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 693] creat("./bus", 000) = 3 ./strace-static-x86_64: Process 692 attached [pid 692] set_robust_list(0x7f62204659a0, 24) = 0 [pid 692] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 692] memfd_create("syzkaller", 0 [pid 693] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 691] <... futex resumed>) = 0 [pid 691] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 691] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 693] <... futex resumed>) = 1 [pid 693] mount("/dev/loop3", "./bus", NULL, MS_BIND, NULL) = 0 [pid 297] <... umount2 resumed>) = 0 [pid 296] <... umount2 resumed>) = 0 [pid 297] umount2("./18/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] umount2("./15/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./18/bus", [pid 296] newfstatat(AT_FDCWD, "./15/bus", [pid 297] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] unlink("./18/bus" [pid 296] unlink("./15/bus" [pid 297] <... unlink resumed>) = 0 [pid 296] <... unlink resumed>) = 0 [pid 297] umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./18/binderfs", [pid 296] newfstatat(AT_FDCWD, "./15/binderfs", [pid 297] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] unlink("./18/binderfs" [pid 296] unlink("./15/binderfs" [pid 297] <... unlink resumed>) = 0 [pid 296] <... unlink resumed>) = 0 [pid 297] umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] getdents64(3, [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 297] newfstatat(AT_FDCWD, "./18/file0", [pid 296] close(3 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] <... close resumed>) = 0 [pid 297] umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] rmdir("./15" [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... rmdir resumed>) = 0 [pid 297] openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 296] mkdir("./16", 0777 [pid 297] <... openat resumed>) = 4 [pid 296] <... mkdir resumed>) = 0 [pid 297] newfstatat(4, "", [pid 296] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 693] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 692] <... memfd_create resumed>) = 4 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] <... openat resumed>) = 3 [pid 693] <... futex resumed>) = 1 [pid 692] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 691] <... futex resumed>) = 0 [pid 297] getdents64(4, [pid 296] ioctl(3, LOOP_CLR_FD [pid 693] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 692] <... mmap resumed>) = 0x7f6218024000 [pid 691] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 296] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 693] <... open resumed>) = 5 [pid 692] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 264966 [pid 691] <... futex resumed>) = 0 [ 26.604231][ T680] EXT4-fs error (device loop5): ext4_init_orphan_info:586: comm syz-executor172: inode #0: comm syz-executor172: iget: illegal inode # [ 26.618148][ T678] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 26.626577][ T678] EXT4-fs error (device loop4): ext4_init_orphan_info:586: comm syz-executor172: inode #0: comm syz-executor172: iget: illegal inode # [ 26.644255][ T680] EXT4-fs (loop5): get orphan inode failed [ 26.650369][ T680] EXT4-fs (loop5): mount failed [pid 297] getdents64(4, [pid 296] close(3 [pid 693] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 691] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 680] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 297] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 296] <... close resumed>) = 0 [pid 693] <... futex resumed>) = 0 [pid 691] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 297] close(4 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 693] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 691] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... close resumed>) = 0 [pid 693] <... socket resumed>) = 6 [pid 691] <... futex resumed>) = 0 [pid 680] ioctl(5, LOOP_CLR_FD [pid 297] rmdir("./18/file0" [pid 296] <... clone resumed>, child_tidptr=0x555556cc7690) = 694 [pid 693] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 691] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] <... rmdir resumed>) = 0 [pid 693] <... futex resumed>) = 0 [pid 691] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 297] getdents64(3, [pid 693] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 692] <... write resumed>) = 264966 [pid 691] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 693] <... mmap resumed>) = 0x20000000 [pid 691] <... futex resumed>) = 0 [pid 297] close(3 [pid 693] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 691] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] <... close resumed>) = 0 [pid 693] <... futex resumed>) = 0 [pid 691] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 297] rmdir("./18" [pid 693] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000144} --- [pid 692] rmdir("./17" [pid 691] rmdir("./17" [pid 297] <... rmdir resumed>) = 0 [pid 692] +++ killed by SIGBUS +++ [pid 680] <... ioctl resumed>) = 0 [pid 297] mkdir("./19", 0777./strace-static-x86_64: Process 694 attached [pid 693] +++ killed by SIGBUS +++ [pid 691] +++ killed by SIGBUS +++ [pid 680] close(5 [pid 678] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 672] +++ exited with 0 +++ [pid 666] +++ exited with 0 +++ [pid 694] set_robust_list(0x555556cc76a0, 24 [pid 680] <... close resumed>) = 0 [pid 678] ioctl(5, LOOP_CLR_FD [pid 297] <... mkdir resumed>) = 0 [pid 694] <... set_robust_list resumed>) = 0 [pid 680] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 678] <... ioctl resumed>) = 0 [pid 694] chdir("./16" [pid 680] <... futex resumed>) = 0 [pid 678] close(5 [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=691, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=666, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 297] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 694] <... chdir resumed>) = 0 [pid 680] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 678] <... close resumed>) = 0 [pid 677] exit_group(0 [pid 694] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 683] <... futex resumed>) = ? [pid 680] <... futex resumed>) = ? [pid 678] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 677] <... exit_group resumed>) = ? [pid 299] umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] <... openat resumed>) = 3 [pid 694] <... prctl resumed>) = 0 [pid 683] +++ exited with 0 +++ [pid 680] +++ exited with 0 +++ [pid 678] <... futex resumed>) = 0 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] ioctl(3, LOOP_CLR_FD [pid 694] setpgid(0, 0 [pid 678] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 675] exit_group(0 [pid 694] <... setpgid resumed>) = 0 [pid 681] <... futex resumed>) = ? [pid 678] <... futex resumed>) = ? [pid 675] <... exit_group resumed>) = ? [pid 299] openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 298] openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 297] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 694] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 681] +++ exited with 0 +++ [pid 678] +++ exited with 0 +++ [pid 299] <... openat resumed>) = 3 [pid 298] <... openat resumed>) = 3 [pid 297] close(3 [pid 694] <... openat resumed>) = 3 [pid 299] newfstatat(3, "", [pid 298] newfstatat(3, "", [pid 694] write(3, "1000", 4 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] <... close resumed>) = 0 [pid 694] <... write resumed>) = 4 [pid 299] getdents64(3, [pid 298] getdents64(3, [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 695 attached [pid 694] close(3 [pid 299] <... getdents64 resumed>0x555556cc8730 /* 4 entries */, 32768) = 104 [pid 298] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 694] <... close resumed>) = 0 [pid 299] umount2("./17/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] umount2("./15/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] <... clone resumed>, child_tidptr=0x555556cc7690) = 695 [pid 695] set_robust_list(0x555556cc76a0, 24 [pid 694] symlink("/dev/binderfs", "./binderfs" [pid 299] <... umount2 resumed>) = 0 [pid 298] <... umount2 resumed>) = 0 [pid 299] umount2("./17/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] umount2("./15/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 694] <... symlink resumed>) = 0 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 694] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] newfstatat(AT_FDCWD, "./17/bus", [pid 298] newfstatat(AT_FDCWD, "./15/bus", [pid 694] <... futex resumed>) = 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 694] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 299] unlink("./17/bus" [pid 298] unlink("./15/bus" [pid 695] <... set_robust_list resumed>) = 0 [pid 694] <... rt_sigaction resumed>NULL, 8) = 0 [pid 299] <... unlink resumed>) = 0 [pid 298] <... unlink resumed>) = 0 [pid 695] chdir("./19" [pid 694] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 299] umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 695] <... chdir resumed>) = 0 [pid 694] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 694] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 299] newfstatat(AT_FDCWD, "./17/binderfs", [pid 298] newfstatat(AT_FDCWD, "./15/binderfs", [pid 694] <... mmap resumed>) = 0x7f6220445000 [pid 299] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 694] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 299] unlink("./17/binderfs" [pid 298] unlink("./15/binderfs" [pid 695] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 694] <... mprotect resumed>) = 0 [pid 299] <... unlink resumed>) = 0 [pid 298] <... unlink resumed>) = 0 [pid 695] <... prctl resumed>) = 0 [pid 299] getdents64(3, [pid 694] rt_sigprocmask(SIG_BLOCK, ~[], [pid 298] umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 695] setpgid(0, 0 [pid 694] <... rt_sigprocmask resumed>[], 8) = 0 [pid 299] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 695] <... setpgid resumed>) = 0 [pid 694] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 299] close(3 [pid 298] newfstatat(AT_FDCWD, "./15/file0", [pid 299] <... close resumed>) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 695] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 694] <... clone3 resumed> => {parent_tid=[696]}, 88) = 696 [pid 299] rmdir("./17" [pid 298] umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 695] <... openat resumed>) = 3 [pid 694] rt_sigprocmask(SIG_SETMASK, [], [pid 299] <... rmdir resumed>) = 0 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 695] write(3, "1000", 4 [pid 694] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 299] mkdir("./18", 0777 [pid 298] openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 695] <... write resumed>) = 4 [pid 694] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... mkdir resumed>) = 0 [pid 298] <... openat resumed>) = 4 [pid 695] close(3 [pid 694] <... futex resumed>) = 0 [pid 299] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 298] newfstatat(4, "", [pid 695] <... close resumed>) = 0 [pid 694] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... openat resumed>) = 3 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 695] symlink("/dev/binderfs", "./binderfs" [pid 694] <... futex resumed>) = 0 [pid 299] ioctl(3, LOOP_CLR_FD [pid 298] getdents64(4, [pid 695] <... symlink resumed>) = 0 [pid 694] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 299] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 298] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 695] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 694] <... mmap resumed>) = 0x7f6220424000 [pid 299] close(3 [pid 298] getdents64(4, [pid 695] <... futex resumed>) = 0 [pid 694] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 299] <... close resumed>) = 0 [pid 298] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 695] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 694] <... mprotect resumed>) = 0 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 298] close(4./strace-static-x86_64: Process 697 attached [pid 695] <... rt_sigaction resumed>NULL, 8) = 0 [pid 694] rt_sigprocmask(SIG_BLOCK, ~[], [pid 298] <... close resumed>) = 0 [pid 695] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 694] <... rt_sigprocmask resumed>[], 8) = 0 [pid 299] <... clone resumed>, child_tidptr=0x555556cc7690) = 697 [pid 298] rmdir("./15/file0" [pid 697] set_robust_list(0x555556cc76a0, 24 [pid 695] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 694] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 298] <... rmdir resumed>) = 0 [pid 695] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 298] getdents64(3, [pid 695] <... mmap resumed>) = 0x7f6220445000 [pid 694] <... clone3 resumed> => {parent_tid=[698]}, 88) = 698 [pid 298] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 697] <... set_robust_list resumed>) = 0 ./strace-static-x86_64: Process 698 attached ./strace-static-x86_64: Process 696 attached [pid 695] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 298] close(3 [pid 696] set_robust_list(0x7f62204659a0, 24 [pid 298] <... close resumed>) = 0 [pid 696] <... set_robust_list resumed>) = 0 [pid 298] rmdir("./15" [pid 698] set_robust_list(0x7f62204449a0, 24 [pid 697] chdir("./18" [pid 696] rt_sigprocmask(SIG_SETMASK, [], [pid 695] <... mprotect resumed>) = 0 [pid 694] rt_sigprocmask(SIG_SETMASK, [], [pid 298] <... rmdir resumed>) = 0 [pid 696] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 298] mkdir("./16", 0777 [pid 698] <... set_robust_list resumed>) = 0 [pid 697] <... chdir resumed>) = 0 [pid 696] memfd_create("syzkaller", 0 [pid 695] rt_sigprocmask(SIG_BLOCK, ~[], [pid 694] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 298] <... mkdir resumed>) = 0 [pid 696] <... memfd_create resumed>) = 3 [pid 298] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 696] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 695] <... rt_sigprocmask resumed>[], 8) = 0 [pid 694] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... openat resumed>) = 3 [pid 698] rt_sigprocmask(SIG_SETMASK, [], [pid 697] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 696] <... mmap resumed>) = 0x7f6218024000 [pid 695] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 694] <... futex resumed>) = 0 [pid 298] ioctl(3, LOOP_CLR_FD [pid 698] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 697] <... prctl resumed>) = 0 [pid 696] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 694] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 698] creat("./bus", 000 [pid 697] setpgid(0, 0 [pid 696] <... write resumed>) = 262144 [pid 695] <... clone3 resumed> => {parent_tid=[699]}, 88) = 699 [pid 298] close(3 [pid 696] munmap(0x7f6218024000, 262144 [pid 695] rt_sigprocmask(SIG_SETMASK, [], [pid 298] <... close resumed>) = 0 [pid 697] <... setpgid resumed>) = 0 [pid 696] <... munmap resumed>) = 0 [pid 695] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 698] <... creat resumed>) = 4 [pid 697] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 696] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 695] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 696] <... openat resumed>) = 5 [pid 298] <... clone resumed>, child_tidptr=0x555556cc7690) = 700 ./strace-static-x86_64: Process 700 attached ./strace-static-x86_64: Process 699 attached [pid 696] ioctl(5, LOOP_SET_FD, 3 [pid 677] +++ exited with 0 +++ [pid 698] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 697] <... openat resumed>) = 3 [pid 695] <... futex resumed>) = 0 [pid 675] +++ exited with 0 +++ [pid 700] set_robust_list(0x555556cc76a0, 24 [pid 699] set_robust_list(0x7f62204659a0, 24 [pid 698] <... futex resumed>) = 1 [pid 697] write(3, "1000", 4 [pid 695] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 694] <... futex resumed>) = 0 [pid 301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=677, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- [pid 300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=675, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- [pid 700] <... set_robust_list resumed>) = 0 [pid 699] <... set_robust_list resumed>) = 0 [ 26.655719][ T678] EXT4-fs (loop4): get orphan inode failed [ 26.661838][ T678] EXT4-fs (loop4): mount failed [pid 698] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 697] <... write resumed>) = 4 [pid 695] <... futex resumed>) = 0 [pid 694] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 700] chdir("./16" [pid 699] rt_sigprocmask(SIG_SETMASK, [], [pid 698] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 697] close(3 [pid 695] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 694] <... futex resumed>) = 0 [pid 700] <... chdir resumed>) = 0 [pid 699] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 698] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 697] <... close resumed>) = 0 [pid 695] <... mmap resumed>) = 0x7f6220424000 [pid 694] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW [pid 700] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 699] memfd_create("syzkaller", 0 [pid 698] <... mount resumed>) = 0 [pid 697] symlink("/dev/binderfs", "./binderfs" [pid 695] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 700] <... prctl resumed>) = 0 [pid 699] <... memfd_create resumed>) = 3 [pid 698] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 697] <... symlink resumed>) = 0 [pid 695] <... mprotect resumed>) = 0 [pid 301] openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 300] openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 700] setpgid(0, 0 [pid 699] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 698] <... futex resumed>) = 1 [pid 697] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 695] rt_sigprocmask(SIG_BLOCK, ~[], [pid 694] <... futex resumed>) = 0 [pid 301] <... openat resumed>) = 3 [pid 300] <... openat resumed>) = 3 [pid 700] <... setpgid resumed>) = 0 [pid 699] <... mmap resumed>) = 0x7f6218024000 [pid 698] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 697] <... futex resumed>) = 0 [pid 696] <... ioctl resumed>) = 0 [pid 695] <... rt_sigprocmask resumed>[], 8) = 0 [pid 694] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] newfstatat(3, "", [pid 300] newfstatat(3, "", [pid 700] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 699] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 698] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 697] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 695] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 694] <... futex resumed>) = 0 [pid 301] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 300] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 700] <... openat resumed>) = 3 [pid 699] <... write resumed>) = 262144 [pid 698] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 697] <... rt_sigaction resumed>NULL, 8) = 0 [pid 696] close(3 [pid 694] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] getdents64(3, [pid 300] getdents64(3, [pid 700] write(3, "1000", 4 [pid 699] munmap(0x7f6218024000, 262144 [pid 698] <... open resumed>) = 6 [pid 697] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 696] <... close resumed>) = 0 [pid 695] <... clone3 resumed> => {parent_tid=[701]}, 88) = 701 [pid 301] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 300] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 700] <... write resumed>) = 4 [pid 699] <... munmap resumed>) = 0 [pid 698] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 697] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 696] mkdir("./file0", 0777 [pid 695] rt_sigprocmask(SIG_SETMASK, [], [pid 301] umount2("./16/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] umount2("./17/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 700] close(3 [pid 699] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 698] <... futex resumed>) = 1 [pid 697] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 696] <... mkdir resumed>) = 0 [pid 695] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 694] <... futex resumed>) = 0 [pid 301] <... umount2 resumed>) = 0 [pid 300] <... umount2 resumed>) = 0 [pid 700] <... close resumed>) = 0 [pid 699] <... openat resumed>) = 4 [pid 698] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 697] <... mmap resumed>) = 0x7f6220445000 [pid 695] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 694] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] umount2("./16/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] umount2("./17/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 700] symlink("/dev/binderfs", "./binderfs" [pid 699] ioctl(4, LOOP_SET_FD, 3 [pid 698] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 697] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 695] <... futex resumed>) = 0 [pid 694] <... futex resumed>) = 0 [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 701 attached [pid 700] <... symlink resumed>) = 0 [pid 696] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 701] set_robust_list(0x7f62204449a0, 24 [pid 700] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 698] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 697] <... mprotect resumed>) = 0 [pid 695] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 694] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] newfstatat(AT_FDCWD, "./16/bus", [pid 300] newfstatat(AT_FDCWD, "./17/bus", [pid 701] <... set_robust_list resumed>) = 0 [pid 698] <... socket resumed>) = 3 [pid 697] rt_sigprocmask(SIG_BLOCK, ~[], [pid 301] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 300] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 700] <... futex resumed>) = 0 [pid 699] <... ioctl resumed>) = 0 [pid 698] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 697] <... rt_sigprocmask resumed>[], 8) = 0 [pid 301] unlink("./16/bus" [pid 300] unlink("./17/bus" [pid 700] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 699] close(3 [pid 698] <... futex resumed>) = 1 [pid 697] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 694] <... futex resumed>) = 0 [pid 301] <... unlink resumed>) = 0 [pid 300] <... unlink resumed>) = 0 ./strace-static-x86_64: Process 702 attached [pid 701] rt_sigprocmask(SIG_SETMASK, [], [pid 700] <... rt_sigaction resumed>NULL, 8) = 0 [pid 699] <... close resumed>) = 0 [pid 698] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 702] set_robust_list(0x7f62204659a0, 24 [pid 701] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 702] <... set_robust_list resumed>) = 0 [pid 701] creat("./bus", 000 [pid 702] rt_sigprocmask(SIG_SETMASK, [], [pid 701] <... creat resumed>) = 3 [pid 702] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 701] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 702] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 701] <... futex resumed>) = 1 [pid 695] <... futex resumed>) = 0 [pid 694] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 701] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 700] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 698] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 697] <... clone3 resumed> => {parent_tid=[702]}, 88) = 702 [pid 695] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 694] <... futex resumed>) = 0 [pid 301] umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 701] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 700] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 698] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 6, 0 [pid 697] rt_sigprocmask(SIG_SETMASK, [], [pid 695] <... futex resumed>) = 0 [pid 694] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 701] mount("/dev/loop1", "./bus", NULL, MS_BIND, NULL [pid 700] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 699] mkdir("./file0", 0777 [pid 698] <... mmap resumed>) = 0x20000000 [pid 697] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 695] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] newfstatat(AT_FDCWD, "./16/binderfs", [pid 300] newfstatat(AT_FDCWD, "./17/binderfs", [pid 701] <... mount resumed>) = 0 [pid 700] <... mmap resumed>) = 0x7f6220445000 [pid 698] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 697] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 300] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 701] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 695] <... futex resumed>) = 0 [pid 702] <... futex resumed>) = 0 [pid 701] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 700] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 698] <... futex resumed>) = 1 [pid 697] <... futex resumed>) = 1 [pid 695] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 694] <... futex resumed>) = 0 [pid 301] unlink("./16/binderfs" [pid 300] unlink("./17/binderfs" [pid 702] memfd_create("syzkaller", 0 [pid 701] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 695] <... futex resumed>) = 0 [pid 702] <... memfd_create resumed>) = 3 [pid 701] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 695] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 702] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 701] <... open resumed>) = 5 [pid 702] <... mmap resumed>) = 0x7f6218045000 [pid 701] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 702] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 701] <... futex resumed>) = 1 [pid 695] <... futex resumed>) = 0 [pid 702] <... write resumed>) = 262144 [pid 701] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 695] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 702] munmap(0x7f6218045000, 262144 [pid 701] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 695] <... futex resumed>) = 0 [pid 702] <... munmap resumed>) = 0 [pid 701] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 695] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 702] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 701] <... socket resumed>) = 6 [pid 702] <... openat resumed>) = 4 [pid 701] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 702] ioctl(4, LOOP_SET_FD, 3 [pid 701] <... futex resumed>) = 1 [ 26.709934][ T696] loop0: detected capacity change from 0 to 512 [ 26.729151][ T699] loop1: detected capacity change from 0 to 512 [ 26.745717][ T696] EXT4-fs (loop0): mounted filesystem without journal. Opts: nodiscard,barrier,nouid32,grpquota,,errors=continue. Quota mode: writeback. [pid 695] <... futex resumed>) = 0 [pid 701] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 700] <... mprotect resumed>) = 0 [pid 699] <... mkdir resumed>) = 0 [pid 698] memfd_create("syzkaller", 0 [pid 697] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 695] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 694] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] <... unlink resumed>) = 0 [pid 300] <... unlink resumed>) = 0 [pid 701] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 695] <... futex resumed>) = 0 [pid 701] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 695] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 701] <... mmap resumed>) = 0x20000000 [pid 701] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 695] <... futex resumed>) = 0 [pid 701] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 695] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 701] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 695] <... futex resumed>) = 0 [pid 701] memfd_create("syzkaller", 0) = 7 [pid 701] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f620fc64000 [pid 701] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536) = 65536 [pid 701] munmap(0x7f620fc64000, 65536) = 0 [pid 701] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 8 [pid 701] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy) [pid 701] ioctl(8, LOOP_CLR_FD) = 0 [pid 702] <... ioctl resumed>) = 0 [pid 702] close(3) = 0 [pid 702] mkdir("./file0", 0777 [pid 701] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy) [pid 701] close(8) = 0 [pid 702] <... mkdir resumed>) = 0 [pid 701] close(7 [pid 700] rt_sigprocmask(SIG_BLOCK, ~[], [pid 699] mount("/dev/loop1", 0x20000000, 0x200005c0, MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"... [pid 698] <... memfd_create resumed>) = 7 [pid 697] <... futex resumed>) = 0 [pid 694] <... futex resumed>) = 0 [pid 301] umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 700] <... rt_sigprocmask resumed>[], 8) = 0 [pid 699] <... mount resumed>) = -1 ENOENT (No such file or directory) [pid 698] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 697] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 700] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 699] ioctl(4, LOOP_CLR_FD [pid 698] <... mmap resumed>) = 0x7f620fc64000 [pid 697] <... mmap resumed>) = 0x7f6218064000 [pid 301] newfstatat(AT_FDCWD, "./16/file0", [pid 300] newfstatat(AT_FDCWD, "./17/file0", ./strace-static-x86_64: Process 705 attached [pid 701] <... close resumed>) = 0 [pid 699] <... ioctl resumed>) = 0 [pid 698] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 697] mprotect(0x7f6218065000, 131072, PROT_READ|PROT_WRITE [pid 301] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 300] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 705] set_robust_list(0x7f62204659a0, 24 [pid 702] mount("/dev/loop3", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 701] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 700] <... clone3 resumed> => {parent_tid=[705]}, 88) = 705 [pid 699] close(4 [pid 698] <... write resumed>) = 65536 [pid 697] <... mprotect resumed>) = 0 [pid 696] <... mount resumed>) = 0 [pid 301] umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 700] rt_sigprocmask(SIG_SETMASK, [], [pid 699] <... close resumed>) = 0 [pid 698] munmap(0x7f620fc64000, 65536 [pid 697] rt_sigprocmask(SIG_BLOCK, ~[], [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 705] <... set_robust_list resumed>) = 0 [pid 701] <... futex resumed>) = 0 [pid 700] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 699] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 698] <... munmap resumed>) = 0 [pid 697] <... rt_sigprocmask resumed>[], 8) = 0 [pid 301] openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 300] openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 700] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 699] <... futex resumed>) = 0 [pid 698] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 697] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6218084990, parent_tid=0x7f6218084990, exit_signal=0, stack=0x7f6218064000, stack_size=0x20300, tls=0x7f62180846c0} [pid 301] <... openat resumed>) = 4 [pid 300] <... openat resumed>) = 4 [pid 700] <... futex resumed>) = 0 [pid 699] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 698] <... openat resumed>) = 8 [pid 301] newfstatat(4, "", [pid 300] newfstatat(4, "", [pid 700] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 698] ioctl(8, LOOP_SET_FD, 7 [pid 697] <... clone3 resumed> => {parent_tid=[706]}, 88) = 706 [pid 301] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 300] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 700] <... futex resumed>) = 0 [pid 698] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 697] rt_sigprocmask(SIG_SETMASK, [], [pid 301] getdents64(4, [pid 300] getdents64(4, [pid 700] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 698] ioctl(8, LOOP_CLR_FD [pid 697] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 301] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 300] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 700] <... mmap resumed>) = 0x7f6220424000 [pid 698] <... ioctl resumed>) = 0 [pid 697] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] getdents64(4, [pid 300] getdents64(4, [pid 700] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 697] <... futex resumed>) = 0 [pid 301] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 300] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 700] <... mprotect resumed>) = 0 [pid 697] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] close(4 [pid 300] close(4 [pid 700] rt_sigprocmask(SIG_BLOCK, ~[], [pid 301] <... close resumed>) = 0 [pid 300] <... close resumed>) = 0 [pid 700] <... rt_sigprocmask resumed>[], 8) = 0 [pid 301] rmdir("./16/file0" [pid 300] rmdir("./17/file0" [pid 700] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 301] <... rmdir resumed>) = 0 [pid 300] <... rmdir resumed>) = 0 [pid 698] ioctl(8, LOOP_SET_FD, 7 [pid 301] getdents64(3, [pid 300] getdents64(3, [pid 700] <... clone3 resumed> => {parent_tid=[707]}, 88) = 707 [pid 698] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 301] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 300] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 700] rt_sigprocmask(SIG_SETMASK, [], [pid 698] close(8 [pid 301] close(3 [pid 300] close(3 [pid 700] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 698] <... close resumed>) = 0 [pid 301] <... close resumed>) = 0 [pid 300] <... close resumed>) = 0 [pid 700] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 698] close(7 [pid 301] rmdir("./16" [pid 300] rmdir("./17" [pid 705] rt_sigprocmask(SIG_SETMASK, [], [pid 701] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 700] <... futex resumed>) = 0 [pid 698] <... close resumed>) = 0 [pid 695] exit_group(0 [pid 301] <... rmdir resumed>) = 0 [pid 300] <... rmdir resumed>) = 0 [pid 705] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 700] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 698] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] mkdir("./17", 0777 [pid 300] mkdir("./18", 0777 [pid 705] memfd_create("syzkaller", 0 [pid 701] <... futex resumed>) = ? [pid 699] <... futex resumed>) = ? [pid 698] <... futex resumed>) = 0 [pid 695] <... exit_group resumed>) = ? [pid 301] <... mkdir resumed>) = 0 [pid 300] <... mkdir resumed>) = 0 [pid 705] <... memfd_create resumed>) = 3 [pid 701] +++ exited with 0 +++ [pid 698] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 301] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 300] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 301] <... openat resumed>) = 3 [pid 300] <... openat resumed>) = 3 [pid 301] ioctl(3, LOOP_CLR_FD [pid 300] ioctl(3, LOOP_CLR_FD [pid 301] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 300] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 301] close(3 [pid 300] close(3 [pid 301] <... close resumed>) = 0 [pid 300] <... close resumed>) = 0 [pid 301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 705] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 301] <... clone resumed>, child_tidptr=0x555556cc7690) = 708 [pid 300] <... clone resumed>, child_tidptr=0x555556cc7690) = 709 [pid 705] <... mmap resumed>) = 0x7f6218024000 [pid 696] openat(AT_FDCWD, 0x20000000, O_RDONLY|O_DIRECTORY) = -1 ENOENT (No such file or directory) [pid 696] ioctl(5, LOOP_CLR_FD) = 0 [pid 696] close(5) = 0 [pid 696] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 696] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 694] exit_group(0 [pid 698] <... futex resumed>) = ? [pid 694] <... exit_group resumed>) = ? [pid 698] +++ exited with 0 +++ [pid 705] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 696] <... futex resumed>) = ? [pid 705] <... write resumed>) = 262144 [pid 696] +++ exited with 0 +++ [pid 694] +++ exited with 0 +++ [pid 705] munmap(0x7f6218024000, 262144 [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=694, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 705] <... munmap resumed>) = 0 [pid 296] umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 705] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 296] openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 296] newfstatat(3, "", [pid 705] <... openat resumed>) = 4 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] getdents64(3, 0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 705] ioctl(4, LOOP_SET_FD, 3 [pid 296] umount2("./16/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 296] umount2("./16/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./16/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] unlink("./16/bus") = 0 [pid 296] umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] unlink("./16/binderfs") = 0 [pid 296] umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 706 attached [pid 706] set_robust_list(0x7f62180849a0, 24) = 0 [pid 706] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 706] creat("./bus", 000) = 3 [pid 706] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 697] <... futex resumed>) = 0 [pid 697] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 697] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 706] <... futex resumed>) = 1 [pid 706] mount("/dev/loop3", "./bus", NULL, MS_BIND, NULL) = 0 [pid 706] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 697] <... futex resumed>) = 0 [pid 697] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 697] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 706] <... futex resumed>) = 1 [pid 706] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5 [pid 706] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 697] <... futex resumed>) = 0 [pid 697] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 697] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 706] <... futex resumed>) = 1 [pid 706] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE) = 6 [pid 706] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 697] <... futex resumed>) = 0 [pid 697] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 697] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 706] <... futex resumed>) = 1 [pid 706] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000 [pid 706] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 697] <... futex resumed>) = 0 [pid 697] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 706] <... futex resumed>) = 1 ./strace-static-x86_64: Process 707 attached [pid 707] set_robust_list(0x7f62204449a0, 24) = 0 [pid 707] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 707] creat("./bus", 000) = 5 [pid 707] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 700] <... futex resumed>) = 0 [pid 700] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 700] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 707] <... futex resumed>) = 1 [pid 707] mount("/dev/loop2", "./bus", NULL, MS_BIND, NULL) = 0 [pid 707] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 700] <... futex resumed>) = 0 [pid 700] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 700] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 707] <... futex resumed>) = 1 [pid 707] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c./strace-static-x86_64: Process 708 attached [pid 708] set_robust_list(0x555556cc76a0, 24) = 0 [pid 706] memfd_create("syzkaller", 0) = 7 [pid 706] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 708] chdir("./17") = 0 [pid 708] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 708] setpgid(0, 0) = 0 [pid 708] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 708] write(3, "1000", 4) = 4 [pid 706] <... mmap resumed>) = 0x7f620fc64000 [pid 706] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536) = 65536 [pid 708] close(3 [pid 706] munmap(0x7f620fc64000, 65536 [pid 708] <... close resumed>) = 0 [pid 708] symlink("/dev/binderfs", "./binderfs" [pid 706] <... munmap resumed>) = 0 [pid 708] <... symlink resumed>) = 0 [pid 706] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 708] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 706] <... openat resumed>) = 8 [pid 708] <... futex resumed>) = 0 [pid 708] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 706] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy) [pid 708] <... rt_sigaction resumed>NULL, 8) = 0 [pid 706] ioctl(8, LOOP_CLR_FD [pid 708] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 706] <... ioctl resumed>) = 0 [pid 708] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 708] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220445000 [pid 708] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 708] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 708] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} => {parent_tid=[710]}, 88) = 710 [pid 708] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 708] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 708] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 706] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy) [pid 708] <... futex resumed>) = 0 [pid 706] close(8 [pid 708] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 706] <... close resumed>) = 0 [pid 708] <... mmap resumed>) = 0x7f6220424000 [pid 708] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 708] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 708] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} => {parent_tid=[711]}, 88) = 711 [pid 706] close(7 [pid 708] rt_sigprocmask(SIG_SETMASK, [], [pid 706] <... close resumed>) = 0 [pid 706] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 708] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 708] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 706] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 708] <... futex resumed>) = 0 [pid 708] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 711 attached [pid 711] set_robust_list(0x7f62204449a0, 24) = 0 [pid 711] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 711] creat("./bus", 000) = 3 [pid 711] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 708] <... futex resumed>) = 0 [pid 708] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 708] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 711] <... futex resumed>) = 1 [pid 711] mount("/dev/loop5", "./bus", NULL, MS_BIND, NULL) = 0 [pid 711] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 708] <... futex resumed>) = 0 [pid 708] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 708] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 711] <... futex resumed>) = 1 [pid 711] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 4 [pid 711] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 708] <... futex resumed>) = 0 [ 26.752237][ T702] loop3: detected capacity change from 0 to 512 [ 26.760535][ T696] ext4 filesystem being mounted at /root/syzkaller.sY6u5M/16/file0 supports timestamps until 2038 (0x7fffffff) [ 26.793261][ T705] loop2: detected capacity change from 0 to 512 [pid 708] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 708] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 711] <... futex resumed>) = 1 [pid 711] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE) = 5 [pid 711] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 708] <... futex resumed>) = 0 [pid 708] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 708] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 711] <... futex resumed>) = 1 [pid 711] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 4, 0) = 0x20000000 [pid 711] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 708] <... futex resumed>) = 0 [pid 708] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 711] <... futex resumed>) = 1 [pid 711] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000144} --- ./strace-static-x86_64: Process 710 attached [pid 711] +++ killed by SIGBUS +++ [pid 710] +++ killed by SIGBUS +++ [pid 708] +++ killed by SIGBUS +++ [pid 301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=708, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 301] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 301] umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 301] openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 301] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 301] getdents64(3, 0x555556cc8730 /* 4 entries */, 32768) = 104 [pid 301] umount2("./17/bus", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 709 attached [pid 709] set_robust_list(0x555556cc76a0, 24) = 0 [pid 709] chdir("./18") = 0 [pid 709] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 709] setpgid(0, 0) = 0 [pid 709] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 709] write(3, "1000", 4) = 4 [pid 709] close(3) = 0 [pid 709] symlink("/dev/binderfs", "./binderfs") = 0 [pid 709] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 709] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, NULL, 8) = 0 [pid 709] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 709] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220445000 [pid 709] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 709] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 709] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} => {parent_tid=[712]}, 88) = 712 [pid 709] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 709] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 709] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 709] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220424000 [pid 709] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 709] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 709] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 301] <... umount2 resumed>) = 0 [pid 301] umount2("./17/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 301] newfstatat(AT_FDCWD, "./17/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 301] unlink("./17/bus") = 0 [pid 301] umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 301] newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 301] unlink("./17/binderfs" [pid 707] <... open resumed>) = 6 [pid 705] <... ioctl resumed>) = 0 [pid 301] <... unlink resumed>) = 0 ./strace-static-x86_64: Process 712 attached [pid 707] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 705] close(3 [pid 702] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 301] getdents64(3, [pid 707] <... futex resumed>) = 1 [pid 702] ioctl(4, LOOP_CLR_FD [pid 700] <... futex resumed>) = 0 [pid 301] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 707] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 702] <... ioctl resumed>) = 0 [pid 700] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] close(3 [pid 707] <... socket resumed>) = 7 [pid 702] close(4 [pid 700] <... futex resumed>) = 0 [pid 301] <... close resumed>) = 0 [pid 707] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 702] <... close resumed>) = 0 [pid 700] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 699] +++ exited with 0 +++ [pid 695] +++ exited with 0 +++ [pid 301] rmdir("./17" [pid 707] <... futex resumed>) = 0 [pid 702] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 700] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 301] <... rmdir resumed>) = 0 [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=695, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 707] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 702] <... futex resumed>) = 0 [pid 700] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] mkdir("./18", 0777 [pid 297] restart_syscall(<... resuming interrupted clone ...> [pid 707] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 702] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 700] <... futex resumed>) = 0 [pid 301] <... mkdir resumed>) = 0 [pid 297] <... restart_syscall resumed>) = 0 [pid 707] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 6, 0 [pid 700] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 697] exit_group(0 [pid 301] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 707] <... mmap resumed>) = 0x20000000 [pid 702] <... futex resumed>) = ? [pid 697] <... exit_group resumed>) = ? [pid 301] <... openat resumed>) = 3 [pid 707] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 702] +++ exited with 0 +++ [pid 301] ioctl(3, LOOP_CLR_FD [pid 297] umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW [pid 707] <... futex resumed>) = 1 [pid 700] <... futex resumed>) = 0 [pid 301] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 707] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 700] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] close(3 [pid 297] openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 707] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 700] <... futex resumed>) = 0 [pid 301] <... close resumed>) = 0 [pid 297] <... openat resumed>) = 3 [pid 707] memfd_create("syzkaller", 0 [pid 301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 297] newfstatat(3, "", [pid 707] <... memfd_create resumed>) = 8 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 707] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 301] <... clone resumed>, child_tidptr=0x555556cc7690) = 713 [pid 297] getdents64(3, [pid 707] <... mmap resumed>) = 0x7f620fc64000 [pid 297] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 707] write(8, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 297] umount2("./19/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 707] <... write resumed>) = 65536 [pid 707] munmap(0x7f620fc64000, 65536 [pid 706] <... futex resumed>) = ? [pid 705] <... close resumed>) = 0 [pid 297] <... umount2 resumed>) = 0 [pid 707] <... munmap resumed>) = 0 [pid 297] umount2("./19/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 707] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 707] <... openat resumed>) = 3 [pid 297] newfstatat(AT_FDCWD, "./19/bus", [pid 707] ioctl(3, LOOP_SET_FD, 8 [pid 297] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 707] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 297] unlink("./19/bus" [pid 707] ioctl(3, LOOP_CLR_FD [pid 705] mkdir(0x20000000, 0777 [pid 297] <... unlink resumed>) = 0 [pid 707] <... ioctl resumed>) = 0 [pid 297] umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] unlink("./19/binderfs") = 0 [pid 297] umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./19/file0", [pid 705] <... mkdir resumed>) = 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 297] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(4, [pid 705] mount("/dev/loop2", 0x20000000, 0x200005c0, MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"... [pid 297] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 707] ioctl(3, LOOP_SET_FD, 8 [pid 297] getdents64(4, [pid 707] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 297] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 707] close(3 [pid 297] close(4 [pid 707] <... close resumed>) = 0 [pid 705] <... mount resumed>) = -1 ENODEV (No such device) [pid 297] <... close resumed>) = 0 [pid 707] close(8 [pid 297] rmdir("./19/file0"./strace-static-x86_64: Process 714 attached ./strace-static-x86_64: Process 713 attached [pid 712] set_robust_list(0x7f62204659a0, 24 [pid 707] <... close resumed>) = 0 [pid 705] ioctl(4, LOOP_CLR_FD [pid 714] set_robust_list(0x7f62204449a0, 24 [pid 707] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... rmdir resumed>) = 0 [pid 296] <... umount2 resumed>) = 0 [pid 707] <... futex resumed>) = 0 [pid 297] getdents64(3, [pid 296] umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 707] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 297] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] close(3 [pid 296] newfstatat(AT_FDCWD, "./16/file0", [pid 297] <... close resumed>) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] rmdir("./19" [pid 296] umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] <... rmdir resumed>) = 0 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] mkdir("./20", 0777 [pid 296] openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 297] <... mkdir resumed>) = 0 [pid 296] <... openat resumed>) = 4 [pid 297] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 296] newfstatat(4, "", [pid 297] <... openat resumed>) = 3 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] ioctl(3, LOOP_CLR_FD [pid 296] getdents64(4, [pid 297] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 296] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 297] close(3 [pid 296] getdents64(4, [pid 297] <... close resumed>) = 0 [pid 296] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 296] close(4 [pid 712] <... set_robust_list resumed>) = 0 [pid 709] <... clone3 resumed> => {parent_tid=[714]}, 88) = 714 [pid 705] <... ioctl resumed>) = 0 [pid 296] <... close resumed>) = 0 [pid 714] <... set_robust_list resumed>) = 0 [pid 297] <... clone resumed>, child_tidptr=0x555556cc7690) = 715 [pid 296] rmdir("./16/file0" [pid 712] rt_sigprocmask(SIG_SETMASK, [], [pid 709] rt_sigprocmask(SIG_SETMASK, [], [pid 705] close(4 [pid 714] rt_sigprocmask(SIG_SETMASK, [], [pid 296] <... rmdir resumed>) = 0 [pid 713] set_robust_list(0x555556cc76a0, 24 [pid 296] getdents64(3, 0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 714] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 712] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 709] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 705] <... close resumed>) = 0 [pid 296] close(3) = 0 [pid 296] rmdir("./16" [pid 714] creat("./bus", 000 [pid 709] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... rmdir resumed>) = 0 [pid 712] memfd_create("syzkaller", 0 [pid 705] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 700] exit_group(0 [pid 296] mkdir("./17", 0777 [pid 709] <... futex resumed>) = 0 [pid 707] <... futex resumed>) = ? [pid 705] <... futex resumed>) = ? [pid 700] <... exit_group resumed>) = ? [pid 296] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 715 attached [pid 714] <... creat resumed>) = 3 [pid 713] <... set_robust_list resumed>) = 0 [pid 712] <... memfd_create resumed>) = 4 [pid 709] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 707] +++ exited with 0 +++ [pid 705] +++ exited with 0 +++ [pid 715] set_robust_list(0x555556cc76a0, 24 [pid 714] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 713] chdir("./18" [pid 712] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 709] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 296] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 715] <... set_robust_list resumed>) = 0 [pid 714] <... futex resumed>) = 0 [pid 713] <... chdir resumed>) = 0 [pid 712] <... mmap resumed>) = 0x7f6218024000 [pid 709] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... openat resumed>) = 3 [pid 714] mount("/dev/loop4", "./bus", NULL, MS_BIND, NULL [pid 296] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 296] close(3) = 0 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 714] <... mount resumed>) = 0 [pid 712] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 265740 [pid 709] <... futex resumed>) = 0 [pid 700] +++ exited with 0 +++ [pid 296] <... clone resumed>, child_tidptr=0x555556cc7690) = 716 [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=700, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 714] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 709] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 298] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(3, 0x555556cc8730 /* 5 entries */, 32768) = 128 [pid 298] umount2("./16/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 712] <... write resumed>) = 265740 [pid 714] <... futex resumed>) = 0 [pid 709] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 298] <... umount2 resumed>) = 0 [pid 298] umount2("./16/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./16/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] unlink("./16/bus" [pid 714] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 713] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 712] munmap(0x7f6218024000, 265740 [pid 709] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 715] chdir("./20" [pid 298] <... unlink resumed>) = 0 [pid 298] umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] unlink("./16/binderfs") = 0 [pid 298] umount2("./16/ext4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./16/ext4", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 706] +++ exited with 0 +++ [pid 697] +++ exited with 0 +++ [pid 298] umount2("./16/ext4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./16/ext4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 298] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(4, 0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 298] getdents64(4, 0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 298] close(4) = 0 [pid 298] rmdir("./16/ext4") = 0 [pid 298] getdents64(3, 0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 298] close(3) = 0 [pid 298] rmdir("./16") = 0 [pid 298] mkdir("./17", 0777) = 0 [pid 298] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 298] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 298] close(3) = 0 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cc7690) = 717 ./strace-static-x86_64: Process 716 attached [pid 716] set_robust_list(0x555556cc76a0, 24) = 0 [pid 716] chdir("./17") = 0 [pid 716] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 716] setpgid(0, 0) = 0 [pid 716] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 716] write(3, "1000", 4 [pid 709] <... futex resumed>) = 0 [pid 716] <... write resumed>) = 4 [pid 714] <... open resumed>) = 5 [pid 709] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 714] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 713] <... prctl resumed>) = 0 [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=697, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 714] <... futex resumed>) = 0 [pid 709] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 299] restart_syscall(<... resuming interrupted clone ...> [pid 714] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 713] setpgid(0, 0 [pid 709] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 716] close(3 [pid 709] <... futex resumed>) = 0 [pid 716] <... close resumed>) = 0 [pid 714] <... socket resumed>) = 6 [pid 713] <... setpgid resumed>) = 0 [pid 709] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 714] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 709] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 714] <... futex resumed>) = 0 [pid 716] symlink("/dev/binderfs", "./binderfs") = 0 [pid 714] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 713] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 709] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... restart_syscall resumed>) = 0 [pid 716] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 714] <... mmap resumed>) = 0x20000000 [pid 709] <... futex resumed>) = 0 [pid 716] <... futex resumed>) = 0 [pid 716] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 713] <... openat resumed>) = 3 [pid 709] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 714] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 713] write(3, "1000", 4 [pid 709] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 299] umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW [pid 716] <... rt_sigaction resumed>NULL, 8) = 0 [pid 715] <... chdir resumed>) = 0 [pid 713] <... write resumed>) = 4 [pid 709] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 716] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 715] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 714] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000144} --- [pid 713] close(3 [pid 709] <... futex resumed>) = 0 [pid 299] openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 716] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 715] <... prctl resumed>) = 0 [pid 713] <... close resumed>) = 0 [pid 716] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 715] setpgid(0, 0 [pid 713] symlink("/dev/binderfs", "./binderfs" [pid 299] <... openat resumed>) = 3 ./strace-static-x86_64: Process 717 attached [pid 716] <... mmap resumed>) = 0x7f6220445000 [pid 715] <... setpgid resumed>) = 0 [pid 299] newfstatat(3, "", [pid 717] set_robust_list(0x555556cc76a0, 24 [pid 716] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 715] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 713] <... symlink resumed>) = 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 717] <... set_robust_list resumed>) = 0 [pid 716] <... mprotect resumed>) = 0 [pid 715] <... openat resumed>) = 3 [pid 713] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 712] <... munmap resumed>) = ? [pid 299] getdents64(3, [pid 717] chdir("./17" [pid 716] rt_sigprocmask(SIG_BLOCK, ~[], [pid 715] write(3, "1000", 4 [pid 713] <... futex resumed>) = 0 [pid 299] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 717] <... chdir resumed>) = 0 [pid 716] <... rt_sigprocmask resumed>[], 8) = 0 [pid 715] <... write resumed>) = 4 [pid 299] umount2("./18/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 713] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 717] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 716] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 715] close(3 [pid 299] <... umount2 resumed>) = 0 [pid 713] <... rt_sigaction resumed>NULL, 8) = 0 [pid 717] <... prctl resumed>) = 0 [pid 715] <... close resumed>) = 0 [pid 299] umount2("./18/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 717] setpgid(0, 0 [pid 716] <... clone3 resumed> => {parent_tid=[718]}, 88) = 718 [pid 715] symlink("/dev/binderfs", "./binderfs" [pid 713] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 717] <... setpgid resumed>) = 0 [pid 716] rt_sigprocmask(SIG_SETMASK, [], [pid 715] <... symlink resumed>) = 0 [pid 713] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 299] newfstatat(AT_FDCWD, "./18/bus", [pid 717] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 716] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 715] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 717] <... openat resumed>) = 3 [pid 716] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 715] <... futex resumed>) = 0 [pid 713] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 717] write(3, "1000", 4 [pid 716] <... futex resumed>) = 0 [pid 715] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 717] <... write resumed>) = 4 [pid 716] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 715] <... rt_sigaction resumed>NULL, 8) = 0 [pid 713] <... mmap resumed>) = 0x7f6220445000 [pid 299] unlink("./18/bus" [pid 717] close(3 [pid 716] <... futex resumed>) = 0 [pid 715] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 717] <... close resumed>) = 0 [pid 716] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 715] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 299] <... unlink resumed>) = 0 [pid 717] symlink("/dev/binderfs", "./binderfs" [pid 716] <... mmap resumed>) = 0x7f6220424000 [pid 715] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 713] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 299] umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 717] <... symlink resumed>) = 0 [pid 716] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 715] <... mmap resumed>) = 0x7f6220445000 [pid 717] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 716] <... mprotect resumed>) = 0 [pid 715] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 713] <... mprotect resumed>) = 0 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 717] <... futex resumed>) = 0 [pid 716] rt_sigprocmask(SIG_BLOCK, ~[], [pid 715] <... mprotect resumed>) = 0 [pid 717] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 716] <... rt_sigprocmask resumed>[], 8) = 0 [pid 715] rt_sigprocmask(SIG_BLOCK, ~[], [pid 713] rt_sigprocmask(SIG_BLOCK, ~[], [pid 299] newfstatat(AT_FDCWD, "./18/binderfs", [pid 717] <... rt_sigaction resumed>NULL, 8) = 0 [pid 716] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 715] <... rt_sigprocmask resumed>[], 8) = 0 [pid 717] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 715] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 713] <... rt_sigprocmask resumed>[], 8) = 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 717] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 716] <... clone3 resumed> => {parent_tid=[719]}, 88) = 719 [pid 713] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 299] unlink("./18/binderfs" [pid 717] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 716] rt_sigprocmask(SIG_SETMASK, [], [pid 715] <... clone3 resumed> => {parent_tid=[720]}, 88) = 720 [pid 717] <... mmap resumed>) = 0x7f6220445000 [pid 716] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 715] rt_sigprocmask(SIG_SETMASK, [], [pid 713] <... clone3 resumed> => {parent_tid=[721]}, 88) = 721 [pid 299] <... unlink resumed>) = 0 [pid 717] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 716] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 715] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 713] rt_sigprocmask(SIG_SETMASK, [], [pid 299] umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 717] <... mprotect resumed>) = 0 [pid 716] <... futex resumed>) = 0 [pid 715] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 713] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 717] rt_sigprocmask(SIG_BLOCK, ~[], [pid 716] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 715] <... futex resumed>) = 0 [pid 717] <... rt_sigprocmask resumed>[], 8) = 0 [pid 715] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 713] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] newfstatat(AT_FDCWD, "./18/file0", [pid 717] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 715] <... futex resumed>) = 0 [pid 713] <... futex resumed>) = 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 715] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 713] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 717] <... clone3 resumed> => {parent_tid=[722]}, 88) = 722 [pid 715] <... mmap resumed>) = 0x7f6220424000 [pid 713] <... futex resumed>) = 0 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 717] rt_sigprocmask(SIG_SETMASK, [], [pid 715] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 713] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 299] openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 717] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 715] <... mprotect resumed>) = 0 [pid 713] <... mmap resumed>) = 0x7f6220424000 [pid 299] <... openat resumed>) = 4 [pid 717] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 715] rt_sigprocmask(SIG_BLOCK, ~[], [pid 713] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 299] newfstatat(4, "", [pid 717] <... futex resumed>) = 0 [pid 715] <... rt_sigprocmask resumed>[], 8) = 0 [pid 713] <... mprotect resumed>) = 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 717] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 715] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 713] rt_sigprocmask(SIG_BLOCK, ~[], [pid 717] <... futex resumed>) = 0 [pid 713] <... rt_sigprocmask resumed>[], 8) = 0 [pid 299] getdents64(4, [pid 717] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 715] <... clone3 resumed> => {parent_tid=[723]}, 88) = 723 [pid 713] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 717] <... mmap resumed>) = 0x7f6220424000 [pid 715] rt_sigprocmask(SIG_SETMASK, [], [pid 299] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 717] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 715] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 299] getdents64(4, [pid 717] <... mprotect resumed>) = 0 [pid 715] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 713] <... clone3 resumed> => {parent_tid=[724]}, 88) = 724 [pid 299] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 720 attached [pid 717] rt_sigprocmask(SIG_BLOCK, ~[], [pid 715] <... futex resumed>) = 0 [pid 713] rt_sigprocmask(SIG_SETMASK, [], [pid 299] close(4 [pid 720] set_robust_list(0x7f62204659a0, 24 [pid 717] <... rt_sigprocmask resumed>[], 8) = 0 [pid 715] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 713] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 720] <... set_robust_list resumed>) = 0 [pid 717] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 299] <... close resumed>) = 0 [pid 720] rt_sigprocmask(SIG_SETMASK, [], [pid 713] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 712] +++ killed by SIGBUS +++ [pid 299] rmdir("./18/file0"./strace-static-x86_64: Process 722 attached [pid 720] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 717] <... clone3 resumed> => {parent_tid=[725]}, 88) = 725 [pid 722] set_robust_list(0x7f62204659a0, 24 [pid 720] memfd_create("syzkaller", 0 [pid 717] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 719 attached [pid 722] <... set_robust_list resumed>) = 0 [pid 720] <... memfd_create resumed>) = 3 [pid 717] <... rt_sigprocmask resumed>NULL, 8) = 0 ./strace-static-x86_64: Process 723 attached [pid 722] rt_sigprocmask(SIG_SETMASK, [], [pid 720] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 719] set_robust_list(0x7f62204449a0, 24 [pid 717] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 723] set_robust_list(0x7f62204449a0, 24 [pid 722] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 720] <... mmap resumed>) = 0x7f6218024000 [pid 719] <... set_robust_list resumed>) = 0 [pid 717] <... futex resumed>) = 0 [pid 723] <... set_robust_list resumed>) = 0 [pid 722] memfd_create("syzkaller", 0 [pid 720] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 719] rt_sigprocmask(SIG_SETMASK, [], [pid 717] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 714] +++ killed by SIGBUS +++ [pid 713] <... futex resumed>) = 0 [pid 709] +++ killed by SIGBUS +++ [pid 299] <... rmdir resumed>) = 0 [pid 723] rt_sigprocmask(SIG_SETMASK, [], [pid 722] <... memfd_create resumed>) = 3 [pid 720] <... write resumed>) = 262144 [pid 719] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 713] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=709, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 299] getdents64(3, ./strace-static-x86_64: Process 724 attached [pid 723] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 722] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 719] creat("./bus", 000 [pid 299] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 723] creat("./bus", 000 [pid 722] <... mmap resumed>) = 0x7f6218024000 [pid 720] munmap(0x7f6218024000, 262144 [pid 719] <... creat resumed>) = 3 [pid 299] close(3./strace-static-x86_64: Process 725 attached ./strace-static-x86_64: Process 721 attached [pid 724] set_robust_list(0x7f62204449a0, 24 [pid 723] <... creat resumed>) = 4 [pid 722] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 720] <... munmap resumed>) = 0 [pid 719] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] <... close resumed>) = 0 ./strace-static-x86_64: Process 718 attached [pid 725] set_robust_list(0x7f62204449a0, 24 [pid 724] <... set_robust_list resumed>) = 0 [pid 723] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 722] <... write resumed>) = 262144 [pid 721] set_robust_list(0x7f62204659a0, 24 [pid 720] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 719] <... futex resumed>) = 1 [pid 716] <... futex resumed>) = 0 [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] rmdir("./18" [pid 725] <... set_robust_list resumed>) = 0 [pid 724] rt_sigprocmask(SIG_SETMASK, [], [pid 723] <... futex resumed>) = 1 [pid 722] munmap(0x7f6218024000, 262144 [pid 721] <... set_robust_list resumed>) = 0 [pid 720] <... openat resumed>) = 5 [pid 719] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 718] set_robust_list(0x7f62204659a0, 24 [pid 716] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 715] <... futex resumed>) = 0 [pid 300] openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 725] rt_sigprocmask(SIG_SETMASK, [], [pid 724] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 723] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 722] <... munmap resumed>) = 0 [pid 721] rt_sigprocmask(SIG_SETMASK, [], [pid 720] ioctl(5, LOOP_SET_FD, 3 [pid 719] <... mount resumed>) = 0 [ 26.809432][ T702] EXT4-fs (loop3): VFS: Can't find ext4 filesystem [pid 718] <... set_robust_list resumed>) = 0 [pid 716] <... futex resumed>) = 0 [pid 715] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] <... openat resumed>) = 3 [pid 299] <... rmdir resumed>) = 0 [pid 725] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 724] creat("./bus", 000 [pid 723] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 722] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 721] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 720] <... ioctl resumed>) = 0 [pid 719] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 716] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 715] <... futex resumed>) = 0 [pid 300] newfstatat(3, "", [pid 725] creat("./bus", 000 [pid 723] mount("/dev/loop1", "./bus", NULL, MS_BIND, NULL [pid 722] <... openat resumed>) = 4 [pid 719] <... futex resumed>) = 0 [pid 716] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 715] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 300] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 725] <... creat resumed>) = 5 [pid 724] <... creat resumed>) = 3 [pid 723] <... mount resumed>) = 0 [pid 722] ioctl(4, LOOP_SET_FD, 3 [pid 721] memfd_create("syzkaller", 0 [pid 719] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 718] rt_sigprocmask(SIG_SETMASK, [], [pid 716] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] getdents64(3, [pid 299] mkdir("./19", 0777 [pid 725] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 724] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 723] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 721] <... memfd_create resumed>) = 4 [pid 720] close(3 [pid 719] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 718] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 716] <... futex resumed>) = 0 [pid 300] <... getdents64 resumed>0x555556cc8730 /* 4 entries */, 32768) = 104 [pid 725] <... futex resumed>) = 1 [pid 723] <... futex resumed>) = 1 [pid 719] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 717] <... futex resumed>) = 0 [pid 716] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 715] <... futex resumed>) = 0 [pid 300] umount2("./18/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 725] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 723] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 721] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 719] <... open resumed>) = 4 [pid 718] memfd_create("syzkaller", 0 [pid 717] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 715] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 724] <... futex resumed>) = 1 [pid 713] <... futex resumed>) = 0 [pid 300] <... umount2 resumed>) = 0 [pid 725] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 724] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 723] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 721] <... mmap resumed>) = 0x7f6218024000 [pid 719] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 718] <... memfd_create resumed>) = 5 [pid 717] <... futex resumed>) = 0 [pid 715] <... futex resumed>) = 0 [pid 300] umount2("./18/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] <... mkdir resumed>) = 0 [pid 725] mount("/dev/loop2", "./bus", NULL, MS_BIND, NULL [pid 723] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 719] <... futex resumed>) = 1 [pid 717] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 716] <... futex resumed>) = 0 [pid 715] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 725] <... mount resumed>) = 0 [pid 723] <... open resumed>) = 6 [pid 719] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 716] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] newfstatat(AT_FDCWD, "./18/bus", [pid 725] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 723] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 719] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 716] <... futex resumed>) = 0 [pid 300] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 725] <... futex resumed>) = 1 [pid 723] <... futex resumed>) = 1 [pid 719] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 717] <... futex resumed>) = 0 [pid 716] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 715] <... futex resumed>) = 0 [pid 300] unlink("./18/bus" [pid 725] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 724] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 723] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 719] <... socket resumed>) = 6 [pid 717] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 715] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 713] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] <... unlink resumed>) = 0 [pid 725] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 723] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 719] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 717] <... futex resumed>) = 0 [pid 715] <... futex resumed>) = 0 [pid 300] umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 725] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 723] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 719] <... futex resumed>) = 1 [pid 717] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 716] <... futex resumed>) = 0 [pid 715] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 724] mount("/dev/loop5", "./bus", NULL, MS_BIND, NULL [pid 723] <... socket resumed>) = 7 [pid 721] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 720] <... close resumed>) = 0 [pid 719] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 718] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 716] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 713] <... futex resumed>) = 0 [pid 300] newfstatat(AT_FDCWD, "./18/binderfs", [pid 299] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 725] <... open resumed>) = 6 [pid 723] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 719] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 716] <... futex resumed>) = 0 [pid 300] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 725] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 723] <... futex resumed>) = 1 [pid 719] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 4, 0 [pid 716] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 715] <... futex resumed>) = 0 [pid 300] unlink("./18/binderfs" [pid 725] <... futex resumed>) = 1 [pid 723] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 719] <... mmap resumed>) = 0x20000000 [pid 717] <... futex resumed>) = 0 [pid 715] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] <... unlink resumed>) = 0 [pid 725] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 723] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 719] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 717] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 715] <... futex resumed>) = 0 [pid 300] getdents64(3, [pid 725] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 723] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 6, 0 [pid 719] <... futex resumed>) = 1 [pid 717] <... futex resumed>) = 0 [pid 716] <... futex resumed>) = 0 [pid 715] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 300] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 725] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 723] <... mmap resumed>) = 0x20000000 [pid 719] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 717] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 716] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] close(3 [pid 725] <... socket resumed>) = 7 [pid 723] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 719] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 716] <... futex resumed>) = 0 [pid 300] <... close resumed>) = 0 [pid 725] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 723] <... futex resumed>) = 1 [pid 719] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000144} --- [pid 716] write(542316032, 0x81, 1000000 [pid 715] <... futex resumed>) = 0 [pid 300] rmdir("./18" [pid 725] <... futex resumed>) = 1 [pid 724] <... mount resumed>) = 0 [pid 723] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 721] <... write resumed>) = 262144 [pid 718] <... mmap resumed>) = ? [pid 717] <... futex resumed>) = 0 [pid 715] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 713] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 300] <... rmdir resumed>) = 0 [pid 299] <... openat resumed>) = 3 [pid 725] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 723] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 717] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 715] <... futex resumed>) = 0 [pid 300] mkdir("./19", 0777 [pid 725] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 724] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 723] memfd_create("syzkaller", 0 [pid 721] munmap(0x7f6218024000, 262144 [pid 718] +++ killed by SIGBUS +++ [pid 717] <... futex resumed>) = 0 [pid 300] <... mkdir resumed>) = 0 [pid 299] ioctl(3, LOOP_CLR_FD [pid 725] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 6, 0 [pid 724] <... futex resumed>) = 1 [pid 723] <... memfd_create resumed>) = 3 [pid 721] <... munmap resumed>) = 0 [pid 719] +++ killed by SIGBUS +++ [pid 717] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 716] +++ killed by SIGBUS +++ [pid 713] <... futex resumed>) = 0 [pid 300] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 299] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 725] <... mmap resumed>) = 0x20000000 [pid 723] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 300] <... openat resumed>) = 3 [pid 725] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 724] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 723] <... mmap resumed>) = 0x7f620fc64000 [pid 721] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 713] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] ioctl(3, LOOP_CLR_FD [pid 299] close(3 [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=716, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 725] <... futex resumed>) = 1 [pid 724] <... open resumed>) = 5 [pid 723] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 717] <... futex resumed>) = 0 [pid 300] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 296] umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW [pid 725] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 723] <... write resumed>) = 65536 [pid 717] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] close(3 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 725] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 724] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 723] munmap(0x7f620fc64000, 65536 [pid 721] <... openat resumed>) = 6 [pid 717] <... futex resumed>) = 0 [pid 713] <... futex resumed>) = 0 [pid 300] <... close resumed>) = 0 [pid 299] <... close resumed>) = 0 [pid 296] openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 725] memfd_create("syzkaller", 0 [pid 724] <... futex resumed>) = 0 [pid 723] <... munmap resumed>) = 0 [pid 721] ioctl(6, LOOP_SET_FD, 4 [pid 720] mkdir(0x20000000, 0777 [pid 713] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 296] <... openat resumed>) = 3 [pid 725] <... memfd_create resumed>) = 8 [pid 724] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 723] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 296] newfstatat(3, "", [pid 725] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 723] <... openat resumed>) = 8 [pid 300] <... clone resumed>, child_tidptr=0x555556cc7690) = 726 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 725] <... mmap resumed>) = 0x7f620fc64000 [pid 723] ioctl(8, LOOP_SET_FD, 3 [pid 296] getdents64(3, [pid 725] write(8, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 723] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 296] <... getdents64 resumed>0x555556cc8730 /* 4 entries */, 32768) = 104 [pid 725] <... write resumed>) = 65536 [pid 723] ioctl(8, LOOP_CLR_FD [pid 296] umount2("./17/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 725] munmap(0x7f620fc64000, 65536 [pid 723] <... ioctl resumed>) = 0 [pid 725] <... munmap resumed>) = 0 [pid 725] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 9 [pid 725] ioctl(9, LOOP_SET_FD, 8./strace-static-x86_64: Process 726 attached [pid 726] set_robust_list(0x555556cc76a0, 24) = 0 [pid 726] chdir("./19") = 0 [pid 726] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 726] setpgid(0, 0) = 0 [pid 723] ioctl(8, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 723] close(8) = 0 [pid 723] close(3) = 0 [pid 723] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 723] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 726] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 726] write(3, "1000", 4) = 4 [pid 726] close(3) = 0 [pid 726] symlink("/dev/binderfs", "./binderfs") = 0 [pid 726] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 726] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, NULL, 8) = 0 [pid 726] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 726] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220445000 [pid 726] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 713] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 296] <... umount2 resumed>) = 0 [pid 296] umount2("./17/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 713] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 724] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 296] newfstatat(AT_FDCWD, "./17/bus", [pid 724] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 713] <... futex resumed>) = 0 [pid 299] <... clone resumed>, child_tidptr=0x555556cc7690) = 727 [pid 296] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 724] <... socket resumed>) = 7 [pid 721] <... ioctl resumed>) = 0 [pid 713] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 296] unlink("./17/bus" [pid 724] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 721] close(4 [pid 713] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 296] <... unlink resumed>) = 0 [pid 724] <... futex resumed>) = 0 [pid 721] <... close resumed>) = 0 [pid 713] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 724] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 721] mkdir("./file0", 0777 [pid 713] <... futex resumed>) = 0 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./17/binderfs", [pid 724] <... mmap resumed>) = 0x20000000 [pid 713] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 296] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 724] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 713] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 296] unlink("./17/binderfs" [pid 724] <... futex resumed>) = 0 [pid 713] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... unlink resumed>) = 0 [pid 724] memfd_create("syzkaller", 0 [pid 713] <... futex resumed>) = 0 [pid 296] getdents64(3, [pid 724] <... memfd_create resumed>) = 4 [pid 296] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 724] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 721] <... mkdir resumed>) = 0 [pid 296] close(3 [pid 724] <... mmap resumed>) = 0x7f620fc64000 [pid 721] mount("/dev/loop5", 0x20000000, 0x200005c0, MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"... [pid 296] <... close resumed>) = 0 [pid 726] rt_sigprocmask(SIG_BLOCK, ~[], [pid 296] rmdir("./17" [pid 726] <... rt_sigprocmask resumed>[], 8) = 0 [pid 724] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 721] <... mount resumed>) = -1 ENODEV (No such device) [pid 296] <... rmdir resumed>) = 0 [pid 726] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 296] mkdir("./18", 0777 [pid 724] <... write resumed>) = 65536 [pid 721] ioctl(6, LOOP_CLR_FD [pid 720] <... mkdir resumed>) = 0 [pid 296] <... mkdir resumed>) = 0 [pid 725] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 722] <... ioctl resumed>) = 0 [pid 726] <... clone3 resumed> => {parent_tid=[728]}, 88) = 728 [pid 725] ioctl(9, LOOP_CLR_FD [pid 724] munmap(0x7f620fc64000, 65536 [pid 296] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 726] rt_sigprocmask(SIG_SETMASK, [], [pid 725] <... ioctl resumed>) = 0 [pid 724] <... munmap resumed>) = 0 [pid 296] <... openat resumed>) = 3 [pid 721] <... ioctl resumed>) = 0 [pid 726] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 724] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 720] mount("/dev/loop1", 0x20000000, 0x200005c0, MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"... [pid 721] close(6 [pid 296] ioctl(3, LOOP_CLR_FD [pid 726] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 726] <... futex resumed>) = 0 [pid 296] close(3 [pid 726] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 724] <... openat resumed>) = 8 [pid 721] <... close resumed>) = 0 [pid 296] <... close resumed>) = 0 [pid 726] <... futex resumed>) = 0 [pid 724] ioctl(8, LOOP_SET_FD, 4 [pid 721] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 720] <... mount resumed>) = -1 ENODEV (No such device) [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 727 attached [pid 726] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 724] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 722] close(3 [pid 721] <... futex resumed>) = 0 [pid 720] ioctl(5, LOOP_CLR_FD [pid 727] set_robust_list(0x555556cc76a0, 24 [pid 726] <... mmap resumed>) = 0x7f6220424000 [pid 725] ioctl(9, LOOP_SET_FD, 8 [pid 724] ioctl(8, LOOP_CLR_FD [pid 721] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 296] <... clone resumed>, child_tidptr=0x555556cc7690) = 729 [pid 727] <... set_robust_list resumed>) = 0 [pid 726] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 725] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 724] <... ioctl resumed>) = 0 [pid 720] <... ioctl resumed>) = 0 [pid 727] chdir("./19" [pid 726] <... mprotect resumed>) = 0 [pid 725] close(9 [pid 720] close(5 [pid 727] <... chdir resumed>) = 0 [pid 726] rt_sigprocmask(SIG_BLOCK, ~[], [pid 725] <... close resumed>) = 0 [pid 722] <... close resumed>) = 0 [pid 720] <... close resumed>) = 0 [pid 727] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 726] <... rt_sigprocmask resumed>[], 8) = 0 [pid 725] close(8 [pid 722] mkdir(0x20000000, 0777 [pid 720] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 727] <... prctl resumed>) = 0 [pid 726] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 725] <... close resumed>) = 0 [pid 720] <... futex resumed>) = 0 [pid 715] exit_group(0 [pid 727] setpgid(0, 0 [pid 725] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 723] <... futex resumed>) = ? [pid 715] <... exit_group resumed>) = ? [pid 727] <... setpgid resumed>) = 0 [pid 726] <... clone3 resumed> => {parent_tid=[730]}, 88) = 730 [pid 725] <... futex resumed>) = 0 [pid 724] ioctl(8, LOOP_SET_FD, 4 [pid 723] +++ exited with 0 +++ [pid 722] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 728 attached [pid 727] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 726] rt_sigprocmask(SIG_SETMASK, [], [pid 725] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 724] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 728] set_robust_list(0x7f62204659a0, 24 [pid 727] <... openat resumed>) = 3 [pid 726] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 724] close(8 [pid 722] mount("/dev/loop2", 0x20000000, 0x200005c0, MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"... [pid 728] <... set_robust_list resumed>) = 0 [pid 727] write(3, "1000", 4 [pid 726] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 724] <... close resumed>) = 0 [pid 722] <... mount resumed>) = -1 ENODEV (No such device) [pid 728] rt_sigprocmask(SIG_SETMASK, [], [pid 727] <... write resumed>) = 4 [pid 726] <... futex resumed>) = 0 [pid 724] close(4 [pid 722] ioctl(4, LOOP_CLR_FD [pid 728] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 727] close(3 [pid 726] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 728] memfd_create("syzkaller", 0 [pid 727] <... close resumed>) = 0 [pid 724] <... close resumed>) = 0 [pid 722] <... ioctl resumed>) = 0 [pid 728] <... memfd_create resumed>) = 3 [pid 727] symlink("/dev/binderfs", "./binderfs" [pid 724] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 728] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 727] <... symlink resumed>) = 0 [pid 724] <... futex resumed>) = 0 [pid 722] close(4 [pid 728] <... mmap resumed>) = 0x7f6218024000 [pid 727] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 724] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 722] <... close resumed>) = 0 [pid 728] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 727] <... futex resumed>) = 0 [pid 722] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 713] exit_group(0 [pid 728] <... write resumed>) = 262144 [pid 727] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 724] <... futex resumed>) = ? [pid 722] <... futex resumed>) = 0 [pid 721] <... futex resumed>) = ? [pid 713] <... exit_group resumed>) = ? ./strace-static-x86_64: Process 730 attached ./strace-static-x86_64: Process 729 attached [pid 727] <... rt_sigaction resumed>NULL, 8) = 0 [pid 724] +++ exited with 0 +++ [pid 717] exit_group(0 [pid 730] set_robust_list(0x7f62204449a0, 24 [pid 728] munmap(0x7f6218024000, 262144 [pid 727] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 725] <... futex resumed>) = ? [pid 717] <... exit_group resumed>) = ? [pid 730] <... set_robust_list resumed>) = 0 [pid 728] <... munmap resumed>) = 0 [pid 727] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 725] +++ exited with 0 +++ [pid 730] rt_sigprocmask(SIG_SETMASK, [], [pid 728] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 727] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 730] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 728] <... openat resumed>) = 4 [pid 727] <... mmap resumed>) = 0x7f6220445000 [pid 730] creat("./bus", 000 [pid 728] ioctl(4, LOOP_SET_FD, 3 [pid 727] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 730] <... creat resumed>) = 5 [pid 727] <... mprotect resumed>) = 0 [pid 730] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 727] rt_sigprocmask(SIG_BLOCK, ~[], [pid 730] <... futex resumed>) = 1 [pid 727] <... rt_sigprocmask resumed>[], 8) = 0 [pid 726] <... futex resumed>) = 0 [pid 730] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 727] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 726] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 730] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 726] <... futex resumed>) = 0 [ 26.868584][ T720] loop1: detected capacity change from 0 to 512 [ 26.876365][ T722] loop2: detected capacity change from 0 to 512 [ 26.900879][ T721] loop5: detected capacity change from 0 to 512 [pid 730] mount("/dev/loop4", "./bus", NULL, MS_BIND, NULL [pid 727] <... clone3 resumed> => {parent_tid=[731]}, 88) = 731 [pid 726] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 731 attached [pid 730] <... mount resumed>) = 0 [pid 729] set_robust_list(0x555556cc76a0, 24 [pid 727] rt_sigprocmask(SIG_SETMASK, [], [pid 731] set_robust_list(0x7f62204659a0, 24 [pid 729] <... set_robust_list resumed>) = 0 [pid 731] <... set_robust_list resumed>) = 0 [pid 729] chdir("./18" [pid 731] rt_sigprocmask(SIG_SETMASK, [], [pid 729] <... chdir resumed>) = 0 [pid 731] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 729] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 731] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 729] <... prctl resumed>) = 0 [pid 729] setpgid(0, 0) = 0 [pid 729] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 729] write(3, "1000", 4) = 4 [pid 729] close(3) = 0 [pid 729] symlink("/dev/binderfs", "./binderfs") = 0 [pid 729] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 729] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, NULL, 8) = 0 [pid 730] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 729] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 728] <... ioctl resumed>) = 0 [pid 727] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 730] <... futex resumed>) = 1 [pid 728] close(3 [pid 727] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 726] <... futex resumed>) = 0 [pid 730] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 729] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 728] <... close resumed>) = 0 [pid 727] <... futex resumed>) = 1 [pid 726] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 730] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 729] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 728] mkdir("./file0", 0777 [pid 727] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 731] <... futex resumed>) = 0 [pid 726] <... futex resumed>) = 0 [pid 730] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 728] <... mkdir resumed>) = 0 [pid 727] <... futex resumed>) = 0 [pid 726] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 730] <... open resumed>) = 3 [pid 728] mount("/dev/loop4", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 727] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 730] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 727] <... mmap resumed>) = 0x7f6220424000 [pid 720] +++ exited with 0 +++ [pid 715] +++ exited with 0 +++ [pid 730] <... futex resumed>) = 1 [pid 727] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 726] <... futex resumed>) = 0 [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=715, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 730] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 727] <... mprotect resumed>) = 0 [pid 726] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 721] +++ exited with 0 +++ [pid 713] +++ exited with 0 +++ [pid 730] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 727] rt_sigprocmask(SIG_BLOCK, ~[], [pid 726] <... futex resumed>) = 0 [pid 301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=713, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 730] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 727] <... rt_sigprocmask resumed>[], 8) = 0 [pid 726] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 722] +++ exited with 0 +++ [pid 717] +++ exited with 0 +++ [pid 297] umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW [pid 730] <... socket resumed>) = 6 [pid 727] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=717, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 730] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] restart_syscall(<... resuming interrupted clone ...> [pid 297] openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 730] <... futex resumed>) = 1 [pid 727] <... clone3 resumed> => {parent_tid=[732]}, 88) = 732 [pid 726] <... futex resumed>) = 0 [pid 297] <... openat resumed>) = 3 [pid 730] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 727] rt_sigprocmask(SIG_SETMASK, [], [pid 726] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] newfstatat(3, "", [pid 730] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 727] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 726] <... futex resumed>) = 0 [pid 298] <... restart_syscall resumed>) = 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 730] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 3, 0 [pid 727] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 726] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] getdents64(3, [pid 730] <... mmap resumed>) = 0x20000000 [pid 727] <... futex resumed>) = 0 [pid 297] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 128 [pid 730] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 729] <... mmap resumed>) = 0x7f6220445000 [pid 727] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] umount2("./20/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 730] <... futex resumed>) = 1 [pid 729] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 726] <... futex resumed>) = 0 [pid 301] umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] <... umount2 resumed>) = 0 [pid 730] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 729] <... mprotect resumed>) = 0 [pid 726] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 297] umount2("./20/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 730] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 729] rt_sigprocmask(SIG_BLOCK, ~[], [pid 726] <... futex resumed>) = 0 [pid 301] openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 298] <... openat resumed>) = 3 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 730] memfd_create("syzkaller", 0 [pid 301] <... openat resumed>) = 3 [pid 298] newfstatat(3, "", [pid 297] newfstatat(AT_FDCWD, "./20/bus", [pid 730] <... memfd_create resumed>) = 7 [pid 729] <... rt_sigprocmask resumed>[], 8) = 0 [pid 301] newfstatat(3, "", [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 730] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 729] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 301] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(3, [pid 297] unlink("./20/bus" [pid 730] <... mmap resumed>) = 0x7f620fc64000 [pid 301] getdents64(3, [pid 298] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 128 [pid 297] <... unlink resumed>) = 0 [pid 730] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 729] <... clone3 resumed> => {parent_tid=[734]}, 88) = 734 [pid 301] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 128 [pid 298] umount2("./17/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 730] <... write resumed>) = 65536 [pid 729] rt_sigprocmask(SIG_SETMASK, [], [pid 301] umount2("./18/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] <... umount2 resumed>) = 0 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 730] munmap(0x7f620fc64000, 65536 [pid 729] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 301] <... umount2 resumed>) = 0 [pid 298] umount2("./17/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] newfstatat(AT_FDCWD, "./20/binderfs", [pid 730] <... munmap resumed>) = 0 [pid 729] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] umount2("./18/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 ./strace-static-x86_64: Process 732 attached [pid 730] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 729] <... futex resumed>) = 0 [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./17/bus", [pid 297] unlink("./20/binderfs" [pid 732] set_robust_list(0x7f62204449a0, 24 [pid 730] <... openat resumed>) = 8 [pid 729] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] newfstatat(AT_FDCWD, "./18/bus", [pid 298] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] <... unlink resumed>) = 0 [pid 732] <... set_robust_list resumed>) = 0 [pid 730] ioctl(8, LOOP_SET_FD, 7 [pid 729] <... futex resumed>) = 0 [pid 301] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] unlink("./17/bus" [pid 297] umount2("./20/ext4", MNT_DETACH|UMOUNT_NOFOLLOW [pid 732] rt_sigprocmask(SIG_SETMASK, [], [pid 730] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 729] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 301] unlink("./18/bus" [pid 298] <... unlink resumed>) = 0 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 732] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 731] memfd_create("syzkaller", 0 [pid 730] ioctl(8, LOOP_CLR_FD [pid 729] <... mmap resumed>) = 0x7f6220424000 [pid 301] <... unlink resumed>) = 0 [pid 298] umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] newfstatat(AT_FDCWD, "./20/ext4", [pid 732] creat("./bus", 000 [pid 731] <... memfd_create resumed>) = 3 [pid 730] <... ioctl resumed>) = 0 [pid 729] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 301] umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 732] <... creat resumed>) = 4 [pid 731] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 729] <... mprotect resumed>) = 0 [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./17/binderfs", [pid 297] umount2("./20/ext4", MNT_DETACH|UMOUNT_NOFOLLOW [pid 732] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 731] <... mmap resumed>) = 0x7f6218024000 [pid 729] rt_sigprocmask(SIG_BLOCK, ~[], [pid 301] newfstatat(AT_FDCWD, "./18/binderfs", [pid 298] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 732] <... futex resumed>) = 1 [pid 729] <... rt_sigprocmask resumed>[], 8) = 0 [pid 727] <... futex resumed>) = 0 [pid 301] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] unlink("./17/binderfs" [pid 297] openat(AT_FDCWD, "./20/ext4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 732] mount("/dev/loop3", "./bus", NULL, MS_BIND, NULL [pid 729] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 727] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] unlink("./18/binderfs" [pid 298] <... unlink resumed>) = 0 [pid 297] <... openat resumed>) = 4 [pid 732] <... mount resumed>) = 0 [pid 727] <... futex resumed>) = 0 [pid 301] <... unlink resumed>) = 0 [pid 298] umount2("./17/ext4", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] newfstatat(4, "", [pid 732] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 730] ioctl(8, LOOP_SET_FD, 7 [pid 729] <... clone3 resumed> => {parent_tid=[735]}, 88) = 735 [pid 727] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] umount2("./18/ext4", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 732] <... futex resumed>) = 0 [pid 730] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 729] rt_sigprocmask(SIG_SETMASK, [], [pid 727] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./17/ext4", [pid 297] getdents64(4, [pid 732] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 730] close(8 [pid 729] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 727] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] newfstatat(AT_FDCWD, "./18/ext4", [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 732] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 730] <... close resumed>) = 0 [pid 729] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 727] <... futex resumed>) = 0 [pid 301] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] umount2("./17/ext4", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] getdents64(4, [pid 732] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 730] close(7 [pid 729] <... futex resumed>) = 0 [pid 727] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] umount2("./18/ext4", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 732] <... open resumed>) = 5 [pid 730] <... close resumed>) = 0 [pid 729] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./17/ext4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 297] close(4 [pid 732] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 730] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] openat(AT_FDCWD, "./18/ext4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 298] <... openat resumed>) = 4 [pid 297] <... close resumed>) = 0 ./strace-static-x86_64: Process 735 attached [pid 732] <... futex resumed>) = 1 [pid 730] <... futex resumed>) = 0 [pid 727] <... futex resumed>) = 0 [pid 301] <... openat resumed>) = 4 [pid 298] newfstatat(4, "", [pid 297] rmdir("./20/ext4" [pid 735] set_robust_list(0x7f62204449a0, 24 [pid 732] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 730] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 727] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] newfstatat(4, "", [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] <... rmdir resumed>) = 0 [pid 735] <... set_robust_list resumed>) = 0 [pid 732] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 727] <... futex resumed>) = 0 [pid 301] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(4, [pid 297] getdents64(3, [pid 735] rt_sigprocmask(SIG_SETMASK, [], [pid 732] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 731] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 264966 [pid 727] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] getdents64(4, [pid 298] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 297] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 735] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 732] <... socket resumed>) = 6 [pid 301] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 298] getdents64(4, [pid 297] close(3 [pid 735] creat("./bus", 000 [pid 732] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] getdents64(4, [pid 298] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 297] <... close resumed>) = 0 [pid 735] <... creat resumed>) = 3 [pid 732] <... futex resumed>) = 1 [pid 727] <... futex resumed>) = 0 [pid 301] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 298] close(4 [pid 297] rmdir("./20" [pid 735] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 732] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 731] <... write resumed>) = 264966 [pid 727] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] close(4 [pid 298] <... close resumed>) = 0 [pid 297] <... rmdir resumed>) = 0 [pid 735] <... futex resumed>) = 1 [pid 732] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 729] <... futex resumed>) = 0 [pid 727] <... futex resumed>) = 0 [pid 301] <... close resumed>) = 0 [pid 298] rmdir("./17/ext4" [pid 297] mkdir("./21", 0777 [pid 735] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 732] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 731] munmap(0x7f6218024000, 264966 [pid 729] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 727] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] rmdir("./18/ext4" [pid 298] <... rmdir resumed>) = 0 [pid 297] <... mkdir resumed>) = 0 [pid 735] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 732] <... mmap resumed>) = 0x20000000 [pid 731] <... munmap resumed>) = 0 [pid 729] <... futex resumed>) = 0 [pid 301] <... rmdir resumed>) = 0 [pid 298] getdents64(3, [pid 297] openat(AT_FDCWD, "/dev/loop1", O_RDWR./strace-static-x86_64: Process 734 attached [pid 735] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 732] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 731] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 729] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] getdents64(3, [pid 298] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 297] <... openat resumed>) = 3 [pid 735] <... mount resumed>) = 0 [pid 732] <... futex resumed>) = 1 [pid 731] <... openat resumed>) = 7 [pid 727] <... futex resumed>) = 0 [pid 301] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 298] close(3 [pid 297] ioctl(3, LOOP_CLR_FD [pid 735] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 734] set_robust_list(0x7f62204659a0, 24 [pid 732] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 731] ioctl(7, LOOP_SET_FD, 3 [pid 727] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] close(3 [pid 298] <... close resumed>) = 0 [pid 297] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 735] <... futex resumed>) = 1 [pid 732] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 729] <... futex resumed>) = 0 [pid 727] <... futex resumed>) = 0 [pid 301] <... close resumed>) = 0 [pid 298] rmdir("./17" [pid 297] close(3 [pid 735] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 732] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000144} --- [pid 729] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 727] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] rmdir("./18" [pid 298] <... rmdir resumed>) = 0 [pid 297] <... close resumed>) = 0 [pid 735] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 301] <... rmdir resumed>) = 0 [pid 298] mkdir("./18", 0777 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 735] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 301] mkdir("./19", 0777 [pid 298] <... mkdir resumed>) = 0 [pid 735] <... open resumed>) = 4 [pid 301] <... mkdir resumed>) = 0 [pid 298] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 297] <... clone resumed>, child_tidptr=0x555556cc7690) = 736 [pid 735] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 298] <... openat resumed>) = 3 [pid 735] <... futex resumed>) = 0 [pid 301] <... openat resumed>) = 3 [pid 298] ioctl(3, LOOP_CLR_FD [pid 735] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 301] ioctl(3, LOOP_CLR_FD [pid 298] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 301] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 298] close(3 [pid 301] close(3 [pid 298] <... close resumed>) = 0 [pid 301] <... close resumed>) = 0 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 298] <... clone resumed>, child_tidptr=0x555556cc7690) = 737 [pid 301] <... clone resumed>, child_tidptr=0x555556cc7690) = 738 ./strace-static-x86_64: Process 737 attached [pid 737] set_robust_list(0x555556cc76a0, 24) = 0 [pid 737] chdir("./18") = 0 [pid 737] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 737] setpgid(0, 0) = 0 [pid 737] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 737] write(3, "1000", 4) = 4 [pid 737] close(3) = 0 [pid 737] symlink("/dev/binderfs", "./binderfs") = 0 [pid 737] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 735] <... futex resumed>) = 0 [pid 734] <... set_robust_list resumed>) = 0 [pid 729] <... futex resumed>) = 1 [pid 735] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 729] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 734] rt_sigprocmask(SIG_SETMASK, [], [pid 729] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 734] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 729] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 735] <... futex resumed>) = 0 [pid 729] <... futex resumed>) = 1 [pid 735] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 729] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 735] <... socket resumed>) = 5 [pid 734] memfd_create("syzkaller", 0 [pid 735] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 735] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 737] <... futex resumed>) = 0 [pid 737] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, NULL, 8) = 0 [pid 737] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 737] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220445000 [pid 737] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 737] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 737] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0}./strace-static-x86_64: Process 736 attached [pid 736] set_robust_list(0x555556cc76a0, 24) = 0 [pid 737] <... clone3 resumed> => {parent_tid=[740]}, 88) = 740 [pid 737] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 737] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 737] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 736] chdir("./21" [pid 737] <... futex resumed>) = 0 [pid 737] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 736] <... chdir resumed>) = 0 [pid 737] <... mmap resumed>) = 0x7f6220424000 [pid 737] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 736] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 736] setpgid(0, 0 [pid 737] rt_sigprocmask(SIG_BLOCK, ~[], [pid 736] <... setpgid resumed>) = 0 [pid 737] <... rt_sigprocmask resumed>[], 8) = 0 [pid 737] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 736] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 737] <... clone3 resumed> => {parent_tid=[741]}, 88) = 741 [pid 736] <... openat resumed>) = 3 [pid 737] rt_sigprocmask(SIG_SETMASK, [], [pid 736] write(3, "1000", 4 [pid 737] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 736] <... write resumed>) = 4 [pid 737] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 736] close(3 [pid 737] <... futex resumed>) = 0 [pid 736] <... close resumed>) = 0 [pid 737] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 736] symlink("/dev/binderfs", "./binderfs") = 0 [pid 736] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 736] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, NULL, 8) = 0 [pid 736] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 736] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220445000 [pid 736] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 736] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 736] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} => {parent_tid=[742]}, 88) = 742 [pid 736] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 736] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 736] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 736] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220424000 [pid 736] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 736] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 736] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} => {parent_tid=[743]}, 88) = 743 [pid 736] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 26.924861][ T728] loop4: detected capacity change from 0 to 512 [ 26.954376][ T731] loop3: detected capacity change from 0 to 517 [ 26.961220][ T733] EXT4-fs warning (device loop4): kmmpd:170: kmmpd being stopped since MMP feature has been disabled. [pid 736] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 734] <... memfd_create resumed>) = 6 [pid 729] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 729] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 729] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 734] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6218024000 [pid 734] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144./strace-static-x86_64: Process 743 attached ./strace-static-x86_64: Process 742 attached ./strace-static-x86_64: Process 740 attached [pid 736] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 735] <... futex resumed>) = 0 [pid 734] <... write resumed>) = 262144 [pid 743] set_robust_list(0x7f62204449a0, 24 [pid 742] set_robust_list(0x7f62204659a0, 24 [pid 740] set_robust_list(0x7f62204659a0, 24 [pid 735] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 4, 0./strace-static-x86_64: Process 738 attached [pid 738] set_robust_list(0x555556cc76a0, 24) = 0 [pid 738] chdir("./19" [pid 734] munmap(0x7f6218024000, 262144) = 0 [pid 738] <... chdir resumed>) = 0 [pid 738] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 738] setpgid(0, 0 [pid 734] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 738] <... setpgid resumed>) = 0 [pid 734] <... openat resumed>) = 7 [pid 738] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 734] ioctl(7, LOOP_SET_FD, 6 [pid 743] <... set_robust_list resumed>) = 0 [pid 742] <... set_robust_list resumed>) = 0 [pid 740] <... set_robust_list resumed>) = 0 [pid 735] <... mmap resumed>) = 0x20000000 [pid 738] <... openat resumed>) = 3 ./strace-static-x86_64: Process 741 attached [pid 738] write(3, "1000", 4 [pid 741] set_robust_list(0x7f62204449a0, 24 [pid 738] <... write resumed>) = 4 [pid 741] <... set_robust_list resumed>) = 0 [pid 738] close(3 [pid 741] rt_sigprocmask(SIG_SETMASK, [], [pid 738] <... close resumed>) = 0 [pid 741] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 738] symlink("/dev/binderfs", "./binderfs" [pid 741] creat("./bus", 000 [pid 738] <... symlink resumed>) = 0 [pid 741] <... creat resumed>) = 3 [pid 738] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 741] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 738] <... futex resumed>) = 0 [pid 741] <... futex resumed>) = 1 [pid 738] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 737] <... futex resumed>) = 0 [pid 737] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 737] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 741] mount("/dev/loop2", "./bus", NULL, MS_BIND, NULL [pid 738] <... rt_sigaction resumed>NULL, 8) = 0 [pid 741] <... mount resumed>) = 0 [pid 738] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 741] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 738] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 741] <... futex resumed>) = 1 [pid 738] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 737] <... futex resumed>) = 0 [pid 737] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 737] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 741] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 738] <... mmap resumed>) = 0x7f6220445000 [pid 741] <... open resumed>) = 4 [pid 738] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 741] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 738] <... mprotect resumed>) = 0 [pid 741] <... futex resumed>) = 1 [pid 738] rt_sigprocmask(SIG_BLOCK, ~[], [pid 737] <... futex resumed>) = 0 [pid 737] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 737] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 743] rt_sigprocmask(SIG_SETMASK, [], [pid 742] rt_sigprocmask(SIG_SETMASK, [], [pid 741] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 740] rt_sigprocmask(SIG_SETMASK, [], [pid 738] <... rt_sigprocmask resumed>[], 8) = 0 [pid 735] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 743] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 742] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 740] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 735] <... futex resumed>) = 1 [pid 729] <... futex resumed>) = 0 [pid 743] creat("./bus", 000 [pid 729] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 742] memfd_create("syzkaller", 0 [pid 740] memfd_create("syzkaller", 0 [pid 729] <... futex resumed>) = 0 [pid 741] <... socket resumed>) = 5 [pid 738] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 741] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 738] <... clone3 resumed> => {parent_tid=[744]}, 88) = 744 [pid 737] <... futex resumed>) = 0 [pid 737] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 737] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 741] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 4, 0 [pid 738] rt_sigprocmask(SIG_SETMASK, [], [pid 741] <... mmap resumed>) = 0x20000000 [pid 738] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 738] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 741] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 738] <... futex resumed>) = 0 [pid 741] <... futex resumed>) = 1 [pid 738] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 737] <... futex resumed>) = 0 [pid 741] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 738] <... futex resumed>) = 0 [pid 737] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 741] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 738] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 737] <... futex resumed>) = 0 [pid 741] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000144} --- [pid 738] <... mmap resumed>) = 0x7f6220424000 [pid 737] syscall_0x7f6220424000(0, 0x21000, 0, 0x20022, 0xffffffff, 0 [pid 738] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 738] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 738] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 731] <... ioctl resumed>) = ? [pid 738] <... clone3 resumed> => {parent_tid=[745]}, 88) = 745 [pid 738] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 738] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 738] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 744 attached [pid 744] set_robust_list(0x7f62204659a0, 24) = 0 [pid 744] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 744] memfd_create("syzkaller", 0) = 3 [pid 744] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6218024000 [pid 744] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144./strace-static-x86_64: Process 745 attached [pid 745] set_robust_list(0x7f62204449a0, 24) = 0 [pid 745] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 745] creat("./bus", 000) = 4 [pid 745] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 738] <... futex resumed>) = 0 [pid 738] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 738] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 745] <... futex resumed>) = 1 [pid 745] mount("/dev/loop5", "./bus", NULL, MS_BIND, NULL) = 0 [pid 745] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 738] <... futex resumed>) = 0 [ 26.968343][ T728] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 26.980324][ T728] EXT4-fs error (device loop4): ext4_init_orphan_info:586: comm syz-executor172: inode #0: comm syz-executor172: iget: illegal inode # [ 26.983783][ T734] loop0: detected capacity change from 0 to 512 [ 27.000509][ T728] EXT4-fs (loop4): get orphan inode failed [ 27.007069][ T735] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 32 prio class 0 [pid 745] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 742] <... memfd_create resumed>) = 3 [pid 740] <... memfd_create resumed>) = ? [pid 738] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 745] <... open resumed>) = 5 [pid 744] <... write resumed>) = 262144 [pid 743] <... creat resumed>) = 4 [pid 742] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 740] +++ killed by SIGBUS +++ [pid 738] <... futex resumed>) = 0 [pid 731] +++ killed by SIGBUS +++ [pid 741] +++ killed by SIGBUS +++ [pid 738] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 737] +++ killed by SIGBUS +++ [pid 745] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 744] munmap(0x7f6218024000, 262144 [pid 745] <... futex resumed>) = 1 [pid 744] <... munmap resumed>) = 0 [pid 738] <... futex resumed>) = 0 [pid 738] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 738] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 745] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 744] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 745] <... socket resumed>) = 6 [pid 744] <... openat resumed>) = 7 [pid 745] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 744] ioctl(7, LOOP_SET_FD, 3 [pid 745] <... futex resumed>) = 1 [pid 738] <... futex resumed>) = 0 [pid 745] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 738] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 745] <... mmap resumed>) = 0x20000000 [pid 738] <... futex resumed>) = 0 [pid 745] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 738] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 745] <... futex resumed>) = 0 [pid 738] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 745] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000144} --- [pid 738] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = ? [pid 734] <... ioctl resumed>) = 0 [pid 734] close(6) = 0 [pid 734] mkdir(0x20000000, 0777 [pid 743] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 742] <... mmap resumed>) = 0x7f6218024000 [pid 736] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=737, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 735] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000144} --- [pid 734] <... mkdir resumed>) = ? [pid 735] +++ killed by SIGBUS +++ [pid 743] <... futex resumed>) = 0 [pid 744] <... ioctl resumed>) = ? [pid 743] mount("/dev/loop1", "./bus", NULL, MS_BIND, NULL [pid 742] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 736] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 734] +++ killed by SIGBUS +++ [pid 729] +++ killed by SIGBUS +++ [pid 743] <... mount resumed>) = 0 [pid 736] <... futex resumed>) = 0 [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=729, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- [pid 736] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW [pid 743] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 742] <... write resumed>) = 262144 [pid 736] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 743] <... futex resumed>) = 0 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 742] munmap(0x7f6218024000, 262144 [pid 743] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 736] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 743] <... open resumed>) = 5 [pid 742] <... munmap resumed>) = 0 [pid 736] <... futex resumed>) = 0 [pid 298] <... openat resumed>) = 3 [pid 745] +++ killed by SIGBUS +++ [pid 743] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 742] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 736] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] newfstatat(3, "", [pid 743] <... futex resumed>) = 0 [pid 742] <... openat resumed>) = 6 [pid 736] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 743] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 742] ioctl(6, LOOP_SET_FD, 3 [pid 736] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] getdents64(3, [pid 296] umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW [pid 743] <... socket resumed>) = 7 [pid 736] <... futex resumed>) = 0 [pid 728] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 728] ioctl(4, LOOP_CLR_FD) = 0 [pid 728] close(4) = 0 [pid 728] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 726] exit_group(0) = ? [pid 728] +++ exited with 0 +++ [pid 298] <... getdents64 resumed>0x555556cc8730 /* 4 entries */, 32768) = 104 [pid 298] umount2("./18/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 296] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 743] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 742] <... ioctl resumed>) = 0 [pid 736] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 730] <... futex resumed>) = ? [pid 298] <... umount2 resumed>) = 0 [pid 296] getdents64(3, [pid 743] <... futex resumed>) = 0 [pid 742] close(3 [pid 736] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 298] umount2("./18/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... getdents64 resumed>0x555556cc8730 /* 4 entries */, 32768) = 104 [pid 743] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 736] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] umount2("./18/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 743] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 736] <... futex resumed>) = 0 [pid 298] newfstatat(AT_FDCWD, "./18/bus", [pid 743] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 742] <... close resumed>) = 0 [pid 736] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] <... umount2 resumed>) = 0 [pid 743] <... mmap resumed>) = 0x20000000 [pid 742] mkdir(0x20000000, 0777 [pid 298] unlink("./18/bus" [pid 296] umount2("./18/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 743] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 736] <... futex resumed>) = 0 [pid 298] <... unlink resumed>) = 0 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 743] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 742] <... mkdir resumed>) = -1 ENOENT (No such file or directory) [pid 736] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] newfstatat(AT_FDCWD, "./18/bus", [pid 743] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 736] <... futex resumed>) = 0 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 744] +++ killed by SIGBUS +++ [pid 743] memfd_create("syzkaller", 0 [pid 738] +++ killed by SIGBUS +++ [pid 732] +++ killed by SIGBUS +++ [pid 727] +++ killed by SIGBUS +++ [pid 298] newfstatat(AT_FDCWD, "./18/binderfs", [pid 296] unlink("./18/bus" [pid 743] <... memfd_create resumed>) = 3 [pid 742] mount("/dev/loop1", 0x20000000, 0x200005c0, MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"... [pid 301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=738, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=727, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 743] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] <... unlink resumed>) = 0 [pid 743] <... mmap resumed>) = 0x7f620fc64000 [pid 298] unlink("./18/binderfs" [pid 296] umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 301] umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 742] <... mount resumed>) = -1 ENOENT (No such file or directory) [pid 301] openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 743] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 742] ioctl(6, LOOP_CLR_FD [pid 301] <... openat resumed>) = 3 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 742] <... ioctl resumed>) = 0 [pid 301] newfstatat(3, "", [pid 742] close(6 [pid 301] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] <... unlink resumed>) = 0 [pid 296] newfstatat(AT_FDCWD, "./18/binderfs", [pid 742] <... close resumed>) = 0 [pid 301] getdents64(3, [pid 743] <... write resumed>) = 65536 [pid 742] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] <... getdents64 resumed>0x555556cc8730 /* 4 entries */, 32768) = 104 [pid 298] getdents64(3, [pid 296] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 743] munmap(0x7f620fc64000, 65536 [pid 742] <... futex resumed>) = 0 [pid 301] umount2("./19/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 296] unlink("./18/binderfs" [pid 743] <... munmap resumed>) = 0 [pid 742] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 301] <... umount2 resumed>) = 0 [pid 298] close(3 [pid 743] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 301] umount2("./19/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] <... close resumed>) = 0 [pid 296] <... unlink resumed>) = 0 [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] rmdir("./18" [pid 296] getdents64(3, [pid 743] <... openat resumed>) = 6 [pid 301] newfstatat(AT_FDCWD, "./19/bus", [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 301] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 301] unlink("./19/bus" [pid 299] <... openat resumed>) = 3 [pid 301] <... unlink resumed>) = 0 [pid 299] newfstatat(3, "", [pid 301] umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] <... rmdir resumed>) = 0 [pid 743] ioctl(6, LOOP_SET_FD, 3 [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] getdents64(3, [pid 296] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 743] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 301] newfstatat(AT_FDCWD, "./19/binderfs", [pid 299] <... getdents64 resumed>0x555556cc8730 /* 4 entries */, 32768) = 104 [pid 298] mkdir("./19", 0777 [pid 296] close(3 [pid 743] ioctl(6, LOOP_CLR_FD [pid 301] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] umount2("./19/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 743] <... ioctl resumed>) = 0 [pid 301] unlink("./19/binderfs" [pid 299] <... umount2 resumed>) = 0 [pid 298] <... mkdir resumed>) = 0 [pid 296] <... close resumed>) = 0 [pid 301] <... unlink resumed>) = 0 [pid 299] umount2("./19/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 296] rmdir("./18" [pid 301] getdents64(3, [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] <... openat resumed>) = 3 [pid 301] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 301] close(3) = 0 [pid 301] rmdir("./19") = 0 [pid 730] +++ exited with 0 +++ [pid 726] +++ exited with 0 +++ [pid 301] mkdir("./20", 0777) = 0 [pid 299] newfstatat(AT_FDCWD, "./19/bus", [pid 298] ioctl(3, LOOP_CLR_FD [pid 296] <... rmdir resumed>) = 0 [pid 743] ioctl(6, LOOP_SET_FD, 3 [pid 301] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=726, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 299] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 296] mkdir("./19", 0777 [pid 743] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 301] <... openat resumed>) = 3 [pid 300] restart_syscall(<... resuming interrupted clone ...> [pid 299] unlink("./19/bus" [pid 298] close(3 [pid 301] ioctl(3, LOOP_CLR_FD [pid 300] <... restart_syscall resumed>) = 0 [pid 296] <... mkdir resumed>) = 0 [pid 743] close(6 [pid 299] <... unlink resumed>) = 0 [pid 298] <... close resumed>) = 0 [pid 743] <... close resumed>) = 0 [pid 299] umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 296] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 743] close(3 [pid 300] umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... openat resumed>) = 3 [pid 743] <... close resumed>) = 0 [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./19/binderfs", [pid 296] ioctl(3, LOOP_CLR_FD [pid 743] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 743] <... futex resumed>) = 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] <... clone resumed>, child_tidptr=0x555556cc7690) = 746 [pid 743] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 300] <... openat resumed>) = 3 [pid 299] unlink("./19/binderfs" [pid 300] newfstatat(3, "", ./strace-static-x86_64: Process 746 attached {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] <... unlink resumed>) = 0 [pid 300] getdents64(3, [pid 299] getdents64(3, [pid 746] set_robust_list(0x555556cc76a0, 24 [pid 300] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 299] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 746] <... set_robust_list resumed>) = 0 [pid 300] umount2("./19/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] close(3 [pid 746] chdir("./19" [pid 300] <... umount2 resumed>) = 0 [pid 299] <... close resumed>) = 0 [pid 736] exit_group(0 [pid 300] umount2("./19/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] rmdir("./19" [pid 743] <... futex resumed>) = ? [pid 742] <... futex resumed>) = ? [pid 736] <... exit_group resumed>) = ? [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 743] +++ exited with 0 +++ [pid 742] +++ exited with 0 +++ [pid 299] <... rmdir resumed>) = 0 [pid 746] <... chdir resumed>) = 0 [pid 746] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 746] setpgid(0, 0) = 0 [pid 746] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 746] write(3, "1000", 4) = 4 [pid 746] close(3) = 0 [pid 746] symlink("/dev/binderfs", "./binderfs" [pid 300] newfstatat(AT_FDCWD, "./19/bus", [pid 299] mkdir("./20", 0777 [pid 746] <... symlink resumed>) = 0 [pid 300] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 746] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 746] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 299] <... mkdir resumed>) = 0 [pid 300] unlink("./19/bus" [pid 299] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 746] <... rt_sigaction resumed>NULL, 8) = 0 [pid 746] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 300] <... unlink resumed>) = 0 [pid 746] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 300] umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 746] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 746] <... mmap resumed>) = 0x7f6220445000 [pid 300] newfstatat(AT_FDCWD, "./19/binderfs", [pid 746] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 300] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 746] <... mprotect resumed>) = 0 [pid 300] unlink("./19/binderfs" [pid 746] rt_sigprocmask(SIG_BLOCK, ~[], [pid 300] <... unlink resumed>) = 0 [pid 746] <... rt_sigprocmask resumed>[], 8) = 0 [pid 300] umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 746] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 747 attached [pid 300] newfstatat(AT_FDCWD, "./19/file0", [pid 746] <... clone3 resumed> => {parent_tid=[747]}, 88) = 747 [pid 300] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 300] umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 746] rt_sigprocmask(SIG_SETMASK, [], [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 300] openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 746] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 300] <... openat resumed>) = 4 [pid 747] set_robust_list(0x7f62204659a0, 24 [pid 300] newfstatat(4, "", [pid 747] <... set_robust_list resumed>) = 0 [pid 746] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 300] getdents64(4, [pid 747] rt_sigprocmask(SIG_SETMASK, [], [pid 746] <... futex resumed>) = 0 [pid 300] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 747] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 746] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] getdents64(4, [pid 747] memfd_create("syzkaller", 0 [pid 746] <... futex resumed>) = 0 [pid 300] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 747] <... memfd_create resumed>) = 3 [pid 746] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 300] close(4 [pid 747] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 746] <... mmap resumed>) = 0x7f6220424000 [pid 300] <... close resumed>) = 0 [pid 747] <... mmap resumed>) = 0x7f6218024000 [pid 746] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 300] rmdir("./19/file0" [pid 746] <... mprotect resumed>) = 0 [pid 300] <... rmdir resumed>) = 0 [pid 300] getdents64(3, [pid 747] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 746] rt_sigprocmask(SIG_BLOCK, ~[], [pid 300] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 300] close(3 [pid 746] <... rt_sigprocmask resumed>[], 8) = 0 [pid 300] <... close resumed>) = 0 [pid 747] <... write resumed>) = 262144 [pid 746] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 300] rmdir("./19" [pid 746] <... clone3 resumed> => {parent_tid=[748]}, 88) = 748 [pid 746] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 746] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] <... rmdir resumed>) = 0 [pid 746] <... futex resumed>) = 0 [pid 300] mkdir("./20", 0777 [pid 746] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 747] munmap(0x7f6218024000, 262144) = 0 [pid 747] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 300] <... mkdir resumed>) = 0 [pid 300] openat(AT_FDCWD, "/dev/loop4", O_RDWR [ 27.018840][ T735] Buffer I/O error on dev loop0, logical block 0, async page read [ 27.026614][ T735] Buffer I/O error on dev loop0, logical block 0, async page read [ 27.034487][ T744] loop5: detected capacity change from 0 to 512 [ 27.034544][ T728] EXT4-fs (loop4): mount failed [ 27.051392][ T742] loop1: detected capacity change from 0 to 512 [pid 747] <... openat resumed>) = 4 [pid 300] <... openat resumed>) = 3 [pid 300] ioctl(3, LOOP_CLR_FD [pid 747] ioctl(4, LOOP_SET_FD, 3 [pid 300] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 747] <... ioctl resumed>) = 0 [pid 300] close(3./strace-static-x86_64: Process 748 attached ) = 0 [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 748] set_robust_list(0x7f62204449a0, 24) = 0 [pid 748] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 748] creat("./bus", 000 [pid 300] <... clone resumed>, child_tidptr=0x555556cc7690) = 749 [pid 748] <... creat resumed>) = 5 [pid 748] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 746] <... futex resumed>) = 0 [pid 746] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 746] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 749 attached [pid 748] <... futex resumed>) = 1 [pid 747] close(3 [pid 749] set_robust_list(0x555556cc76a0, 24) = 0 [pid 749] chdir("./20") = 0 [pid 749] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 749] setpgid(0, 0) = 0 [pid 749] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 749] write(3, "1000", 4) = 4 [pid 749] close(3) = 0 [pid 749] symlink("/dev/binderfs", "./binderfs") = 0 [pid 749] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 749] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, NULL, 8) = 0 [pid 749] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 749] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220445000 [pid 749] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 749] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 749] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} => {parent_tid=[750]}, 88) = 750 [pid 749] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 749] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 749] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 749] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220424000 [pid 299] <... openat resumed>) = 3 [pid 749] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 749] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 749] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 299] ioctl(3, LOOP_CLR_FD [pid 749] <... clone3 resumed> => {parent_tid=[751]}, 88) = 751 [pid 749] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 749] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 749] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 748] mount("/dev/loop2", "./bus", NULL, MS_BIND, NULL) = 0 [pid 748] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 746] <... futex resumed>) = 0 [pid 746] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 746] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 748] <... futex resumed>) = 1 [pid 748] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 6 [pid 748] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 746] <... futex resumed>) = 0 [pid 746] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 746] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 748] <... futex resumed>) = 1 [pid 748] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE) = 7 [pid 748] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 751 attached ./strace-static-x86_64: Process 750 attached ) = 1 [pid 747] <... close resumed>) = 0 [pid 746] <... futex resumed>) = 0 [pid 751] set_robust_list(0x7f62204449a0, 24 [pid 747] mkdir("./file0", 0777 [pid 746] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 751] <... set_robust_list resumed>) = 0 [pid 750] set_robust_list(0x7f62204659a0, 24 [pid 748] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 6, 0 [pid 747] <... mkdir resumed>) = 0 [pid 746] <... futex resumed>) = 0 [pid 751] rt_sigprocmask(SIG_SETMASK, [], [pid 747] mount("/dev/loop2", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 746] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 751] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 750] <... set_robust_list resumed>) = 0 [pid 748] <... mmap resumed>) = 0x20000000 [pid 751] creat("./bus", 000) = 3 [pid 748] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 750] rt_sigprocmask(SIG_SETMASK, [], [pid 751] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 750] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 751] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 750] memfd_create("syzkaller", 0 [pid 749] <... futex resumed>) = 0 [pid 750] <... memfd_create resumed>) = 4 [pid 748] <... futex resumed>) = 1 [pid 746] <... futex resumed>) = 0 [pid 750] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6218024000 [pid 750] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 749] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 748] memfd_create("syzkaller", 0 [pid 746] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 751] <... futex resumed>) = 0 [pid 749] <... futex resumed>) = 1 [pid 746] <... futex resumed>) = 0 [pid 751] mount("/dev/loop4", "./bus", NULL, MS_BIND, NULL) = 0 [pid 751] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 751] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 750] <... write resumed>) = 262144 [pid 749] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 748] <... memfd_create resumed>) = 3 [pid 750] munmap(0x7f6218024000, 262144 [pid 749] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 748] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 750] <... munmap resumed>) = 0 [pid 749] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 748] <... mmap resumed>) = 0x7f620fc64000 [pid 750] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 5 [pid 750] ioctl(5, LOOP_SET_FD, 4 [pid 749] <... futex resumed>) = 1 [pid 748] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 747] <... mount resumed>) = -1 EBADMSG (Bad message) [pid 301] <... ioctl resumed>) = 0 [pid 299] <... ioctl resumed>) = 0 [pid 751] <... futex resumed>) = 0 [pid 749] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 748] <... write resumed>) = 65536 [pid 747] ioctl(4, LOOP_CLR_FD [pid 736] +++ exited with 0 +++ [pid 301] close(3 [pid 299] close(3 [pid 296] <... ioctl resumed>) = 0 [pid 751] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 748] munmap(0x7f620fc64000, 65536 [pid 301] <... close resumed>) = 0 [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=736, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 748] <... munmap resumed>) = 0 [pid 297] umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] close(3 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... close resumed>) = 0 ./strace-static-x86_64: Process 752 attached [pid 748] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 747] <... ioctl resumed>) = 0 [pid 299] <... close resumed>) = 0 [pid 297] openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 753 attached [pid 748] <... openat resumed>) = 8 [pid 747] close(4 [pid 301] <... clone resumed>, child_tidptr=0x555556cc7690) = 752 [pid 752] set_robust_list(0x555556cc76a0, 24 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 297] <... openat resumed>) = 3 [pid 297] newfstatat(3, "", [pid 296] <... clone resumed>, child_tidptr=0x555556cc7690) = 753 [pid 748] ioctl(8, LOOP_SET_FD, 3 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(3, 0x555556cc8730 /* 4 entries */, 32768) = 104 [pid 297] umount2("./21/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 748] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 297] <... umount2 resumed>) = 0 [pid 297] umount2("./21/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./21/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] unlink("./21/bus" [pid 753] set_robust_list(0x555556cc76a0, 24 [pid 752] <... set_robust_list resumed>) = 0 [pid 748] ioctl(8, LOOP_CLR_FD [pid 747] <... close resumed>) = 0 [pid 299] <... clone resumed>, child_tidptr=0x555556cc7690) = 754 [pid 297] <... unlink resumed>) = 0 [pid 748] <... ioctl resumed>) = 0 [pid 297] umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 747] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] unlink("./21/binderfs" [pid 753] <... set_robust_list resumed>) = 0 [pid 752] chdir("./20" [pid 747] <... futex resumed>) = 0 [pid 752] <... chdir resumed>) = 0 [pid 747] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 297] <... unlink resumed>) = 0 [pid 297] getdents64(3, 0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 297] close(3) = 0 [pid 297] rmdir("./21" [pid 753] chdir("./19" [pid 752] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 297] <... rmdir resumed>) = 0 [pid 297] mkdir("./22", 0777 [pid 752] <... prctl resumed>) = 0 [pid 748] ioctl(8, LOOP_SET_FD, 3 [pid 753] <... chdir resumed>) = 0 [pid 752] setpgid(0, 0 [pid 748] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 297] <... mkdir resumed>) = 0 [pid 297] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 748] close(8 [pid 297] <... openat resumed>) = 3 [pid 297] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 297] close(3) = 0 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 755 attached [pid 753] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 752] <... setpgid resumed>) = 0 [pid 748] <... close resumed>) = 0 [pid 297] <... clone resumed>, child_tidptr=0x555556cc7690) = 755 [pid 748] close(3 [pid 755] set_robust_list(0x555556cc76a0, 24 [pid 753] <... prctl resumed>) = 0 [pid 752] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 751] <... open resumed>) = 6 [pid 748] <... close resumed>) = 0 [pid 751] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 754 attached [pid 755] <... set_robust_list resumed>) = 0 [pid 753] setpgid(0, 0 [pid 752] <... openat resumed>) = 3 [pid 751] <... futex resumed>) = 1 [pid 750] <... ioctl resumed>) = 0 [pid 749] <... futex resumed>) = 0 [pid 748] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 753] <... setpgid resumed>) = 0 [pid 752] write(3, "1000", 4 [pid 751] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 749] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 748] <... futex resumed>) = 0 [pid 753] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 752] <... write resumed>) = 4 [pid 751] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 749] <... futex resumed>) = 0 [pid 748] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 753] <... openat resumed>) = 3 [pid 752] close(3 [pid 751] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 749] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 746] exit_group(0 [pid 753] write(3, "1000", 4 [pid 752] <... close resumed>) = 0 [pid 751] <... socket resumed>) = 7 [pid 748] <... futex resumed>) = ? [pid 747] <... futex resumed>) = ? [pid 746] <... exit_group resumed>) = ? [pid 753] <... write resumed>) = 4 [pid 752] symlink("/dev/binderfs", "./binderfs" [pid 751] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 748] +++ exited with 0 +++ [pid 747] +++ exited with 0 +++ [pid 751] <... futex resumed>) = 1 [pid 749] <... futex resumed>) = 0 [pid 751] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 749] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 751] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 749] <... futex resumed>) = 0 [pid 751] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 6, 0 [pid 749] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 752] <... symlink resumed>) = 0 [pid 751] <... mmap resumed>) = 0x20000000 [pid 752] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 751] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 752] <... futex resumed>) = 0 [pid 751] <... futex resumed>) = 1 [pid 749] <... futex resumed>) = 0 [pid 752] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 751] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 749] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 752] <... rt_sigaction resumed>NULL, 8) = 0 [pid 751] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 749] <... futex resumed>) = 0 [pid 754] set_robust_list(0x555556cc76a0, 24 [pid 753] close(3 [pid 752] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 750] close(4 [pid 752] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 751] memfd_create("syzkaller", 0 [pid 755] chdir("./22" [pid 752] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 751] <... memfd_create resumed>) = 8 [pid 755] <... chdir resumed>) = 0 [pid 753] <... close resumed>) = 0 [pid 752] <... mmap resumed>) = 0x7f6220445000 [pid 751] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 755] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 754] <... set_robust_list resumed>) = 0 [pid 752] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 751] <... mmap resumed>) = 0x7f620fc64000 [pid 750] <... close resumed>) = 0 [pid 755] <... prctl resumed>) = 0 [pid 754] chdir("./20" [pid 753] symlink("/dev/binderfs", "./binderfs" [pid 752] <... mprotect resumed>) = 0 [pid 751] write(8, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 750] mkdir(0x20000000, 0777 [pid 755] setpgid(0, 0 [pid 754] <... chdir resumed>) = 0 [pid 752] rt_sigprocmask(SIG_BLOCK, ~[], [pid 751] <... write resumed>) = 65536 [pid 753] <... symlink resumed>) = 0 [pid 755] <... setpgid resumed>) = 0 [pid 752] <... rt_sigprocmask resumed>[], 8) = 0 [pid 751] munmap(0x7f620fc64000, 65536 [pid 755] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 753] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 752] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 751] <... munmap resumed>) = 0 [pid 755] <... openat resumed>) = 3 [pid 753] <... futex resumed>) = 0 [pid 751] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 755] write(3, "1000", 4 [pid 753] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 752] <... clone3 resumed> => {parent_tid=[756]}, 88) = 756 [pid 751] <... openat resumed>) = 4 [pid 755] <... write resumed>) = 4 [pid 753] <... rt_sigaction resumed>NULL, 8) = 0 [pid 752] rt_sigprocmask(SIG_SETMASK, [], [pid 751] ioctl(4, LOOP_SET_FD, 8 [pid 755] close(3 [pid 753] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 752] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 751] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 755] <... close resumed>) = 0 [pid 753] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 752] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 751] ioctl(4, LOOP_CLR_FD [pid 755] symlink("/dev/binderfs", "./binderfs" [pid 751] <... ioctl resumed>) = 0 [pid 752] <... futex resumed>) = 0 [pid 755] <... symlink resumed>) = 0 [pid 753] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 752] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 755] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 753] <... mmap resumed>) = 0x7f6220445000 [pid 752] <... futex resumed>) = 0 [pid 755] <... futex resumed>) = 0 [pid 753] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 752] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 755] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 753] <... mprotect resumed>) = 0 [pid 752] <... mmap resumed>) = 0x7f6220424000 [pid 755] <... rt_sigaction resumed>NULL, 8) = 0 [pid 752] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 753] rt_sigprocmask(SIG_BLOCK, ~[], [pid 755] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 752] <... mprotect resumed>) = 0 [pid 755] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 753] <... rt_sigprocmask resumed>[], 8) = 0 [pid 752] rt_sigprocmask(SIG_BLOCK, ~[], [pid 755] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 752] <... rt_sigprocmask resumed>[], 8) = 0 [pid 753] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 752] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 755] <... mmap resumed>) = 0x7f6220445000 [pid 755] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 751] ioctl(4, LOOP_SET_FD, 8 [pid 755] <... mprotect resumed>) = 0 [pid 752] <... clone3 resumed> => {parent_tid=[757]}, 88) = 757 [pid 751] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 755] rt_sigprocmask(SIG_BLOCK, ~[], [pid 753] <... clone3 resumed> => {parent_tid=[758]}, 88) = 758 [pid 752] rt_sigprocmask(SIG_SETMASK, [], [pid 751] close(4./strace-static-x86_64: Process 756 attached [pid 755] <... rt_sigprocmask resumed>[], 8) = 0 [pid 753] rt_sigprocmask(SIG_SETMASK, [], [pid 752] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 751] <... close resumed>) = 0 [pid 756] set_robust_list(0x7f62204659a0, 24 [pid 755] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 754] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 753] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 752] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 751] close(8./strace-static-x86_64: Process 759 attached ./strace-static-x86_64: Process 758 attached ./strace-static-x86_64: Process 757 attached [pid 756] <... set_robust_list resumed>) = 0 [pid 754] <... prctl resumed>) = 0 [pid 753] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 752] <... futex resumed>) = 0 [pid 751] <... close resumed>) = 0 [pid 750] <... mkdir resumed>) = 0 [pid 758] set_robust_list(0x7f62204659a0, 24 [pid 757] set_robust_list(0x7f62204449a0, 24 [pid 756] rt_sigprocmask(SIG_SETMASK, [], [pid 755] <... clone3 resumed> => {parent_tid=[759]}, 88) = 759 [pid 751] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 753] <... futex resumed>) = 0 [pid 752] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 756] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 755] rt_sigprocmask(SIG_SETMASK, [], [pid 754] setpgid(0, 0 [pid 751] <... futex resumed>) = 0 [pid 750] mount("/dev/loop4", 0x20000000, 0x200005c0, MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"... [pid 756] memfd_create("syzkaller", 0 [pid 755] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 751] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 756] <... memfd_create resumed>) = 3 [pid 755] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 756] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 755] <... futex resumed>) = 0 [pid 756] <... mmap resumed>) = 0x7f6218024000 [pid 755] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 759] set_robust_list(0x7f62204659a0, 24 [pid 758] <... set_robust_list resumed>) = 0 [pid 757] <... set_robust_list resumed>) = 0 [pid 755] <... futex resumed>) = 0 [pid 754] <... setpgid resumed>) = 0 [pid 753] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 750] <... mount resumed>) = -1 ENODEV (No such device) [pid 759] <... set_robust_list resumed>) = 0 [pid 758] rt_sigprocmask(SIG_SETMASK, [], [pid 757] rt_sigprocmask(SIG_SETMASK, [], [pid 756] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 755] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 754] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 753] <... futex resumed>) = 0 [pid 759] rt_sigprocmask(SIG_SETMASK, [], [pid 758] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 757] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 756] <... write resumed>) = 262144 [pid 755] <... mmap resumed>) = 0x7f6220424000 [pid 754] <... openat resumed>) = 3 [pid 753] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 750] ioctl(5, LOOP_CLR_FD [pid 759] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 758] memfd_create("syzkaller", 0 [pid 757] creat("./bus", 000 [pid 756] munmap(0x7f6218024000, 262144 [pid 755] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 754] write(3, "1000", 4 [pid 753] <... mmap resumed>) = 0x7f6220424000 [pid 750] <... ioctl resumed>) = 0 [pid 758] <... memfd_create resumed>) = 3 [pid 756] <... munmap resumed>) = 0 [pid 755] <... mprotect resumed>) = 0 [pid 754] <... write resumed>) = 4 [pid 753] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 750] close(5 [pid 758] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 756] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 755] rt_sigprocmask(SIG_BLOCK, ~[], [pid 754] close(3 [pid 753] <... mprotect resumed>) = 0 [pid 750] <... close resumed>) = 0 [pid 758] <... mmap resumed>) = 0x7f6218024000 [pid 756] <... openat resumed>) = 5 [pid 755] <... rt_sigprocmask resumed>[], 8) = 0 [pid 754] <... close resumed>) = 0 [pid 756] ioctl(5, LOOP_SET_FD, 3 [ 27.080185][ T747] loop2: detected capacity change from 0 to 512 [ 27.097769][ T747] EXT4-fs warning (device loop2): read_mmp_block:115: Error -74 while reading MMP block 12 [ 27.097988][ T750] loop4: detected capacity change from 0 to 512 [pid 755] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 759] memfd_create("syzkaller", 0 [pid 758] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 757] <... creat resumed>) = 4 [pid 754] symlink("/dev/binderfs", "./binderfs" [pid 753] rt_sigprocmask(SIG_BLOCK, ~[], [pid 750] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 759] <... memfd_create resumed>) = 3 [pid 758] <... write resumed>) = 262144 [pid 757] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 754] <... symlink resumed>) = 0 [pid 753] <... rt_sigprocmask resumed>[], 8) = 0 [pid 750] <... futex resumed>) = 0 [pid 759] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 758] munmap(0x7f6218024000, 262144 [pid 757] <... futex resumed>) = 1 [pid 754] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 753] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 752] <... futex resumed>) = 0 [pid 750] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 761 attached ./strace-static-x86_64: Process 760 attached [pid 759] <... mmap resumed>) = 0x7f6218024000 [pid 758] <... munmap resumed>) = 0 [pid 757] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 756] <... ioctl resumed>) = 0 [pid 755] <... clone3 resumed> => {parent_tid=[760]}, 88) = 760 [pid 754] <... futex resumed>) = 0 [pid 752] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 760] set_robust_list(0x7f62204449a0, 24 [pid 758] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 757] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 756] close(3 [pid 755] rt_sigprocmask(SIG_SETMASK, [], [pid 754] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 753] <... clone3 resumed> => {parent_tid=[761]}, 88) = 761 [pid 752] <... futex resumed>) = 0 [pid 749] exit_group(0 [pid 760] <... set_robust_list resumed>) = 0 [pid 758] <... openat resumed>) = 4 [pid 757] mount("/dev/loop5", "./bus", NULL, MS_BIND, NULL [pid 756] <... close resumed>) = 0 [pid 755] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 754] <... rt_sigaction resumed>NULL, 8) = 0 [pid 753] rt_sigprocmask(SIG_SETMASK, [], [pid 752] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 751] <... futex resumed>) = ? [pid 750] <... futex resumed>) = ? [pid 749] <... exit_group resumed>) = ? [pid 760] rt_sigprocmask(SIG_SETMASK, [], [pid 758] ioctl(4, LOOP_SET_FD, 3 [pid 757] <... mount resumed>) = 0 [pid 756] mkdir("./file0", 0777 [pid 755] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 754] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 753] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 751] +++ exited with 0 +++ [pid 750] +++ exited with 0 +++ [pid 760] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 756] <... mkdir resumed>) = 0 [pid 755] <... futex resumed>) = 0 [pid 760] creat("./bus", 000 [pid 756] mount("/dev/loop5", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 755] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 760] <... creat resumed>) = 4 [pid 760] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 755] <... futex resumed>) = 0 [pid 760] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 755] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 760] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 755] <... futex resumed>) = 0 [pid 760] mount("/dev/loop1", "./bus", NULL, MS_BIND, NULL [pid 755] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 760] <... mount resumed>) = 0 [pid 760] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 755] <... futex resumed>) = 0 [pid 760] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 755] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 760] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 755] <... futex resumed>) = 0 [pid 760] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 755] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 760] <... open resumed>) = 5 [pid 760] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 755] <... futex resumed>) = 0 [pid 760] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 755] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 760] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 755] <... futex resumed>) = 0 [pid 760] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 755] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 760] <... socket resumed>) = 6 [pid 760] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 755] <... futex resumed>) = 0 [pid 760] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 755] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 760] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 755] <... futex resumed>) = 0 [pid 760] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 755] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 760] <... mmap resumed>) = 0x20000000 [pid 760] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 755] <... futex resumed>) = 0 [pid 760] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 755] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 760] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 755] <... futex resumed>) = 0 [pid 760] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000144} --- [pid 754] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 758] <... ioctl resumed>) = 0 [pid 757] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 753] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 758] close(3 [pid 757] <... futex resumed>) = 1 [pid 754] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 753] <... futex resumed>) = 0 [pid 752] <... futex resumed>) = 0 [pid 761] set_robust_list(0x7f62204449a0, 24) = 0 [pid 761] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 761] creat("./bus", 000) = 5 [pid 746] +++ exited with 0 +++ [pid 761] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=746, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- [pid 761] <... futex resumed>) = 0 [pid 298] restart_syscall(<... resuming interrupted clone ...> [pid 761] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 752] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 758] <... close resumed>) = 0 [pid 757] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 753] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 752] <... futex resumed>) = 0 [pid 749] +++ exited with 0 +++ [pid 298] <... restart_syscall resumed>) = 0 [pid 300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=749, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 298] umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 300] openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 298] <... openat resumed>) = 3 [pid 300] <... openat resumed>) = 3 [pid 298] newfstatat(3, "", [pid 300] newfstatat(3, "", [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 300] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(3, [pid 300] getdents64(3, [pid 298] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 300] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 128 [pid 298] umount2("./19/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] umount2("./20/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] <... umount2 resumed>) = 0 [pid 300] <... umount2 resumed>) = 0 [pid 298] umount2("./19/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] umount2("./20/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./19/bus", [pid 300] newfstatat(AT_FDCWD, "./20/bus", [pid 298] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 300] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] unlink("./19/bus" [pid 300] unlink("./20/bus" [pid 298] <... unlink resumed>) = 0 [pid 300] <... unlink resumed>) = 0 [pid 298] umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./19/binderfs", [pid 300] newfstatat(AT_FDCWD, "./20/binderfs", [pid 298] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 300] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] unlink("./19/binderfs" [pid 300] unlink("./20/binderfs" [pid 298] <... unlink resumed>) = 0 [pid 300] <... unlink resumed>) = 0 [pid 298] umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] umount2("./20/ext4", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./19/file0", [pid 300] newfstatat(AT_FDCWD, "./20/ext4", [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 300] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] umount2("./20/ext4", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 300] openat(AT_FDCWD, "./20/ext4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 298] <... openat resumed>) = 4 [pid 300] <... openat resumed>) = 4 [pid 298] newfstatat(4, "", [pid 753] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 752] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 300] newfstatat(4, "", [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 758] mkdir("./file0", 0777 [pid 757] <... open resumed>) = 3 [pid 754] <... mmap resumed>) = 0x7f6220445000 [pid 753] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(4, [pid 761] <... futex resumed>) = 0 [pid 757] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 753] <... futex resumed>) = 1 [pid 300] getdents64(4, [pid 298] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 761] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 757] <... futex resumed>) = 1 [pid 753] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 752] <... futex resumed>) = 0 [pid 300] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 298] getdents64(4, [pid 761] <... mount resumed>) = 0 [pid 758] <... mkdir resumed>) = 0 [pid 757] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 754] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 752] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] getdents64(4, [pid 298] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 761] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 758] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 757] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 754] <... mprotect resumed>) = 0 [pid 752] <... futex resumed>) = 0 [pid 300] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 298] close(4 [pid 761] <... futex resumed>) = 1 [pid 757] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 754] rt_sigprocmask(SIG_BLOCK, ~[], [pid 753] <... futex resumed>) = 0 [pid 752] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 300] close(4 [pid 298] <... close resumed>) = 0 [pid 761] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 757] <... socket resumed>) = 6 [pid 754] <... rt_sigprocmask resumed>[], 8) = 0 [pid 753] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] <... close resumed>) = 0 [pid 298] rmdir("./19/file0" [pid 761] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 757] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 754] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 753] <... futex resumed>) = 0 [pid 300] rmdir("./20/ext4" [pid 298] <... rmdir resumed>) = 0 [pid 761] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 757] <... futex resumed>) = 1 [pid 753] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 752] <... futex resumed>) = 0 [pid 300] <... rmdir resumed>) = 0 [pid 298] getdents64(3, [pid 761] <... open resumed>) = 3 [pid 757] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 754] <... clone3 resumed> => {parent_tid=[765]}, 88) = 765 [pid 752] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] getdents64(3, [pid 298] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 761] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 757] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 754] rt_sigprocmask(SIG_SETMASK, [], [pid 752] <... futex resumed>) = 0 [pid 300] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 298] close(3 [pid 761] <... futex resumed>) = 1 [pid 757] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 3, 0 [pid 754] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 753] <... futex resumed>) = 0 [pid 752] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 300] close(3 [pid 298] <... close resumed>) = 0 ./strace-static-x86_64: Process 765 attached [pid 761] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 759] +++ killed by SIGBUS +++ [pid 757] <... mmap resumed>) = 0x20000000 [pid 754] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 753] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] <... close resumed>) = 0 [pid 298] rmdir("./19" [pid 765] set_robust_list(0x7f62204659a0, 24 [pid 761] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 760] +++ killed by SIGBUS +++ [pid 757] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 755] +++ killed by SIGBUS +++ [pid 754] <... futex resumed>) = 0 [pid 753] <... futex resumed>) = 0 [pid 300] rmdir("./20" [pid 298] <... rmdir resumed>) = 0 [pid 765] <... set_robust_list resumed>) = 0 [pid 761] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 757] <... futex resumed>) = 1 [pid 754] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 753] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 752] <... futex resumed>) = 0 [pid 300] <... rmdir resumed>) = 0 [pid 298] mkdir("./20", 0777 [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=755, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 765] rt_sigprocmask(SIG_SETMASK, [], [pid 761] <... socket resumed>) = 6 [pid 757] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 754] <... futex resumed>) = 0 [pid 752] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] mkdir("./21", 0777 [pid 298] <... mkdir resumed>) = 0 [pid 765] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 761] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 757] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 754] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 752] <... futex resumed>) = 0 [pid 300] <... mkdir resumed>) = 0 [pid 298] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 761] <... futex resumed>) = 1 [pid 757] memfd_create("syzkaller", 0 [pid 753] <... futex resumed>) = 0 [pid 300] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 298] <... openat resumed>) = 3 [pid 297] umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW [pid 761] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 757] <... memfd_create resumed>) = 7 [pid 754] <... mmap resumed>) = 0x7f6220424000 [pid 753] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] <... openat resumed>) = 3 [pid 298] ioctl(3, LOOP_CLR_FD [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 765] memfd_create("syzkaller", 0 [pid 761] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 757] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 754] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 753] <... futex resumed>) = 0 [pid 300] ioctl(3, LOOP_CLR_FD [pid 298] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 297] openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 765] <... memfd_create resumed>) = 3 [pid 761] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 3, 0 [pid 757] <... mmap resumed>) = 0x7f620fc64000 [pid 754] <... mprotect resumed>) = 0 [pid 753] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 300] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 298] close(3 [pid 297] <... openat resumed>) = 3 [pid 765] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 761] <... mmap resumed>) = 0x20000000 [pid 300] close(3 [pid 298] <... close resumed>) = 0 [pid 297] newfstatat(3, "", [pid 761] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] <... close resumed>) = 0 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 765] <... mmap resumed>) = 0x7f6218024000 [pid 761] <... futex resumed>) = 0 [pid 757] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 754] rt_sigprocmask(SIG_BLOCK, ~[], [pid 753] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 297] getdents64(3, [pid 761] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 757] <... write resumed>) = 65536 [pid 754] <... rt_sigprocmask resumed>[], 8) = 0 [pid 753] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... clone resumed>, child_tidptr=0x555556cc7690) = 767 [pid 297] <... getdents64 resumed>0x555556cc8730 /* 4 entries */, 32768) = 104 [pid 761] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 757] munmap(0x7f620fc64000, 65536 [pid 754] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 753] <... futex resumed>) = 0 [pid 300] <... clone resumed>, child_tidptr=0x555556cc7690) = 768 [pid 297] umount2("./22/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 761] memfd_create("syzkaller", 0 [pid 757] <... munmap resumed>) = 0 [pid 297] <... umount2 resumed>) = 0 [pid 765] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 761] <... memfd_create resumed>) = 7 [pid 757] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 297] umount2("./22/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 761] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 757] <... openat resumed>) = 8 [pid 754] <... clone3 resumed> => {parent_tid=[769]}, 88) = 769 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 761] <... mmap resumed>) = 0x7f620fc64000 [pid 757] ioctl(8, LOOP_SET_FD, 7 [pid 754] rt_sigprocmask(SIG_SETMASK, [], [pid 297] newfstatat(AT_FDCWD, "./22/bus", [pid 765] <... write resumed>) = 262144 [pid 761] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 757] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 754] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 761] <... write resumed>) = 65536 [pid 757] ioctl(8, LOOP_CLR_FD [pid 754] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] unlink("./22/bus" [pid 765] munmap(0x7f6218024000, 262144 [pid 761] munmap(0x7f620fc64000, 65536 [pid 757] <... ioctl resumed>) = 0 [pid 754] <... futex resumed>) = 0 [pid 297] <... unlink resumed>) = 0 [pid 761] <... munmap resumed>) = 0 [pid 754] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 761] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 765] <... munmap resumed>) = 0 [pid 761] <... openat resumed>) = 8 [pid 297] newfstatat(AT_FDCWD, "./22/binderfs", [pid 761] ioctl(8, LOOP_SET_FD, 7 [pid 297] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 761] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 765] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 297] unlink("./22/binderfs" [pid 765] <... openat resumed>) = 4 [pid 761] ioctl(8, LOOP_CLR_FD [pid 757] ioctl(8, LOOP_SET_FD, 7 [pid 297] <... unlink resumed>) = 0 ./strace-static-x86_64: Process 769 attached [pid 765] ioctl(4, LOOP_SET_FD, 3 [pid 761] <... ioctl resumed>) = 0 [ 27.151972][ T756] loop5: detected capacity change from 0 to 512 [ 27.160787][ T758] loop0: detected capacity change from 0 to 512 [ 27.181243][ T756] EXT4-fs (loop5): mounted filesystem without journal. Opts: nodiscard,barrier,nouid32,grpquota,,errors=continue. Quota mode: writeback. [pid 757] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 297] getdents64(3, [pid 757] close(8 [pid 297] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 297] close(3) = 0 [pid 297] rmdir("./22") = 0 [pid 297] mkdir("./23", 0777) = 0 [pid 297] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 297] ioctl(3, LOOP_CLR_FD [pid 761] ioctl(8, LOOP_SET_FD, 7 [pid 297] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 761] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 297] close(3 [pid 761] close(8 [pid 297] <... close resumed>) = 0 [pid 761] <... close resumed>) = 0 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 761] close(7) = 0 [pid 297] <... clone resumed>, child_tidptr=0x555556cc7690) = 771 [pid 761] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 761] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 757] <... close resumed>) = 0 [pid 757] close(7) = 0 [pid 757] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 757] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 767 attached [pid 769] set_robust_list(0x7f62204449a0, 24) = 0 ./strace-static-x86_64: Process 768 attached [pid 769] rt_sigprocmask(SIG_SETMASK, [], [pid 767] set_robust_list(0x555556cc76a0, 24 [pid 769] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 768] set_robust_list(0x555556cc76a0, 24 [pid 767] <... set_robust_list resumed>) = 0 [pid 756] <... mount resumed>) = 0 [pid 769] creat("./bus", 000 [pid 756] openat(AT_FDCWD, 0x20000000, O_RDONLY|O_DIRECTORY) = -1 ENOENT (No such file or directory) [pid 756] ioctl(5, LOOP_CLR_FD) = 0 [pid 756] close(5) = 0 [pid 756] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 756] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 769] <... creat resumed>) = 5 [pid 752] exit_group(0) = ? [pid 757] <... futex resumed>) = ? [pid 757] +++ exited with 0 +++ [pid 769] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 767] chdir("./20" [pid 769] <... futex resumed>) = 1 [pid 767] <... chdir resumed>) = 0 [pid 754] <... futex resumed>) = 0 [pid 768] <... set_robust_list resumed>) = 0 [pid 754] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 754] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 769] mount("/dev/loop3", "./bus", NULL, MS_BIND, NULL [pid 767] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 768] chdir("./21" [pid 769] <... mount resumed>) = 0 [pid 767] <... prctl resumed>) = 0 [pid 768] <... chdir resumed>) = 0 [pid 769] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 768] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 767] setpgid(0, 0 [pid 769] <... futex resumed>) = 1 [pid 756] <... futex resumed>) = ? [pid 767] <... setpgid resumed>) = 0 [pid 754] <... futex resumed>) = 0 [pid 768] <... prctl resumed>) = 0 [pid 754] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 754] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 769] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 767] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 768] setpgid(0, 0 [pid 767] <... openat resumed>) = 3 [pid 768] <... setpgid resumed>) = 0 [pid 767] write(3, "1000", 4) = 4 [pid 767] close(3 [pid 768] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 767] <... close resumed>) = 0 [pid 768] <... openat resumed>) = 3 [pid 767] symlink("/dev/binderfs", "./binderfs" [pid 768] write(3, "1000", 4 [pid 767] <... symlink resumed>) = 0 [pid 768] <... write resumed>) = 4 [pid 767] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 756] +++ exited with 0 +++ [pid 752] +++ exited with 0 +++ [pid 301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=752, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [ 27.209699][ T765] loop3: detected capacity change from 0 to 512 [ 27.221361][ T766] EXT4-fs warning (device loop0): kmmpd:170: kmmpd being stopped since MMP feature has been disabled. [ 27.223265][ T756] ext4 filesystem being mounted at /root/syzkaller.bzF58U/20/file0 supports timestamps until 2038 (0x7fffffff) [pid 301] restart_syscall(<... resuming interrupted clone ...> [pid 768] close(3 [pid 767] <... futex resumed>) = 0 [pid 301] <... restart_syscall resumed>) = 0 [pid 301] umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 301] openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 301] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 301] getdents64(3, 0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 301] umount2("./20/bus", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 771 attached [pid 771] set_robust_list(0x555556cc76a0, 24) = 0 [pid 771] chdir("./23") = 0 [pid 771] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 771] setpgid(0, 0) = 0 [pid 771] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 771] write(3, "1000", 4) = 4 [pid 771] close(3) = 0 [pid 771] symlink("/dev/binderfs", "./binderfs") = 0 [pid 771] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 771] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, NULL, 8) = 0 [pid 771] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 771] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220445000 [pid 771] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 771] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 771] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} => {parent_tid=[772]}, 88) = 772 [pid 771] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 771] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 771] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 771] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220424000 [pid 765] <... ioctl resumed>) = 0 [pid 771] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 765] close(3) = 0 [pid 765] mkdir("./file0", 0777) = 0 [pid 771] rt_sigprocmask(SIG_BLOCK, ~[], [pid 301] <... umount2 resumed>) = 0 [pid 301] umount2("./20/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 301] newfstatat(AT_FDCWD, "./20/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 301] unlink("./20/bus") = 0 [pid 301] umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 301] newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 301] unlink("./20/binderfs") = 0 [pid 771] <... rt_sigprocmask resumed>[], 8) = 0 [pid 301] umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 771] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 769] <... open resumed>) = 6 [pid 767] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 771] <... clone3 resumed> => {parent_tid=[773]}, 88) = 773 [pid 771] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 771] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 771] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 769] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 767] <... rt_sigaction resumed>NULL, 8) = 0 [pid 769] <... futex resumed>) = 1 [pid 767] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 754] <... futex resumed>) = 0 [pid 769] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 768] <... close resumed>) = 0 [pid 767] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 754] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] <... umount2 resumed>) = 0 [pid 769] <... socket resumed>) = 3 [pid 768] symlink("/dev/binderfs", "./binderfs" [pid 767] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 754] <... futex resumed>) = 0 [pid 301] umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 754] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 301] newfstatat(AT_FDCWD, "./20/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 301] umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 301] openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 301] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 301] getdents64(4, [pid 769] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 767] <... mmap resumed>) = 0x7f6220445000 [pid 301] getdents64(4, 0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 301] close(4 [pid 769] <... futex resumed>) = 1 [pid 768] <... symlink resumed>) = 0 [pid 767] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 754] <... futex resumed>) = 0 [pid 301] <... close resumed>) = 0 [pid 754] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] rmdir("./20/file0" [pid 754] <... futex resumed>) = 0 [pid 754] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] <... rmdir resumed>) = 0 [pid 301] getdents64(3, 0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 301] close(3) = 0 [pid 769] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 6, 0 [pid 301] rmdir("./20" [pid 769] <... mmap resumed>) = 0x20000000 [pid 301] <... rmdir resumed>) = 0 [pid 301] mkdir("./21", 0777 [pid 769] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] <... mkdir resumed>) = 0 [pid 301] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 769] <... futex resumed>) = 1 [pid 754] <... futex resumed>) = 0 [pid 767] <... mprotect resumed>) = 0 [pid 754] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 769] memfd_create("syzkaller", 0 [pid 754] <... futex resumed>) = 0 [pid 767] rt_sigprocmask(SIG_BLOCK, ~[], [pid 769] <... memfd_create resumed>) = 7 [pid 767] <... rt_sigprocmask resumed>[], 8) = 0 [pid 769] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 768] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 769] <... mmap resumed>) = 0x7f620fc64000 [pid 768] <... futex resumed>) = 0 [pid 767] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 769] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536) = 65536 ./strace-static-x86_64: Process 774 attached [pid 769] munmap(0x7f620fc64000, 65536 [pid 768] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 774] set_robust_list(0x7f62204659a0, 24) = 0 [pid 774] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 774] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 769] <... munmap resumed>) = 0 [pid 767] <... clone3 resumed> => {parent_tid=[774]}, 88) = 774 [pid 768] <... rt_sigaction resumed>NULL, 8) = 0 [pid 767] rt_sigprocmask(SIG_SETMASK, [], [pid 769] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 767] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 769] <... openat resumed>) = 8 [pid 767] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 769] ioctl(8, LOOP_SET_FD, 7 [pid 767] <... futex resumed>) = 1 [pid 769] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 767] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 769] ioctl(8, LOOP_CLR_FD [pid 768] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 767] <... futex resumed>) = 0 [pid 769] <... ioctl resumed>) = 0 [pid 768] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 767] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 768] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 767] <... mmap resumed>) = 0x7f6220424000 [pid 768] <... mmap resumed>) = 0x7f6220445000 [pid 767] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 768] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 767] <... mprotect resumed>) = 0 [pid 768] <... mprotect resumed>) = 0 [pid 774] <... futex resumed>) = 0 [pid 767] rt_sigprocmask(SIG_BLOCK, ~[], [pid 768] rt_sigprocmask(SIG_BLOCK, ~[], [pid 767] <... rt_sigprocmask resumed>[], 8) = 0 [pid 768] <... rt_sigprocmask resumed>[], 8) = 0 [pid 767] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 774] memfd_create("syzkaller", 0 [pid 768] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 765] mount("/dev/loop3", 0x20000000, 0x200005c0, MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"... [pid 774] <... memfd_create resumed>) = 3 [pid 774] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 767] <... clone3 resumed> => {parent_tid=[775]}, 88) = 775 [pid 774] <... mmap resumed>) = 0x7f6218024000 [pid 769] ioctl(8, LOOP_SET_FD, 7 [pid 768] <... clone3 resumed> => {parent_tid=[776]}, 88) = 776 [pid 767] rt_sigprocmask(SIG_SETMASK, [], [pid 765] <... mount resumed>) = -1 ENOENT (No such file or directory) [ 27.256262][ T758] EXT4-fs (loop0): revision level too high, forcing read-only mode ./strace-static-x86_64: Process 772 attached [pid 774] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 769] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 768] rt_sigprocmask(SIG_SETMASK, [], [pid 767] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 765] ioctl(4, LOOP_CLR_FD [pid 769] close(8 [pid 768] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 767] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 765] <... ioctl resumed>) = 0 [pid 769] <... close resumed>) = 0 [pid 768] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 772] set_robust_list(0x7f62204659a0, 24 [pid 767] <... futex resumed>) = 0 [pid 765] close(4 [pid 769] close(7 [pid 767] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 776 attached ./strace-static-x86_64: Process 775 attached ./strace-static-x86_64: Process 773 attached [pid 774] <... write resumed>) = 262144 [pid 772] <... set_robust_list resumed>) = 0 [pid 771] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 769] <... close resumed>) = 0 [pid 768] <... futex resumed>) = 0 [pid 765] <... close resumed>) = 0 [pid 301] <... openat resumed>) = 3 [pid 776] set_robust_list(0x7f62204659a0, 24 [pid 775] set_robust_list(0x7f62204449a0, 24 [pid 774] munmap(0x7f6218024000, 262144 [pid 773] set_robust_list(0x7f62204449a0, 24 [pid 772] rt_sigprocmask(SIG_SETMASK, [], [pid 771] futex(0x7f62205316ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 769] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 768] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 765] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 754] exit_group(0 [pid 301] ioctl(3, LOOP_CLR_FD [pid 776] <... set_robust_list resumed>) = 0 [pid 775] <... set_robust_list resumed>) = 0 [pid 774] <... munmap resumed>) = 0 [pid 773] <... set_robust_list resumed>) = 0 [pid 772] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 769] <... futex resumed>) = ? [pid 768] <... futex resumed>) = 0 [pid 765] <... futex resumed>) = ? [pid 754] <... exit_group resumed>) = ? [pid 301] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 776] rt_sigprocmask(SIG_SETMASK, [], [pid 775] rt_sigprocmask(SIG_SETMASK, [], [pid 774] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 773] rt_sigprocmask(SIG_SETMASK, [], [pid 772] memfd_create("syzkaller", 0 [pid 771] <... futex resumed>) = 0 [pid 769] +++ exited with 0 +++ [pid 768] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 765] +++ exited with 0 +++ [pid 754] +++ exited with 0 +++ [pid 301] close(3 [pid 776] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 775] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 774] <... openat resumed>) = 4 [pid 773] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 772] <... memfd_create resumed>) = 3 [pid 771] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 768] <... mmap resumed>) = 0x7f6220424000 [pid 301] <... close resumed>) = 0 [pid 776] memfd_create("syzkaller", 0 [pid 775] creat("./bus", 000 [pid 774] ioctl(4, LOOP_SET_FD, 3 [pid 773] creat("./bus", 000 [pid 772] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 771] <... mmap resumed>) = 0x7f6220403000 [pid 768] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [ 27.291952][ T758] EXT4-fs error (device loop0): ext4_init_orphan_info:586: comm syz-executor172: inode #0: comm syz-executor172: iget: illegal inode # [ 27.321309][ T758] EXT4-fs (loop0): get orphan inode failed [ 27.335596][ T774] loop2: detected capacity change from 0 to 512 [pid 301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=754, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 776] <... memfd_create resumed>) = 3 [pid 775] <... creat resumed>) = 5 [pid 773] <... creat resumed>) = 4 [pid 772] <... mmap resumed>) = 0x7f6218003000 [pid 768] <... mprotect resumed>) = 0 [pid 776] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 775] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 773] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 772] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 768] rt_sigprocmask(SIG_BLOCK, ~[], [pid 301] <... clone resumed>, child_tidptr=0x555556cc7690) = 777 [pid 776] <... mmap resumed>) = 0x7f6218024000 [pid 775] <... futex resumed>) = 1 [pid 773] <... futex resumed>) = 0 [pid 772] <... write resumed>) = 262144 [pid 771] mprotect(0x7f6220404000, 131072, PROT_READ|PROT_WRITE [pid 768] <... rt_sigprocmask resumed>[], 8) = 0 [pid 767] <... futex resumed>) = 0 [pid 299] umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 777 attached [pid 776] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 775] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 773] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 772] munmap(0x7f6218003000, 262144 [pid 771] <... mprotect resumed>) = 0 [pid 768] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 767] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 758] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 777] set_robust_list(0x555556cc76a0, 24 [pid 776] <... write resumed>) = 262144 [pid 775] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 774] <... ioctl resumed>) = 0 [pid 772] <... munmap resumed>) = 0 [pid 771] rt_sigprocmask(SIG_BLOCK, ~[], [pid 767] <... futex resumed>) = 0 [pid 758] ioctl(4, LOOP_CLR_FD [pid 299] openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 777] <... set_robust_list resumed>) = 0 [pid 776] munmap(0x7f6218024000, 262144 [pid 775] mount("/dev/loop2", "./bus", NULL, MS_BIND, NULL [pid 774] close(3 [pid 772] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 768] <... clone3 resumed> => {parent_tid=[778]}, 88) = 778 [pid 767] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 758] <... ioctl resumed>) = 0 [pid 777] chdir("./21" [pid 776] <... munmap resumed>) = 0 [pid 775] <... mount resumed>) = 0 [pid 774] <... close resumed>) = 0 [pid 772] <... openat resumed>) = 5 [pid 768] rt_sigprocmask(SIG_SETMASK, [], [pid 758] close(4./strace-static-x86_64: Process 778 attached [pid 777] <... chdir resumed>) = 0 [pid 776] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 775] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 774] mkdir("./file0", 0777 [ 27.339582][ T758] EXT4-fs (loop0): mount failed [pid 772] ioctl(5, LOOP_SET_FD, 3 [pid 771] <... rt_sigprocmask resumed>[], 8) = 0 [pid 768] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 758] <... close resumed>) = 0 [pid 299] <... openat resumed>) = 3 [pid 777] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 776] <... openat resumed>) = 4 [pid 775] <... futex resumed>) = 1 [pid 774] <... mkdir resumed>) = 0 [pid 768] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 767] <... futex resumed>) = 0 [pid 758] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 777] <... prctl resumed>) = 0 [pid 776] ioctl(4, LOOP_SET_FD, 3 [pid 775] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 774] mount("/dev/loop2", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 768] <... futex resumed>) = 0 [pid 767] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 758] <... futex resumed>) = 0 [pid 778] set_robust_list(0x7f62204449a0, 24 [pid 777] setpgid(0, 0 [pid 776] <... ioctl resumed>) = 0 [pid 775] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 772] <... ioctl resumed>) = 0 [pid 771] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220423990, parent_tid=0x7f6220423990, exit_signal=0, stack=0x7f6220403000, stack_size=0x20300, tls=0x7f62204236c0} [pid 768] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 767] <... futex resumed>) = 0 [pid 758] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 753] exit_group(0 [pid 299] newfstatat(3, "", [pid 777] <... setpgid resumed>) = 0 [pid 776] close(3 [pid 775] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 767] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 758] <... futex resumed>) = ? [pid 753] <... exit_group resumed>) = ? [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 777] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 776] <... close resumed>) = 0 [pid 775] <... open resumed>) = 3 [pid 771] <... clone3 resumed> => {parent_tid=[779]}, 88) = 779 [pid 761] <... futex resumed>) = ? [pid 758] +++ exited with 0 +++ [pid 777] <... openat resumed>) = 3 [pid 776] mkdir("./file0", 0777 [pid 775] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 771] rt_sigprocmask(SIG_SETMASK, [], [pid 299] getdents64(3, [pid 777] write(3, "1000", 4 [pid 776] <... mkdir resumed>) = 0 [pid 775] <... futex resumed>) = 1 [pid 771] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 767] <... futex resumed>) = 0 [pid 777] <... write resumed>) = 4 [pid 776] mount("/dev/loop4", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 775] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 771] futex(0x7f62205316e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 767] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 777] close(3 [pid 775] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 771] <... futex resumed>) = 0 [pid 767] <... futex resumed>) = 0 [pid 299] umount2("./20/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 777] <... close resumed>) = 0 [pid 775] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 771] futex(0x7f62205316ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 767] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 777] symlink("/dev/binderfs", "./binderfs" [pid 775] <... socket resumed>) = 6 [pid 299] <... umount2 resumed>) = 0 [pid 777] <... symlink resumed>) = 0 [pid 775] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] umount2("./20/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 777] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 775] <... futex resumed>) = 1 [pid 767] <... futex resumed>) = 0 [pid 777] <... futex resumed>) = 0 [pid 775] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 767] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 777] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 775] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 767] <... futex resumed>) = 0 [pid 299] newfstatat(AT_FDCWD, "./20/bus", [pid 777] <... rt_sigaction resumed>NULL, 8) = 0 [pid 775] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 3, 0 [pid 767] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 777] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 775] <... mmap resumed>) = 0x20000000 [pid 299] unlink("./20/bus" [pid 777] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 775] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 777] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 775] <... futex resumed>) = 1 [pid 767] <... futex resumed>) = 0 [pid 777] <... mmap resumed>) = 0x7f6220445000 [pid 775] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 767] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... unlink resumed>) = 0 [pid 777] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 775] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 767] <... futex resumed>) = 0 [pid 299] umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 777] <... mprotect resumed>) = 0 [pid 775] memfd_create("syzkaller", 0 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 777] rt_sigprocmask(SIG_BLOCK, ~[], [pid 775] <... memfd_create resumed>) = 7 [pid 777] <... rt_sigprocmask resumed>[], 8) = 0 [pid 775] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 299] newfstatat(AT_FDCWD, "./20/binderfs", [pid 777] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 775] <... mmap resumed>) = 0x7f620fc64000 [pid 299] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 775] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 299] unlink("./20/binderfs" [pid 778] <... set_robust_list resumed>) = 0 [pid 777] <... clone3 resumed> => {parent_tid=[780]}, 88) = 780 [pid 775] <... write resumed>) = 65536 [pid 772] close(3 [pid 777] rt_sigprocmask(SIG_SETMASK, [], [pid 775] munmap(0x7f620fc64000, 65536 [pid 299] <... unlink resumed>) = 0 [pid 778] rt_sigprocmask(SIG_SETMASK, [], [pid 777] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 775] <... munmap resumed>) = 0 [pid 772] <... close resumed>) = 0 [pid 299] umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 778] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 777] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 775] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 777] <... futex resumed>) = 0 [pid 775] <... openat resumed>) = 8 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 777] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 775] ioctl(8, LOOP_SET_FD, 7 [pid 299] newfstatat(AT_FDCWD, "./20/file0", [pid 777] <... futex resumed>) = 0 [pid 775] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 778] creat("./bus", 000 [pid 777] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 775] ioctl(8, LOOP_CLR_FD [pid 299] umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 772] mkdir("./file0", 0777 [pid 777] <... mmap resumed>) = 0x7f6220424000 [pid 775] <... ioctl resumed>) = 0 [pid 761] +++ exited with 0 +++ [pid 753] +++ exited with 0 +++ [pid 777] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=753, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 777] rt_sigprocmask(SIG_BLOCK, ~[], [pid 296] restart_syscall(<... resuming interrupted clone ...> [pid 777] <... rt_sigprocmask resumed>[], 8) = 0 [pid 777] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} => {parent_tid=[782]}, 88) = 782 [pid 777] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 777] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 777] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 780 attached [pid 780] set_robust_list(0x7f62204659a0, 24) = 0 [pid 780] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 296] <... restart_syscall resumed>) = 0 [pid 775] ioctl(8, LOOP_SET_FD, 7 [pid 296] umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW [pid 775] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 775] close(8 [pid 296] openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 775] <... close resumed>) = 0 [pid 296] <... openat resumed>) = 3 [pid 775] close(7 [pid 296] newfstatat(3, "", [pid 775] <... close resumed>) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 775] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] getdents64(3, [pid 775] <... futex resumed>) = 0 [pid 296] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 775] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 296] umount2("./19/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 780] memfd_create("syzkaller", 0) = 3 [pid 780] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6218024000 ./strace-static-x86_64: Process 782 attached [pid 782] set_robust_list(0x7f62204449a0, 24) = 0 [pid 782] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 27.363608][ T772] loop1: detected capacity change from 0 to 512 [ 27.365001][ T776] loop4: detected capacity change from 0 to 512 [ 27.389375][ T774] EXT4-fs warning (device loop2): read_mmp_block:115: Error -74 while reading MMP block 12 [pid 782] creat("./bus", 000./strace-static-x86_64: Process 779 attached [pid 780] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 778] <... creat resumed>) = 3 [pid 774] <... mount resumed>) = -1 EBADMSG (Bad message) [pid 772] <... mkdir resumed>) = 0 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... umount2 resumed>) = 0 [pid 782] <... creat resumed>) = 4 [pid 780] <... write resumed>) = 262144 [pid 779] set_robust_list(0x7f62204239a0, 24 [pid 778] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] umount2("./19/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 782] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 779] <... set_robust_list resumed>) = 0 [pid 778] <... futex resumed>) = 1 [pid 768] <... futex resumed>) = 0 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 782] <... futex resumed>) = 1 [pid 779] rt_sigprocmask(SIG_SETMASK, [], [pid 778] mount("/dev/loop4", "./bus", NULL, MS_BIND, NULL [pid 777] <... futex resumed>) = 0 [pid 768] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] newfstatat(AT_FDCWD, "./19/bus", [pid 782] mount("/dev/loop5", "./bus", NULL, MS_BIND, NULL [pid 780] munmap(0x7f6218024000, 262144 [pid 779] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 778] <... mount resumed>) = 0 [pid 777] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 768] <... futex resumed>) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 782] <... mount resumed>) = 0 [pid 780] <... munmap resumed>) = 0 [pid 779] mount("/dev/loop1", "./bus", NULL, MS_BIND, NULL [pid 778] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 777] <... futex resumed>) = 0 [pid 768] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 296] unlink("./19/bus" [pid 782] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 780] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 779] <... mount resumed>) = 0 [pid 778] <... futex resumed>) = 0 [pid 777] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 768] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 296] <... unlink resumed>) = 0 [pid 782] <... futex resumed>) = 0 [pid 780] <... openat resumed>) = 5 [pid 779] futex(0x7f62205316ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 778] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 777] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 768] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 782] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 780] ioctl(5, LOOP_SET_FD, 3 [pid 779] <... futex resumed>) = 1 [pid 778] <... open resumed>) = 5 [pid 777] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 771] <... futex resumed>) = 0 [pid 768] <... futex resumed>) = 0 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 782] <... open resumed>) = 6 [pid 779] futex(0x7f62205316e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 778] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 777] <... futex resumed>) = 0 [pid 776] <... mount resumed>) = 0 [pid 774] ioctl(4, LOOP_CLR_FD [pid 772] mount("/dev/loop1", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 771] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 768] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 296] newfstatat(AT_FDCWD, "./19/binderfs", [pid 782] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 778] <... futex resumed>) = 0 [pid 777] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 774] <... ioctl resumed>) = 0 [pid 773] <... futex resumed>) = 0 [pid 771] <... futex resumed>) = 1 [pid 768] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 299] <... openat resumed>) = 4 [pid 774] close(4 [pid 299] newfstatat(4, "", [pid 782] <... futex resumed>) = 0 [pid 780] <... ioctl resumed>) = 0 [pid 778] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 777] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 776] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 774] <... close resumed>) = 0 [pid 773] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 771] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 768] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 782] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 778] <... socket resumed>) = 6 [pid 777] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 773] <... open resumed>) = 3 [pid 768] <... futex resumed>) = 0 [pid 296] unlink("./19/binderfs" [pid 782] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 778] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 777] <... futex resumed>) = 0 [pid 773] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 768] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 296] <... unlink resumed>) = 0 [pid 782] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 780] close(3 [pid 778] <... futex resumed>) = 0 [pid 777] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 776] <... openat resumed>) = 7 [pid 773] <... futex resumed>) = 1 [pid 771] <... futex resumed>) = 0 [pid 782] <... socket resumed>) = 7 [pid 774] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 773] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 771] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 768] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 782] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 778] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 774] <... futex resumed>) = 0 [pid 773] <... socket resumed>) = 6 [pid 771] <... futex resumed>) = 0 [pid 768] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] getdents64(4, [pid 296] umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 782] <... futex resumed>) = 1 [pid 778] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 777] <... futex resumed>) = 0 [pid 774] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 773] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 771] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 768] <... futex resumed>) = 0 [pid 299] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 782] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 778] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 777] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 773] <... futex resumed>) = 0 [pid 771] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 768] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 782] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 780] <... close resumed>) = 0 [pid 778] <... mmap resumed>) = 0x20000000 [pid 777] <... futex resumed>) = 0 [pid 776] chdir(0x20000000 [pid 773] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 3, 0 [pid 771] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] getdents64(4, [pid 296] newfstatat(AT_FDCWD, "./19/file0", [pid 782] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 6, 0 [pid 778] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 777] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 771] <... futex resumed>) = 0 [pid 767] exit_group(0 [pid 773] <... mmap resumed>) = 0x20000000 [pid 780] mkdir("./file0", 0777 [pid 767] <... exit_group resumed>) = ? [pid 775] <... futex resumed>) = ? [pid 775] +++ exited with 0 +++ [pid 774] <... futex resumed>) = ? [pid 771] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 782] <... mmap resumed>) = 0x20000000 [pid 778] <... futex resumed>) = 1 [pid 768] <... futex resumed>) = 0 [pid 776] <... chdir resumed>) = -1 ENOENT (No such file or directory) [pid 782] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 778] memfd_create("syzkaller", 0 [pid 773] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 768] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] close(4 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 782] <... futex resumed>) = 1 [pid 778] <... memfd_create resumed>) = 8 [pid 777] <... futex resumed>) = 0 [pid 768] <... futex resumed>) = 0 [pid 299] <... close resumed>) = 0 [pid 782] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 778] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 777] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 773] <... futex resumed>) = 1 [pid 771] <... futex resumed>) = 0 [pid 299] rmdir("./20/file0" [pid 296] umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 782] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 778] <... mmap resumed>) = 0x7f620fc64000 [pid 777] <... futex resumed>) = 0 [pid 773] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 771] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 773] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 771] <... futex resumed>) = 0 [pid 299] <... rmdir resumed>) = 0 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 780] <... mkdir resumed>) = 0 [pid 776] ioctl(4, LOOP_CLR_FD) = 0 [pid 776] close(4) = 0 [pid 776] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 776] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 773] memfd_create("syzkaller", 0) = 7 [pid 296] openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 778] write(8, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 782] memfd_create("syzkaller", 0 [pid 773] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 299] getdents64(3, [pid 296] <... openat resumed>) = 4 [pid 782] <... memfd_create resumed>) = 3 [pid 778] <... write resumed>) = 65536 [pid 780] mount("/dev/loop5", 0x20000000, 0x200005c0, MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"...) = -1 ENOENT (No such file or directory) [pid 780] ioctl(5, LOOP_CLR_FD) = 0 [pid 780] close(5) = 0 [pid 780] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 780] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 773] <... mmap resumed>) = 0x7f620fc43000 [pid 773] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 296] newfstatat(4, "", [pid 782] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 778] munmap(0x7f620fc64000, 65536 [pid 772] <... mount resumed>) = -1 EBADMSG (Bad message) [pid 299] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 782] <... mmap resumed>) = 0x7f620fc64000 [pid 778] <... munmap resumed>) = 0 [pid 773] <... write resumed>) = 65536 [pid 772] ioctl(5, LOOP_CLR_FD [pid 299] close(3 [pid 296] getdents64(4, [pid 778] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 773] munmap(0x7f620fc43000, 65536 [pid 772] <... ioctl resumed>) = 0 [pid 299] <... close resumed>) = 0 [pid 296] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 782] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 778] <... openat resumed>) = 4 [pid 773] <... munmap resumed>) = 0 [pid 772] close(5 [pid 299] rmdir("./20" [pid 296] getdents64(4, [pid 782] <... write resumed>) = 65536 [pid 778] ioctl(4, LOOP_SET_FD, 8 [pid 773] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 772] <... close resumed>) = 0 [pid 782] munmap(0x7f620fc64000, 65536 [pid 778] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 773] <... openat resumed>) = 5 [pid 772] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... rmdir resumed>) = 0 [pid 296] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 782] <... munmap resumed>) = 0 [pid 778] ioctl(4, LOOP_CLR_FD [pid 773] ioctl(5, LOOP_SET_FD, 7 [pid 772] <... futex resumed>) = 0 [pid 299] mkdir("./21", 0777 [pid 296] close(4 [pid 782] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 778] <... ioctl resumed>) = 0 [pid 773] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 772] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 299] <... mkdir resumed>) = 0 [pid 296] <... close resumed>) = 0 [pid 782] <... openat resumed>) = 5 [pid 773] ioctl(5, LOOP_CLR_FD [pid 299] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 296] rmdir("./19/file0" [pid 782] ioctl(5, LOOP_SET_FD, 3 [pid 773] <... ioctl resumed>) = 0 [pid 299] <... openat resumed>) = 3 [pid 782] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 782] ioctl(5, LOOP_CLR_FD [pid 299] ioctl(3, LOOP_CLR_FD [pid 296] <... rmdir resumed>) = 0 [pid 782] <... ioctl resumed>) = 0 [pid 299] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 296] getdents64(3, [pid 299] close(3 [pid 296] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 299] <... close resumed>) = 0 [pid 296] close(3 [pid 778] ioctl(4, LOOP_SET_FD, 8 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 296] <... close resumed>) = 0 [pid 778] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 296] rmdir("./19"./strace-static-x86_64: Process 784 attached [pid 778] close(4 [pid 299] <... clone resumed>, child_tidptr=0x555556cc7690) = 784 [pid 296] <... rmdir resumed>) = 0 [pid 782] ioctl(5, LOOP_SET_FD, 3 [pid 778] <... close resumed>) = 0 [pid 773] ioctl(5, LOOP_SET_FD, 7 [pid 296] mkdir("./20", 0777 [pid 784] set_robust_list(0x555556cc76a0, 24 [pid 782] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 778] close(8 [pid 773] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 296] <... mkdir resumed>) = 0 [pid 784] <... set_robust_list resumed>) = 0 [pid 782] close(5 [pid 778] <... close resumed>) = 0 [pid 773] close(5 [pid 296] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 782] <... close resumed>) = 0 [pid 778] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 773] <... close resumed>) = 0 [pid 768] exit_group(0 [pid 296] <... openat resumed>) = 3 [pid 784] chdir("./21" [pid 782] close(3 [pid 778] <... futex resumed>) = ? [pid 776] <... futex resumed>) = ? [pid 773] close(7 [pid 768] <... exit_group resumed>) = ? [pid 296] ioctl(3, LOOP_CLR_FD [pid 782] <... close resumed>) = 0 [pid 778] +++ exited with 0 +++ [pid 776] +++ exited with 0 +++ [pid 773] <... close resumed>) = 0 [pid 296] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 773] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] close(3 [pid 773] <... futex resumed>) = 0 [pid 296] <... close resumed>) = 0 [pid 773] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 768] +++ exited with 0 +++ [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=768, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 784] <... chdir resumed>) = 0 [pid 782] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 771] exit_group(0 [pid 296] <... clone resumed>, child_tidptr=0x555556cc7690) = 785 [pid 782] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 779] <... futex resumed>) = ? [pid 773] <... futex resumed>) = ? [pid 772] <... futex resumed>) = ? [pid 771] <... exit_group resumed>) = ? [pid 784] prctl(PR_SET_PDEATHSIG, SIGKILL./strace-static-x86_64: Process 785 attached [pid 779] +++ exited with 0 +++ [pid 773] +++ exited with 0 +++ [pid 772] +++ exited with 0 +++ [pid 300] umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW [pid 777] exit_group(0 [pid 785] set_robust_list(0x555556cc76a0, 24 [pid 784] <... prctl resumed>) = 0 [pid 782] <... futex resumed>) = ? [pid 780] <... futex resumed>) = ? [pid 777] <... exit_group resumed>) = ? [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 785] <... set_robust_list resumed>) = 0 [pid 784] setpgid(0, 0 [pid 782] +++ exited with 0 +++ [pid 780] +++ exited with 0 +++ [pid 300] openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 785] chdir("./20" [pid 784] <... setpgid resumed>) = 0 [pid 300] <... openat resumed>) = 3 [pid 785] <... chdir resumed>) = 0 [pid 785] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 785] setpgid(0, 0 [pid 784] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 774] +++ exited with 0 +++ [pid 767] +++ exited with 0 +++ [pid 300] newfstatat(3, "", [pid 785] <... setpgid resumed>) = 0 [pid 784] <... openat resumed>) = 3 [pid 300] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 785] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 784] write(3, "1000", 4 [pid 300] getdents64(3, [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=767, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 785] <... openat resumed>) = 3 [pid 784] <... write resumed>) = 4 [pid 300] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 298] restart_syscall(<... resuming interrupted clone ...> [pid 785] write(3, "1000", 4 [pid 784] close(3 [pid 300] umount2("./21/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 785] <... write resumed>) = 4 [pid 784] <... close resumed>) = 0 [pid 785] close(3 [pid 784] symlink("/dev/binderfs", "./binderfs" [pid 300] <... umount2 resumed>) = 0 [pid 298] <... restart_syscall resumed>) = 0 [pid 785] <... close resumed>) = 0 [pid 784] <... symlink resumed>) = 0 [pid 300] umount2("./21/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 785] symlink("/dev/binderfs", "./binderfs" [pid 784] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 785] <... symlink resumed>) = 0 [pid 784] <... futex resumed>) = 0 [pid 300] newfstatat(AT_FDCWD, "./21/bus", [pid 298] umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW [pid 785] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 784] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 300] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 785] <... futex resumed>) = 0 [pid 784] <... rt_sigaction resumed>NULL, 8) = 0 [pid 300] unlink("./21/bus" [pid 298] openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 785] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 784] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 300] <... unlink resumed>) = 0 [pid 298] <... openat resumed>) = 3 [pid 785] <... rt_sigaction resumed>NULL, 8) = 0 [pid 784] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 300] umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] newfstatat(3, "", [pid 785] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 784] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 785] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 784] <... mmap resumed>) = 0x7f6220445000 [pid 300] newfstatat(AT_FDCWD, "./21/binderfs", [pid 298] getdents64(3, [pid 785] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 784] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 300] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 785] <... mmap resumed>) = 0x7f6220445000 [pid 784] <... mprotect resumed>) = 0 [pid 300] unlink("./21/binderfs" [pid 298] umount2("./20/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 785] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 784] rt_sigprocmask(SIG_BLOCK, ~[], [pid 300] <... unlink resumed>) = 0 [pid 298] <... umount2 resumed>) = 0 [pid 785] <... mprotect resumed>) = 0 [pid 784] <... rt_sigprocmask resumed>[], 8) = 0 [pid 300] umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] umount2("./20/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 785] rt_sigprocmask(SIG_BLOCK, ~[], [pid 784] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 785] <... rt_sigprocmask resumed>[], 8) = 0 [pid 298] newfstatat(AT_FDCWD, "./20/bus", [pid 785] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 784] <... clone3 resumed> => {parent_tid=[786]}, 88) = 786 [pid 298] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 784] rt_sigprocmask(SIG_SETMASK, [], [pid 298] unlink("./20/bus" [pid 785] <... clone3 resumed> => {parent_tid=[787]}, 88) = 787 [pid 784] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 298] <... unlink resumed>) = 0 [pid 785] rt_sigprocmask(SIG_SETMASK, [], [pid 784] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 785] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 784] <... futex resumed>) = 0 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 785] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 784] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] newfstatat(AT_FDCWD, "./20/binderfs", [pid 785] <... futex resumed>) = 0 [pid 784] <... futex resumed>) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 785] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 784] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 298] unlink("./20/binderfs" [pid 785] <... futex resumed>) = 0 [pid 784] <... mmap resumed>) = 0x7f6220424000 [pid 298] <... unlink resumed>) = 0 [pid 785] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 784] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 298] umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 785] <... mmap resumed>) = 0x7f6220424000 [pid 784] <... mprotect resumed>) = 0 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 785] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 784] rt_sigprocmask(SIG_BLOCK, ~[], [pid 298] newfstatat(AT_FDCWD, "./20/file0", [pid 785] <... mprotect resumed>) = 0 [pid 784] <... rt_sigprocmask resumed>[], 8) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 785] rt_sigprocmask(SIG_BLOCK, ~[], [pid 784] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 298] umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 788 attached [pid 785] <... rt_sigprocmask resumed>[], 8) = 0 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 785] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 784] <... clone3 resumed> => {parent_tid=[788]}, 88) = 788 [pid 298] openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 788] set_robust_list(0x7f62204449a0, 24 [pid 784] rt_sigprocmask(SIG_SETMASK, [], [pid 298] <... openat resumed>) = 4 [pid 785] <... clone3 resumed> => {parent_tid=[789]}, 88) = 789 [pid 784] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 788] <... set_robust_list resumed>) = 0 [pid 298] newfstatat(4, "", [pid 788] rt_sigprocmask(SIG_SETMASK, [], [pid 785] rt_sigprocmask(SIG_SETMASK, [], [pid 784] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 785] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 784] <... futex resumed>) = 0 [pid 298] getdents64(4, [pid 788] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 785] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 784] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 785] <... futex resumed>) = 0 [pid 298] getdents64(4, [pid 785] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 787 attached [pid 298] close(4) = 0 [pid 298] rmdir("./20/file0" [pid 788] creat("./bus", 000 [pid 298] <... rmdir resumed>) = 0 [pid 298] getdents64(3, 0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 787] set_robust_list(0x7f62204659a0, 24 [pid 298] close(3 [pid 787] <... set_robust_list resumed>) = 0 [pid 298] <... close resumed>) = 0 [pid 787] rt_sigprocmask(SIG_SETMASK, [], [pid 298] rmdir("./20" [pid 788] <... creat resumed>) = 3 [pid 787] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 298] <... rmdir resumed>) = 0 [pid 298] mkdir("./21", 0777 [pid 788] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 787] memfd_create("syzkaller", 0 [pid 298] <... mkdir resumed>) = 0 [pid 298] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 298] ioctl(3, LOOP_CLR_FD./strace-static-x86_64: Process 786 attached [pid 788] <... futex resumed>) = 1 [pid 787] <... memfd_create resumed>) = 3 [pid 784] <... futex resumed>) = 0 [pid 298] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 786] set_robust_list(0x7f62204659a0, 24 [pid 784] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] close(3 [pid 786] <... set_robust_list resumed>) = 0 [pid 784] <... futex resumed>) = 0 [pid 298] <... close resumed>) = 0 [pid 786] rt_sigprocmask(SIG_SETMASK, [], [pid 784] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 790 attached [pid 788] mount("/dev/loop3", "./bus", NULL, MS_BIND, NULL [pid 787] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 786] <... rt_sigprocmask resumed>NULL, 8) = 0 ./strace-static-x86_64: Process 789 attached [pid 786] memfd_create("syzkaller", 0 [pid 298] <... clone resumed>, child_tidptr=0x555556cc7690) = 790 [pid 790] set_robust_list(0x555556cc76a0, 24 [pid 789] set_robust_list(0x7f62204449a0, 24 [pid 788] <... mount resumed>) = -1 ENOENT (No such file or directory) [pid 787] <... mmap resumed>) = 0x7f6218024000 [pid 786] <... memfd_create resumed>) = 4 [pid 789] <... set_robust_list resumed>) = 0 [pid 788] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 786] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 789] rt_sigprocmask(SIG_SETMASK, [], [pid 786] <... mmap resumed>) = 0x7f6218024000 [pid 790] <... set_robust_list resumed>) = 0 [pid 789] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 788] <... futex resumed>) = 1 [pid 787] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 786] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 784] <... futex resumed>) = 0 [ 27.400829][ T776] EXT4-fs (loop4): mounted filesystem without journal. Opts: nodiscard,barrier,nouid32,grpquota,,errors=continue. Quota mode: writeback. [ 27.414794][ T776] ext4 filesystem being mounted at /root/syzkaller.Zpv55J/21/file0 supports timestamps until 2038 (0x7fffffff) [ 27.420238][ T780] loop5: detected capacity change from 0 to 512 [ 27.443132][ T772] EXT4-fs warning (device loop1): read_mmp_block:115: Error -74 while reading MMP block 12 [pid 790] chdir("./21" [pid 789] creat("./bus", 000 [pid 788] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 787] <... write resumed>) = 262144 [pid 786] <... write resumed>) = 262144 [pid 790] <... chdir resumed>) = 0 [pid 784] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 777] +++ exited with 0 +++ [pid 771] +++ exited with 0 +++ [pid 784] <... futex resumed>) = 0 [pid 784] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=771, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 297] umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 297] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(3, 0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 297] umount2("./23/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 789] <... creat resumed>) = 4 [pid 788] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 297] <... umount2 resumed>) = 0 [pid 789] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 788] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=777, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 297] umount2("./23/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 789] <... futex resumed>) = 1 [pid 788] <... open resumed>) = 5 [pid 785] <... futex resumed>) = 0 [pid 301] umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 789] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 788] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 785] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./23/bus", [pid 789] <... mount resumed>) = 0 [pid 788] <... futex resumed>) = 1 [pid 785] <... futex resumed>) = 0 [pid 784] <... futex resumed>) = 0 [pid 301] openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 297] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 789] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 788] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 785] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 784] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] <... openat resumed>) = 3 [pid 297] unlink("./23/bus" [pid 789] <... futex resumed>) = 0 [pid 788] <... socket resumed>) = 6 [pid 785] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 784] <... futex resumed>) = 0 [pid 301] newfstatat(3, "", [pid 297] <... unlink resumed>) = 0 [pid 789] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 788] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 785] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 784] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 789] <... open resumed>) = 5 [pid 788] <... futex resumed>) = 0 [pid 785] <... futex resumed>) = 0 [pid 784] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 301] getdents64(3, [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 789] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 785] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 784] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] newfstatat(AT_FDCWD, "./23/binderfs", [pid 789] <... futex resumed>) = 0 [pid 788] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 785] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 784] <... futex resumed>) = 0 [pid 301] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 297] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 789] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 785] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 784] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] umount2("./21/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] unlink("./23/binderfs" [pid 789] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 788] <... mmap resumed>) = 0x20000000 [pid 787] munmap(0x7f6218024000, 262144 [pid 785] <... futex resumed>) = 0 [pid 301] <... umount2 resumed>) = 0 [pid 297] <... unlink resumed>) = 0 [pid 789] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 788] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 785] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] umount2("./21/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 789] <... socket resumed>) = 6 [pid 788] <... futex resumed>) = 1 [pid 787] <... munmap resumed>) = 0 [pid 784] <... futex resumed>) = 0 [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 789] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 788] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000144} --- [pid 787] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 784] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] newfstatat(AT_FDCWD, "./21/bus", [pid 297] newfstatat(AT_FDCWD, "./23/file0", [pid 789] <... futex resumed>) = 1 [pid 785] <... futex resumed>) = 0 [pid 784] <... futex resumed>) = ? [pid 301] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 787] <... openat resumed>) = 7 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 789] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 785] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] unlink("./21/bus" [pid 297] umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 789] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 785] <... futex resumed>) = 0 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 789] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 787] ioctl(7, LOOP_SET_FD, 3 [pid 785] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] <... unlink resumed>) = 0 [pid 297] openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 789] <... mmap resumed>) = 0x20000000 [pid 301] umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] <... openat resumed>) = 4 [pid 789] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(4, "", [pid 789] <... futex resumed>) = 1 [pid 785] <... futex resumed>) = 0 [pid 301] newfstatat(AT_FDCWD, "./21/binderfs", [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 789] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 785] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] getdents64(4, [pid 789] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 785] <... futex resumed>) = 0 [pid 297] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 789] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000144} --- [pid 785] shutdown(0, SHUT_RD [pid 297] getdents64(4, 0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 297] close(4) = 0 [pid 297] rmdir("./23/file0" [pid 300] <... umount2 resumed>) = 0 [pid 297] <... rmdir resumed>) = 0 [pid 301] unlink("./21/binderfs" [pid 786] +++ killed by SIGBUS +++ [pid 300] umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] getdents64(3, 0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 297] close(3) = 0 [pid 297] rmdir("./23") = 0 [pid 297] mkdir("./24", 0777) = 0 [pid 297] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 297] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 297] close(3) = 0 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cc7690) = 792 ./strace-static-x86_64: Process 792 attached [pid 792] set_robust_list(0x555556cc76a0, 24) = 0 [pid 792] chdir("./24") = 0 [pid 792] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 792] setpgid(0, 0) = 0 [pid 792] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 792] write(3, "1000", 4) = 4 [pid 792] close(3) = 0 [pid 792] symlink("/dev/binderfs", "./binderfs") = 0 [pid 792] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 792] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, NULL, 8) = 0 [pid 792] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 792] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220445000 [pid 792] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 792] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 792] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} => {parent_tid=[793]}, 88) = 793 [pid 792] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 792] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 792] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 792] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220424000 [pid 792] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 792] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 792] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} => {parent_tid=[794]}, 88) = 794 [pid 792] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 792] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 792] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 794 attached [pid 794] set_robust_list(0x7f62204449a0, 24) = 0 [pid 794] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 794] creat("./bus", 000) = 3 [pid 794] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 792] <... futex resumed>) = 0 [pid 792] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 792] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 794] <... futex resumed>) = 1 [pid 794] mount("/dev/loop1", "./bus", NULL, MS_BIND, NULL [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 794] <... mount resumed>) = 0 [pid 794] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] <... unlink resumed>) = 0 [pid 300] newfstatat(AT_FDCWD, "./21/file0", [pid 301] umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 300] umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 301] newfstatat(AT_FDCWD, "./21/file0", [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 301] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 300] openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 301] umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 300] <... openat resumed>) = 4 [pid 301] openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 300] newfstatat(4, "", [pid 301] <... openat resumed>) = 4 [pid 300] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 301] newfstatat(4, "", [pid 300] getdents64(4, [pid 301] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 300] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 301] getdents64(4, [pid 300] getdents64(4, [pid 301] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 300] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 301] getdents64(4, [pid 300] close(4 [pid 301] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 300] <... close resumed>) = 0 [pid 301] close(4 [pid 300] rmdir("./21/file0" [pid 301] <... close resumed>) = 0 [pid 792] <... futex resumed>) = 0 [pid 792] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 792] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 794] <... futex resumed>) = 1 [pid 300] <... rmdir resumed>) = 0 [pid 301] rmdir("./21/file0" [pid 300] getdents64(3, [pid 794] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 4 [pid 794] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 792] <... futex resumed>) = 0 [pid 301] <... rmdir resumed>) = 0 [pid 301] getdents64(3, [pid 300] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 301] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 300] close(3 [pid 792] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] <... close resumed>) = 0 [pid 301] close(3 [pid 300] rmdir("./21" [pid 301] <... close resumed>) = 0 [pid 792] <... futex resumed>) = 0 [pid 792] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 794] <... futex resumed>) = 1 [pid 794] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 300] <... rmdir resumed>) = 0 [pid 301] rmdir("./21") = 0 [pid 794] <... socket resumed>) = 5 [pid 794] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 792] <... futex resumed>) = 0 [pid 792] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 792] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 794] <... futex resumed>) = 1 [pid 794] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 4, 0 [pid 300] mkdir("./22", 0777 [pid 301] mkdir("./22", 0777 [pid 794] <... mmap resumed>) = 0x20000000 [pid 794] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 792] <... futex resumed>) = 0 [pid 792] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 300] <... mkdir resumed>) = 0 [pid 794] <... futex resumed>) = 1 [pid 794] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000144} --- [pid 301] <... mkdir resumed>) = 0 [pid 300] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 300] ioctl(3, LOOP_CLR_FD [pid 301] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 788] +++ killed by SIGBUS +++ [pid 784] +++ killed by SIGBUS +++ [pid 300] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 787] <... ioctl resumed>) = ? [pid 301] <... openat resumed>) = 3 [pid 301] ioctl(3, LOOP_CLR_FD [pid 300] close(3 [pid 301] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=784, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 301] close(3 [pid 300] <... close resumed>) = 0 [pid 299] restart_syscall(<... resuming interrupted clone ...> [pid 301] <... close resumed>) = 0 [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 793 attached [pid 794] +++ killed by SIGBUS +++ [pid 299] <... restart_syscall resumed>) = 0 [pid 300] <... clone resumed>, child_tidptr=0x555556cc7690) = 795 [pid 299] umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 301] <... clone resumed>, child_tidptr=0x555556cc7690) = 796 [pid 299] openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 299] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(3, 0x555556cc8730 /* 4 entries */, 32768) = 104 [pid 299] umount2("./21/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./21/bus", [pid 793] +++ killed by SIGBUS +++ [pid 792] +++ killed by SIGBUS +++ [pid 299] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] unlink("./21/bus" [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=792, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 297] restart_syscall(<... resuming interrupted clone ...> [pid 299] <... unlink resumed>) = 0 [pid 299] umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] <... restart_syscall resumed>) = 0 [pid 299] newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] unlink("./21/binderfs") = 0 [pid 299] getdents64(3, 0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 297] umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 796 attached ./strace-static-x86_64: Process 795 attached [pid 790] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 299] close(3 [pid 790] <... prctl resumed>) = 0 [pid 299] <... close resumed>) = 0 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] rmdir("./21" [pid 790] setpgid(0, 0 [pid 297] openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 297] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(3, [pid 790] <... setpgid resumed>) = 0 [pid 299] <... rmdir resumed>) = 0 [pid 297] <... getdents64 resumed>0x555556cc8730 /* 4 entries */, 32768) = 104 [pid 790] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 299] mkdir("./22", 0777 [pid 297] umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 795] set_robust_list(0x555556cc76a0, 24 [pid 297] <... umount2 resumed>) = 0 [pid 297] umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] <... mkdir resumed>) = 0 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 790] <... openat resumed>) = 3 [pid 299] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 297] newfstatat(AT_FDCWD, "./24/bus", [pid 790] write(3, "1000", 4 [pid 299] <... openat resumed>) = 3 [pid 297] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 790] <... write resumed>) = 4 [pid 299] ioctl(3, LOOP_CLR_FD [pid 297] unlink("./24/bus" [pid 790] close(3 [pid 299] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 297] <... unlink resumed>) = 0 [pid 790] <... close resumed>) = 0 [pid 299] close(3 [pid 297] umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 790] symlink("/dev/binderfs", "./binderfs" [pid 299] <... close resumed>) = 0 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 297] newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] unlink("./24/binderfs") = 0 [pid 297] getdents64(3, 0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 297] close(3) = 0 [pid 299] <... clone resumed>, child_tidptr=0x555556cc7690) = 797 [pid 297] rmdir("./24" [pid 790] <... symlink resumed>) = 0 [pid 297] <... rmdir resumed>) = 0 [pid 790] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] mkdir("./25", 0777 [pid 790] <... futex resumed>) = 0 [pid 297] <... mkdir resumed>) = 0 [pid 790] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 297] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 297] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 297] close(3) = 0 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 790] <... rt_sigaction resumed>NULL, 8) = 0 [pid 790] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 790] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 297] <... clone resumed>, child_tidptr=0x555556cc7690) = 798 [pid 790] <... mmap resumed>) = 0x7f6220445000 [pid 790] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 795] <... set_robust_list resumed>) = 0 [pid 790] rt_sigprocmask(SIG_BLOCK, ~[], [pid 795] chdir("./22" [pid 790] <... rt_sigprocmask resumed>[], 8) = 0 [pid 795] <... chdir resumed>) = 0 [pid 790] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0}./strace-static-x86_64: Process 797 attached => {parent_tid=[799]}, 88) = 799 [pid 797] set_robust_list(0x555556cc76a0, 24 [pid 790] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 797] <... set_robust_list resumed>) = 0 [pid 790] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 795] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 790] <... futex resumed>) = 0 [pid 790] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 797] chdir("./22" [pid 790] <... futex resumed>) = 0 [pid 797] <... chdir resumed>) = 0 [pid 790] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 797] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 790] <... mmap resumed>) = 0x7f6220424000 [pid 797] <... prctl resumed>) = 0 [pid 790] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 795] <... prctl resumed>) = 0 [pid 790] <... mprotect resumed>) = 0 [pid 797] setpgid(0, 0) = 0 [pid 795] setpgid(0, 0 [pid 790] rt_sigprocmask(SIG_BLOCK, ~[], [pid 795] <... setpgid resumed>) = 0 [pid 790] <... rt_sigprocmask resumed>[], 8) = 0 [pid 797] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 790] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 787] +++ killed by SIGBUS +++ [pid 797] <... openat resumed>) = 3 ./strace-static-x86_64: Process 798 attached [pid 797] write(3, "1000", 4 [pid 795] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 790] <... clone3 resumed> => {parent_tid=[800]}, 88) = 800 [pid 798] set_robust_list(0x555556cc76a0, 24 [pid 797] <... write resumed>) = 4 [pid 796] set_robust_list(0x555556cc76a0, 24 [pid 795] <... openat resumed>) = 3 [pid 790] rt_sigprocmask(SIG_SETMASK, [], [pid 798] <... set_robust_list resumed>) = 0 [pid 797] close(3 [pid 796] <... set_robust_list resumed>) = 0 [pid 795] write(3, "1000", 4 [pid 790] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 798] chdir("./25" [pid 797] <... close resumed>) = 0 [pid 796] chdir("./22" [pid 795] <... write resumed>) = 4 [pid 790] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 798] <... chdir resumed>) = 0 [pid 797] symlink("/dev/binderfs", "./binderfs" [pid 790] <... futex resumed>) = 0 [pid 796] <... chdir resumed>) = 0 [pid 795] close(3 [pid 790] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 798] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 797] <... symlink resumed>) = 0 [pid 798] <... prctl resumed>) = 0 [pid 797] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 796] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 795] <... close resumed>) = 0 [pid 798] setpgid(0, 0 [pid 797] <... futex resumed>) = 0 [pid 796] <... prctl resumed>) = 0 [pid 795] symlink("/dev/binderfs", "./binderfs"./strace-static-x86_64: Process 800 attached ./strace-static-x86_64: Process 799 attached [pid 798] <... setpgid resumed>) = 0 [pid 797] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 796] setpgid(0, 0 [pid 795] <... symlink resumed>) = 0 [pid 800] set_robust_list(0x7f62204449a0, 24 [pid 799] set_robust_list(0x7f62204659a0, 24 [pid 798] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 797] <... rt_sigaction resumed>NULL, 8) = 0 [pid 800] <... set_robust_list resumed>) = 0 [pid 799] <... set_robust_list resumed>) = 0 [pid 798] <... openat resumed>) = 3 [pid 797] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 796] <... setpgid resumed>) = 0 [pid 795] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 800] rt_sigprocmask(SIG_SETMASK, [], [pid 799] rt_sigprocmask(SIG_SETMASK, [], [pid 798] write(3, "1000", 4 [pid 797] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 795] <... futex resumed>) = 0 [pid 800] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 799] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 798] <... write resumed>) = 4 [pid 797] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 796] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 800] creat("./bus", 000 [pid 799] memfd_create("syzkaller", 0 [pid 798] close(3 [pid 797] <... mmap resumed>) = 0x7f6220445000 [pid 800] <... creat resumed>) = 4 [pid 799] <... memfd_create resumed>) = 3 [pid 798] <... close resumed>) = 0 [pid 797] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 796] <... openat resumed>) = 3 [pid 795] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 800] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 799] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 798] symlink("/dev/binderfs", "./binderfs" [pid 797] <... mprotect resumed>) = 0 [pid 800] <... futex resumed>) = 1 [pid 799] <... mmap resumed>) = 0x7f6218024000 [pid 796] write(3, "1000", 4 [pid 795] <... rt_sigaction resumed>NULL, 8) = 0 [pid 790] <... futex resumed>) = 0 [pid 798] <... symlink resumed>) = 0 [pid 797] rt_sigprocmask(SIG_BLOCK, ~[], [pid 798] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 797] <... rt_sigprocmask resumed>[], 8) = 0 [pid 796] <... write resumed>) = 4 [pid 795] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 790] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 798] <... futex resumed>) = 0 [pid 797] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 796] close(3 [pid 795] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 790] <... futex resumed>) = 0 ./strace-static-x86_64: Process 801 attached [pid 800] mount("/dev/loop2", "./bus", NULL, MS_BIND, NULL [pid 799] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 798] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 796] <... close resumed>) = 0 [pid 795] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 790] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 801] set_robust_list(0x7f62204659a0, 24 [pid 800] <... mount resumed>) = 0 [pid 796] symlink("/dev/binderfs", "./binderfs" [pid 795] <... mmap resumed>) = 0x7f6220445000 [pid 801] <... set_robust_list resumed>) = 0 [pid 796] <... symlink resumed>) = 0 [pid 795] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 801] rt_sigprocmask(SIG_SETMASK, [], [pid 796] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 795] <... mprotect resumed>) = 0 [pid 801] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 796] <... futex resumed>) = 0 [pid 795] rt_sigprocmask(SIG_BLOCK, ~[], [pid 801] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 800] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 799] <... write resumed>) = 262144 [pid 798] <... rt_sigaction resumed>NULL, 8) = 0 [pid 797] <... clone3 resumed> => {parent_tid=[801]}, 88) = 801 [pid 796] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 795] <... rt_sigprocmask resumed>[], 8) = 0 [pid 800] <... futex resumed>) = 1 [pid 799] munmap(0x7f6218024000, 262144 [pid 798] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 797] rt_sigprocmask(SIG_SETMASK, [], [pid 796] <... rt_sigaction resumed>NULL, 8) = 0 [pid 795] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 790] <... futex resumed>) = 0 ./strace-static-x86_64: Process 802 attached [pid 800] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 799] <... munmap resumed>) = 0 [pid 798] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 797] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 796] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 790] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 800] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 799] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 798] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 797] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 796] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 795] <... clone3 resumed> => {parent_tid=[802]}, 88) = 802 [pid 790] <... futex resumed>) = 0 [pid 802] set_robust_list(0x7f62204659a0, 24 [pid 801] <... futex resumed>) = 0 [pid 800] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 799] <... openat resumed>) = 5 [pid 798] <... mmap resumed>) = 0x7f6220445000 [pid 797] <... futex resumed>) = 1 [pid 796] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 795] rt_sigprocmask(SIG_SETMASK, [], [pid 790] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 802] <... set_robust_list resumed>) = 0 [pid 800] <... open resumed>) = 6 [pid 799] ioctl(5, LOOP_SET_FD, 3 [pid 798] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 797] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 796] <... mmap resumed>) = 0x7f6220445000 [pid 795] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 800] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 796] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 795] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 796] <... mprotect resumed>) = 0 [pid 795] <... futex resumed>) = 0 [pid 796] rt_sigprocmask(SIG_BLOCK, ~[], [pid 795] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 796] <... rt_sigprocmask resumed>[], 8) = 0 [pid 795] <... futex resumed>) = 0 [pid 796] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 795] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220424000 [pid 796] <... clone3 resumed> => {parent_tid=[803]}, 88) = 803 [pid 795] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 796] rt_sigprocmask(SIG_SETMASK, [], [pid 795] <... mprotect resumed>) = 0 [pid 796] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 795] rt_sigprocmask(SIG_BLOCK, ~[], [pid 796] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 795] <... rt_sigprocmask resumed>[], 8) = 0 [pid 796] <... futex resumed>) = 0 [pid 795] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 796] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 795] <... clone3 resumed> => {parent_tid=[804]}, 88) = 804 [pid 796] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 795] rt_sigprocmask(SIG_SETMASK, [], [pid 796] <... mmap resumed>) = 0x7f6220424000 [pid 795] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 796] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 795] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 796] <... mprotect resumed>) = 0 [pid 795] <... futex resumed>) = 0 [pid 796] rt_sigprocmask(SIG_BLOCK, ~[], [pid 795] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 796] <... rt_sigprocmask resumed>[], 8) = 0 [pid 796] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} => {parent_tid=[805]}, 88) = 805 [pid 796] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 796] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 796] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 805 attached [pid 805] set_robust_list(0x7f62204449a0, 24) = 0 [pid 805] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 805] creat("./bus", 000) = 3 ./strace-static-x86_64: Process 804 attached [pid 804] set_robust_list(0x7f62204449a0, 24) = 0 [pid 804] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 804] creat("./bus", 000) = 3 [pid 805] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 796] <... futex resumed>) = 0 [pid 796] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 796] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 805] <... futex resumed>) = 1 [pid 805] mount("/dev/loop5", "./bus", NULL, MS_BIND, NULL) = 0 [pid 804] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 805] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 795] <... futex resumed>) = 0 [pid 795] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 795] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 796] <... futex resumed>) = 0 [pid 796] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 796] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 804] <... futex resumed>) = 1 [pid 805] <... futex resumed>) = 1 [pid 805] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 804] mount("/dev/loop4", "./bus", NULL, MS_BIND, NULL [pid 805] <... open resumed>) = 4 [pid 805] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 804] <... mount resumed>) = 0 [pid 796] <... futex resumed>) = 0 [pid 796] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 796] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 805] <... futex resumed>) = 1 [pid 805] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE) = 5 [pid 804] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 795] <... futex resumed>) = 0 [pid 795] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 795] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 805] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 804] <... futex resumed>) = 1 [pid 804] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 796] <... futex resumed>) = 0 [pid 796] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 796] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 797] <... futex resumed>) = 0 [pid 798] <... mprotect resumed>) = 0 [pid 800] <... futex resumed>) = 1 [pid 797] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 790] <... futex resumed>) = 0 [pid 800] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 798] rt_sigprocmask(SIG_BLOCK, ~[], [pid 797] <... mmap resumed>) = 0x7f6220424000 [pid 790] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 800] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 798] <... rt_sigprocmask resumed>[], 8) = 0 [pid 797] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 790] <... futex resumed>) = 0 [pid 800] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 798] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 797] <... mprotect resumed>) = 0 [pid 790] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 803 attached [pid 805] <... futex resumed>) = 1 [pid 804] <... open resumed>) = 4 [pid 802] rt_sigprocmask(SIG_SETMASK, [], [pid 801] memfd_create("syzkaller", 0 [pid 800] <... socket resumed>) = 7 [pid 799] <... ioctl resumed>) = 0 [pid 805] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 4, 0 [pid 804] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 805] <... mmap resumed>) = 0x20000000 [pid 804] <... futex resumed>) = 1 [pid 797] rt_sigprocmask(SIG_BLOCK, ~[], [pid 795] <... futex resumed>) = 0 [pid 805] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 804] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 800] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 797] <... rt_sigprocmask resumed>[], 8) = 0 [pid 795] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 805] <... futex resumed>) = 1 [pid 804] <... socket resumed>) = 5 [pid 800] <... futex resumed>) = 1 [pid 798] <... clone3 resumed> => {parent_tid=[806]}, 88) = 806 [pid 797] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 796] <... futex resumed>) = 0 [pid 795] <... futex resumed>) = 0 [pid 790] <... futex resumed>) = 0 [pid 805] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000144} --- [pid 804] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 801] <... memfd_create resumed>) = 3 [pid 800] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 798] rt_sigprocmask(SIG_SETMASK, [], [pid 796] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 795] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 790] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 806 attached ./strace-static-x86_64: Process 807 attached [pid 804] <... futex resumed>) = 0 [pid 802] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 801] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 800] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 799] close(3 [pid 798] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 797] <... clone3 resumed> => {parent_tid=[807]}, 88) = 807 [pid 796] <... futex resumed>) = ? [pid 795] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 790] <... futex resumed>) = 0 [pid 804] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 800] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 6, 0 [pid 798] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 797] rt_sigprocmask(SIG_SETMASK, [], [pid 795] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 790] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 807] set_robust_list(0x7f62204449a0, 24 [pid 806] set_robust_list(0x7f62204659a0, 24 [pid 802] memfd_create("syzkaller", 0 [pid 801] <... mmap resumed>) = 0x7f6218024000 [pid 799] <... close resumed>) = 0 [pid 803] +++ killed by SIGBUS +++ [pid 795] <... futex resumed>) = 0 [pid 800] <... mmap resumed>) = 0x20000000 [pid 798] <... futex resumed>) = 0 [pid 797] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 795] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 804] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 797] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 798] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 797] <... futex resumed>) = 0 [pid 798] <... futex resumed>) = 0 [pid 797] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 800] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 798] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 800] <... futex resumed>) = 1 [pid 798] <... mmap resumed>) = 0x7f6220424000 [pid 790] <... futex resumed>) = 0 [pid 800] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 798] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 790] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 800] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 798] <... mprotect resumed>) = 0 [pid 790] <... futex resumed>) = 0 [pid 804] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 4, 0) = 0x20000000 [pid 804] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 795] <... futex resumed>) = 0 [pid 804] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 795] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 804] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 795] <... futex resumed>) = 0 [pid 800] memfd_create("syzkaller", 0 [pid 798] rt_sigprocmask(SIG_BLOCK, ~[], [pid 804] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000144} --- [pid 800] <... memfd_create resumed>) = 3 [pid 798] <... rt_sigprocmask resumed>[], 8) = 0 [pid 795] read(0, [pid 801] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 800] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f620fc64000 [pid 798] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 800] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536) = 65536 [pid 800] munmap(0x7f620fc64000, 65536) = 0 [pid 798] <... clone3 resumed> => {parent_tid=[808]}, 88) = 808 [pid 800] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 798] rt_sigprocmask(SIG_SETMASK, [], [pid 806] <... set_robust_list resumed>) = 0 [pid 802] <... memfd_create resumed>) = ? [pid 801] <... write resumed>) = 262144 [pid 800] <... openat resumed>) = 8 [pid 799] mkdir(0x20000000, 0777 [pid 798] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 800] ioctl(8, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 798] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 802] +++ killed by SIGBUS +++ [pid 801] munmap(0x7f6218024000, 262144 [pid 800] ioctl(8, LOOP_CLR_FD [pid 798] <... futex resumed>) = 0 [pid 807] <... set_robust_list resumed>) = 0 [pid 806] rt_sigprocmask(SIG_SETMASK, [], [pid 805] +++ killed by SIGBUS +++ [pid 804] +++ killed by SIGBUS +++ [pid 800] <... ioctl resumed>) = 0 [pid 799] <... mkdir resumed>) = 0 [pid 798] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 796] +++ killed by SIGBUS +++ [pid 795] +++ killed by SIGBUS +++ [pid 801] <... munmap resumed>) = 0 [pid 301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=796, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=795, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- ./strace-static-x86_64: Process 808 attached [pid 808] set_robust_list(0x7f62204449a0, 24) = 0 [pid 301] umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW [pid 808] rt_sigprocmask(SIG_SETMASK, [], [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 300] umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW [pid 301] openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 808] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 301] <... openat resumed>) = 3 [pid 300] openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 808] creat("./bus", 000 [pid 801] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 301] newfstatat(3, "", [pid 808] <... creat resumed>) = 3 [pid 807] rt_sigprocmask(SIG_SETMASK, [], [pid 806] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 801] <... openat resumed>) = 4 [pid 799] mount("/dev/loop2", 0x20000000, 0x200005c0, MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"... [pid 789] +++ killed by SIGBUS +++ [pid 785] +++ killed by SIGBUS +++ [ 27.508815][ T787] loop0: detected capacity change from 0 to 512 [ 27.540894][ T799] loop2: detected capacity change from 0 to 512 [pid 301] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 300] <... openat resumed>) = 3 [pid 808] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 801] ioctl(4, LOOP_SET_FD, 3 [pid 800] ioctl(8, LOOP_SET_FD, 3 [pid 799] <... mount resumed>) = -1 ENODEV (No such device) [pid 301] getdents64(3, [pid 300] newfstatat(3, "", [pid 808] <... futex resumed>) = 1 [pid 800] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 799] ioctl(5, LOOP_CLR_FD [pid 798] <... futex resumed>) = 0 [pid 301] <... getdents64 resumed>0x555556cc8730 /* 4 entries */, 32768) = 104 [pid 300] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 808] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 800] close(8 [pid 799] <... ioctl resumed>) = 0 [pid 798] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 808] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 800] <... close resumed>) = 0 [pid 799] close(5 [pid 798] <... futex resumed>) = 0 [pid 808] mount("/dev/loop1", "./bus", NULL, MS_BIND, NULL [pid 800] close(3 [pid 799] <... close resumed>) = 0 [pid 798] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 808] <... mount resumed>) = 0 [pid 800] <... close resumed>) = 0 [pid 799] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 808] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 800] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 799] <... futex resumed>) = 0 [pid 808] <... futex resumed>) = 1 [pid 800] <... futex resumed>) = 0 [pid 799] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 798] <... futex resumed>) = 0 [pid 808] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 800] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 798] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 808] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 798] <... futex resumed>) = 0 [pid 808] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 798] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 808] <... open resumed>) = 4 [pid 808] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 798] <... futex resumed>) = 0 [pid 808] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 798] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 808] <... socket resumed>) = 5 [pid 798] <... futex resumed>) = 0 [pid 808] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 798] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 808] <... futex resumed>) = 0 [pid 798] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 808] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 4, 0 [pid 798] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 808] <... mmap resumed>) = 0x20000000 [pid 798] <... futex resumed>) = 0 [pid 808] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 798] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 808] <... futex resumed>) = 0 [pid 798] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 808] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000144} --- [pid 798] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = ? [pid 807] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 807] creat("./bus", 000) = 5 [pid 807] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 807] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 806] +++ killed by SIGBUS +++ [pid 808] +++ killed by SIGBUS +++ [pid 798] +++ killed by SIGBUS +++ [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=798, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 297] umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 297] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(3, 0x555556cc8730 /* 4 entries */, 32768) = 104 [pid 297] umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 301] umount2("./22/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] getdents64(3, 0x555556cc8730 /* 4 entries */, 32768) = 104 [pid 300] umount2("./22/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=785, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 296] umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 801] <... ioctl resumed>) = 0 [pid 797] <... futex resumed>) = 0 [pid 301] <... umount2 resumed>) = 0 [pid 300] <... umount2 resumed>) = 0 [pid 297] <... umount2 resumed>) = 0 [pid 296] openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 801] close(3 [pid 797] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 790] exit_group(0 [pid 301] umount2("./22/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] umount2("./22/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... openat resumed>) = 3 [pid 807] <... futex resumed>) = 0 [pid 801] <... close resumed>) = 0 [pid 800] <... futex resumed>) = ? [pid 799] <... futex resumed>) = ? [pid 797] <... futex resumed>) = 1 [pid 790] <... exit_group resumed>) = ? [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(3, "", [pid 800] +++ exited with 0 +++ [pid 797] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] newfstatat(AT_FDCWD, "./22/bus", [pid 300] newfstatat(AT_FDCWD, "./22/bus", [pid 297] newfstatat(AT_FDCWD, "./25/bus", [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 807] mount("/dev/loop3", "./bus", NULL, MS_BIND, NULL [pid 801] mkdir("./file0", 0777 [pid 301] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 300] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] getdents64(3, [pid 301] unlink("./22/bus" [pid 300] unlink("./22/bus" [pid 297] unlink("./25/bus" [pid 296] <... getdents64 resumed>0x555556cc8730 /* 4 entries */, 32768) = 104 [pid 807] <... mount resumed>) = 0 [pid 801] <... mkdir resumed>) = 0 [pid 301] <... unlink resumed>) = 0 [pid 300] <... unlink resumed>) = 0 [pid 297] <... unlink resumed>) = 0 [pid 296] umount2("./20/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 807] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... umount2 resumed>) = 0 [pid 807] <... futex resumed>) = 1 [pid 797] <... futex resumed>) = 0 [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] umount2("./20/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 807] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 797] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] newfstatat(AT_FDCWD, "./22/binderfs", [pid 300] newfstatat(AT_FDCWD, "./22/binderfs", [pid 297] newfstatat(AT_FDCWD, "./25/binderfs", [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 807] <... open resumed>) = 3 [pid 801] mount("/dev/loop3", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 797] <... futex resumed>) = 0 [pid 301] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 300] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] newfstatat(AT_FDCWD, "./20/bus", [pid 807] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 797] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] unlink("./22/binderfs" [pid 300] unlink("./22/binderfs" [pid 297] unlink("./25/binderfs" [pid 296] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 807] <... futex resumed>) = 0 [pid 797] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 301] <... unlink resumed>) = 0 [pid 300] <... unlink resumed>) = 0 [pid 297] <... unlink resumed>) = 0 [pid 296] unlink("./20/bus" [pid 807] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 797] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] getdents64(3, [pid 300] getdents64(3, [pid 297] getdents64(3, [pid 296] <... unlink resumed>) = 0 [pid 807] <... socket resumed>) = 6 [pid 797] <... futex resumed>) = 0 [pid 301] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 300] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 297] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 296] umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 807] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 797] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] close(3 [pid 300] close(3 [pid 297] close(3 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 807] <... futex resumed>) = 0 [pid 797] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 301] <... close resumed>) = 0 [pid 300] <... close resumed>) = 0 [pid 297] <... close resumed>) = 0 [pid 296] newfstatat(AT_FDCWD, "./20/binderfs", [pid 807] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 3, 0 [pid 797] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] rmdir("./22" [pid 300] rmdir("./22" [pid 297] rmdir("./25" [pid 296] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 807] <... mmap resumed>) = 0x20000000 [pid 797] <... futex resumed>) = 0 [pid 301] <... rmdir resumed>) = 0 [pid 300] <... rmdir resumed>) = 0 [pid 297] <... rmdir resumed>) = 0 [pid 296] unlink("./20/binderfs" [pid 807] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 797] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] mkdir("./23", 0777 [pid 300] mkdir("./23", 0777 [pid 297] mkdir("./26", 0777 [pid 296] <... unlink resumed>) = 0 [pid 807] <... futex resumed>) = 0 [pid 797] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 301] <... mkdir resumed>) = 0 [pid 300] <... mkdir resumed>) = 0 [pid 297] <... mkdir resumed>) = 0 [pid 296] getdents64(3, [pid 807] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 797] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 300] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 297] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 296] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 807] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 797] <... futex resumed>) = 0 [pid 301] <... openat resumed>) = 3 [pid 300] <... openat resumed>) = 3 [pid 297] <... openat resumed>) = 3 [pid 296] close(3 [pid 807] memfd_create("syzkaller", 0 [pid 301] ioctl(3, LOOP_CLR_FD [pid 300] ioctl(3, LOOP_CLR_FD [pid 297] ioctl(3, LOOP_CLR_FD [pid 296] <... close resumed>) = 0 [pid 301] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 300] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 297] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 296] rmdir("./20" [pid 301] close(3 [pid 300] close(3 [pid 297] close(3 [pid 296] <... rmdir resumed>) = 0 [pid 301] <... close resumed>) = 0 [pid 300] <... close resumed>) = 0 [pid 297] <... close resumed>) = 0 [pid 296] mkdir("./21", 0777 [pid 301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 296] <... mkdir resumed>) = 0 [pid 296] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 301] <... clone resumed>, child_tidptr=0x555556cc7690) = 809 [pid 300] <... clone resumed>, child_tidptr=0x555556cc7690) = 810 [pid 297] <... clone resumed>, child_tidptr=0x555556cc7690) = 811 [pid 296] <... openat resumed>) = 3 [pid 296] ioctl(3, LOOP_CLR_FD./strace-static-x86_64: Process 811 attached [pid 811] set_robust_list(0x555556cc76a0, 24) = 0 [pid 811] chdir("./26") = 0 [pid 811] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 811] setpgid(0, 0) = 0 [pid 811] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 811] write(3, "1000", 4) = 4 [pid 811] close(3) = 0 [pid 811] symlink("/dev/binderfs", "./binderfs") = 0 [pid 811] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 811] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, NULL, 8) = 0 [pid 811] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 811] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220445000 [pid 811] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 811] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 811] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0}./strace-static-x86_64: Process 809 attached [pid 809] set_robust_list(0x555556cc76a0, 24) = 0 [pid 809] chdir("./23" [pid 811] <... clone3 resumed> => {parent_tid=[812]}, 88) = 812 [pid 811] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 811] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 811] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 809] <... chdir resumed>) = 0 [pid 811] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220424000 [pid 809] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 811] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 809] setpgid(0, 0 [pid 811] <... mprotect resumed>) = 0 [pid 809] <... setpgid resumed>) = 0 [pid 811] rt_sigprocmask(SIG_BLOCK, ~[], [pid 809] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 811] <... rt_sigprocmask resumed>[], 8) = 0 [pid 811] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 801] <... mount resumed>) = -1 EBADMSG (Bad message) [pid 801] ioctl(4, LOOP_CLR_FD) = 0 [pid 801] close(4) = 0 [pid 801] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 799] +++ exited with 0 +++ [pid 790] +++ exited with 0 +++ [pid 801] <... futex resumed>) = 0 [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=790, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 801] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 298] restart_syscall(<... resuming interrupted clone ...> [pid 809] <... openat resumed>) = 3 [pid 811] <... clone3 resumed> => {parent_tid=[813]}, 88) = 813 [pid 811] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 809] write(3, "1000", 4 [pid 811] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 809] <... write resumed>) = 4 [pid 811] <... futex resumed>) = 0 [pid 809] close(3 [pid 811] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 809] <... close resumed>) = 0 [pid 809] symlink("/dev/binderfs", "./binderfs" [pid 298] <... restart_syscall resumed>) = 0 [pid 298] umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW [pid 807] <... memfd_create resumed>) = 4 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 807] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 298] openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 807] <... mmap resumed>) = 0x7f620fc64000 [pid 298] <... openat resumed>) = 3 [pid 298] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(3, 0x555556cc8730 /* 5 entries */, 32768) = 128 [pid 807] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 298] umount2("./21/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 809] <... symlink resumed>) = 0 [pid 298] <... umount2 resumed>) = 0 [pid 807] <... write resumed>) = 65536 [pid 807] munmap(0x7f620fc64000, 65536 [pid 298] umount2("./21/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 809] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 807] <... munmap resumed>) = 0 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 809] <... futex resumed>) = 0 [pid 807] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 298] newfstatat(AT_FDCWD, "./21/bus", [pid 809] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 807] <... openat resumed>) = 7 [pid 298] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 809] <... rt_sigaction resumed>NULL, 8) = 0 [pid 807] ioctl(7, LOOP_SET_FD, 4 [pid 298] unlink("./21/bus" [pid 809] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 807] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 298] <... unlink resumed>) = 0 [pid 809] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 807] ioctl(7, LOOP_CLR_FD [pid 298] umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 807] <... ioctl resumed>) = 0 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./21/binderfs", [pid 809] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 809] <... mmap resumed>) = 0x7f6220445000 [pid 298] unlink("./21/binderfs" [pid 809] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 298] <... unlink resumed>) = 0 [pid 809] rt_sigprocmask(SIG_BLOCK, ~[], [pid 298] umount2("./21/ext4", MNT_DETACH|UMOUNT_NOFOLLOW [pid 809] <... rt_sigprocmask resumed>[], 8) = 0 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 809] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 298] newfstatat(AT_FDCWD, "./21/ext4", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 809] <... clone3 resumed> => {parent_tid=[814]}, 88) = 814 [pid 807] ioctl(7, LOOP_SET_FD, 4 [pid 298] umount2("./21/ext4", MNT_DETACH|UMOUNT_NOFOLLOW [pid 809] rt_sigprocmask(SIG_SETMASK, [], [pid 807] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 807] close(7 [pid 298] openat(AT_FDCWD, "./21/ext4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 809] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 807] <... close resumed>) = 0 [pid 298] <... openat resumed>) = 4 [pid 807] close(4 [pid 298] newfstatat(4, "", [pid 809] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 807] <... close resumed>) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 807] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 809] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 807] <... futex resumed>) = 0 [pid 298] getdents64(4, [pid 809] <... futex resumed>) = 0 [pid 807] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 809] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 298] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 809] <... mmap resumed>) = 0x7f6220424000 [pid 809] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 298] getdents64(4, [pid 809] <... mprotect resumed>) = 0 [pid 298] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 809] rt_sigprocmask(SIG_BLOCK, ~[], [pid 298] close(4 [pid 809] <... rt_sigprocmask resumed>[], 8) = 0 [pid 797] exit_group(0 [pid 809] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 797] <... exit_group resumed>) = ? [pid 298] <... close resumed>) = 0 [pid 801] <... futex resumed>) = 230 [pid 807] <... futex resumed>) = ? [pid 809] <... clone3 resumed> => {parent_tid=[815]}, 88) = 815 [pid 298] rmdir("./21/ext4" [pid 809] rt_sigprocmask(SIG_SETMASK, [], [pid 801] +++ exited with 0 +++ [pid 809] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 809] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 809] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] <... rmdir resumed>) = 0 ./strace-static-x86_64: Process 813 attached [pid 813] set_robust_list(0x7f62204449a0, 24) = 0 [pid 813] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 813] creat("./bus", 000) = 3 [pid 298] getdents64(3, 0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 298] close(3 [pid 813] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... close resumed>) = 0 [pid 811] <... futex resumed>) = 0 [pid 298] rmdir("./21" [pid 811] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 813] <... futex resumed>) = 1 [pid 811] <... futex resumed>) = 0 [pid 813] mount("/dev/loop1", "./bus", NULL, MS_BIND, NULL [pid 811] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 813] <... mount resumed>) = 0 [pid 298] <... rmdir resumed>) = 0 [pid 813] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] mkdir("./22", 0777 [pid 813] <... futex resumed>) = 1 [pid 811] <... futex resumed>) = 0 [pid 813] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 811] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 813] <... open resumed>) = 4 [pid 811] <... futex resumed>) = 0 [pid 813] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 811] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 814 attached [pid 813] <... futex resumed>) = 0 [pid 811] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 298] <... mkdir resumed>) = 0 [pid 814] set_robust_list(0x7f62204659a0, 24 [pid 813] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 811] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 814] <... set_robust_list resumed>) = 0 [pid 813] <... socket resumed>) = 5 [pid 811] <... futex resumed>) = 0 [pid 298] <... openat resumed>) = 3 ./strace-static-x86_64: Process 810 attached [pid 814] rt_sigprocmask(SIG_SETMASK, [], [pid 813] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 811] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] ioctl(3, LOOP_CLR_FD [pid 814] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 813] <... futex resumed>) = 0 [pid 811] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 298] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 814] memfd_create("syzkaller", 0 [pid 813] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 4, 0 [pid 811] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 810] set_robust_list(0x555556cc76a0, 24 [pid 298] close(3./strace-static-x86_64: Process 815 attached [pid 814] <... memfd_create resumed>) = 3 [pid 813] <... mmap resumed>) = 0x20000000 [pid 811] <... futex resumed>) = 0 [pid 298] <... close resumed>) = 0 [pid 810] <... set_robust_list resumed>) = 0 [pid 815] set_robust_list(0x7f62204449a0, 24 [pid 814] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 813] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 811] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 815] <... set_robust_list resumed>) = 0 [pid 814] <... mmap resumed>) = 0x7f6218024000 [pid 813] <... futex resumed>) = 0 [pid 811] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 815] rt_sigprocmask(SIG_SETMASK, [], [pid 814] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 813] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000144} --- [pid 811] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 810] chdir("./23"./strace-static-x86_64: Process 812 attached [pid 815] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 814] <... write resumed>) = 262144 [pid 811] <... futex resumed>) = ? [pid 810] <... chdir resumed>) = 0 [pid 298] <... clone resumed>, child_tidptr=0x555556cc7690) = 816 [pid 815] creat("./bus", 000 [pid 810] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 815] <... creat resumed>) = 4 [pid 812] +++ killed by SIGBUS +++ [pid 810] <... prctl resumed>) = 0 [pid 815] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 813] +++ killed by SIGBUS +++ [pid 811] +++ killed by SIGBUS +++ [pid 810] setpgid(0, 0./strace-static-x86_64: Process 816 attached [pid 815] <... futex resumed>) = 1 [pid 814] munmap(0x7f6218024000, 262144 [pid 810] <... setpgid resumed>) = 0 [pid 809] <... futex resumed>) = 0 [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=811, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 816] set_robust_list(0x555556cc76a0, 24 [pid 815] mount("/dev/loop5", "./bus", NULL, MS_BIND, NULL [pid 814] <... munmap resumed>) = 0 [pid 810] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 809] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 815] <... mount resumed>) = 0 [pid 814] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 810] <... openat resumed>) = 3 [pid 809] <... futex resumed>) = 0 [pid 816] <... set_robust_list resumed>) = 0 [pid 815] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 814] <... openat resumed>) = 5 [pid 810] write(3, "1000", 4 [pid 809] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW [pid 815] <... futex resumed>) = 0 [pid 814] ioctl(5, LOOP_SET_FD, 3 [pid 810] <... write resumed>) = 4 [pid 809] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 27.559411][ T801] loop3: detected capacity change from 0 to 512 [ 27.577926][ T801] EXT4-fs warning (device loop3): read_mmp_block:115: Error -74 while reading MMP block 12 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 816] chdir("./22" [pid 815] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 810] close(3 [pid 809] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 816] <... chdir resumed>) = 0 [pid 810] <... close resumed>) = 0 [pid 816] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 810] symlink("/dev/binderfs", "./binderfs" [pid 816] <... prctl resumed>) = 0 [pid 810] <... symlink resumed>) = 0 [pid 816] setpgid(0, 0 [pid 810] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 816] <... setpgid resumed>) = 0 [pid 810] <... futex resumed>) = 0 [pid 816] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 810] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 816] <... openat resumed>) = 3 [pid 810] <... rt_sigaction resumed>NULL, 8) = 0 [pid 809] <... futex resumed>) = 0 [pid 297] openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 816] write(3, "1000", 4 [pid 815] <... open resumed>) = 6 [pid 814] <... ioctl resumed>) = 0 [pid 810] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 809] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] <... openat resumed>) = 3 [pid 816] <... write resumed>) = 4 [pid 815] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 814] close(3 [pid 810] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 809] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 297] newfstatat(3, "", [pid 816] close(3 [pid 815] <... futex resumed>) = 0 [pid 814] <... close resumed>) = 0 [pid 810] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 809] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 816] <... close resumed>) = 0 [pid 815] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 814] mkdir("./file0", 0777 [pid 810] <... mmap resumed>) = 0x7f6220445000 [pid 809] <... futex resumed>) = 0 [pid 297] getdents64(3, [pid 816] symlink("/dev/binderfs", "./binderfs" [pid 815] <... socket resumed>) = 3 [pid 810] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 809] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 816] <... symlink resumed>) = 0 [pid 815] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 814] <... mkdir resumed>) = 0 [pid 810] <... mprotect resumed>) = 0 [pid 809] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 297] <... getdents64 resumed>0x555556cc8730 /* 4 entries */, 32768) = 104 [pid 816] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 815] <... futex resumed>) = 0 [pid 814] mount("/dev/loop5", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 810] rt_sigprocmask(SIG_BLOCK, ~[], [pid 809] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 816] <... futex resumed>) = 0 [pid 815] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 6, 0 [pid 810] <... rt_sigprocmask resumed>[], 8) = 0 [pid 809] <... futex resumed>) = 0 [pid 816] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 815] <... mmap resumed>) = 0x20000000 [pid 810] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 809] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] <... umount2 resumed>) = 0 [pid 816] <... rt_sigaction resumed>NULL, 8) = 0 [pid 815] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 809] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 297] umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 816] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 815] <... futex resumed>) = 0 [pid 810] <... clone3 resumed> => {parent_tid=[817]}, 88) = 817 [pid 809] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 817 attached [pid 816] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 815] memfd_create("syzkaller", 0 [pid 810] rt_sigprocmask(SIG_SETMASK, [], [pid 809] <... futex resumed>) = 0 [pid 297] newfstatat(AT_FDCWD, "./26/bus", [pid 815] <... memfd_create resumed>) = 7 [pid 297] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 815] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 297] unlink("./26/bus" [pid 817] set_robust_list(0x7f62204659a0, 24 [pid 816] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 815] <... mmap resumed>) = 0x7f620fc64000 [pid 810] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 816] <... mmap resumed>) = 0x7f6220445000 [pid 810] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... unlink resumed>) = 0 [pid 816] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 810] <... futex resumed>) = 0 [pid 816] <... mprotect resumed>) = 0 [pid 815] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 810] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 816] rt_sigprocmask(SIG_BLOCK, ~[], [pid 815] <... write resumed>) = 65536 [pid 810] <... futex resumed>) = 0 [pid 296] <... ioctl resumed>) = 0 [pid 816] <... rt_sigprocmask resumed>[], 8) = 0 [pid 810] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 816] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 810] <... mmap resumed>) = 0x7f6220424000 [pid 810] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 816] <... clone3 resumed> => {parent_tid=[818]}, 88) = 818 [pid 810] <... mprotect resumed>) = 0 [pid 816] rt_sigprocmask(SIG_SETMASK, [], [pid 810] rt_sigprocmask(SIG_BLOCK, ~[], [pid 816] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 810] <... rt_sigprocmask resumed>[], 8) = 0 [pid 816] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 810] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 816] <... futex resumed>) = 0 [pid 816] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 810] <... clone3 resumed> => {parent_tid=[819]}, 88) = 819 [pid 816] <... futex resumed>) = 0 [pid 810] rt_sigprocmask(SIG_SETMASK, [], [pid 816] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 810] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 816] <... mmap resumed>) = 0x7f6220424000 [pid 810] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 816] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 810] <... futex resumed>) = 0 [pid 816] <... mprotect resumed>) = 0 [pid 810] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 816] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 816] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} => {parent_tid=[820]}, 88) = 820 [pid 816] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 816] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 816] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 820 attached [pid 820] set_robust_list(0x7f62204449a0, 24) = 0 [pid 820] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 820] creat("./bus", 000) = 3 [pid 820] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 816] <... futex resumed>) = 0 [pid 816] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 816] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 820] <... futex resumed>) = 1 [pid 820] mount("/dev/loop2", "./bus", NULL, MS_BIND, NULL) = 0 ./strace-static-x86_64: Process 818 attached [pid 818] set_robust_list(0x7f62204659a0, 24./strace-static-x86_64: Process 819 attached [pid 820] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 818] <... set_robust_list resumed>) = 0 [pid 817] <... set_robust_list resumed>) = 0 [pid 815] munmap(0x7f620fc64000, 65536 [pid 807] +++ exited with 0 +++ [pid 797] +++ exited with 0 +++ [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] close(3 [pid 819] set_robust_list(0x7f62204449a0, 24 [pid 817] rt_sigprocmask(SIG_SETMASK, [], [pid 815] <... munmap resumed>) = 0 [pid 297] newfstatat(AT_FDCWD, "./26/binderfs", [pid 296] <... close resumed>) = 0 [pid 819] <... set_robust_list resumed>) = 0 [pid 817] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 815] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 297] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 819] rt_sigprocmask(SIG_SETMASK, [], [pid 817] memfd_create("syzkaller", 0 [pid 815] <... openat resumed>) = 8 [pid 297] unlink("./26/binderfs" [pid 819] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 817] <... memfd_create resumed>) = 3 [pid 815] ioctl(8, LOOP_SET_FD, 7 [pid 297] <... unlink resumed>) = 0 [pid 296] <... clone resumed>, child_tidptr=0x555556cc7690) = 821 [pid 819] creat("./bus", 000 [pid 817] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 815] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 297] getdents64(3, [pid 819] <... creat resumed>) = 4 [pid 817] <... mmap resumed>) = 0x7f6218024000 [pid 815] ioctl(8, LOOP_CLR_FD [pid 297] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 819] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 817] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 815] <... ioctl resumed>) = 0 [pid 297] close(3 [pid 819] <... futex resumed>) = 1 [pid 817] <... write resumed>) = 262144 [pid 810] <... futex resumed>) = 0 [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=797, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 297] <... close resumed>) = 0 [pid 820] <... futex resumed>) = 1 [pid 819] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 818] rt_sigprocmask(SIG_SETMASK, [], [pid 817] munmap(0x7f6218024000, 262144 [pid 816] <... futex resumed>) = 0 [pid 810] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] rmdir("./26" [pid 820] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 819] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 818] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 817] <... munmap resumed>) = 0 [pid 816] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 810] <... futex resumed>) = 0 [pid 297] <... rmdir resumed>) = 0 [pid 820] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 819] mount("/dev/loop4", "./bus", NULL, MS_BIND, NULL [pid 818] memfd_create("syzkaller", 0 [pid 817] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 816] <... futex resumed>) = 0 [pid 815] ioctl(8, LOOP_SET_FD, 7 [pid 810] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] mkdir("./27", 0777./strace-static-x86_64: Process 821 attached [pid 820] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 819] <... mount resumed>) = 0 [pid 818] <... memfd_create resumed>) = 4 [pid 817] <... openat resumed>) = 5 [pid 816] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 815] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 814] <... mount resumed>) = -1 EBADMSG (Bad message) [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] <... mkdir resumed>) = 0 [pid 821] set_robust_list(0x555556cc76a0, 24 [pid 820] <... open resumed>) = 5 [pid 819] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 818] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 817] ioctl(5, LOOP_SET_FD, 3 [pid 815] close(8 [pid 814] ioctl(5, LOOP_CLR_FD [pid 299] openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 297] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 821] <... set_robust_list resumed>) = 0 [pid 820] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 819] <... futex resumed>) = 1 [pid 814] <... ioctl resumed>) = 0 [pid 810] <... futex resumed>) = 0 [pid 299] <... openat resumed>) = 3 [pid 814] close(5 [pid 810] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] newfstatat(3, "", [pid 814] <... close resumed>) = 0 [pid 810] <... futex resumed>) = 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 814] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 810] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] getdents64(3, [pid 814] <... futex resumed>) = 0 [pid 299] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 814] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 299] umount2("./22/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 818] <... mmap resumed>) = 0x7f6218024000 [pid 818] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 818] munmap(0x7f6218024000, 262144) = 0 [pid 818] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 6 [pid 818] ioctl(6, LOOP_SET_FD, 4 [pid 821] chdir("./21" [pid 820] <... futex resumed>) = 1 [pid 819] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 817] <... ioctl resumed>) = 0 [pid 815] <... close resumed>) = 0 [pid 297] <... openat resumed>) = 3 [pid 821] <... chdir resumed>) = 0 [pid 820] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 817] close(3 [pid 815] close(7 [pid 297] ioctl(3, LOOP_CLR_FD [pid 821] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 817] <... close resumed>) = 0 [pid 815] <... close resumed>) = 0 [pid 297] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 821] <... prctl resumed>) = 0 [pid 817] mkdir("./file0", 0777 [pid 815] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] close(3 [pid 821] setpgid(0, 0 [pid 817] <... mkdir resumed>) = 0 [pid 815] <... futex resumed>) = 0 [pid 297] <... close resumed>) = 0 [pid 821] <... setpgid resumed>) = 0 [pid 817] mount("/dev/loop4", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 815] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 809] exit_group(0 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 821] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 815] <... futex resumed>) = ? [pid 809] <... exit_group resumed>) = ? [pid 821] <... openat resumed>) = 3 [pid 815] +++ exited with 0 +++ [pid 297] <... clone resumed>, child_tidptr=0x555556cc7690) = 822 [pid 821] write(3, "1000", 4) = 4 [pid 821] close(3) = 0 [pid 821] symlink("/dev/binderfs", "./binderfs") = 0 [pid 821] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 821] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, NULL, 8) = 0 [pid 821] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 821] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220445000 [pid 821] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 821] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 821] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} => {parent_tid=[823]}, 88) = 823 [pid 821] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 821] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 821] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 821] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220424000 [pid 821] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 821] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 821] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} => {parent_tid=[824]}, 88) = 824 [pid 821] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 821] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 821] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 824 attached [pid 816] <... futex resumed>) = 0 [pid 824] set_robust_list(0x7f62204449a0, 24 [pid 299] <... umount2 resumed>) = 0 [pid 816] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 814] <... futex resumed>) = ? [pid 299] umount2("./22/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 820] <... futex resumed>) = 0 [pid 816] <... futex resumed>) = 1 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 820] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 816] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] newfstatat(AT_FDCWD, "./22/bus", [pid 820] <... socket resumed>) = 7 [pid 299] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 820] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] unlink("./22/bus" [pid 820] <... futex resumed>) = 1 [pid 816] <... futex resumed>) = 0 [pid 820] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 824] <... set_robust_list resumed>) = 0 [pid 824] rt_sigprocmask(SIG_SETMASK, [], [pid 299] <... unlink resumed>) = 0 [pid 816] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 820] <... futex resumed>) = 0 [pid 816] <... futex resumed>) = 1 [pid 299] umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 820] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 816] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 820] <... mmap resumed>) = 0x20000000 [pid 299] newfstatat(AT_FDCWD, "./22/binderfs", [pid 820] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 820] <... futex resumed>) = 1 [pid 816] <... futex resumed>) = 0 [pid 299] unlink("./22/binderfs" [pid 820] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 819] <... open resumed>) = 6 [pid 816] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... unlink resumed>) = 0 [pid 820] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 27.614778][ T814] loop5: detected capacity change from 0 to 512 [ 27.629029][ T814] EXT4-fs warning (device loop5): read_mmp_block:115: Error -74 while reading MMP block 12 [ 27.649189][ T817] loop4: detected capacity change from 0 to 512 [ 27.654458][ T818] loop2: detected capacity change from 0 to 512 [pid 819] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 816] <... futex resumed>) = 0 [pid 299] umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 823 attached ./strace-static-x86_64: Process 822 attached [pid 824] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 818] <... ioctl resumed>) = 0 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./22/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 299] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(4, 0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 299] getdents64(4, [pid 823] set_robust_list(0x7f62204659a0, 24 [pid 299] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 823] <... set_robust_list resumed>) = 0 [pid 822] set_robust_list(0x555556cc76a0, 24 [pid 299] close(4 [pid 823] rt_sigprocmask(SIG_SETMASK, [], [pid 822] <... set_robust_list resumed>) = 0 [pid 299] <... close resumed>) = 0 [pid 823] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 822] chdir("./27" [pid 299] rmdir("./22/file0" [pid 823] memfd_create("syzkaller", 0 [pid 822] <... chdir resumed>) = 0 [pid 819] <... futex resumed>) = 1 [pid 299] <... rmdir resumed>) = 0 [pid 824] creat("./bus", 000 [pid 820] memfd_create("syzkaller", 0 [pid 819] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 818] close(4 [pid 810] <... futex resumed>) = 0 [pid 299] getdents64(3, [pid 824] <... creat resumed>) = 3 [pid 823] <... memfd_create resumed>) = 4 [pid 822] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 820] <... memfd_create resumed>) = 8 [pid 810] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 824] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 823] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 822] <... prctl resumed>) = 0 [pid 819] <... futex resumed>) = 0 [pid 810] <... futex resumed>) = 1 [pid 820] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 818] <... close resumed>) = 0 [pid 299] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 823] <... mmap resumed>) = 0x7f6218024000 [pid 822] setpgid(0, 0 [pid 819] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 818] mkdir(0x20000000, 0777 [pid 810] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] close(3 [pid 823] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 822] <... setpgid resumed>) = 0 [pid 820] <... mmap resumed>) = 0x7f620fc64000 [pid 818] <... mkdir resumed>) = 0 [pid 299] <... close resumed>) = 0 [pid 823] <... write resumed>) = 262144 [pid 822] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 820] write(8, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 299] rmdir("./22" [pid 823] munmap(0x7f6218024000, 262144 [pid 822] <... openat resumed>) = 3 [pid 820] <... write resumed>) = 65536 [pid 299] <... rmdir resumed>) = 0 [pid 823] <... munmap resumed>) = 0 [pid 822] write(3, "1000", 4 [pid 820] munmap(0x7f620fc64000, 65536 [pid 299] mkdir("./23", 0777 [pid 823] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 822] <... write resumed>) = 4 [pid 820] <... munmap resumed>) = 0 [pid 299] <... mkdir resumed>) = 0 [pid 823] <... openat resumed>) = 5 [pid 822] close(3 [pid 820] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 299] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 823] ioctl(5, LOOP_SET_FD, 4 [pid 822] <... close resumed>) = 0 [pid 299] <... openat resumed>) = 3 [pid 824] <... futex resumed>) = 1 [pid 823] <... ioctl resumed>) = 0 [pid 822] symlink("/dev/binderfs", "./binderfs" [pid 821] <... futex resumed>) = 0 [pid 820] <... openat resumed>) = 4 [pid 819] <... socket resumed>) = 3 [pid 818] mount("/dev/loop2", 0x20000000, 0x200005c0, MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"... [pid 299] ioctl(3, LOOP_CLR_FD [pid 823] close(4 [pid 822] <... symlink resumed>) = 0 [pid 299] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 823] <... close resumed>) = 0 [pid 822] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] close(3 [pid 823] mkdir("./file0", 0777 [pid 822] <... futex resumed>) = 0 [pid 299] <... close resumed>) = 0 [pid 823] <... mkdir resumed>) = 0 [pid 822] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 823] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 822] <... rt_sigaction resumed>NULL, 8) = 0 [pid 822] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 299] <... clone resumed>, child_tidptr=0x555556cc7690) = 827 [pid 822] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 822] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220445000 [pid 822] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 822] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 822] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} => {parent_tid=[828]}, 88) = 828 [pid 822] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 822] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 822] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 822] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220424000 [pid 822] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 822] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 822] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} => {parent_tid=[829]}, 88) = 829 [pid 822] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 822] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 822] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 824] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 821] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 824] <... futex resumed>) = 0 [pid 821] <... futex resumed>) = 1 [pid 824] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 821] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 824] <... mount resumed>) = 0 [pid 824] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 821] <... futex resumed>) = 0 [pid 824] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 821] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 824] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 821] <... futex resumed>) = 0 [pid 824] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 821] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 824] <... open resumed>) = 4 [pid 824] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 821] <... futex resumed>) = 0 [pid 824] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 821] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 829 attached ./strace-static-x86_64: Process 828 attached ./strace-static-x86_64: Process 827 attached [pid 824] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 821] <... futex resumed>) = 0 [pid 820] ioctl(4, LOOP_SET_FD, 8 [pid 819] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 818] <... mount resumed>) = -1 ENODEV (No such device) [pid 817] <... mount resumed>) = 0 [pid 829] set_robust_list(0x7f62204449a0, 24 [pid 828] set_robust_list(0x7f62204659a0, 24 [pid 827] set_robust_list(0x555556cc76a0, 24 [pid 824] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 821] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 820] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 819] <... futex resumed>) = 1 [pid 818] ioctl(6, LOOP_CLR_FD [pid 817] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 810] <... futex resumed>) = 0 [pid 829] <... set_robust_list resumed>) = 0 [pid 828] <... set_robust_list resumed>) = 0 [pid 827] <... set_robust_list resumed>) = 0 [pid 824] <... socket resumed>) = 6 [pid 820] ioctl(4, LOOP_CLR_FD [pid 819] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 818] <... ioctl resumed>) = 0 [pid 817] <... openat resumed>) = 7 [pid 810] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 829] rt_sigprocmask(SIG_SETMASK, [], [pid 828] rt_sigprocmask(SIG_SETMASK, [], [pid 827] chdir("./23" [pid 824] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 820] <... ioctl resumed>) = 0 [pid 819] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 818] close(6 [pid 817] chdir("./file0" [pid 810] <... futex resumed>) = 0 [pid 829] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 828] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 827] <... chdir resumed>) = 0 [pid 824] <... futex resumed>) = 1 [pid 821] <... futex resumed>) = 0 [pid 819] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 6, 0 [pid 818] <... close resumed>) = 0 [pid 817] <... chdir resumed>) = 0 [pid 810] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 829] creat("./bus", 000 [pid 828] memfd_create("syzkaller", 0 [pid 827] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 824] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 821] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 819] <... mmap resumed>) = 0x20000000 [pid 818] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 817] ioctl(5, LOOP_CLR_FD [pid 829] <... creat resumed>) = 3 [pid 828] <... memfd_create resumed>) = 4 [pid 827] <... prctl resumed>) = 0 [pid 824] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 821] <... futex resumed>) = 0 [pid 819] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 818] <... futex resumed>) = 0 [pid 817] <... ioctl resumed>) = 0 [pid 829] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 828] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 827] setpgid(0, 0 [pid 824] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 4, 0 [pid 821] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 819] <... futex resumed>) = 1 [pid 818] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 817] close(5 [pid 810] <... futex resumed>) = 0 [pid 829] <... futex resumed>) = 1 [pid 828] <... mmap resumed>) = 0x7f6218024000 [pid 827] <... setpgid resumed>) = 0 [pid 824] <... mmap resumed>) = 0x20000000 [pid 822] <... futex resumed>) = 0 [pid 820] ioctl(4, LOOP_SET_FD, 8 [pid 819] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 817] <... close resumed>) = 0 [pid 829] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 828] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 827] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 824] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 822] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 820] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 819] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 817] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 810] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 829] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 828] <... write resumed>) = 262144 [pid 827] <... openat resumed>) = 3 [pid 824] <... futex resumed>) = 1 [pid 822] <... futex resumed>) = 0 [pid 821] <... futex resumed>) = 0 [pid 820] close(4 [pid 819] memfd_create("syzkaller", 0 [pid 817] <... futex resumed>) = 0 [pid 810] <... futex resumed>) = 0 [pid 829] mount("/dev/loop1", "./bus", NULL, MS_BIND, NULL [pid 828] munmap(0x7f6218024000, 262144 [pid 827] write(3, "1000", 4 [pid 824] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 822] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 821] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 820] <... close resumed>) = 0 [pid 819] <... memfd_create resumed>) = 5 [pid 817] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 829] <... mount resumed>) = 0 [pid 828] <... munmap resumed>) = 0 [pid 827] <... write resumed>) = 4 [pid 824] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 821] <... futex resumed>) = 0 [pid 820] close(8 [pid 819] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 829] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 828] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 827] close(3 [ 27.665162][ T820] Buffer I/O error on dev loop2, logical block 0, async page read [ 27.676300][ T817] EXT4-fs (loop4): mounted filesystem without journal. Opts: nodiscard,barrier,nouid32,grpquota,,errors=continue. Quota mode: writeback. [ 27.685221][ T823] loop0: detected capacity change from 0 to 512 [ 27.696483][ T817] ext4 filesystem being mounted at /root/syzkaller.Zpv55J/23/file0 supports timestamps until 2038 (0x7fffffff) [pid 824] memfd_create("syzkaller", 0 [pid 820] <... close resumed>) = 0 [pid 819] <... mmap resumed>) = 0x7f620fc64000 [pid 829] <... futex resumed>) = 1 [pid 828] <... openat resumed>) = 5 [pid 827] <... close resumed>) = 0 [pid 824] <... memfd_create resumed>) = 7 [pid 822] <... futex resumed>) = 0 [pid 820] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 819] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 816] exit_group(0 [pid 814] +++ exited with 0 +++ [pid 809] +++ exited with 0 +++ [pid 829] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 828] ioctl(5, LOOP_SET_FD, 4 [pid 827] symlink("/dev/binderfs", "./binderfs" [pid 824] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 822] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 820] <... futex resumed>) = ? [pid 819] <... write resumed>) = 65536 [pid 818] <... futex resumed>) = ? [pid 816] <... exit_group resumed>) = ? [pid 301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=809, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 829] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 828] <... ioctl resumed>) = 0 [pid 827] <... symlink resumed>) = 0 [pid 824] <... mmap resumed>) = 0x7f620fc64000 [pid 822] <... futex resumed>) = 0 [pid 820] +++ exited with 0 +++ [pid 819] munmap(0x7f620fc64000, 65536 [pid 818] +++ exited with 0 +++ [pid 301] restart_syscall(<... resuming interrupted clone ...> [pid 829] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 827] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] <... restart_syscall resumed>) = 0 [pid 824] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 822] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 819] <... munmap resumed>) = 0 [pid 829] <... open resumed>) = 6 [pid 827] <... futex resumed>) = 0 [pid 829] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 828] close(4 [pid 827] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 824] <... write resumed>) = 65536 [pid 819] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 829] <... futex resumed>) = 1 [pid 828] <... close resumed>) = 0 [pid 827] <... rt_sigaction resumed>NULL, 8) = 0 [pid 824] munmap(0x7f620fc64000, 65536 [pid 822] <... futex resumed>) = 0 [pid 819] <... openat resumed>) = 8 [pid 301] umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW [pid 829] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 828] mkdir("./file0", 0777 [pid 827] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 824] <... munmap resumed>) = 0 [pid 822] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 819] ioctl(8, LOOP_SET_FD, 5 [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 829] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 827] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 824] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 822] <... futex resumed>) = 0 [pid 819] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 301] openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 829] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 828] <... mkdir resumed>) = 0 [pid 827] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 824] <... openat resumed>) = 8 [pid 822] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 819] ioctl(8, LOOP_CLR_FD [pid 301] <... openat resumed>) = 3 [pid 829] <... socket resumed>) = 4 [pid 828] mount("/dev/loop1", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 827] <... mmap resumed>) = 0x7f6220445000 [pid 824] ioctl(8, LOOP_SET_FD, 7 [pid 819] <... ioctl resumed>) = 0 [pid 301] newfstatat(3, "", [pid 829] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 827] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 824] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 829] <... futex resumed>) = 1 [pid 827] <... mprotect resumed>) = 0 [pid 824] ioctl(8, LOOP_CLR_FD [pid 822] <... futex resumed>) = 0 [pid 829] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 827] rt_sigprocmask(SIG_BLOCK, ~[], [pid 824] <... ioctl resumed>) = 0 [pid 822] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 829] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 827] <... rt_sigprocmask resumed>[], 8) = 0 [pid 822] <... futex resumed>) = 0 [pid 829] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 6, 0 [pid 827] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 822] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] getdents64(3, [pid 829] <... mmap resumed>) = 0x20000000 [pid 829] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 827] <... clone3 resumed> => {parent_tid=[830]}, 88) = 830 [pid 829] <... futex resumed>) = 1 [pid 827] rt_sigprocmask(SIG_SETMASK, [], [pid 822] <... futex resumed>) = 0 [pid 301] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 829] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 827] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 822] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 819] ioctl(8, LOOP_SET_FD, 5 [pid 829] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 827] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 822] <... futex resumed>) = 0 [pid 819] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 827] <... futex resumed>) = 0 [pid 819] close(8 [pid 827] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 824] ioctl(8, LOOP_SET_FD, 7 [pid 819] <... close resumed>) = 0 [pid 827] <... futex resumed>) = 0 [pid 824] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 819] close(5 [pid 829] memfd_create("syzkaller", 0 [pid 827] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 824] close(8 [pid 819] <... close resumed>) = 0 [pid 301] umount2("./23/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 829] <... memfd_create resumed>) = 7 [pid 827] <... mmap resumed>) = 0x7f6220424000 [pid 824] <... close resumed>) = 0 [pid 819] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 827] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 824] close(7 [pid 819] <... futex resumed>) = 0 [pid 827] <... mprotect resumed>) = 0 [pid 824] <... close resumed>) = 0 [pid 819] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 827] rt_sigprocmask(SIG_BLOCK, ~[], [pid 824] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 827] <... rt_sigprocmask resumed>[], 8) = 0 [pid 824] <... futex resumed>) = 0 [pid 827] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 824] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 827] <... clone3 resumed> => {parent_tid=[831]}, 88) = 831 [pid 827] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 827] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 827] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 830 attached [pid 830] set_robust_list(0x7f62204659a0, 24) = 0 [pid 830] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 830] memfd_create("syzkaller", 0) = 3 [pid 830] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6218024000 [pid 830] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 830] munmap(0x7f6218024000, 262144) = 0 [pid 829] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 301] <... umount2 resumed>) = 0 [pid 829] <... mmap resumed>) = 0x7f620fc64000 [pid 810] exit_group(0 [pid 301] umount2("./23/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 829] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 810] <... exit_group resumed>) = ? [pid 819] <... futex resumed>) = ? [pid 817] <... futex resumed>) = ? [pid 301] newfstatat(AT_FDCWD, "./23/bus", [pid 817] +++ exited with 0 +++ [pid 830] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 830] ioctl(4, LOOP_SET_FD, 3 [pid 819] +++ exited with 0 +++ [pid 810] +++ exited with 0 +++ [pid 301] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=810, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 829] <... write resumed>) = 65536 [ 27.717696][ T823] EXT4-fs warning (device loop0): read_mmp_block:115: Error -74 while reading MMP block 12 [ 27.740933][ T828] loop1: detected capacity change from 0 to 512 [ 27.754792][ T828] EXT4-fs (loop1): VFS: Can't find ext4 filesystem [pid 301] unlink("./23/bus" [pid 829] munmap(0x7f620fc64000, 65536 [pid 823] <... mount resumed>) = -1 EBADMSG (Bad message) [pid 301] <... unlink resumed>) = 0 ./strace-static-x86_64: Process 831 attached [pid 829] <... munmap resumed>) = 0 [pid 828] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 823] ioctl(5, LOOP_CLR_FD [pid 816] +++ exited with 0 +++ [pid 301] umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW [pid 829] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 823] <... ioctl resumed>) = 0 [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=816, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 829] <... openat resumed>) = 8 [pid 823] close(5 [pid 301] newfstatat(AT_FDCWD, "./23/binderfs", [pid 300] openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 829] ioctl(8, LOOP_SET_FD, 7 [pid 823] <... close resumed>) = 0 [pid 301] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 300] <... openat resumed>) = 3 [pid 829] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 823] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] unlink("./23/binderfs" [pid 300] newfstatat(3, "", [pid 298] umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW [pid 829] ioctl(8, LOOP_CLR_FD [pid 823] <... futex resumed>) = 0 [pid 301] <... unlink resumed>) = 0 [pid 300] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 831] set_robust_list(0x7f62204449a0, 24 [pid 829] <... ioctl resumed>) = 0 [pid 823] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 821] exit_group(0 [pid 301] umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] getdents64(3, [pid 298] openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 831] <... set_robust_list resumed>) = 0 [pid 824] <... futex resumed>) = ? [pid 823] <... futex resumed>) = ? [pid 821] <... exit_group resumed>) = ? [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 300] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 298] <... openat resumed>) = 3 [pid 831] rt_sigprocmask(SIG_SETMASK, [], [pid 824] +++ exited with 0 +++ [pid 823] +++ exited with 0 +++ [pid 301] newfstatat(AT_FDCWD, "./23/file0", [pid 300] umount2("./23/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] newfstatat(3, "", [pid 831] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 829] ioctl(8, LOOP_SET_FD, 7 [pid 301] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 300] <... umount2 resumed>) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 831] creat("./bus", 000 [pid 829] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 301] umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] umount2("./23/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] getdents64(3, [pid 831] <... creat resumed>) = 5 [pid 829] close(8 [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 128 [pid 831] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 830] <... ioctl resumed>) = 0 [pid 829] <... close resumed>) = 0 [pid 828] ioctl(5, LOOP_CLR_FD [pid 301] openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 300] newfstatat(AT_FDCWD, "./23/bus", [pid 298] umount2("./22/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 831] <... futex resumed>) = 1 [pid 829] close(7 [pid 827] <... futex resumed>) = 0 [pid 301] <... openat resumed>) = 4 [pid 831] mount("/dev/loop3", "./bus", NULL, MS_BIND, NULL [pid 829] <... close resumed>) = 0 [pid 827] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] <... umount2 resumed>) = 0 [pid 829] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] newfstatat(4, "", [pid 827] <... futex resumed>) = 0 [pid 300] unlink("./23/bus" [pid 831] <... mount resumed>) = 0 [pid 829] <... futex resumed>) = 0 [pid 827] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] umount2("./22/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] <... unlink resumed>) = 0 [pid 829] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 301] getdents64(4, [pid 300] umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 831] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./22/bus", [pid 830] close(3 [pid 828] <... ioctl resumed>) = 0 [pid 301] getdents64(4, [pid 300] newfstatat(AT_FDCWD, "./23/binderfs", [pid 298] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 831] <... futex resumed>) = 1 [pid 827] <... futex resumed>) = 0 [pid 301] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 300] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] unlink("./22/bus" [pid 831] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 827] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] close(4 [pid 300] unlink("./23/binderfs" [pid 830] <... close resumed>) = 0 [pid 828] close(5 [pid 827] <... futex resumed>) = 0 [pid 301] <... close resumed>) = 0 [pid 298] <... unlink resumed>) = 0 [pid 830] mkdir("./file0", 0777 [pid 828] <... close resumed>) = 0 [pid 827] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] rmdir("./23/file0" [pid 300] <... unlink resumed>) = 0 [pid 298] umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 831] <... open resumed>) = 3 [pid 830] <... mkdir resumed>) = 0 [pid 828] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] <... rmdir resumed>) = 0 [pid 300] umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 831] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 830] mount("/dev/loop3", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 828] <... futex resumed>) = 0 [pid 822] exit_group(0 [pid 301] getdents64(3, [pid 829] <... futex resumed>) = ? [pid 822] <... exit_group resumed>) = ? [pid 298] newfstatat(AT_FDCWD, "./22/binderfs", [pid 828] +++ exited with 0 +++ [pid 831] <... futex resumed>) = 1 [pid 831] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 301] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 301] close(3) = 0 [pid 827] <... futex resumed>) = 0 [pid 301] rmdir("./23" [pid 827] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] <... rmdir resumed>) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 831] <... futex resumed>) = 0 [pid 827] <... futex resumed>) = 1 [pid 301] mkdir("./24", 0777 [pid 831] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 827] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] <... mkdir resumed>) = 0 [pid 298] unlink("./22/binderfs" [pid 831] <... socket resumed>) = 6 [pid 301] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 831] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] <... openat resumed>) = 3 [pid 831] <... futex resumed>) = 1 [pid 301] ioctl(3, LOOP_CLR_FD [pid 831] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 827] <... futex resumed>) = 0 [pid 301] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 298] <... unlink resumed>) = 0 [pid 827] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] close(3 [pid 298] umount2("./22/ext4", MNT_DETACH|UMOUNT_NOFOLLOW [pid 831] <... futex resumed>) = 0 [pid 827] <... futex resumed>) = 1 [pid 301] <... close resumed>) = 0 [pid 831] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 3, 0 [pid 301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 831] <... mmap resumed>) = 0x20000000 [pid 827] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] newfstatat(AT_FDCWD, "./22/ext4", [pid 831] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 827] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 301] <... clone resumed>, child_tidptr=0x555556cc7690) = 832 [pid 831] <... futex resumed>) = 0 [pid 827] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 831] memfd_create("syzkaller", 0) = 7 [pid 827] <... futex resumed>) = 0 [pid 831] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 298] umount2("./22/ext4", MNT_DETACH|UMOUNT_NOFOLLOW [pid 831] <... mmap resumed>) = 0x7f620fc64000 [pid 831] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 831] <... write resumed>) = 65536 [pid 831] munmap(0x7f620fc64000, 65536 [pid 298] openat(AT_FDCWD, "./22/ext4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 831] <... munmap resumed>) = 0 [pid 831] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 298] <... openat resumed>) = 4 [pid 831] <... openat resumed>) = 8 [pid 298] newfstatat(4, "", [pid 831] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy) [ 27.764127][ T830] loop3: detected capacity change from 0 to 512 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 831] ioctl(8, LOOP_CLR_FD) = 0 [pid 298] getdents64(4, ./strace-static-x86_64: Process 832 attached 0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 298] getdents64(4, [pid 832] set_robust_list(0x555556cc76a0, 24 [pid 298] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 832] <... set_robust_list resumed>) = 0 [pid 832] chdir("./24") = 0 [pid 832] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 832] setpgid(0, 0) = 0 [pid 832] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 832] write(3, "1000", 4) = 4 [pid 831] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy) [pid 831] close(8) = 0 [pid 831] close(7) = 0 [pid 831] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 831] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 832] close(3) = 0 [pid 832] symlink("/dev/binderfs", "./binderfs") = 0 [pid 832] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 832] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, NULL, 8) = 0 [pid 832] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 832] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220445000 [pid 832] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 832] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 832] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} => {parent_tid=[833]}, 88) = 833 [pid 832] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 832] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 832] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 832] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220424000 [pid 832] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 832] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 832] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} => {parent_tid=[834]}, 88) = 834 [pid 832] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 832] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 832] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 833 attached [pid 833] set_robust_list(0x7f62204659a0, 24) = 0 [pid 833] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 833] memfd_create("syzkaller", 0) = 3 [pid 833] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6218024000 [pid 833] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 833] munmap(0x7f6218024000, 262144) = 0 [pid 833] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 833] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 834 attached [pid 298] close(4 [pid 834] set_robust_list(0x7f62204449a0, 24 [pid 830] <... mount resumed>) = -1 EBADMSG (Bad message) [pid 829] +++ exited with 0 +++ [pid 822] +++ exited with 0 +++ [pid 821] +++ exited with 0 +++ [pid 300] <... umount2 resumed>) = 0 [pid 298] <... close resumed>) = 0 [pid 834] <... set_robust_list resumed>) = 0 [pid 833] <... ioctl resumed>) = 0 [pid 830] ioctl(4, LOOP_CLR_FD [pid 300] umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] rmdir("./22/ext4" [pid 834] rt_sigprocmask(SIG_SETMASK, [], [pid 298] <... rmdir resumed>) = 0 [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=822, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=821, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 834] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 298] getdents64(3, [pid 297] umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW [pid 834] creat("./bus", 000 [pid 298] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 834] <... creat resumed>) = 5 [pid 298] close(3 [pid 297] openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 296] openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 834] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] <... close resumed>) = 0 [pid 297] <... openat resumed>) = 3 [pid 296] <... openat resumed>) = 3 [pid 834] <... futex resumed>) = 1 [pid 300] newfstatat(AT_FDCWD, "./23/file0", [pid 298] rmdir("./22" [pid 297] newfstatat(3, "", [pid 296] newfstatat(3, "", [pid 834] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 300] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] <... rmdir resumed>) = 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 300] umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] mkdir("./23", 0777 [pid 297] getdents64(3, [pid 296] getdents64(3, [pid 832] <... futex resumed>) = 0 [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] <... mkdir resumed>) = 0 [pid 297] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 296] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 300] openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 298] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 297] umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] umount2("./21/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 832] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] <... openat resumed>) = 4 [pid 298] <... openat resumed>) = 3 [pid 297] <... umount2 resumed>) = 0 [pid 296] <... umount2 resumed>) = 0 [pid 834] <... futex resumed>) = 0 [pid 832] <... futex resumed>) = 1 [pid 297] umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] umount2("./21/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 834] mount("/dev/loop5", "./bus", NULL, MS_BIND, NULL [pid 832] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 834] <... mount resumed>) = 0 [pid 834] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] newfstatat(4, "", [pid 298] ioctl(3, LOOP_CLR_FD [pid 297] newfstatat(AT_FDCWD, "./27/bus", [pid 296] newfstatat(AT_FDCWD, "./21/bus", [pid 834] <... futex resumed>) = 1 [pid 832] <... futex resumed>) = 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 834] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 833] close(3 [pid 832] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 830] <... ioctl resumed>) = 0 [pid 300] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 297] unlink("./27/bus" [pid 296] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 834] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 832] <... futex resumed>) = 0 [pid 834] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 832] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 300] getdents64(4, [pid 298] close(3 [pid 297] <... unlink resumed>) = 0 [pid 296] unlink("./21/bus" [pid 834] <... open resumed>) = 6 [pid 300] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 297] umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 834] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] getdents64(4, [pid 298] <... close resumed>) = 0 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... unlink resumed>) = 0 [pid 834] <... futex resumed>) = 1 [pid 832] <... futex resumed>) = 0 [pid 300] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 297] newfstatat(AT_FDCWD, "./27/binderfs", [pid 296] umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 834] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 832] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] close(4 [pid 297] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 834] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 832] <... futex resumed>) = 0 [pid 300] <... close resumed>) = 0 [pid 298] <... clone resumed>, child_tidptr=0x555556cc7690) = 835 [pid 297] unlink("./27/binderfs" [pid 296] newfstatat(AT_FDCWD, "./21/binderfs", [pid 834] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 832] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 300] rmdir("./23/file0" [pid 297] <... unlink resumed>) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 834] <... socket resumed>) = 7 [pid 300] <... rmdir resumed>) = 0 [pid 300] getdents64(3, 0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 300] close(3) = 0 ./strace-static-x86_64: Process 835 attached [pid 834] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 833] <... close resumed>) = 0 [pid 830] close(4 [pid 300] rmdir("./23" [pid 297] umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] unlink("./21/binderfs" [pid 834] <... futex resumed>) = 1 [pid 833] mkdir("./file0", 0777 [pid 832] <... futex resumed>) = 0 [pid 830] <... close resumed>) = 0 [pid 300] <... rmdir resumed>) = 0 [pid 834] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 832] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] mkdir("./24", 0777 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... unlink resumed>) = 0 [pid 835] set_robust_list(0x555556cc76a0, 24 [pid 834] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 833] <... mkdir resumed>) = 0 [pid 832] <... futex resumed>) = 0 [pid 830] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] <... mkdir resumed>) = 0 [pid 297] newfstatat(AT_FDCWD, "./27/file0", [pid 296] umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 835] <... set_robust_list resumed>) = 0 [pid 834] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 6, 0 [pid 833] mount("/dev/loop5", 0x20000000, 0x200005c0, MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 832] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 830] <... futex resumed>) = 0 [pid 827] exit_group(0 [pid 300] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 835] chdir("./23" [pid 834] <... mmap resumed>) = 0x20000000 [pid 833] <... mount resumed>) = -1 ENOENT (No such file or directory) [pid 831] <... futex resumed>) = ? [pid 827] <... exit_group resumed>) = ? [pid 300] <... openat resumed>) = 3 [pid 297] umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] newfstatat(AT_FDCWD, "./21/file0", [pid 835] <... chdir resumed>) = 0 [pid 834] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 833] ioctl(4, LOOP_CLR_FD [pid 831] +++ exited with 0 +++ [pid 830] +++ exited with 0 +++ [pid 300] ioctl(3, LOOP_CLR_FD [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 835] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 834] <... futex resumed>) = 1 [pid 833] <... ioctl resumed>) = 0 [pid 832] <... futex resumed>) = 0 [pid 300] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 297] openat(AT_FDCWD, "./27/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 296] umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 835] <... prctl resumed>) = 0 [pid 834] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 833] close(4 [pid 832] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] close(3 [pid 297] <... openat resumed>) = 4 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 835] setpgid(0, 0 [pid 834] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 833] <... close resumed>) = 0 [pid 832] <... futex resumed>) = 0 [pid 300] <... close resumed>) = 0 [pid 297] newfstatat(4, "", [pid 296] openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 835] <... setpgid resumed>) = 0 [pid 834] memfd_create("syzkaller", 0 [pid 833] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] <... openat resumed>) = 4 [pid 835] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 834] <... memfd_create resumed>) = 3 [pid 833] <... futex resumed>) = 0 [pid 297] getdents64(4, [pid 296] newfstatat(4, "", [pid 835] <... openat resumed>) = 3 [pid 834] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 833] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 297] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 27.797866][ T830] EXT4-fs warning (device loop3): read_mmp_block:115: Error -74 while reading MMP block 12 [ 27.805382][ T833] loop5: detected capacity change from 0 to 512 [pid 835] write(3, "1000", 4 [pid 834] <... mmap resumed>) = 0x7f620fc64000 [pid 300] <... clone resumed>, child_tidptr=0x555556cc7690) = 836 [pid 297] getdents64(4, [pid 296] getdents64(4, ./strace-static-x86_64: Process 836 attached [pid 835] <... write resumed>) = 4 [pid 834] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 297] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 296] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 836] set_robust_list(0x555556cc76a0, 24 [pid 835] close(3 [pid 834] <... write resumed>) = 65536 [pid 297] close(4 [pid 296] getdents64(4, [pid 835] <... close resumed>) = 0 [pid 834] munmap(0x7f620fc64000, 65536 [pid 297] <... close resumed>) = 0 [pid 296] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 836] <... set_robust_list resumed>) = 0 [pid 835] symlink("/dev/binderfs", "./binderfs" [pid 834] <... munmap resumed>) = 0 [pid 297] rmdir("./27/file0" [pid 296] close(4 [pid 836] chdir("./24" [pid 835] <... symlink resumed>) = 0 [pid 834] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 297] <... rmdir resumed>) = 0 [pid 296] <... close resumed>) = 0 [pid 835] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 834] <... openat resumed>) = 4 [pid 297] getdents64(3, [pid 296] rmdir("./21/file0" [pid 836] <... chdir resumed>) = 0 [pid 835] <... futex resumed>) = 0 [pid 834] ioctl(4, LOOP_SET_FD, 3 [pid 297] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 296] <... rmdir resumed>) = 0 [pid 835] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 834] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 297] close(3 [pid 296] getdents64(3, [pid 835] <... rt_sigaction resumed>NULL, 8) = 0 [pid 834] ioctl(4, LOOP_CLR_FD [pid 297] <... close resumed>) = 0 [pid 296] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 835] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 834] <... ioctl resumed>) = 0 [pid 297] rmdir("./27" [pid 296] close(3 [pid 836] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 835] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 297] <... rmdir resumed>) = 0 [pid 296] <... close resumed>) = 0 [pid 835] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 297] mkdir("./28", 0777 [pid 296] rmdir("./21" [pid 836] <... prctl resumed>) = 0 [pid 835] <... mmap resumed>) = 0x7f6220445000 [pid 297] <... mkdir resumed>) = 0 [pid 835] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 297] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 835] <... mprotect resumed>) = 0 [pid 297] <... openat resumed>) = 3 [pid 296] <... rmdir resumed>) = 0 [pid 836] setpgid(0, 0 [pid 835] rt_sigprocmask(SIG_BLOCK, ~[], [pid 297] ioctl(3, LOOP_CLR_FD [pid 296] mkdir("./22", 0777 [pid 835] <... rt_sigprocmask resumed>[], 8) = 0 [pid 834] ioctl(4, LOOP_SET_FD, 3 [pid 297] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 835] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 834] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 297] close(3 [pid 834] close(4 [pid 297] <... close resumed>) = 0 [pid 296] <... mkdir resumed>) = 0 [pid 835] <... clone3 resumed> => {parent_tid=[837]}, 88) = 837 [pid 834] <... close resumed>) = 0 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 296] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 835] rt_sigprocmask(SIG_SETMASK, [], [pid 834] close(3./strace-static-x86_64: Process 837 attached [pid 836] <... setpgid resumed>) = 0 [pid 835] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 834] <... close resumed>) = 0 [pid 297] <... clone resumed>, child_tidptr=0x555556cc7690) = 838 [pid 296] <... openat resumed>) = 3 [pid 835] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 834] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 832] exit_group(0 [pid 835] <... futex resumed>) = 0 [pid 834] <... futex resumed>) = 0 [pid 296] ioctl(3, LOOP_CLR_FD [pid 835] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 834] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 835] <... futex resumed>) = 0 [pid 835] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220424000 [pid 835] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 835] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 834] <... futex resumed>) = ? [pid 833] <... futex resumed>) = ? [pid 832] <... exit_group resumed>) = ? [pid 296] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 835] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 833] +++ exited with 0 +++ [pid 835] <... clone3 resumed> => {parent_tid=[839]}, 88) = 839 [pid 835] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 835] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 835] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 839 attached [pid 839] set_robust_list(0x7f62204449a0, 24) = 0 [pid 839] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 834] +++ exited with 0 +++ [pid 296] close(3 [pid 839] creat("./bus", 000./strace-static-x86_64: Process 838 attached [pid 838] set_robust_list(0x555556cc76a0, 24 [pid 839] <... creat resumed>) = 3 [pid 838] <... set_robust_list resumed>) = 0 [pid 838] chdir("./28") = 0 [pid 838] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 296] <... close resumed>) = 0 [pid 838] setpgid(0, 0 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 838] <... setpgid resumed>) = 0 [pid 838] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 839] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... clone resumed>, child_tidptr=0x555556cc7690) = 840 [pid 827] +++ exited with 0 +++ [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=827, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 299] restart_syscall(<... resuming interrupted clone ...> [pid 835] <... futex resumed>) = 0 [pid 835] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 835] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 839] <... futex resumed>) = 1 [pid 839] mount("/dev/loop2", "./bus", NULL, MS_BIND, NULL) = 0 [pid 838] <... openat resumed>) = 3 [pid 839] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 835] <... futex resumed>) = 0 [pid 835] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... restart_syscall resumed>) = 0 [pid 836] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 835] <... futex resumed>) = 0 [pid 835] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 836] <... openat resumed>) = 3 [pid 299] umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW [pid 836] write(3, "1000", 4 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 836] <... write resumed>) = 4 [pid 299] openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 836] close(3 [pid 299] <... openat resumed>) = 3 [pid 836] <... close resumed>) = 0 [pid 299] newfstatat(3, "", [pid 836] symlink("/dev/binderfs", "./binderfs" [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(3, 0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 299] umount2("./23/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 299] umount2("./23/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./23/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 836] <... symlink resumed>) = 0 [pid 299] unlink("./23/bus"./strace-static-x86_64: Process 840 attached [pid 837] set_robust_list(0x7f62204659a0, 24 [pid 836] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... unlink resumed>) = 0 [pid 299] umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 836] <... futex resumed>) = 0 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] unlink("./23/binderfs" [pid 837] <... set_robust_list resumed>) = 0 [pid 836] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 299] <... unlink resumed>) = 0 [pid 840] set_robust_list(0x555556cc76a0, 24 [pid 839] <... futex resumed>) = 1 [pid 838] write(3, "1000", 4 [pid 837] rt_sigprocmask(SIG_SETMASK, [], [pid 836] <... rt_sigaction resumed>NULL, 8) = 0 [pid 299] umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 839] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 838] <... write resumed>) = 4 [pid 837] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 836] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 840] <... set_robust_list resumed>) = 0 [pid 839] <... open resumed>) = 4 [pid 838] close(3 [pid 837] memfd_create("syzkaller", 0 [pid 836] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 299] newfstatat(AT_FDCWD, "./23/file0", [pid 839] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 838] <... close resumed>) = 0 [pid 837] <... memfd_create resumed>) = 5 [pid 836] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 839] <... futex resumed>) = 1 [pid 838] symlink("/dev/binderfs", "./binderfs" [pid 837] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 835] <... futex resumed>) = 0 [pid 299] umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 839] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 838] <... symlink resumed>) = 0 [pid 837] <... mmap resumed>) = 0x7f6218024000 [pid 836] <... mmap resumed>) = 0x7f6220445000 [pid 835] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 840] chdir("./22" [pid 839] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 838] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 837] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 836] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 835] <... futex resumed>) = 0 [pid 299] openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 840] <... chdir resumed>) = 0 [pid 839] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 838] <... futex resumed>) = 0 [pid 837] <... write resumed>) = 262144 [pid 836] <... mprotect resumed>) = 0 [pid 835] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] <... openat resumed>) = 4 [pid 839] <... socket resumed>) = 6 [pid 838] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 837] munmap(0x7f6218024000, 262144 [pid 836] rt_sigprocmask(SIG_BLOCK, ~[], [pid 299] newfstatat(4, "", [pid 840] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 839] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 838] <... rt_sigaction resumed>NULL, 8) = 0 [pid 837] <... munmap resumed>) = 0 [pid 836] <... rt_sigprocmask resumed>[], 8) = 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 839] <... futex resumed>) = 1 [pid 838] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 837] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 836] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 835] <... futex resumed>) = 0 [pid 299] getdents64(4, [pid 839] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 838] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 837] <... openat resumed>) = 7 [pid 835] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 839] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 838] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 837] ioctl(7, LOOP_SET_FD, 5 [pid 836] <... clone3 resumed> => {parent_tid=[841]}, 88) = 841 [pid 835] <... futex resumed>) = 0 [pid 299] getdents64(4, ./strace-static-x86_64: Process 841 attached [pid 840] <... prctl resumed>) = 0 [pid 839] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 4, 0 [pid 838] <... mmap resumed>) = 0x7f6220445000 [pid 836] rt_sigprocmask(SIG_SETMASK, [], [pid 835] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 839] <... mmap resumed>) = 0x20000000 [pid 838] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 836] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 299] close(4 [pid 839] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 838] <... mprotect resumed>) = 0 [pid 836] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... close resumed>) = 0 [pid 840] setpgid(0, 0 [pid 839] <... futex resumed>) = 1 [pid 838] rt_sigprocmask(SIG_BLOCK, ~[], [pid 836] <... futex resumed>) = 0 [pid 835] <... futex resumed>) = 0 [pid 299] rmdir("./23/file0" [pid 841] set_robust_list(0x7f62204659a0, 24 [pid 840] <... setpgid resumed>) = 0 [pid 839] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 838] <... rt_sigprocmask resumed>[], 8) = 0 [pid 836] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 835] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... rmdir resumed>) = 0 [pid 839] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 838] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 836] <... futex resumed>) = 0 [pid 835] <... futex resumed>) = 0 [pid 299] getdents64(3, [pid 841] <... set_robust_list resumed>) = 0 [pid 840] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 837] <... ioctl resumed>) = 0 [pid 836] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 299] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 838] <... clone3 resumed> => {parent_tid=[842]}, 88) = 842 [pid 299] close(3 [pid 838] rt_sigprocmask(SIG_SETMASK, [], [pid 299] <... close resumed>) = 0 [pid 838] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 299] rmdir("./23" [pid 838] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 836] <... mmap resumed>) = 0x7f6220424000 [pid 299] <... rmdir resumed>) = 0 [pid 840] <... openat resumed>) = 3 [pid 838] <... futex resumed>) = 0 [pid 299] mkdir("./24", 0777./strace-static-x86_64: Process 842 attached [pid 841] rt_sigprocmask(SIG_SETMASK, [], [pid 840] write(3, "1000", 4 [pid 839] memfd_create("syzkaller", 0 [pid 838] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 837] close(5 [pid 836] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 299] <... mkdir resumed>) = 0 [pid 842] set_robust_list(0x7f62204659a0, 24 [pid 838] <... futex resumed>) = 0 [pid 299] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 838] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 299] <... openat resumed>) = 3 [pid 841] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 840] <... write resumed>) = 4 [pid 838] <... mmap resumed>) = 0x7f6220424000 [pid 836] <... mprotect resumed>) = 0 [pid 299] ioctl(3, LOOP_CLR_FD [pid 838] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 299] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 841] memfd_create("syzkaller", 0 [pid 840] close(3 [pid 838] <... mprotect resumed>) = 0 [pid 836] rt_sigprocmask(SIG_BLOCK, ~[], [pid 299] close(3 [pid 840] <... close resumed>) = 0 [pid 838] rt_sigprocmask(SIG_BLOCK, ~[], [pid 299] <... close resumed>) = 0 [pid 838] <... rt_sigprocmask resumed>[], 8) = 0 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 842] <... set_robust_list resumed>) = 0 [pid 841] <... memfd_create resumed>) = 3 [pid 840] symlink("/dev/binderfs", "./binderfs" [pid 839] <... memfd_create resumed>) = 5 [pid 838] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 837] <... close resumed>) = 0 [pid 836] <... rt_sigprocmask resumed>[], 8) = 0 ./strace-static-x86_64: Process 843 attached [pid 842] rt_sigprocmask(SIG_SETMASK, [], [pid 843] set_robust_list(0x555556cc76a0, 24 [pid 841] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 840] <... symlink resumed>) = 0 [pid 838] <... clone3 resumed> => {parent_tid=[844]}, 88) = 844 [pid 836] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 299] <... clone resumed>, child_tidptr=0x555556cc7690) = 843 [pid 843] <... set_robust_list resumed>) = 0 [pid 838] rt_sigprocmask(SIG_SETMASK, [], [pid 843] chdir("./24" [pid 838] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 843] <... chdir resumed>) = 0 [pid 841] <... mmap resumed>) = 0x7f6218024000 [pid 838] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 843] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 840] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 838] <... futex resumed>) = 0 [pid 843] <... prctl resumed>) = 0 [pid 838] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 843] setpgid(0, 0) = 0 [pid 843] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 840] <... futex resumed>) = 0 [pid 836] <... clone3 resumed> => {parent_tid=[845]}, 88) = 845 [pid 843] <... openat resumed>) = 3 [pid 843] write(3, "1000", 4) = 4 [pid 843] close(3) = 0 [pid 843] symlink("/dev/binderfs", "./binderfs") = 0 [pid 843] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 843] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, NULL, 8) = 0 [pid 841] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 843] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 840] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 836] rt_sigprocmask(SIG_SETMASK, [], [pid 843] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 843] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220445000 [pid 843] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 843] rt_sigprocmask(SIG_BLOCK, ~[], [pid 840] <... rt_sigaction resumed>NULL, 8) = 0 [pid 836] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 843] <... rt_sigprocmask resumed>[], 8) = 0 [pid 843] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} => {parent_tid=[846]}, 88) = 846 ./strace-static-x86_64: Process 845 attached [pid 843] rt_sigprocmask(SIG_SETMASK, [], [pid 845] set_robust_list(0x7f62204449a0, 24 [pid 843] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 845] <... set_robust_list resumed>) = 0 [pid 843] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 845] rt_sigprocmask(SIG_SETMASK, [], [pid 843] <... futex resumed>) = 0 [pid 845] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 843] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 841] <... write resumed>) = 262144 [pid 840] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 836] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 845] creat("./bus", 000 [pid 843] <... futex resumed>) = 0 [pid 841] munmap(0x7f6218024000, 262144 [pid 840] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 836] <... futex resumed>) = 0 [pid 845] <... creat resumed>) = 4 [pid 843] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 841] <... munmap resumed>) = 0 [pid 840] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 836] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 845] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 843] <... mmap resumed>) = 0x7f6220424000 [pid 841] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 840] <... mmap resumed>) = 0x7f6220445000 [pid 837] mkdir(0x20000000, 0777 [pid 840] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 836] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 841] <... openat resumed>) = 5 [pid 840] <... mprotect resumed>) = 0 [pid 836] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 845] <... futex resumed>) = 0 [pid 843] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 845] mount("/dev/loop4", "./bus", NULL, MS_BIND, NULL [pid 843] <... mprotect resumed>) = 0 [pid 841] ioctl(5, LOOP_SET_FD, 3 [pid 840] rt_sigprocmask(SIG_BLOCK, ~[], [pid 836] <... futex resumed>) = 0 [pid 845] <... mount resumed>) = 0 [pid 843] rt_sigprocmask(SIG_BLOCK, ~[], [pid 845] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 843] <... rt_sigprocmask resumed>[], 8) = 0 [pid 840] <... rt_sigprocmask resumed>[], 8) = 0 [pid 836] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 845] <... futex resumed>) = 0 [pid 843] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 845] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 843] <... clone3 resumed> => {parent_tid=[847]}, 88) = 847 [pid 843] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 843] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 843] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 844 attached [pid 844] set_robust_list(0x7f62204449a0, 24) = 0 [pid 844] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 844] creat("./bus", 000) = 3 [pid 844] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 838] <... futex resumed>) = 0 [pid 838] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 838] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 844] <... futex resumed>) = 1 [pid 844] mount("/dev/loop1", "./bus", NULL, MS_BIND, NULL) = 0 [pid 844] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 838] <... futex resumed>) = 0 [pid 844] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 838] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 844] <... open resumed>) = 4 [pid 838] <... futex resumed>) = 0 [pid 844] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 838] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 844] <... futex resumed>) = 0 [pid 838] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 844] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 838] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 844] <... socket resumed>) = 5 [pid 838] <... futex resumed>) = 0 [pid 844] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 838] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 844] <... futex resumed>) = 0 [pid 838] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 844] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 4, 0 [pid 838] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 846 attached [pid 844] <... mmap resumed>) = 0x20000000 [pid 838] <... futex resumed>) = 0 [pid 846] set_robust_list(0x7f62204659a0, 24 [pid 844] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 838] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 846] <... set_robust_list resumed>) = 0 [pid 844] <... futex resumed>) = 0 [pid 838] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 846] rt_sigprocmask(SIG_SETMASK, [], [pid 844] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000144} --- [pid 838] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 846] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 838] <... futex resumed>) = ? [pid 846] memfd_create("syzkaller", 0) = 3 [pid 846] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6218024000 ./strace-static-x86_64: Process 847 attached [pid 847] set_robust_list(0x7f62204449a0, 24) = 0 [pid 847] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 847] creat("./bus", 000) = 4 [pid 846] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 847] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 843] <... futex resumed>) = 0 [pid 847] mount("/dev/loop3", "./bus", NULL, MS_BIND, NULL [pid 843] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 847] <... mount resumed>) = 0 [pid 843] <... futex resumed>) = 0 [pid 847] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 843] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 847] <... futex resumed>) = 0 [pid 843] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 847] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 843] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 840] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 836] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 847] <... open resumed>) = 5 [pid 843] <... futex resumed>) = 0 [pid 847] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 846] <... write resumed>) = 262144 [pid 843] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 837] <... mkdir resumed>) = 0 [pid 836] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 839] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 842] <... rt_sigprocmask resumed>NULL, 8) = -1 (errno 18446744073709551555) ./strace-static-x86_64: Process 848 attached [pid 847] <... futex resumed>) = 0 [pid 845] <... futex resumed>) = 0 [pid 843] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 841] <... ioctl resumed>) = 0 [pid 840] <... clone3 resumed> => {parent_tid=[848]}, 88) = 848 [pid 839] <... mmap resumed>) = 0x7f620fc64000 [pid 836] <... futex resumed>) = 1 [pid 847] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 846] munmap(0x7f6218024000, 262144 [pid 845] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 843] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 840] rt_sigprocmask(SIG_SETMASK, [], [pid 836] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 837] mount("/dev/loop2", 0x20000000, 0x200005c0, MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"... [pid 847] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 846] <... munmap resumed>) = 0 [pid 845] <... open resumed>) = 6 [pid 843] <... futex resumed>) = 0 [pid 839] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 847] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 846] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 845] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 843] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 847] <... socket resumed>) = 6 [pid 846] <... openat resumed>) = 7 [pid 845] <... futex resumed>) = 0 [pid 840] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 836] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 847] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 846] ioctl(7, LOOP_SET_FD, 3 [pid 845] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 848] set_robust_list(0x7f62204659a0, 24 [pid 847] <... futex resumed>) = 1 [pid 843] <... futex resumed>) = 0 [pid 841] close(3 [pid 840] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 839] <... write resumed>) = 65536 [pid 837] <... mount resumed>) = -1 ENODEV (No such device) [pid 836] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 848] <... set_robust_list resumed>) = 0 [pid 841] <... close resumed>) = 0 [pid 840] <... futex resumed>) = 0 [pid 839] munmap(0x7f620fc64000, 65536 [pid 837] ioctl(7, LOOP_CLR_FD [pid 836] <... futex resumed>) = 1 [pid 832] +++ exited with 0 +++ [pid 848] rt_sigprocmask(SIG_SETMASK, [], [pid 841] mkdir("./file0", 0777 [pid 840] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 839] <... munmap resumed>) = 0 [pid 837] <... ioctl resumed>) = 0 [pid 836] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=832, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 848] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 841] <... mkdir resumed>) = 0 [pid 840] <... futex resumed>) = 0 [pid 839] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 837] close(7 [pid 848] memfd_create("syzkaller", 0 [pid 841] mount("/dev/loop4", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 840] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 839] <... openat resumed>) = 8 [pid 837] <... close resumed>) = 0 [pid 848] <... memfd_create resumed>) = 3 [pid 840] <... mmap resumed>) = 0x7f6220424000 [pid 839] ioctl(8, LOOP_SET_FD, 5 [pid 837] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW [pid 848] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 843] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 840] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 839] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 837] <... futex resumed>) = 0 [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 848] <... mmap resumed>) = 0x7f6218024000 [pid 845] <... futex resumed>) = 0 [pid 843] <... futex resumed>) = 0 [pid 842] +++ killed by SIGBUS +++ [pid 840] <... mprotect resumed>) = 0 [pid 839] ioctl(8, LOOP_CLR_FD [pid 837] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 301] openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 848] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 847] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 845] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 843] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 840] rt_sigprocmask(SIG_BLOCK, ~[], [pid 839] <... ioctl resumed>) = 0 [pid 301] <... openat resumed>) = 3 [pid 848] <... write resumed>) = 262144 [pid 847] <... mmap resumed>) = 0x20000000 [pid 845] <... socket resumed>) = 3 [pid 844] +++ killed by SIGBUS +++ [pid 840] <... rt_sigprocmask resumed>[], 8) = 0 [pid 838] +++ killed by SIGBUS +++ [pid 301] newfstatat(3, "", [pid 848] munmap(0x7f6218024000, 262144 [pid 840] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 301] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 848] <... munmap resumed>) = 0 [pid 301] getdents64(3, [pid 848] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 840] <... clone3 resumed> => {parent_tid=[850]}, 88) = 850 [pid 301] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 848] <... openat resumed>) = 4 [pid 840] rt_sigprocmask(SIG_SETMASK, [], [pid 301] umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 848] ioctl(4, LOOP_SET_FD, 3 [pid 840] <... rt_sigprocmask resumed>NULL, 8) = 0 [ 27.881710][ T837] loop2: detected capacity change from 0 to 512 [ 27.890336][ T839] Buffer I/O error on dev loop2, logical block 0, async page read [ 27.907486][ T841] loop4: detected capacity change from 0 to 512 [ 27.916590][ T846] loop3: detected capacity change from 0 to 512 ./strace-static-x86_64: Process 850 attached [pid 847] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 846] <... ioctl resumed>) = 0 [pid 845] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 840] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] <... umount2 resumed>) = 0 [pid 850] set_robust_list(0x7f62204449a0, 24 [pid 847] <... futex resumed>) = 1 [pid 846] close(3 [pid 845] <... futex resumed>) = 1 [pid 843] <... futex resumed>) = 0 [pid 840] <... futex resumed>) = 0 [pid 839] ioctl(8, LOOP_SET_FD, 5 [pid 836] <... futex resumed>) = 0 [pid 301] umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=838, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 850] <... set_robust_list resumed>) = 0 [pid 847] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 846] <... close resumed>) = 0 [pid 845] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 843] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] restart_syscall(<... resuming interrupted clone ...> [pid 850] rt_sigprocmask(SIG_SETMASK, [], [pid 847] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 846] mkdir(0x20000000, 0777 [pid 845] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 843] <... futex resumed>) = 0 [pid 840] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 839] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 836] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] newfstatat(AT_FDCWD, "./24/bus", [pid 297] <... restart_syscall resumed>) = 0 [pid 850] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 847] memfd_create("syzkaller", 0 [pid 846] <... mkdir resumed>) = 0 [pid 845] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 6, 0 [pid 839] close(8 [pid 836] <... futex resumed>) = 0 [pid 301] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 850] creat("./bus", 000 [pid 847] <... memfd_create resumed>) = 3 [pid 846] mount("/dev/loop3", 0x20000000, 0x200005c0, MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"... [pid 845] <... mmap resumed>) = 0x20000000 [pid 839] <... close resumed>) = 0 [pid 836] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] unlink("./24/bus" [pid 850] <... creat resumed>) = 5 [pid 847] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 846] <... mount resumed>) = -1 ENODEV (No such device) [pid 845] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 839] close(5 [pid 836] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 301] <... unlink resumed>) = 0 [pid 297] umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW [pid 850] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 847] <... mmap resumed>) = 0x7f620fc64000 [pid 846] ioctl(7, LOOP_CLR_FD [pid 845] <... futex resumed>) = 0 [pid 839] <... close resumed>) = 0 [pid 836] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 850] <... futex resumed>) = 1 [pid 847] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 846] <... ioctl resumed>) = 0 [pid 845] memfd_create("syzkaller", 0 [pid 840] <... futex resumed>) = 0 [pid 839] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 836] <... futex resumed>) = 0 [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 850] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 847] <... write resumed>) = 65536 [pid 846] close(7 [pid 845] <... memfd_create resumed>) = 7 [pid 840] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 839] <... futex resumed>) = 0 [pid 835] exit_group(0 [pid 301] newfstatat(AT_FDCWD, "./24/binderfs", [pid 297] <... openat resumed>) = 3 [pid 850] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 847] munmap(0x7f620fc64000, 65536 [pid 846] <... close resumed>) = 0 [pid 845] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 840] <... futex resumed>) = 0 [pid 837] <... futex resumed>) = ? [pid 835] <... exit_group resumed>) = ? [pid 301] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] newfstatat(3, "", [pid 850] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 847] <... munmap resumed>) = 0 [pid 846] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 845] <... mmap resumed>) = 0x7f620fc64000 [pid 840] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 837] +++ exited with 0 +++ [pid 301] unlink("./24/binderfs" [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 850] <... mount resumed>) = 0 [pid 848] <... ioctl resumed>) = 0 [pid 847] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 848] close(3) = 0 [pid 848] mkdir("./file0", 0777) = 0 [pid 848] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 846] <... futex resumed>) = 0 [pid 301] <... unlink resumed>) = 0 [pid 297] getdents64(3, [pid 850] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 847] <... openat resumed>) = 7 [pid 846] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 301] umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 850] <... futex resumed>) = 1 [pid 847] ioctl(7, LOOP_SET_FD, 3 [pid 840] <... futex resumed>) = 0 [pid 297] <... getdents64 resumed>0x555556cc8730 /* 4 entries */, 32768) = 104 [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 850] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 847] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 840] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] newfstatat(AT_FDCWD, "./24/file0", [pid 297] umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 850] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 847] ioctl(7, LOOP_CLR_FD [pid 840] <... futex resumed>) = 0 [pid 301] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 850] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 847] <... ioctl resumed>) = 0 [pid 840] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] <... umount2 resumed>) = 0 [pid 850] <... open resumed>) = 3 [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 850] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 850] <... futex resumed>) = 1 [pid 840] <... futex resumed>) = 0 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 850] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 840] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] <... openat resumed>) = 4 [pid 297] newfstatat(AT_FDCWD, "./28/bus", [pid 850] <... socket resumed>) = 6 [pid 845] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 840] <... futex resumed>) = 0 [pid 301] newfstatat(4, "", [pid 297] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 27.933972][ T848] loop0: detected capacity change from 0 to 512 [ 27.965619][ T849] EXT4-fs warning (device loop4): kmmpd:170: kmmpd being stopped since MMP feature has been disabled. [ 27.975466][ T841] EXT4-fs (loop4): revision level too high, forcing read-only mode [pid 850] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 845] <... write resumed>) = 65536 [pid 840] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] unlink("./28/bus" [pid 850] <... futex resumed>) = 0 [pid 847] ioctl(7, LOOP_SET_FD, 3 [pid 845] munmap(0x7f620fc64000, 65536 [pid 840] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 301] getdents64(4, [pid 297] <... unlink resumed>) = 0 [pid 839] +++ exited with 0 +++ [pid 835] +++ exited with 0 +++ [pid 848] <... mount resumed>) = 0 [pid 848] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 7 [pid 848] chdir("./file0") = 0 [pid 848] ioctl(4, LOOP_CLR_FD) = 0 [pid 848] close(4) = 0 [pid 848] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 848] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 850] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 847] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 845] <... munmap resumed>) = 0 [pid 840] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 297] umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 847] close(7 [pid 845] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 840] <... futex resumed>) = 1 [pid 301] getdents64(4, [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=835, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 845] <... openat resumed>) = 8 [pid 301] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 845] ioctl(8, LOOP_SET_FD, 7 [pid 301] close(4 [pid 845] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 301] <... close resumed>) = 0 [pid 845] ioctl(8, LOOP_CLR_FD [pid 301] rmdir("./24/file0" [pid 845] <... ioctl resumed>) = 0 [pid 301] <... rmdir resumed>) = 0 [pid 301] getdents64(3, 0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 301] close(3) = 0 [pid 301] rmdir("./24") = 0 [pid 301] mkdir("./25", 0777 [pid 845] ioctl(8, LOOP_SET_FD, 7 [pid 301] <... mkdir resumed>) = 0 [pid 845] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 301] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 845] close(8 [pid 301] <... openat resumed>) = 3 [pid 847] <... close resumed>) = 0 [pid 845] <... close resumed>) = 0 [pid 840] futex(0x7f62205316cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] ioctl(3, LOOP_CLR_FD [pid 298] umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] newfstatat(AT_FDCWD, "./28/binderfs", [pid 847] close(3 [pid 297] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 847] <... close resumed>) = 0 [pid 845] close(7 [pid 301] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 297] unlink("./28/binderfs" [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 845] <... close resumed>) = 0 [pid 301] close(3 [pid 297] <... unlink resumed>) = 0 [pid 298] openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 847] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 845] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] <... close resumed>) = 0 [pid 298] <... openat resumed>) = 3 [pid 847] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 298] newfstatat(3, "", [pid 297] getdents64(3, [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 298] getdents64(3, [pid 297] close(3 [pid 845] <... futex resumed>) = 0 [pid 301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 298] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 128 [pid 297] <... close resumed>) = 0 [pid 845] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 843] exit_group(0 [pid 298] umount2("./23/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] rmdir("./28" [pid 847] <... futex resumed>) = ? [pid 846] <... futex resumed>) = ? [pid 843] <... exit_group resumed>) = ? [pid 301] <... clone resumed>, child_tidptr=0x555556cc7690) = 854 [pid 847] +++ exited with 0 +++ [pid 846] +++ exited with 0 +++ [pid 298] <... umount2 resumed>) = 0 [pid 298] umount2("./23/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] <... rmdir resumed>) = 0 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./23/bus", [pid 297] mkdir("./29", 0777 [pid 298] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] <... mkdir resumed>) = 0 [pid 298] unlink("./23/bus" [pid 297] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 298] <... unlink resumed>) = 0 [pid 297] <... openat resumed>) = 3 [pid 298] umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] ioctl(3, LOOP_CLR_FD [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 298] newfstatat(AT_FDCWD, "./23/binderfs", [pid 297] close(3 [pid 298] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] <... close resumed>) = 0 [pid 298] unlink("./23/binderfs" [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 298] <... unlink resumed>) = 0 [pid 298] umount2("./23/ext4", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] <... clone resumed>, child_tidptr=0x555556cc7690) = 855 ./strace-static-x86_64: Process 855 attached [pid 855] set_robust_list(0x555556cc76a0, 24) = 0 [pid 855] chdir("./29") = 0 [pid 855] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 855] setpgid(0, 0) = 0 [pid 855] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 855] write(3, "1000", 4) = 4 [pid 855] close(3) = 0 [pid 855] symlink("/dev/binderfs", "./binderfs" [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./23/ext4", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] umount2("./23/ext4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./23/ext4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 298] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(4, 0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 298] getdents64(4, 0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 298] close(4 [pid 855] <... symlink resumed>) = 0 [pid 855] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 855] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, NULL, 8) = 0 [pid 855] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 855] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220445000 [pid 855] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 855] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 855] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 298] <... close resumed>) = 0 [pid 855] <... clone3 resumed> => {parent_tid=[856]}, 88) = 856 [pid 855] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 855] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 855] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 855] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220424000 [pid 855] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 855] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 855] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} => {parent_tid=[857]}, 88) = 857 [pid 855] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 855] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 855] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 856 attached [pid 856] set_robust_list(0x7f62204659a0, 24 [pid 298] rmdir("./23/ext4" [pid 856] <... set_robust_list resumed>) = 0 [pid 856] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 856] memfd_create("syzkaller", 0 [pid 298] <... rmdir resumed>) = 0 [pid 298] getdents64(3, 0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 298] close(3 [pid 856] <... memfd_create resumed>) = 3 [pid 298] <... close resumed>) = 0 [pid 298] rmdir("./23" [pid 856] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6218024000 [pid 298] <... rmdir resumed>) = 0 [pid 298] mkdir("./24", 0777) = 0 [pid 298] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 856] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 298] <... openat resumed>) = 3 [ 27.986252][ T841] EXT4-fs error (device loop4): ext4_init_orphan_info:586: comm syz-executor172: inode #0: comm syz-executor172: iget: illegal inode # [ 27.988929][ T848] EXT4-fs (loop0): mounted filesystem without journal. Opts: nodiscard,barrier,nouid32,grpquota,,errors=continue. Quota mode: writeback. [ 28.001076][ T841] EXT4-fs (loop4): get orphan inode failed [ 28.014597][ T848] ext4 filesystem being mounted at /root/syzkaller.sY6u5M/22/file0 supports timestamps until 2038 (0x7fffffff) [ 28.022236][ T841] EXT4-fs (loop4): mount failed [pid 298] ioctl(3, LOOP_CLR_FD [pid 856] <... write resumed>) = 262144 [pid 856] munmap(0x7f6218024000, 262144) = 0 [pid 856] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 856] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 857 attached ./strace-static-x86_64: Process 854 attached [pid 848] <... futex resumed>) = 0 [pid 841] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 298] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 298] close(3) = 0 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cc7690) = 858 [pid 848] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 3, 0) = 0x20000000 [pid 848] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 840] <... futex resumed>) = 0 [pid 840] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 848] <... futex resumed>) = 1 [pid 848] memfd_create("syzkaller", 0) = 4 [pid 848] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0./strace-static-x86_64: Process 858 attached [pid 856] <... ioctl resumed>) = 0 [pid 858] set_robust_list(0x555556cc76a0, 24 [pid 857] set_robust_list(0x7f62204449a0, 24 [pid 856] close(3 [pid 854] set_robust_list(0x555556cc76a0, 24 [pid 848] <... mmap resumed>) = 0x7f620fc64000 [pid 841] ioctl(5, LOOP_CLR_FD [pid 848] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 841] <... ioctl resumed>) = 0 [pid 841] close(5) = 0 [pid 841] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 841] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 836] exit_group(0 [pid 845] <... futex resumed>) = ? [pid 836] <... exit_group resumed>) = ? [pid 845] +++ exited with 0 +++ [pid 841] <... futex resumed>) = ? [pid 848] <... write resumed>) = 65536 [pid 848] munmap(0x7f620fc64000, 65536) = 0 [pid 843] +++ exited with 0 +++ [pid 848] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=843, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 848] <... openat resumed>) = 8 [pid 848] ioctl(8, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 848] ioctl(8, LOOP_CLR_FD) = 0 [pid 299] umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 299] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 848] ioctl(8, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 848] close(8 [pid 299] getdents64(3, [pid 848] <... close resumed>) = 0 [pid 848] close(4) = 0 [pid 848] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 848] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 299] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 128 [pid 840] exit_group(0 [pid 848] <... futex resumed>) = ? [pid 840] <... exit_group resumed>) = ? [pid 848] +++ exited with 0 +++ [pid 850] <... futex resumed>) = ? [pid 299] umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 841] +++ exited with 0 +++ [pid 836] +++ exited with 0 +++ [pid 850] +++ exited with 0 +++ [pid 840] +++ exited with 0 +++ [pid 300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=836, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=840, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- [pid 300] umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] <... umount2 resumed>) = 0 [pid 296] umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 299] umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 300] newfstatat(3, "", [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 300] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] newfstatat(AT_FDCWD, "./24/bus", [pid 300] getdents64(3, [pid 299] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] <... openat resumed>) = 3 [pid 300] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 299] unlink("./24/bus" [pid 296] newfstatat(3, "", [pid 300] umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] <... unlink resumed>) = 0 [pid 299] umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 300] <... umount2 resumed>) = 0 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] getdents64(3, [pid 300] umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] newfstatat(AT_FDCWD, "./24/binderfs", [pid 854] <... set_robust_list resumed>) = 0 [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 300] newfstatat(AT_FDCWD, "./24/bus", [pid 299] unlink("./24/binderfs" [pid 858] <... set_robust_list resumed>) = 0 [pid 854] chdir("./25" [pid 300] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] umount2("./22/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 858] chdir("./24" [pid 854] <... chdir resumed>) = 0 [pid 300] unlink("./24/bus" [pid 299] <... unlink resumed>) = 0 [pid 296] <... umount2 resumed>) = 0 [pid 858] <... chdir resumed>) = 0 [pid 857] <... set_robust_list resumed>) = 0 [pid 856] <... close resumed>) = 0 [pid 854] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 858] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 857] rt_sigprocmask(SIG_SETMASK, [], [pid 856] mkdir("./file0", 0777 [pid 854] <... prctl resumed>) = 0 [pid 300] <... unlink resumed>) = 0 [pid 299] umount2("./24/ext4", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] umount2("./22/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 858] <... prctl resumed>) = 0 [pid 858] setpgid(0, 0) = 0 [pid 858] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 858] write(3, "1000", 4) = 4 [pid 858] close(3 [pid 300] umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 858] <... close resumed>) = 0 [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./24/ext4", [pid 296] newfstatat(AT_FDCWD, "./22/bus", [pid 858] symlink("/dev/binderfs", "./binderfs" [pid 300] newfstatat(AT_FDCWD, "./24/binderfs", [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 858] <... symlink resumed>) = 0 [pid 300] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] umount2("./24/ext4", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 858] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] unlink("./24/binderfs" [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] unlink("./22/bus" [pid 858] <... futex resumed>) = 0 [pid 300] <... unlink resumed>) = 0 [pid 299] openat(AT_FDCWD, "./24/ext4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 858] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 300] umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] <... openat resumed>) = 4 [pid 296] <... unlink resumed>) = 0 [pid 858] <... rt_sigaction resumed>NULL, 8) = 0 [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(4, "", [pid 296] umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 858] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 300] newfstatat(AT_FDCWD, "./24/file0", [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 858] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 858] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220445000 [pid 296] newfstatat(AT_FDCWD, "./22/binderfs", [pid 858] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 300] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] getdents64(4, [pid 858] <... mprotect resumed>) = 0 [pid 300] umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 296] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 858] rt_sigprocmask(SIG_BLOCK, ~[], [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] getdents64(4, [pid 296] unlink("./22/binderfs" [pid 858] <... rt_sigprocmask resumed>[], 8) = 0 [pid 300] openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 299] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 858] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 300] <... openat resumed>) = 4 [pid 299] close(4 [pid 296] <... unlink resumed>) = 0 [pid 300] newfstatat(4, "", [pid 299] <... close resumed>) = 0 [pid 858] <... clone3 resumed> => {parent_tid=[859]}, 88) = 859 [pid 300] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] rmdir("./24/ext4" [pid 296] umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 858] rt_sigprocmask(SIG_SETMASK, [], [pid 300] getdents64(4, [pid 858] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 855] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 300] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 299] <... rmdir resumed>) = 0 [pid 858] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 855] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0} [pid 854] setpgid(0, 0 [pid 300] getdents64(4, [pid 299] getdents64(3, [pid 858] <... futex resumed>) = 0 [pid 855] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 300] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 299] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 858] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 855] futex(0x7f62205316ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] close(4 [pid 299] close(3 [pid 858] <... futex resumed>) = 0 [pid 855] <... futex resumed>) = 0 [pid 300] <... close resumed>) = 0 [pid 858] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 855] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 300] rmdir("./24/file0" [pid 299] <... close resumed>) = 0 [pid 858] <... mmap resumed>) = 0x7f6220424000 [pid 855] <... mmap resumed>) = 0x7f6218043000 [pid 858] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 855] mprotect(0x7f6218044000, 131072, PROT_READ|PROT_WRITE [pid 300] <... rmdir resumed>) = 0 [pid 299] rmdir("./24" [pid 858] <... mprotect resumed>) = 0 [pid 855] <... mprotect resumed>) = 0 [pid 854] <... setpgid resumed>) = 0 [pid 300] getdents64(3, [pid 858] rt_sigprocmask(SIG_BLOCK, ~[], [pid 857] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 856] <... mkdir resumed>) = 0 [pid 855] rt_sigprocmask(SIG_BLOCK, ~[], [pid 300] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 299] <... rmdir resumed>) = 0 [pid 858] <... rt_sigprocmask resumed>[], 8) = 0 [pid 857] creat("./bus", 000 [pid 856] mount("/dev/loop1", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 855] <... rt_sigprocmask resumed>[], 8) = 0 [pid 854] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 300] close(3 [pid 299] mkdir("./25", 0777 [pid 858] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 855] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6218063990, parent_tid=0x7f6218063990, exit_signal=0, stack=0x7f6218043000, stack_size=0x20300, tls=0x7f62180636c0} [pid 300] <... close resumed>) = 0 [pid 854] <... openat resumed>) = 3 [pid 300] rmdir("./24" [pid 299] <... mkdir resumed>) = 0 [pid 858] <... clone3 resumed> => {parent_tid=[860]}, 88) = 860 [pid 857] <... creat resumed>) = 3 [pid 855] <... clone3 resumed> => {parent_tid=[861]}, 88) = 861 [pid 858] rt_sigprocmask(SIG_SETMASK, [], [pid 855] rt_sigprocmask(SIG_SETMASK, [], [pid 857] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 854] write(3, "1000", 4 [pid 300] <... rmdir resumed>) = 0 [pid 299] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 858] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 857] <... futex resumed>) = 0 [pid 855] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 854] <... write resumed>) = 4 [pid 300] mkdir("./25", 0777 [pid 858] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 857] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 855] futex(0x7f62205316e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 854] close(3 [pid 299] <... openat resumed>) = 3 [pid 858] <... futex resumed>) = 0 [pid 855] <... futex resumed>) = 0 [pid 854] <... close resumed>) = 0 [pid 300] <... mkdir resumed>) = 0 [pid 299] ioctl(3, LOOP_CLR_FD [pid 858] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 855] futex(0x7f62205316ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 854] symlink("/dev/binderfs", "./binderfs" [pid 300] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 299] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 854] <... symlink resumed>) = 0 [pid 299] close(3) = 0 [pid 854] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 854] <... futex resumed>) = 0 ./strace-static-x86_64: Process 861 attached [pid 861] set_robust_list(0x7f62180639a0, 24) = 0 [pid 854] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 299] <... clone resumed>, child_tidptr=0x555556cc7690) = 862 [pid 854] <... rt_sigaction resumed>NULL, 8) = 0 [pid 854] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 854] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220445000 [pid 854] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 861] rt_sigprocmask(SIG_SETMASK, [], [pid 854] <... mprotect resumed>) = 0 [pid 861] <... rt_sigprocmask resumed>NULL, 8) = 0 [ 28.067513][ T856] loop1: detected capacity change from 0 to 512 [pid 854] rt_sigprocmask(SIG_BLOCK, ~[], [pid 861] mount("/dev/loop1", "./bus", NULL, MS_BIND, NULL [pid 854] <... rt_sigprocmask resumed>[], 8) = 0 [pid 861] <... mount resumed>) = 0 [pid 854] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0}./strace-static-x86_64: Process 860 attached [pid 861] futex(0x7f62205316ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 860] set_robust_list(0x7f62204449a0, 24 [pid 855] <... futex resumed>) = 0 [pid 300] <... openat resumed>) = 3 [pid 861] futex(0x7f62205316e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 860] <... set_robust_list resumed>) = 0 [pid 855] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 860] rt_sigprocmask(SIG_SETMASK, [], [pid 855] <... futex resumed>) = 1 [pid 860] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 855] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 860] creat("./bus", 000) = 3 [pid 300] ioctl(3, LOOP_CLR_FD [pid 296] <... umount2 resumed>) = 0 [pid 860] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 858] <... futex resumed>) = 0 [pid 860] mount("/dev/loop2", "./bus", NULL, MS_BIND, NULL [pid 858] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 860] <... mount resumed>) = 0 [pid 858] <... futex resumed>) = 0 [pid 860] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 858] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 300] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 296] umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 860] <... futex resumed>) = 0 [pid 858] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 860] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 858] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] close(3 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 860] <... open resumed>) = 4 [pid 858] <... futex resumed>) = 0 [pid 300] <... close resumed>) = 0 [pid 296] newfstatat(AT_FDCWD, "./22/file0", [pid 860] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 858] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 854] <... clone3 resumed> => {parent_tid=[863]}, 88) = 863 [pid 860] <... futex resumed>) = 0 [pid 858] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 857] <... futex resumed>) = 0 [pid 860] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 858] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 857] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 854] rt_sigprocmask(SIG_SETMASK, [], [pid 296] umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 860] <... socket resumed>) = 5 [pid 858] <... futex resumed>) = 0 [pid 857] <... open resumed>) = 5 [pid 854] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 860] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 858] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 860] <... futex resumed>) = 0 [pid 858] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 860] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 4, 0 [pid 858] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 860] <... mmap resumed>) = 0x20000000 [pid 858] <... futex resumed>) = 0 [pid 857] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 854] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] <... clone resumed>, child_tidptr=0x555556cc7690) = 865 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 860] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 858] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 860] <... futex resumed>) = 0 [pid 858] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 296] openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 860] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000144} --- [pid 858] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... openat resumed>) = 4 [pid 858] <... futex resumed>) = ? [pid 296] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] getdents64(4, ./strace-static-x86_64: Process 859 attached 0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 854] <... futex resumed>) = 0 [pid 296] getdents64(4, [pid 854] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 857] <... futex resumed>) = 1 [pid 855] <... futex resumed>) = 0 [pid 296] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 855] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 854] <... futex resumed>) = 0 [pid 296] close(4 [pid 855] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 854] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 296] <... close resumed>) = 0 [pid 857] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 854] <... mmap resumed>) = 0x7f6220424000 [pid 296] rmdir("./22/file0" [pid 857] <... socket resumed>) = 6 [pid 854] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE./strace-static-x86_64: Process 862 attached [pid 862] set_robust_list(0x555556cc76a0, 24 [pid 854] <... mprotect resumed>) = 0 [pid 296] <... rmdir resumed>) = 0 [pid 854] rt_sigprocmask(SIG_BLOCK, ~[], [pid 857] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 854] <... rt_sigprocmask resumed>[], 8) = 0 [pid 296] getdents64(3, [pid 854] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 296] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 854] <... clone3 resumed> => {parent_tid=[867]}, 88) = 867 [pid 296] close(3 [pid 854] rt_sigprocmask(SIG_SETMASK, [], [pid 857] <... futex resumed>) = 1 [pid 855] <... futex resumed>) = 0 [pid 854] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 296] <... close resumed>) = 0 [pid 857] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 855] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 857] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 855] <... futex resumed>) = 0 [pid 854] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] rmdir("./22" [pid 857] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 855] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 854] <... futex resumed>) = 0 [pid 296] <... rmdir resumed>) = 0 [pid 854] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 857] <... mmap resumed>) = 0x20000000 [pid 296] mkdir("./23", 0777 [pid 857] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 862] <... set_robust_list resumed>) = 0 [pid 862] chdir("./25") = 0 [pid 857] <... futex resumed>) = 1 [pid 855] <... futex resumed>) = 0 [pid 296] <... mkdir resumed>) = 0 [pid 862] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 857] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 855] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 862] <... prctl resumed>) = 0 [pid 857] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 855] <... futex resumed>) = 0 [pid 862] setpgid(0, 0 [pid 857] memfd_create("syzkaller", 0 [pid 296] <... openat resumed>) = 3 [pid 862] <... setpgid resumed>) = 0 [pid 857] <... memfd_create resumed>) = 7 [pid 296] ioctl(3, LOOP_CLR_FD [pid 862] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 857] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 296] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 862] <... openat resumed>) = 3 [pid 857] <... mmap resumed>) = 0x7f620fc43000 [pid 296] close(3 [pid 862] write(3, "1000", 4) = 4 [pid 862] close(3./strace-static-x86_64: Process 867 attached ./strace-static-x86_64: Process 865 attached ./strace-static-x86_64: Process 863 attached ) = 0 [pid 857] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 296] <... close resumed>) = 0 [pid 867] set_robust_list(0x7f62204449a0, 24 [pid 865] set_robust_list(0x555556cc76a0, 24 [pid 863] set_robust_list(0x7f62204659a0, 24 [pid 857] <... write resumed>) = 65536 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 867] <... set_robust_list resumed>) = 0 [pid 865] <... set_robust_list resumed>) = 0 [pid 863] <... set_robust_list resumed>) = 0 [pid 857] munmap(0x7f620fc43000, 65536 [pid 867] rt_sigprocmask(SIG_SETMASK, [], [pid 865] chdir("./25" [pid 863] rt_sigprocmask(SIG_SETMASK, [], [pid 860] +++ killed by SIGBUS +++ [pid 857] <... munmap resumed>) = 0 [pid 296] <... clone resumed>, child_tidptr=0x555556cc7690) = 868 [pid 867] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 865] <... chdir resumed>) = 0 [pid 863] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 867] creat("./bus", 000 [pid 865] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 863] memfd_create("syzkaller", 0 [pid 859] +++ killed by SIGBUS +++ [pid 858] +++ killed by SIGBUS +++ [pid 867] <... creat resumed>) = 4 [pid 865] <... prctl resumed>) = 0 [pid 863] <... memfd_create resumed>) = 3 [pid 867] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 865] setpgid(0, 0 [pid 863] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=858, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 867] <... futex resumed>) = 1 [pid 854] <... futex resumed>) = 0 [pid 298] restart_syscall(<... resuming interrupted clone ...> [pid 867] mount("/dev/loop5", "./bus", NULL, MS_BIND, NULL [pid 865] <... setpgid resumed>) = 0 [pid 863] <... mmap resumed>) = 0x7f6218024000 [pid 854] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 867] <... mount resumed>) = 0 [pid 865] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 863] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 265740 [pid 854] <... futex resumed>) = 0 [pid 298] <... restart_syscall resumed>) = 0 [pid 867] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 865] <... openat resumed>) = 3 [pid 863] <... write resumed>) = 265740 [pid 862] symlink("/dev/binderfs", "./binderfs" [pid 854] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 867] <... futex resumed>) = 0 [pid 865] write(3, "1000", 4 [pid 854] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 867] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 865] <... write resumed>) = 4 [pid 854] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 867] <... open resumed>) = 5 [pid 865] close(3 [pid 863] munmap(0x7f6218024000, 265740 [pid 854] <... futex resumed>) = 0 [pid 298] umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW [pid 867] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 865] <... close resumed>) = 0 [pid 863] <... munmap resumed>) = 0 [pid 854] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 867] <... futex resumed>) = 0 [pid 865] symlink("/dev/binderfs", "./binderfs" [pid 854] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 867] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 865] <... symlink resumed>) = 0 [pid 863] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 854] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 867] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 865] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 863] <... openat resumed>) = 6 [pid 854] <... futex resumed>) = 0 [pid 298] openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 867] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 865] <... futex resumed>) = 0 [pid 863] ioctl(6, LOOP_SET_FD, 3 [pid 854] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] <... openat resumed>) = 3 [pid 867] <... socket resumed>) = 7 [pid 865] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 298] newfstatat(3, "", [pid 867] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 865] <... rt_sigaction resumed>NULL, 8) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 867] <... futex resumed>) = 1 [pid 865] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 854] <... futex resumed>) = 0 [pid 298] getdents64(3, [pid 867] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 865] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 857] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 854] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 867] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 865] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 862] <... symlink resumed>) = 0 [pid 857] <... openat resumed>) = 8 [pid 854] <... futex resumed>) = 0 [pid 298] <... getdents64 resumed>0x555556cc8730 /* 4 entries */, 32768) = 104 [pid 867] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 865] <... mmap resumed>) = 0x7f6220445000 [pid 857] ioctl(8, LOOP_SET_FD, 7 [pid 854] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 867] <... mmap resumed>) = 0x20000000 [pid 865] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 862] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 857] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 298] umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 867] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 865] <... mprotect resumed>) = 0 [pid 867] <... futex resumed>) = 1 [pid 865] rt_sigprocmask(SIG_BLOCK, ~[], [pid 862] <... futex resumed>) = 0 [pid 857] ioctl(8, LOOP_CLR_FD [pid 854] <... futex resumed>) = 0 [pid 298] <... umount2 resumed>) = 0 [pid 867] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 865] <... rt_sigprocmask resumed>[], 8) = 0 [pid 857] <... ioctl resumed>) = 0 [pid 854] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 867] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 865] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 854] <... futex resumed>) = 0 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 862] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 298] newfstatat(AT_FDCWD, "./24/bus", [pid 862] <... rt_sigaction resumed>NULL, 8) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 862] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 298] unlink("./24/bus" [pid 862] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 298] <... unlink resumed>) = 0 [pid 862] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 298] umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 862] <... mmap resumed>) = 0x7f6220445000 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 862] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 298] newfstatat(AT_FDCWD, "./24/binderfs", [pid 862] <... mprotect resumed>) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 862] rt_sigprocmask(SIG_BLOCK, ~[], [pid 298] unlink("./24/binderfs" [pid 862] <... rt_sigprocmask resumed>[], 8) = 0 [pid 298] <... unlink resumed>) = 0 [pid 862] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 298] getdents64(3, 0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 862] <... clone3 resumed> => {parent_tid=[869]}, 88) = 869 [pid 298] close(3 [pid 862] rt_sigprocmask(SIG_SETMASK, [], [pid 298] <... close resumed>) = 0 [pid 862] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 298] rmdir("./24" [pid 862] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... rmdir resumed>) = 0 [pid 862] <... futex resumed>) = 0 [pid 298] mkdir("./25", 0777 [pid 862] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... mkdir resumed>) = 0 [pid 862] <... futex resumed>) = 0 [pid 298] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 862] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 298] <... openat resumed>) = 3 ./strace-static-x86_64: Process 870 attached ./strace-static-x86_64: Process 869 attached [pid 862] <... mmap resumed>) = 0x7f6220424000 [ 28.148857][ T856] EXT4-fs (loop1): revision level too high, forcing read-only mode [ 28.163983][ T863] loop5: detected capacity change from 0 to 519 [ 28.173102][ T867] Buffer I/O error on dev loop5, logical block 0, async page read [ 28.181796][ T867] Buffer I/O error on dev loop5, logical block 0, async page read [pid 298] ioctl(3, LOOP_CLR_FD./strace-static-x86_64: Process 868 attached [pid 870] set_robust_list(0x7f62204659a0, 24 [pid 869] set_robust_list(0x7f62204659a0, 24 [pid 867] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000144} --- [pid 865] <... clone3 resumed> => {parent_tid=[870]}, 88) = 870 [pid 863] <... ioctl resumed>) = 870 [pid 862] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 298] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 868] set_robust_list(0x555556cc76a0, 24 [pid 865] rt_sigprocmask(SIG_SETMASK, [], [pid 857] ioctl(8, LOOP_SET_FD, 7 [pid 868] <... set_robust_list resumed>) = 0 [pid 865] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 863] +++ killed by SIGBUS +++ [pid 857] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 868] chdir("./23" [pid 865] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 857] close(8 [pid 868] <... chdir resumed>) = 0 [pid 865] <... futex resumed>) = 0 [pid 857] <... close resumed>) = 0 [pid 868] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 865] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 857] close(7 [pid 868] <... prctl resumed>) = 0 [pid 865] <... futex resumed>) = 0 [pid 857] <... close resumed>) = 0 [pid 868] setpgid(0, 0 [pid 865] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 857] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 868] <... setpgid resumed>) = 0 [pid 865] <... mmap resumed>) = 0x7f6220424000 [pid 857] <... futex resumed>) = 0 [pid 868] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 865] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 857] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 868] <... openat resumed>) = 3 [pid 865] <... mprotect resumed>) = 0 [pid 868] write(3, "1000", 4 [pid 865] rt_sigprocmask(SIG_BLOCK, ~[], [pid 868] <... write resumed>) = 4 [pid 865] <... rt_sigprocmask resumed>[], 8) = 0 [pid 868] close(3 [pid 865] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 868] <... close resumed>) = 0 [pid 868] symlink("/dev/binderfs", "./binderfs" [pid 865] <... clone3 resumed> => {parent_tid=[871]}, 88) = 871 [pid 868] <... symlink resumed>) = 0 [pid 865] rt_sigprocmask(SIG_SETMASK, [], [pid 868] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 865] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 868] <... futex resumed>) = 0 [pid 865] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 868] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 865] <... futex resumed>) = 0 [pid 868] <... rt_sigaction resumed>NULL, 8) = 0 [pid 865] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 868] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 868] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220445000 [pid 868] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 868] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 868] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} => {parent_tid=[872]}, 88) = 872 [pid 868] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 868] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 868] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 868] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220424000 [pid 868] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 868] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 868] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} => {parent_tid=[873]}, 88) = 873 [pid 868] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 868] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 868] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 867] +++ killed by SIGBUS +++ [pid 862] <... mprotect resumed>) = 0 [pid 854] +++ killed by SIGBUS +++ [pid 298] close(3 [pid 301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=854, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- [pid 298] <... close resumed>) = 0 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 870] <... set_robust_list resumed>) = 0 [pid 301] umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW [pid 862] rt_sigprocmask(SIG_BLOCK, ~[], [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] <... clone resumed>, child_tidptr=0x555556cc7690) = 874 [pid 862] <... rt_sigprocmask resumed>[], 8) = 0 [pid 301] openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 862] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 301] <... openat resumed>) = 3 [pid 301] newfstatat(3, "", [pid 862] <... clone3 resumed> => {parent_tid=[875]}, 88) = 875 [pid 301] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 862] rt_sigprocmask(SIG_SETMASK, [], [pid 301] getdents64(3, [pid 869] <... set_robust_list resumed>) = 0 [pid 301] <... getdents64 resumed>0x555556cc8730 /* 4 entries */, 32768) = 104 [pid 869] rt_sigprocmask(SIG_SETMASK, [], [pid 301] umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 869] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 869] memfd_create("syzkaller", 0 [pid 301] <... umount2 resumed>) = 0 [pid 869] <... memfd_create resumed>) = 3 [pid 301] umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 301] newfstatat(AT_FDCWD, "./25/bus", [pid 869] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 301] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 301] unlink("./25/bus" [pid 869] <... mmap resumed>) = 0x7f6218024000 [pid 862] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 869] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 862] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] <... unlink resumed>) = 0 [pid 862] <... futex resumed>) = 0 [pid 301] umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 862] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 301] newfstatat(AT_FDCWD, "./25/binderfs", [pid 869] <... write resumed>) = 262144 [pid 301] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 301] unlink("./25/binderfs" [pid 869] munmap(0x7f6218024000, 262144 [pid 301] <... unlink resumed>) = 0 [pid 301] getdents64(3, 0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 301] close(3) = 0 [pid 301] rmdir("./25" [pid 869] <... munmap resumed>) = 0 [pid 869] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 869] ioctl(4, LOOP_SET_FD, 3 [pid 301] <... rmdir resumed>) = 0 ./strace-static-x86_64: Process 874 attached [pid 870] rt_sigprocmask(SIG_SETMASK, [], [pid 301] mkdir("./26", 0777) = 0 [pid 301] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 869] <... ioctl resumed>) = 0 [pid 869] close(3) = 0 [pid 869] mkdir("./file0", 0777 [pid 870] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 874] set_robust_list(0x555556cc76a0, 24) = 0 [pid 870] memfd_create("syzkaller", 0 [pid 869] <... mkdir resumed>) = 0 [pid 869] mount("/dev/loop3", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue"./strace-static-x86_64: Process 875 attached [pid 874] chdir("./25" [pid 870] <... memfd_create resumed>) = 3 [pid 870] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 875] set_robust_list(0x7f62204449a0, 24 [pid 874] <... chdir resumed>) = 0 [pid 870] <... mmap resumed>) = 0x7f6218024000 [pid 874] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 875] <... set_robust_list resumed>) = 0 ./strace-static-x86_64: Process 871 attached [pid 871] set_robust_list(0x7f62204449a0, 24) = 0 [pid 871] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 871] creat("./bus", 000 [pid 870] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 871] <... creat resumed>) = 4 [pid 871] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 865] <... futex resumed>) = 0 [pid 874] <... prctl resumed>) = 0 [pid 865] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 874] setpgid(0, 0 [pid 865] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 871] <... futex resumed>) = 1 [pid 871] mount("/dev/loop4", "./bus", NULL, MS_BIND, NULL) = 0 [pid 870] <... write resumed>) = 262144 [pid 874] <... setpgid resumed>) = 0 [pid 871] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 865] <... futex resumed>) = 0 [pid 865] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 865] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 871] <... futex resumed>) = 1 [pid 871] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 874] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 871] <... open resumed>) = 5 [pid 871] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 874] <... openat resumed>) = 3 [pid 865] <... futex resumed>) = 0 [pid 865] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 865] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 874] write(3, "1000", 4) = 4 [pid 875] rt_sigprocmask(SIG_SETMASK, [], [pid 870] munmap(0x7f6218024000, 262144 [pid 871] <... futex resumed>) = 1 [pid 871] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE) = 6 [pid 871] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 865] <... futex resumed>) = 0 [pid 874] close(3 [pid 865] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 865] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 871] <... futex resumed>) = 1 [pid 871] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000 [pid 874] <... close resumed>) = 0 [pid 871] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 874] symlink("/dev/binderfs", "./binderfs" [pid 865] <... futex resumed>) = 0 [pid 865] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 871] <... futex resumed>) = 1 [pid 874] <... symlink resumed>) = 0 [pid 875] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 874] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 875] creat("./bus", 000 [pid 874] <... futex resumed>) = 0 [pid 870] <... munmap resumed>) = 0 ./strace-static-x86_64: Process 873 attached ./strace-static-x86_64: Process 872 attached [pid 875] <... creat resumed>) = 3 [pid 874] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 870] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 875] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 874] <... rt_sigaction resumed>NULL, 8) = 0 [pid 873] set_robust_list(0x7f62204449a0, 24 [pid 872] set_robust_list(0x7f62204659a0, 24 [pid 874] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 875] <... futex resumed>) = 1 [pid 870] <... openat resumed>) = 7 [pid 862] <... futex resumed>) = 0 [pid 872] <... set_robust_list resumed>) = 0 [pid 873] <... set_robust_list resumed>) = 0 [pid 871] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000144} --- [pid 874] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 872] rt_sigprocmask(SIG_SETMASK, [], [pid 862] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 873] rt_sigprocmask(SIG_SETMASK, [], [pid 875] mount("/dev/loop3", "./bus", NULL, MS_BIND, NULL [pid 870] ioctl(7, LOOP_SET_FD, 3 [pid 874] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220445000 [pid 874] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 874] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 874] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} => {parent_tid=[877]}, 88) = 877 [pid 874] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 874] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 874] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 874] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220424000 [pid 874] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 874] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 874] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} => {parent_tid=[878]}, 88) = 878 [pid 874] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 874] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 874] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 872] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 872] memfd_create("syzkaller", 0) = 3 [pid 872] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6218024000 [pid 872] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144./strace-static-x86_64: Process 878 attached ./strace-static-x86_64: Process 877 attached [pid 875] <... mount resumed>) = 0 [pid 873] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 872] <... write resumed>) = 262144 [pid 870] <... ioctl resumed>) = ? [pid 862] <... futex resumed>) = 0 [pid 872] munmap(0x7f6218024000, 262144) = 0 [pid 872] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 872] ioctl(4, LOOP_SET_FD, 3 [pid 878] set_robust_list(0x7f62204449a0, 24 [pid 877] set_robust_list(0x7f62204659a0, 24 [pid 875] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 873] creat("./bus", 000 [pid 862] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 878] <... set_robust_list resumed>) = 0 [pid 877] <... set_robust_list resumed>) = 0 [pid 875] <... futex resumed>) = 0 [pid 873] <... creat resumed>) = 5 [pid 862] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 878] rt_sigprocmask(SIG_SETMASK, [], [pid 877] rt_sigprocmask(SIG_SETMASK, [], [pid 875] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 873] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 870] +++ killed by SIGBUS +++ [ 28.188979][ T856] EXT4-fs error (device loop1): ext4_init_orphan_info:586: comm syz-executor172: inode #0: comm syz-executor172: iget: illegal inode # [ 28.212692][ T869] loop3: detected capacity change from 0 to 512 [ 28.228583][ T856] EXT4-fs (loop1): get orphan inode failed [ 28.234851][ T856] EXT4-fs (loop1): mount failed [ 28.237468][ T872] loop0: detected capacity change from 0 to 512 [pid 862] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 878] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 877] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 875] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 873] <... futex resumed>) = 1 [pid 872] <... ioctl resumed>) = 0 [pid 868] <... futex resumed>) = 0 [pid 862] <... futex resumed>) = 0 [pid 878] creat("./bus", 000 [pid 877] memfd_create("syzkaller", 0 [pid 875] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 873] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 872] close(3 [pid 871] +++ killed by SIGBUS +++ [pid 868] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 865] +++ killed by SIGBUS +++ [pid 862] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 878] <... creat resumed>) = 3 [pid 877] <... memfd_create resumed>) = 4 [pid 875] <... open resumed>) = 5 [pid 873] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 868] <... futex resumed>) = 0 [pid 878] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 877] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 875] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 873] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 868] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 878] <... futex resumed>) = 1 [pid 877] <... mmap resumed>) = 0x7f6218024000 [pid 875] <... futex resumed>) = 1 [pid 874] <... futex resumed>) = 0 [pid 873] <... mount resumed>) = 0 [pid 862] <... futex resumed>) = 0 [pid 878] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 877] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 875] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 874] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 873] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 862] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 878] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 877] <... write resumed>) = 262144 [pid 875] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 874] <... futex resumed>) = 0 [pid 873] <... futex resumed>) = 1 [pid 868] <... futex resumed>) = 0 [pid 862] <... futex resumed>) = 0 [pid 878] mount("/dev/loop2", "./bus", NULL, MS_BIND, NULL [pid 877] munmap(0x7f6218024000, 262144 [pid 875] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 874] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 873] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 868] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 862] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 878] <... mount resumed>) = 0 [pid 877] <... munmap resumed>) = 0 [pid 875] <... socket resumed>) = 6 [pid 873] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 868] <... futex resumed>) = 0 [pid 878] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 877] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 875] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 873] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 868] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 878] <... futex resumed>) = 1 [pid 877] <... openat resumed>) = 5 [pid 875] <... futex resumed>) = 1 [pid 874] <... futex resumed>) = 0 [pid 873] <... open resumed>) = 6 [pid 862] <... futex resumed>) = 0 [pid 878] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 877] ioctl(5, LOOP_SET_FD, 4 [pid 875] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 874] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 873] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 862] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 878] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 869] <... mount resumed>) = 0 [pid 869] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 7 [pid 869] chdir("./file0") = 0 [pid 869] ioctl(4, LOOP_CLR_FD) = 0 [pid 869] close(4) = 0 [pid 869] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 869] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=865, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 300] umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 300] openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 300] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 300] getdents64(3, 0x555556cc8730 /* 4 entries */, 32768) = 104 [pid 300] umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 872] <... close resumed>) = 0 [pid 872] mkdir("./file0", 0777) = 0 [pid 872] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 300] <... umount2 resumed>) = 0 [pid 300] umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 300] newfstatat(AT_FDCWD, "./25/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 300] unlink("./25/bus" [pid 875] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 874] <... futex resumed>) = 0 [pid 873] <... futex resumed>) = 1 [pid 862] <... futex resumed>) = 0 [pid 300] <... unlink resumed>) = 0 [pid 875] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 874] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 868] <... futex resumed>) = 0 [pid 873] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 862] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] <... openat resumed>) = 3 [pid 300] umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 300] newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 300] unlink("./25/binderfs" [pid 868] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] ioctl(3, LOOP_CLR_FD [pid 878] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 875] <... mmap resumed>) = 0x20000000 [pid 873] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 300] <... unlink resumed>) = 0 [pid 868] <... futex resumed>) = 0 [pid 300] getdents64(3, 0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 873] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 875] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 868] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 300] close(3) = 0 [pid 300] rmdir("./25" [pid 875] <... futex resumed>) = 1 [pid 873] <... socket resumed>) = 3 [pid 862] <... futex resumed>) = 0 [pid 300] <... rmdir resumed>) = 0 [pid 875] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 300] mkdir("./26", 0777 [pid 873] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 862] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] <... mkdir resumed>) = 0 [pid 873] <... futex resumed>) = 1 [pid 869] <... futex resumed>) = 0 [pid 868] <... futex resumed>) = 0 [pid 862] <... futex resumed>) = 1 [pid 300] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 873] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 869] memfd_create("syzkaller", 0 [pid 868] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] <... openat resumed>) = 3 [pid 873] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 869] <... memfd_create resumed>) = 4 [pid 300] ioctl(3, LOOP_CLR_FD [pid 869] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 300] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 873] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 6, 0 [pid 869] <... mmap resumed>) = 0x7f620fc64000 [pid 868] <... futex resumed>) = 0 [pid 300] close(3 [pid 873] <... mmap resumed>) = 0x20000000 [pid 869] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 868] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 300] <... close resumed>) = 0 [pid 873] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 869] <... write resumed>) = 65536 [pid 868] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 873] <... futex resumed>) = 0 [pid 869] munmap(0x7f620fc64000, 65536 [pid 868] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 873] memfd_create("syzkaller", 0 [pid 869] <... munmap resumed>) = 0 [pid 868] <... futex resumed>) = 0 [pid 300] <... clone resumed>, child_tidptr=0x555556cc7690) = 880 [pid 873] <... memfd_create resumed>) = 7 [pid 869] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 873] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 869] <... openat resumed>) = 8 [pid 873] <... mmap resumed>) = 0x7f620fc64000 [pid 869] ioctl(8, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 869] ioctl(8, LOOP_CLR_FD) = 0 [pid 877] <... ioctl resumed>) = 0 [pid 877] close(4) = 0 [pid 873] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 878] <... open resumed>) = 6 [pid 877] mkdir("./file0", 0777 [pid 878] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 873] <... write resumed>) = 65536 [pid 873] munmap(0x7f620fc64000, 65536) = 0 [pid 878] <... futex resumed>) = 1 [pid 874] <... futex resumed>) = 0 [pid 873] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 874] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 873] <... openat resumed>) = 8 [pid 874] <... futex resumed>) = 0 [pid 878] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 874] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 873] ioctl(8, LOOP_SET_FD, 7 [pid 878] <... socket resumed>) = 4 [pid 873] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 878] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 873] ioctl(8, LOOP_CLR_FD) = 0 [pid 878] <... futex resumed>) = 1 [pid 874] <... futex resumed>) = 0 [pid 878] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 6, 0 [pid 874] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 869] ioctl(8, LOOP_SET_FD, 4 [pid 878] <... mmap resumed>) = 0x20000000 [pid 874] <... futex resumed>) = 0 [pid 878] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 874] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 878] <... futex resumed>) = 0 [pid 874] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 869] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 869] close(8) = 0 [pid 869] close(4) = 0 [pid 869] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 869] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 877] <... mkdir resumed>) = 0 [pid 877] mount("/dev/loop2", 0x20000000, 0x200005c0, MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"...) = -1 ENOENT (No such file or directory) [pid 877] ioctl(5, LOOP_CLR_FD) = 0 [pid 877] close(5) = 0 [pid 877] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 877] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 880 attached [pid 880] set_robust_list(0x555556cc76a0, 24) = 0 [pid 880] chdir("./26") = 0 [pid 880] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 880] setpgid(0, 0) = 0 [pid 880] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 880] write(3, "1000", 4) = 4 [pid 880] close(3) = 0 [pid 880] symlink("/dev/binderfs", "./binderfs") = 0 [pid 880] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 880] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, NULL, 8) = 0 [pid 880] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 880] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220445000 [pid 880] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 880] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 880] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} => {parent_tid=[881]}, 88) = 881 [pid 880] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 880] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 880] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 880] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220424000 [pid 880] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 880] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 880] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} => {parent_tid=[882]}, 88) = 882 [pid 878] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 874] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 877] <... futex resumed>) = 0 [pid 873] ioctl(8, LOOP_SET_FD, 7 [pid 877] memfd_create("syzkaller", 0 [pid 873] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 877] <... memfd_create resumed>) = 5 [ 28.247199][ T869] EXT4-fs (loop3): mounted filesystem without journal. Opts: nodiscard,barrier,nouid32,grpquota,,errors=continue. Quota mode: writeback. [ 28.262255][ T869] ext4 filesystem being mounted at /root/syzkaller.4NT5vc/25/file0 supports timestamps until 2038 (0x7fffffff) [ 28.267250][ T877] loop2: detected capacity change from 0 to 512 [ 28.289064][ T872] EXT4-fs (loop0): Magic mismatch, very weird! [pid 873] close(8./strace-static-x86_64: Process 882 attached ./strace-static-x86_64: Process 881 attached [pid 880] rt_sigprocmask(SIG_SETMASK, [], [pid 877] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 873] <... close resumed>) = 0 [pid 877] <... mmap resumed>) = 0x7f620fc64000 [pid 873] close(7 [pid 881] set_robust_list(0x7f62204659a0, 24 [pid 880] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 881] <... set_robust_list resumed>) = 0 [pid 880] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 881] rt_sigprocmask(SIG_SETMASK, [], [pid 880] <... futex resumed>) = 0 [pid 881] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 880] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 881] memfd_create("syzkaller", 0 [pid 877] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 881] <... memfd_create resumed>) = 3 [pid 873] <... close resumed>) = 0 [pid 881] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6218024000 [pid 877] <... write resumed>) = 65536 [pid 862] exit_group(0 [pid 877] munmap(0x7f620fc64000, 65536 [pid 862] <... exit_group resumed>) = ? [pid 875] <... futex resumed>) = ? [pid 873] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 877] <... munmap resumed>) = 0 [pid 875] +++ exited with 0 +++ [pid 877] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 873] <... futex resumed>) = 0 [pid 869] <... futex resumed>) = ? [pid 881] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 869] +++ exited with 0 +++ [pid 862] +++ exited with 0 +++ [pid 873] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 881] <... write resumed>) = 262144 [pid 881] munmap(0x7f6218024000, 262144 [pid 877] <... openat resumed>) = 7 [pid 877] ioctl(7, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 881] <... munmap resumed>) = 0 [pid 877] ioctl(7, LOOP_CLR_FD [pid 881] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=862, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 299] restart_syscall(<... resuming interrupted clone ...> [pid 881] <... openat resumed>) = 4 [pid 881] ioctl(4, LOOP_SET_FD, 3 [pid 299] <... restart_syscall resumed>) = 0 [pid 877] <... ioctl resumed>) = 0 [pid 882] set_robust_list(0x7f62204449a0, 24) = 0 [pid 882] rt_sigprocmask(SIG_SETMASK, [], [pid 877] ioctl(7, LOOP_SET_FD, 5) = -1 EBUSY (Device or resource busy) [pid 877] close(7) = 0 [pid 877] close(5) = 0 [pid 877] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 877] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 874] exit_group(0 [pid 878] <... futex resumed>) = ? [pid 877] <... futex resumed>) = ? [pid 874] <... exit_group resumed>) = ? [pid 878] +++ exited with 0 +++ [pid 882] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 882] creat("./bus", 000) = 5 [pid 882] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 880] <... futex resumed>) = 0 [pid 880] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 880] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 882] <... futex resumed>) = 1 [pid 882] mount("/dev/loop4", "./bus", NULL, MS_BIND, NULL) = 0 [pid 882] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 880] <... futex resumed>) = 0 [pid 880] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 880] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 882] <... futex resumed>) = 1 [pid 882] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 299] umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 881] <... ioctl resumed>) = 0 [pid 856] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 299] openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 881] close(3 [pid 856] ioctl(4, LOOP_CLR_FD [pid 299] <... openat resumed>) = 3 [pid 299] newfstatat(3, "", [pid 881] <... close resumed>) = 0 [pid 872] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 856] <... ioctl resumed>) = 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 882] <... open resumed>) = 6 [pid 299] getdents64(3, [pid 856] close(4 [pid 882] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 880] <... futex resumed>) = 0 [pid 880] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 856] <... close resumed>) = 0 [pid 299] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 880] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 872] ioctl(4, LOOP_CLR_FD [pid 856] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 856] <... futex resumed>) = 0 [pid 299] <... umount2 resumed>) = 0 [pid 872] <... ioctl resumed>) = 0 [pid 882] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE) = 3 [pid 882] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 880] <... futex resumed>) = 0 [pid 880] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 880] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 882] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 6, 0) = 0x20000000 [pid 299] umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 856] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 882] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 872] close(4 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 880] <... futex resumed>) = 0 [pid 880] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 299] newfstatat(AT_FDCWD, "./25/bus", [pid 855] exit_group(0 [pid 861] <... futex resumed>) = ? [pid 857] <... futex resumed>) = ? [pid 856] <... futex resumed>) = ? [pid 855] <... exit_group resumed>) = ? [pid 299] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 872] <... close resumed>) = 0 [pid 882] <... futex resumed>) = 1 [pid 861] +++ exited with 0 +++ [pid 857] +++ exited with 0 +++ [pid 299] unlink("./25/bus" [pid 872] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 868] exit_group(0 [pid 882] memfd_create("syzkaller", 0 [pid 873] <... futex resumed>) = ? [pid 868] <... exit_group resumed>) = ? [pid 882] <... memfd_create resumed>) = 7 [pid 873] +++ exited with 0 +++ [pid 872] <... futex resumed>) = ? [pid 299] <... unlink resumed>) = 0 [pid 882] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f620fc64000 [pid 882] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536) = 65536 [pid 299] umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 882] munmap(0x7f620fc64000, 65536 [pid 881] mkdir(0x20000000, 0777 [pid 877] +++ exited with 0 +++ [pid 874] +++ exited with 0 +++ [pid 872] +++ exited with 0 +++ [pid 868] +++ exited with 0 +++ [pid 856] +++ exited with 0 +++ [pid 855] +++ exited with 0 +++ [pid 301] <... ioctl resumed>) = 0 [pid 882] <... munmap resumed>) = 0 [pid 301] close(3 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=874, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 882] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 301] <... close resumed>) = 0 [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=855, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=868, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 882] <... openat resumed>) = 8 [pid 301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 297] umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW [pid 882] ioctl(8, LOOP_SET_FD, 7 [pid 299] newfstatat(AT_FDCWD, "./25/binderfs", [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 882] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 301] <... clone resumed>, child_tidptr=0x555556cc7690) = 883 [pid 297] openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 296] openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 882] ioctl(8, LOOP_CLR_FD [pid 297] <... openat resumed>) = 3 [pid 296] <... openat resumed>) = 3 [pid 882] <... ioctl resumed>) = 0 [pid 297] newfstatat(3, "", [pid 296] newfstatat(3, "", [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] getdents64(3, [pid 296] getdents64(3, [pid 299] unlink("./25/binderfs" [pid 297] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 296] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 297] umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] umount2("./23/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] <... umount2 resumed>) = 0 [pid 297] umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... umount2 resumed>) = 0 [pid 299] <... unlink resumed>) = 0 [pid 298] umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] umount2("./23/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] newfstatat(AT_FDCWD, "./29/bus", [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 882] ioctl(8, LOOP_SET_FD, 7 [pid 299] umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] newfstatat(AT_FDCWD, "./23/bus", [pid 882] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 297] unlink("./29/bus" [pid 296] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 882] close(8 [pid 298] openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 297] <... unlink resumed>) = 0 [pid 296] unlink("./23/bus" [pid 882] <... close resumed>) = 0 [pid 298] <... openat resumed>) = 3 [pid 297] umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... unlink resumed>) = 0 [pid 882] close(7 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 882] <... close resumed>) = 0 [pid 298] newfstatat(3, "", [pid 297] newfstatat(AT_FDCWD, "./29/binderfs", [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 882] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] newfstatat(AT_FDCWD, "./23/binderfs", [pid 882] <... futex resumed>) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] unlink("./29/binderfs" [pid 296] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 882] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 298] getdents64(3, [pid 297] <... unlink resumed>) = 0 [pid 296] unlink("./23/binderfs" [pid 298] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 297] umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... unlink resumed>) = 0 [pid 881] <... mkdir resumed>) = 0 [pid 298] umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] newfstatat(AT_FDCWD, "./29/file0", [pid 298] <... umount2 resumed>) = 0 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 881] mount("/dev/loop4", 0x20000000, 0x200005c0, MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"... [pid 298] umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] newfstatat(AT_FDCWD, "./23/file0", [pid 881] <... mount resumed>) = -1 ENODEV (No such device) [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 881] ioctl(4, LOOP_CLR_FD [pid 298] newfstatat(AT_FDCWD, "./25/bus", [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 881] <... ioctl resumed>) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] openat(AT_FDCWD, "./29/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 881] close(4 [pid 298] unlink("./25/bus" [pid 297] <... openat resumed>) = 4 [pid 296] openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 881] <... close resumed>) = 0 [pid 297] newfstatat(4, "", [pid 296] <... openat resumed>) = 4 [pid 881] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... unlink resumed>) = 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] newfstatat(4, "", [pid 881] <... futex resumed>) = 0 [pid 298] umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] getdents64(4, [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 881] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 296] getdents64(4, [pid 298] newfstatat(AT_FDCWD, "./25/binderfs", [pid 297] getdents64(4, [pid 296] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 298] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 296] getdents64(4, [pid 297] close(4 [pid 296] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 298] unlink("./25/binderfs" [pid 297] <... close resumed>) = 0 [pid 296] close(4 [pid 297] rmdir("./29/file0" [pid 296] <... close resumed>) = 0 [pid 298] <... unlink resumed>) = 0 [pid 297] <... rmdir resumed>) = 0 [pid 296] rmdir("./23/file0" [pid 880] exit_group(0 [pid 298] umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] getdents64(3, [pid 296] <... rmdir resumed>) = 0 [pid 882] <... futex resumed>) = ? [pid 881] <... futex resumed>) = ? [pid 880] <... exit_group resumed>) = ? [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 296] getdents64(3, [pid 882] +++ exited with 0 +++ [pid 298] newfstatat(AT_FDCWD, "./25/file0", [pid 297] close(3 [pid 296] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] <... close resumed>) = 0 [pid 296] close(3 [pid 298] umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] rmdir("./29" [pid 296] <... close resumed>) = 0 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] <... rmdir resumed>) = 0 [pid 296] rmdir("./23" [pid 298] openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 297] mkdir("./30", 0777 [pid 296] <... rmdir resumed>) = 0 [pid 298] <... openat resumed>) = 4 [pid 297] <... mkdir resumed>) = 0 [pid 296] mkdir("./24", 0777 [pid 298] newfstatat(4, "", [pid 297] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 296] <... mkdir resumed>) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] <... openat resumed>) = 3 [pid 296] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 298] getdents64(4, [pid 297] ioctl(3, LOOP_CLR_FD [pid 296] <... openat resumed>) = 3 [pid 298] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 297] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 296] ioctl(3, LOOP_CLR_FD [pid 297] close(3 [pid 296] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 298] getdents64(4, [pid 297] <... close resumed>) = 0 [pid 296] close(3 [pid 298] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 296] <... close resumed>) = 0 [pid 298] close(4 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 298] <... close resumed>) = 0 [pid 297] <... clone resumed>, child_tidptr=0x555556cc7690) = 884 [pid 298] rmdir("./25/file0" [pid 296] <... clone resumed>, child_tidptr=0x555556cc7690) = 885 ./strace-static-x86_64: Process 883 attached [pid 298] <... rmdir resumed>) = 0 [pid 298] getdents64(3, ./strace-static-x86_64: Process 885 attached 0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 885] set_robust_list(0x555556cc76a0, 24 [pid 298] close(3 [pid 885] <... set_robust_list resumed>) = 0 [pid 298] <... close resumed>) = 0 [pid 885] chdir("./24" [pid 298] rmdir("./25" [pid 885] <... chdir resumed>) = 0 [pid 885] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 885] setpgid(0, 0) = 0 [pid 885] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 298] <... rmdir resumed>) = 0 [pid 885] <... openat resumed>) = 3 [pid 298] mkdir("./26", 0777 [pid 885] write(3, "1000", 4) = 4 [pid 298] <... mkdir resumed>) = 0 [pid 298] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 885] close(3 [pid 298] <... openat resumed>) = 3 [pid 298] ioctl(3, LOOP_CLR_FD [pid 885] <... close resumed>) = 0 [pid 298] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 885] symlink("/dev/binderfs", "./binderfs" [pid 298] close(3 [pid 885] <... symlink resumed>) = 0 [pid 298] <... close resumed>) = 0 [pid 885] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 885] <... futex resumed>) = 0 [pid 885] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, NULL, 8) = 0 [pid 885] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 885] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220445000 ./strace-static-x86_64: Process 886 attached ./strace-static-x86_64: Process 884 attached [pid 883] set_robust_list(0x555556cc76a0, 24 [pid 298] <... clone resumed>, child_tidptr=0x555556cc7690) = 886 [pid 883] <... set_robust_list resumed>) = 0 [pid 885] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 884] set_robust_list(0x555556cc76a0, 24) = 0 [pid 886] set_robust_list(0x555556cc76a0, 24 [pid 885] <... mprotect resumed>) = 0 [pid 884] chdir("./30") = 0 [pid 885] rt_sigprocmask(SIG_BLOCK, ~[], [pid 886] <... set_robust_list resumed>) = 0 [pid 885] <... rt_sigprocmask resumed>[], 8) = 0 [pid 885] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 884] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 884] setpgid(0, 0 [pid 885] <... clone3 resumed> => {parent_tid=[887]}, 88) = 887 [pid 886] chdir("./26" [pid 885] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 884] <... setpgid resumed>) = 0 [pid 886] <... chdir resumed>) = 0 [pid 885] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 884] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 886] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 885] <... futex resumed>) = 0 [pid 885] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 886] <... prctl resumed>) = 0 [pid 885] <... futex resumed>) = 0 [pid 885] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220424000 [pid 885] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 886] setpgid(0, 0 [pid 885] <... mprotect resumed>) = 0 [pid 886] <... setpgid resumed>) = 0 [pid 885] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 885] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 886] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 884] <... openat resumed>) = 3 [pid 886] <... openat resumed>) = 3 [pid 885] <... clone3 resumed> => {parent_tid=[888]}, 88) = 888 [pid 885] rt_sigprocmask(SIG_SETMASK, [], [pid 886] write(3, "1000", 4 [pid 884] write(3, "1000", 4 [pid 885] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 884] <... write resumed>) = 4 [pid 884] close(3 [pid 885] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 884] <... close resumed>) = 0 [pid 886] <... write resumed>) = 4 [pid 885] <... futex resumed>) = 0 [pid 885] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 884] symlink("/dev/binderfs", "./binderfs" [pid 886] close(3) = 0 [pid 884] <... symlink resumed>) = 0 [pid 883] chdir("./26"./strace-static-x86_64: Process 887 attached [pid 886] symlink("/dev/binderfs", "./binderfs" [pid 884] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 884] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 886] <... symlink resumed>) = 0 [pid 884] <... rt_sigaction resumed>NULL, 8) = 0 [pid 884] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 886] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 884] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220445000 [pid 884] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 886] <... futex resumed>) = 0 [pid 884] rt_sigprocmask(SIG_BLOCK, ~[], [pid 883] <... chdir resumed>) = 0 [ 28.300101][ T881] loop4: detected capacity change from 0 to 512 [pid 887] set_robust_list(0x7f62204659a0, 24./strace-static-x86_64: Process 888 attached [pid 886] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 884] <... rt_sigprocmask resumed>[], 8) = 0 [pid 883] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 886] <... rt_sigaction resumed>NULL, 8) = 0 [pid 886] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 884] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 886] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 886] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220445000 [pid 886] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 884] <... clone3 resumed> => {parent_tid=[889]}, 88) = 889 [pid 884] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 886] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 884] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 886] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 884] <... futex resumed>) = 0 [pid 884] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 884] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220424000 [pid 886] <... clone3 resumed> => {parent_tid=[890]}, 88) = 890 [pid 886] rt_sigprocmask(SIG_SETMASK, [], [pid 884] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 886] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 886] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 884] <... mprotect resumed>) = 0 [pid 886] <... futex resumed>) = 0 [pid 886] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 884] rt_sigprocmask(SIG_BLOCK, ~[], [pid 886] <... futex resumed>) = 0 [pid 886] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220424000 [pid 884] <... rt_sigprocmask resumed>[], 8) = 0 [pid 886] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 884] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0}./strace-static-x86_64: Process 890 attached ./strace-static-x86_64: Process 889 attached [pid 888] set_robust_list(0x7f62204449a0, 24 [pid 887] <... set_robust_list resumed>) = 0 [pid 886] <... mprotect resumed>) = 0 [pid 884] <... clone3 resumed> => {parent_tid=[891]}, 88) = 891 [pid 886] rt_sigprocmask(SIG_BLOCK, ~[], [pid 890] set_robust_list(0x7f62204659a0, 24 [pid 889] set_robust_list(0x7f62204659a0, 24 [pid 888] <... set_robust_list resumed>) = 0 [pid 887] rt_sigprocmask(SIG_SETMASK, [], [pid 884] rt_sigprocmask(SIG_SETMASK, [], [pid 883] <... prctl resumed>) = 0 [pid 886] <... rt_sigprocmask resumed>[], 8) = 0 [pid 884] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 884] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 884] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 891 attached [pid 891] set_robust_list(0x7f62204449a0, 24) = 0 [pid 891] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 891] creat("./bus", 000 [pid 886] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 883] setpgid(0, 0 [pid 886] <... clone3 resumed> => {parent_tid=[892]}, 88) = 892 [pid 883] <... setpgid resumed>) = 0 [pid 890] <... set_robust_list resumed>) = 0 [pid 889] <... set_robust_list resumed>) = 0 [pid 888] rt_sigprocmask(SIG_SETMASK, [], [pid 886] rt_sigprocmask(SIG_SETMASK, [], [pid 883] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 886] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 891] <... creat resumed>) = 3 [pid 891] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 884] <... futex resumed>) = 0 [pid 884] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 884] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 891] <... futex resumed>) = 1 [pid 891] mount("/dev/loop1", "./bus", NULL, MS_BIND, NULL) = 0 [pid 891] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 884] <... futex resumed>) = 0 [pid 884] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 884] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 891] <... futex resumed>) = 1 [pid 891] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 886] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 883] <... openat resumed>) = 3 [pid 886] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 883] write(3, "1000", 4 [pid 889] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 892 attached [pid 890] rt_sigprocmask(SIG_SETMASK, [], [pid 888] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 887] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 891] <... open resumed>) = 4 [pid 891] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 884] <... futex resumed>) = 0 [pid 884] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 884] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 891] <... futex resumed>) = 1 [pid 891] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE) = 5 [pid 891] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 884] <... futex resumed>) = 0 [pid 884] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 883] <... write resumed>) = 4 [pid 884] <... futex resumed>) = 0 [pid 884] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 891] <... futex resumed>) = 1 [pid 891] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 4, 0 [pid 889] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 883] close(3 [pid 888] creat("./bus", 000 [pid 883] <... close resumed>) = 0 [pid 883] symlink("/dev/binderfs", "./binderfs" [pid 890] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 889] memfd_create("syzkaller", 0) = 6 [pid 889] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6218024000 [pid 889] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000f02} --- [pid 883] <... symlink resumed>) = 0 [pid 884] <... futex resumed>) = ? [pid 883] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 891] <... mmap resumed>) = ? [pid 883] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, NULL, 8) = 0 [pid 883] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 892] set_robust_list(0x7f62204449a0, 24 [pid 883] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 892] <... set_robust_list resumed>) = 0 [pid 892] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 883] <... mmap resumed>) = 0x7f6220445000 [pid 892] creat("./bus", 000) = 3 [pid 883] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 892] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 886] <... futex resumed>) = 0 [pid 883] <... mprotect resumed>) = 0 [pid 886] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 892] <... futex resumed>) = 1 [pid 886] <... futex resumed>) = 0 [pid 892] mount("/dev/loop2", "./bus", NULL, MS_BIND, NULL [pid 886] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 883] rt_sigprocmask(SIG_BLOCK, ~[], [pid 892] <... mount resumed>) = 0 [pid 883] <... rt_sigprocmask resumed>[], 8) = 0 [pid 892] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 887] memfd_create("syzkaller", 0 [pid 886] <... futex resumed>) = 0 [pid 883] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 892] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 888] <... creat resumed>) = 3 [pid 886] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 892] <... open resumed>) = 4 [pid 886] <... futex resumed>) = 0 [pid 892] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 886] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 892] <... futex resumed>) = 0 [pid 886] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 892] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 886] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 892] <... socket resumed>) = 5 [pid 886] <... futex resumed>) = 0 [pid 881] +++ exited with 0 +++ [pid 880] +++ exited with 0 +++ [pid 299] <... umount2 resumed>) = 0 [pid 892] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 886] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=880, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 892] <... futex resumed>) = 0 [pid 886] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 892] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 4, 0 [pid 886] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 892] <... mmap resumed>) = 0x20000000 [pid 886] <... futex resumed>) = 0 [pid 300] umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW [pid 892] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 886] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 892] <... futex resumed>) = 0 [pid 886] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 300] openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 892] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000144} --- [pid 886] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] <... openat resumed>) = 3 [pid 886] <... futex resumed>) = ? [pid 300] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 300] getdents64(3, 0x555556cc8730 /* 5 entries */, 32768) = 128 [pid 300] umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 299] umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 890] +++ killed by SIGBUS +++ [pid 300] umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 892] +++ killed by SIGBUS +++ [pid 886] +++ killed by SIGBUS +++ [pid 883] <... clone3 resumed> => {parent_tid=[893]}, 88) = 893 [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./25/file0", [pid 883] rt_sigprocmask(SIG_SETMASK, [], [pid 300] newfstatat(AT_FDCWD, "./26/bus", [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 888] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 887] <... memfd_create resumed>) = 4 [pid 883] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 300] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=886, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 888] <... futex resumed>) = 1 [pid 887] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 885] <... futex resumed>) = 0 [pid 883] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] unlink("./26/bus" [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] restart_syscall(<... resuming interrupted clone ...> [pid 888] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 887] <... mmap resumed>) = 0x7f6218024000 [pid 885] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 883] <... futex resumed>) = 0 [pid 300] <... unlink resumed>) = 0 [pid 299] openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 885] <... futex resumed>) = 0 [pid 883] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] <... restart_syscall resumed>) = 0 [pid 885] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] <... openat resumed>) = 4 [pid 888] <... mount resumed>) = 0 [pid 883] <... futex resumed>) = 0 [pid 300] newfstatat(AT_FDCWD, "./26/binderfs", [pid 299] newfstatat(4, "", [pid 300] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 883] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 888] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] unlink("./26/binderfs" [pid 299] getdents64(4, [pid 298] umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW [pid 883] <... mmap resumed>) = 0x7f6220424000 [pid 883] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 300] <... unlink resumed>) = 0 [pid 299] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 885] <... futex resumed>) = 0 [pid 888] <... futex resumed>) = 1 [pid 885] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 883] <... mprotect resumed>) = 0 [pid 300] umount2("./26/ext4", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] getdents64(4, [pid 298] openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 888] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 885] <... futex resumed>) = 0 [pid 883] rt_sigprocmask(SIG_BLOCK, ~[], [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 298] <... openat resumed>) = 3 [pid 888] <... open resumed>) = 5 [pid 885] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 883] <... rt_sigprocmask resumed>[], 8) = 0 [pid 300] newfstatat(AT_FDCWD, "./26/ext4", [pid 299] close(4 [pid 298] newfstatat(3, "", [pid 891] +++ killed by SIGBUS +++ [pid 888] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 883] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 300] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] <... close resumed>) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 889] +++ killed by SIGBUS +++ [pid 884] +++ killed by SIGBUS +++ [pid 300] umount2("./26/ext4", MNT_DETACH|UMOUNT_NOFOLLOW [pid 888] <... futex resumed>) = 1 [pid 885] <... futex resumed>) = 0 [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] rmdir("./25/file0" [pid 298] getdents64(3, [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=884, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 888] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 885] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 883] <... clone3 resumed> => {parent_tid=[894]}, 88) = 894 [pid 300] openat(AT_FDCWD, "./26/ext4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 885] <... futex resumed>) = 0 [pid 883] rt_sigprocmask(SIG_SETMASK, [], [pid 300] <... openat resumed>) = 4 [pid 299] <... rmdir resumed>) = 0 [pid 298] <... getdents64 resumed>0x555556cc8730 /* 4 entries */, 32768) = 104 [pid 888] <... socket resumed>) = 6 [pid 885] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 883] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 300] newfstatat(4, "", [pid 299] getdents64(3, [pid 298] umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW [pid 888] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 883] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 888] <... futex resumed>) = 1 [pid 885] <... futex resumed>) = 0 [pid 883] <... futex resumed>) = 0 [pid 300] getdents64(4, [pid 299] close(3 [pid 298] <... umount2 resumed>) = 0 [pid 297] openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 894 attached [pid 888] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 887] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 265481 [pid 885] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 883] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 300] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 299] <... close resumed>) = 0 [pid 298] umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] <... openat resumed>) = 3 [pid 894] set_robust_list(0x7f62204449a0, 24 [pid 888] <... mmap resumed>) = 0x20000000 [pid 887] <... write resumed>) = 265481 [pid 885] <... futex resumed>) = 0 [pid 300] getdents64(4, [pid 299] rmdir("./25" [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 894] <... set_robust_list resumed>) = 0 [pid 888] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 887] munmap(0x7f6218024000, 265481 [pid 885] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] <... rmdir resumed>) = 0 [pid 894] rt_sigprocmask(SIG_SETMASK, [], [pid 888] <... futex resumed>) = 0 [pid 887] <... munmap resumed>) = 0 [pid 885] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 300] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 299] mkdir("./26", 0777 [pid 298] newfstatat(AT_FDCWD, "./26/bus", [pid 297] newfstatat(3, "", ./strace-static-x86_64: Process 893 attached [pid 894] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 888] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 887] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 885] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] close(4 [pid 299] <... mkdir resumed>) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 894] creat("./bus", 000 [pid 893] set_robust_list(0x7f62204659a0, 24 [pid 888] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 887] <... openat resumed>) = 7 [pid 885] <... futex resumed>) = 0 [pid 300] <... close resumed>) = 0 [pid 299] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 298] unlink("./26/bus" [pid 297] getdents64(3, [pid 894] <... creat resumed>) = 3 [pid 893] <... set_robust_list resumed>) = 0 [pid 888] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000144} --- [pid 887] read(0, [pid 885] read(0, [pid 300] rmdir("./26/ext4" [pid 299] <... openat resumed>) = 3 [pid 894] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 893] rt_sigprocmask(SIG_SETMASK, [], [pid 887] +++ killed by SIGBUS +++ [pid 299] ioctl(3, LOOP_CLR_FD [pid 298] <... unlink resumed>) = 0 [pid 297] <... getdents64 resumed>0x555556cc8730 /* 4 entries */, 32768) = 104 [pid 894] <... futex resumed>) = 1 [pid 893] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 888] +++ killed by SIGBUS +++ [pid 885] +++ killed by SIGBUS +++ [pid 883] <... futex resumed>) = 0 [pid 300] <... rmdir resumed>) = 0 [pid 299] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 894] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 883] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] close(3 [pid 894] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 893] memfd_create("syzkaller", 0 [pid 883] <... futex resumed>) = 0 [pid 300] getdents64(3, [pid 299] <... close resumed>) = 0 [pid 298] umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=885, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 894] mount("/dev/loop5", "./bus", NULL, MS_BIND, NULL [pid 883] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 300] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 894] <... mount resumed>) = 0 [pid 297] <... umount2 resumed>) = 0 [pid 894] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... clone resumed>, child_tidptr=0x555556cc7690) = 895 [pid 894] <... futex resumed>) = 1 [pid 883] <... futex resumed>) = 0 [pid 894] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 893] <... memfd_create resumed>) = 4 [pid 883] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] close(3 [pid 298] newfstatat(AT_FDCWD, "./26/binderfs", [pid 297] umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 895 attached [pid 894] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 893] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 883] <... futex resumed>) = 0 [pid 300] <... close resumed>) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW [pid 895] set_robust_list(0x555556cc76a0, 24 [pid 894] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 893] <... mmap resumed>) = 0x7f6218024000 [pid 883] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 300] rmdir("./26" [pid 298] unlink("./26/binderfs" [pid 297] newfstatat(AT_FDCWD, "./30/bus", [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 895] <... set_robust_list resumed>) = 0 [pid 894] <... open resumed>) = 5 [pid 893] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 265740 [pid 300] <... rmdir resumed>) = 0 [pid 298] <... unlink resumed>) = 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 894] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 883] <... futex resumed>) = 0 [pid 894] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 883] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 894] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 883] <... futex resumed>) = 0 [pid 894] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 883] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 894] <... socket resumed>) = 6 [pid 894] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 883] <... futex resumed>) = 0 [pid 894] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 883] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 894] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 883] <... futex resumed>) = 0 [pid 894] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 883] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 300] mkdir("./27", 0777 [pid 298] getdents64(3, [pid 297] unlink("./30/bus" [pid 296] openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 894] <... mmap resumed>) = 0x20000000 [pid 893] <... write resumed>) = 265740 [pid 894] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 883] <... futex resumed>) = 0 [pid 894] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 883] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 894] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 883] <... futex resumed>) = 0 [pid 297] <... unlink resumed>) = 0 [pid 296] <... openat resumed>) = 3 [pid 894] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000144} --- [pid 883] close(0 [pid 300] <... mkdir resumed>) = 0 [pid 298] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 296] newfstatat(3, "", [pid 297] umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] getdents64(3, [pid 298] close(3 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... getdents64 resumed>0x555556cc8730 /* 4 entries */, 32768) = 104 [pid 298] <... close resumed>) = 0 [pid 297] newfstatat(AT_FDCWD, "./30/binderfs", [pid 300] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 298] rmdir("./26" [pid 296] umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] <... openat resumed>) = 3 [pid 297] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 895] chdir("./26" [pid 298] <... rmdir resumed>) = 0 [pid 300] ioctl(3, LOOP_CLR_FD [pid 297] unlink("./30/binderfs" [pid 296] <... umount2 resumed>) = 0 [pid 895] <... chdir resumed>) = 0 [pid 895] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 895] setpgid(0, 0) = 0 [pid 895] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 895] write(3, "1000", 4 [pid 300] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 298] mkdir("./27", 0777 [pid 297] <... unlink resumed>) = 0 [pid 296] umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 895] <... write resumed>) = 4 [pid 895] close(3) = 0 [pid 895] symlink("/dev/binderfs", "./binderfs") = 0 [pid 298] <... mkdir resumed>) = 0 [pid 297] getdents64(3, [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 300] close(3 [pid 895] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 895] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 297] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 296] newfstatat(AT_FDCWD, "./24/bus", [pid 895] <... rt_sigaction resumed>NULL, 8) = 0 [pid 297] close(3 [pid 895] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 300] <... close resumed>) = 0 [pid 298] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 296] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 895] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 895] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220445000 [pid 895] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 296] unlink("./24/bus" [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 298] <... openat resumed>) = 3 [pid 297] <... close resumed>) = 0 [pid 895] <... mprotect resumed>) = 0 [pid 297] rmdir("./30" [pid 296] <... unlink resumed>) = 0 [pid 895] rt_sigprocmask(SIG_BLOCK, ~[], [pid 298] ioctl(3, LOOP_CLR_FD [pid 895] <... rt_sigprocmask resumed>[], 8) = 0 [pid 894] +++ killed by SIGBUS +++ [pid 300] <... clone resumed>, child_tidptr=0x555556cc7690) = 896 [pid 298] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 297] <... rmdir resumed>) = 0 [pid 296] umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 895] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 298] close(3 [pid 297] mkdir("./31", 0777 [pid 298] <... close resumed>) = 0 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 895] <... clone3 resumed> => {parent_tid=[897]}, 88) = 897 [pid 297] <... mkdir resumed>) = 0 [pid 296] newfstatat(AT_FDCWD, "./24/binderfs", [pid 895] rt_sigprocmask(SIG_SETMASK, [], [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 895] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 895] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 895] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 895] <... futex resumed>) = 0 [pid 893] +++ killed by SIGBUS +++ [pid 883] +++ killed by SIGBUS +++ [pid 297] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 895] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220424000 [pid 895] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=883, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 298] <... clone resumed>, child_tidptr=0x555556cc7690) = 898 [pid 297] <... openat resumed>) = 3 [pid 296] unlink("./24/binderfs" [pid 895] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 895] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 297] ioctl(3, LOOP_CLR_FD [pid 296] <... unlink resumed>) = 0 [pid 895] <... clone3 resumed> => {parent_tid=[899]}, 88) = 899 [pid 297] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 296] getdents64(3, [pid 895] rt_sigprocmask(SIG_SETMASK, [], [pid 301] umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] close(3 [pid 895] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 895] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 297] <... close resumed>) = 0 [pid 296] close(3 [pid 895] <... futex resumed>) = 0 [pid 301] <... openat resumed>) = 3 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 895] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] newfstatat(3, "", [pid 296] <... close resumed>) = 0 [pid 301] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] rmdir("./24" [pid 301] getdents64(3, [pid 297] <... clone resumed>, child_tidptr=0x555556cc7690) = 900 [pid 296] <... rmdir resumed>) = 0 [pid 301] <... getdents64 resumed>0x555556cc8730 /* 4 entries */, 32768) = 104 [pid 296] mkdir("./25", 0777 [pid 301] umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... mkdir resumed>) = 0 [pid 301] <... umount2 resumed>) = 0 [pid 301] umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 301] newfstatat(AT_FDCWD, "./26/bus", [pid 296] <... openat resumed>) = 3 [pid 301] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] ioctl(3, LOOP_CLR_FD [pid 301] unlink("./26/bus" [pid 296] <... ioctl resumed>) = -1 ENXIO (No such device or address) ./strace-static-x86_64: Process 897 attached [pid 301] <... unlink resumed>) = 0 [pid 296] close(3 [pid 897] set_robust_list(0x7f62204659a0, 24 [pid 301] umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... close resumed>) = 0 ./strace-static-x86_64: Process 899 attached [pid 897] <... set_robust_list resumed>) = 0 [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 899] set_robust_list(0x7f62204449a0, 24 [pid 897] rt_sigprocmask(SIG_SETMASK, [], [pid 301] newfstatat(AT_FDCWD, "./26/binderfs", [pid 899] <... set_robust_list resumed>) = 0 [pid 897] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 301] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 899] rt_sigprocmask(SIG_SETMASK, [], [pid 897] memfd_create("syzkaller", 0 [pid 301] unlink("./26/binderfs" [pid 899] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 897] <... memfd_create resumed>) = 3 [pid 301] <... unlink resumed>) = 0 [pid 296] <... clone resumed>, child_tidptr=0x555556cc7690) = 901 [pid 899] creat("./bus", 000 [pid 897] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 301] getdents64(3, [pid 899] <... creat resumed>) = 4 [pid 897] <... mmap resumed>) = 0x7f6218024000 [pid 301] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 899] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 897] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 301] close(3 [pid 899] <... futex resumed>) = 1 [pid 897] <... write resumed>) = 262144 [pid 895] <... futex resumed>) = 0 [pid 301] <... close resumed>) = 0 [pid 899] mount("/dev/loop3", "./bus", NULL, MS_BIND, NULL [pid 895] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] rmdir("./26" [pid 899] <... mount resumed>) = 0 [pid 895] <... futex resumed>) = 0 [pid 301] <... rmdir resumed>) = 0 [pid 899] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 895] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] mkdir("./27", 0777 [pid 899] <... futex resumed>) = 0 [pid 897] munmap(0x7f6218024000, 262144 [pid 895] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 301] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 901 attached ./strace-static-x86_64: Process 900 attached ./strace-static-x86_64: Process 898 attached ./strace-static-x86_64: Process 896 attached [pid 899] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 897] <... munmap resumed>) = 0 [pid 895] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 901] set_robust_list(0x555556cc76a0, 24 [pid 900] set_robust_list(0x555556cc76a0, 24 [pid 899] <... open resumed>) = 5 [pid 898] set_robust_list(0x555556cc76a0, 24 [pid 897] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 896] set_robust_list(0x555556cc76a0, 24 [pid 895] <... futex resumed>) = 0 [pid 301] <... openat resumed>) = 3 [pid 901] <... set_robust_list resumed>) = 0 [pid 899] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 897] <... openat resumed>) = 6 [pid 895] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] ioctl(3, LOOP_CLR_FD [pid 901] chdir("./25" [pid 900] <... set_robust_list resumed>) = 0 [pid 899] <... futex resumed>) = 0 [pid 898] <... set_robust_list resumed>) = 0 [pid 897] ioctl(6, LOOP_SET_FD, 3 [pid 896] <... set_robust_list resumed>) = 0 [pid 895] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 301] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 901] <... chdir resumed>) = 0 [pid 900] chdir("./31" [pid 899] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 898] chdir("./27" [pid 896] chdir("./27" [pid 895] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] close(3 [pid 900] <... chdir resumed>) = 0 [pid 898] <... chdir resumed>) = 0 [pid 896] <... chdir resumed>) = 0 [pid 900] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 898] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 896] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 900] <... prctl resumed>) = 0 [pid 898] <... prctl resumed>) = 0 [pid 896] <... prctl resumed>) = 0 [pid 900] setpgid(0, 0 [pid 898] setpgid(0, 0 [pid 896] setpgid(0, 0 [pid 900] <... setpgid resumed>) = 0 [pid 898] <... setpgid resumed>) = 0 [pid 896] <... setpgid resumed>) = 0 [pid 900] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 898] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 896] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 900] <... openat resumed>) = 3 [pid 898] <... openat resumed>) = 3 [pid 896] <... openat resumed>) = 3 [pid 900] write(3, "1000", 4 [pid 898] write(3, "1000", 4 [pid 896] write(3, "1000", 4 [pid 900] <... write resumed>) = 4 [pid 898] <... write resumed>) = 4 [pid 896] <... write resumed>) = 4 [pid 900] close(3 [pid 898] close(3 [pid 896] close(3 [pid 900] <... close resumed>) = 0 [pid 898] <... close resumed>) = 0 [pid 896] <... close resumed>) = 0 [pid 900] symlink("/dev/binderfs", "./binderfs" [pid 898] symlink("/dev/binderfs", "./binderfs" [pid 896] symlink("/dev/binderfs", "./binderfs" [pid 900] <... symlink resumed>) = 0 [pid 898] <... symlink resumed>) = 0 [pid 896] <... symlink resumed>) = 0 [pid 900] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 898] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 896] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 900] <... futex resumed>) = 0 [pid 898] <... futex resumed>) = 0 [pid 896] <... futex resumed>) = 0 [pid 900] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 898] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 896] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 900] <... rt_sigaction resumed>NULL, 8) = 0 [pid 898] <... rt_sigaction resumed>NULL, 8) = 0 [pid 896] <... rt_sigaction resumed>NULL, 8) = 0 [pid 900] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 898] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 896] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 900] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 898] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 896] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 900] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 898] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 896] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 900] <... mmap resumed>) = 0x7f6220445000 [pid 898] <... mmap resumed>) = 0x7f6220445000 [pid 896] <... mmap resumed>) = 0x7f6220445000 [pid 900] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 898] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 896] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 900] <... mprotect resumed>) = 0 [pid 898] <... mprotect resumed>) = 0 [pid 896] <... mprotect resumed>) = 0 [pid 900] rt_sigprocmask(SIG_BLOCK, ~[], [pid 898] rt_sigprocmask(SIG_BLOCK, ~[], [pid 896] rt_sigprocmask(SIG_BLOCK, ~[], [pid 900] <... rt_sigprocmask resumed>[], 8) = 0 [pid 898] <... rt_sigprocmask resumed>[], 8) = 0 [pid 896] <... rt_sigprocmask resumed>[], 8) = 0 [pid 900] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 898] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 896] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 900] <... clone3 resumed> => {parent_tid=[902]}, 88) = 902 [pid 898] <... clone3 resumed> => {parent_tid=[903]}, 88) = 903 [pid 896] <... clone3 resumed> => {parent_tid=[904]}, 88) = 904 [pid 900] rt_sigprocmask(SIG_SETMASK, [], [pid 898] rt_sigprocmask(SIG_SETMASK, [], [pid 896] rt_sigprocmask(SIG_SETMASK, [], [pid 900] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 898] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 896] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 900] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 898] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 896] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 900] <... futex resumed>) = 0 [pid 898] <... futex resumed>) = 0 [pid 896] <... futex resumed>) = 0 [pid 900] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 898] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 896] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 900] <... futex resumed>) = 0 [pid 898] <... futex resumed>) = 0 [pid 896] <... futex resumed>) = 0 [pid 895] <... futex resumed>) = 0 ./strace-static-x86_64: Process 904 attached ./strace-static-x86_64: Process 903 attached ./strace-static-x86_64: Process 902 attached [pid 901] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 900] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 899] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 898] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 897] <... ioctl resumed>) = 0 [pid 896] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 895] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] <... close resumed>) = 0 [pid 904] set_robust_list(0x7f62204659a0, 24 [pid 903] set_robust_list(0x7f62204659a0, 24 [pid 902] set_robust_list(0x7f62204659a0, 24 [pid 901] <... prctl resumed>) = 0 [pid 900] <... mmap resumed>) = 0x7f6220424000 [pid 899] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 898] <... mmap resumed>) = 0x7f6220424000 [pid 897] close(3 [pid 896] <... mmap resumed>) = 0x7f6220424000 [pid 301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 904] <... set_robust_list resumed>) = 0 [pid 903] <... set_robust_list resumed>) = 0 [pid 900] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 898] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 896] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 901] setpgid(0, 0 [pid 900] <... mprotect resumed>) = 0 [pid 898] <... mprotect resumed>) = 0 [pid 896] <... mprotect resumed>) = 0 [pid 900] rt_sigprocmask(SIG_BLOCK, ~[], [pid 899] <... socket resumed>) = 7 [pid 898] rt_sigprocmask(SIG_BLOCK, ~[], [pid 896] rt_sigprocmask(SIG_BLOCK, ~[], [pid 900] <... rt_sigprocmask resumed>[], 8) = 0 [pid 898] <... rt_sigprocmask resumed>[], 8) = 0 [pid 896] <... rt_sigprocmask resumed>[], 8) = 0 [pid 903] rt_sigprocmask(SIG_SETMASK, [], [pid 902] <... set_robust_list resumed>) = 0 [pid 901] <... setpgid resumed>) = 0 [pid 900] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 899] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 898] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 896] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0}./strace-static-x86_64: Process 908 attached ./strace-static-x86_64: Process 907 attached ./strace-static-x86_64: Process 906 attached ./strace-static-x86_64: Process 905 attached [pid 904] rt_sigprocmask(SIG_SETMASK, [], [pid 903] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 902] rt_sigprocmask(SIG_SETMASK, [], [pid 901] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 899] <... futex resumed>) = 1 [pid 897] <... close resumed>) = 0 [pid 895] <... futex resumed>) = 0 [pid 301] <... clone resumed>, child_tidptr=0x555556cc7690) = 905 [pid 908] set_robust_list(0x7f62204449a0, 24 [pid 905] set_robust_list(0x555556cc76a0, 24 [pid 900] <... clone3 resumed> => {parent_tid=[906]}, 88) = 906 [pid 898] <... clone3 resumed> => {parent_tid=[907]}, 88) = 907 [pid 896] <... clone3 resumed> => {parent_tid=[908]}, 88) = 908 [pid 900] rt_sigprocmask(SIG_SETMASK, [], [pid 898] rt_sigprocmask(SIG_SETMASK, [], [pid 896] rt_sigprocmask(SIG_SETMASK, [], [pid 904] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 903] memfd_create("syzkaller", 0 [pid 902] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 900] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 898] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 896] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 901] <... openat resumed>) = 3 [pid 902] memfd_create("syzkaller", 0 [pid 900] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 899] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 898] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 897] mkdir("./file0", 0777 [pid 896] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 895] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 908] <... set_robust_list resumed>) = 0 [pid 904] memfd_create("syzkaller", 0 [pid 903] <... memfd_create resumed>) = 3 [pid 902] <... memfd_create resumed>) = 3 [pid 900] <... futex resumed>) = 0 [pid 899] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 898] <... futex resumed>) = 0 [pid 896] <... futex resumed>) = 0 [pid 900] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 898] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 896] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 908] rt_sigprocmask(SIG_SETMASK, [], [pid 897] <... mkdir resumed>) = 0 [pid 899] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 895] <... futex resumed>) = 0 [pid 901] write(3, "1000", 4 [pid 908] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 904] <... memfd_create resumed>) = 3 [pid 903] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 902] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 907] set_robust_list(0x7f62204449a0, 24) = 0 [pid 907] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 907] creat("./bus", 000 [pid 908] creat("./bus", 000 [pid 907] <... creat resumed>) = 4 [pid 904] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 903] <... mmap resumed>) = 0x7f6218024000 [pid 902] <... mmap resumed>) = 0x7f6218024000 [pid 901] <... write resumed>) = 4 [pid 899] <... mmap resumed>) = 0x20000000 [pid 895] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 907] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 908] <... creat resumed>) = 4 [pid 907] <... futex resumed>) = 1 [pid 904] <... mmap resumed>) = 0x7f6218024000 [pid 901] close(3 [pid 899] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 898] <... futex resumed>) = 0 [pid 897] mount("/dev/loop3", 0x20000000, 0x200005c0, MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"... [pid 907] mount("/dev/loop2", "./bus", NULL, MS_BIND, NULL [pid 898] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 897] <... mount resumed>) = -1 ENOENT (No such file or directory) [pid 907] <... mount resumed>) = 0 [pid 898] <... futex resumed>) = 0 [pid 897] ioctl(6, LOOP_CLR_FD [pid 907] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 898] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 897] <... ioctl resumed>) = 0 [pid 907] <... futex resumed>) = 0 [pid 898] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 897] close(6 [pid 908] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 907] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 906] set_robust_list(0x7f62204449a0, 24 [pid 905] <... set_robust_list resumed>) = 0 [pid 904] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 903] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 265747 [pid 902] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 901] <... close resumed>) = 0 [pid 899] <... futex resumed>) = 1 [pid 898] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 897] <... close resumed>) = 0 [pid 895] <... futex resumed>) = 0 [pid 908] <... futex resumed>) = 1 [pid 907] <... open resumed>) = 5 [pid 906] <... set_robust_list resumed>) = 0 [pid 905] chdir("./27" [pid 904] <... write resumed>) = 262144 [pid 898] <... futex resumed>) = 0 [pid 897] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 896] <... futex resumed>) = 0 [pid 907] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 898] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 897] <... futex resumed>) = 0 [pid 896] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 907] <... futex resumed>) = 0 [pid 898] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 897] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 896] <... futex resumed>) = 0 [pid 908] mount("/dev/loop4", "./bus", NULL, MS_BIND, NULL [pid 907] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 905] <... chdir resumed>) = 0 [pid 903] <... write resumed>) = 265747 [pid 901] symlink("/dev/binderfs", "./binderfs" [pid 899] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 898] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 896] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 895] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 907] <... socket resumed>) = 6 [pid 898] <... futex resumed>) = 0 [pid 907] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 898] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 907] <... futex resumed>) = 0 [pid 898] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 907] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 898] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 907] <... mmap resumed>) = 0x20000000 [pid 898] <... futex resumed>) = 0 [pid 907] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 902] <... write resumed>) = 262144 [pid 898] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 908] <... mount resumed>) = 0 [pid 907] <... futex resumed>) = 0 [pid 898] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 897] <... futex resumed>) = 0 [pid 895] <... futex resumed>) = 1 [pid 908] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 907] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000144} --- [pid 905] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 901] <... symlink resumed>) = 0 [pid 898] read(0, [pid 897] memfd_create("syzkaller", 0 [pid 904] munmap(0x7f6218024000, 262144 [pid 902] munmap(0x7f6218024000, 262144 [pid 897] <... memfd_create resumed>) = 3 [pid 908] <... futex resumed>) = 1 [pid 897] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 896] <... futex resumed>) = 0 [pid 901] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 908] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 905] <... prctl resumed>) = 0 [pid 904] <... munmap resumed>) = 0 [pid 901] <... futex resumed>) = 0 [pid 897] <... mmap resumed>) = 0x7f620fc64000 [pid 896] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 908] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 906] rt_sigprocmask(SIG_SETMASK, [], [pid 905] setpgid(0, 0 [pid 904] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 902] <... munmap resumed>) = 0 [pid 901] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 897] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 896] <... futex resumed>) = 0 [pid 908] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 906] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 905] <... setpgid resumed>) = 0 [pid 904] <... openat resumed>) = 5 [pid 903] +++ killed by SIGBUS +++ [pid 902] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 901] <... rt_sigaction resumed>NULL, 8) = 0 [pid 897] <... write resumed>) = 65536 [pid 896] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 908] <... open resumed>) = 6 [pid 906] creat("./bus", 000 [pid 905] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 904] ioctl(5, LOOP_SET_FD, 3 [pid 902] <... openat resumed>) = 4 [pid 901] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 897] munmap(0x7f620fc64000, 65536 [pid 908] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 907] +++ killed by SIGBUS +++ [pid 906] <... creat resumed>) = 5 [pid 905] <... openat resumed>) = 3 [pid 902] ioctl(4, LOOP_SET_FD, 3 [pid 901] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 898] +++ killed by SIGBUS +++ [pid 897] <... munmap resumed>) = 0 [pid 897] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 6 [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=898, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 897] ioctl(6, LOOP_SET_FD, 3 [pid 298] umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW [pid 897] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 897] ioctl(6, LOOP_CLR_FD [pid 298] openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 897] <... ioctl resumed>) = 0 [pid 298] <... openat resumed>) = 3 [pid 298] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(3, 0x555556cc8730 /* 4 entries */, 32768) = 104 [pid 298] umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 908] <... futex resumed>) = 1 [pid 896] <... futex resumed>) = 0 [pid 908] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 896] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 908] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 896] <... futex resumed>) = 0 [pid 908] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 897] ioctl(6, LOOP_SET_FD, 3 [pid 896] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 908] <... socket resumed>) = 7 [pid 897] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 908] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 905] write(3, "1000", 4 [pid 901] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 897] close(6 [pid 908] <... futex resumed>) = 1 [pid 897] <... close resumed>) = 0 [pid 896] <... futex resumed>) = 0 [pid 298] <... umount2 resumed>) = 0 [pid 908] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 897] close(3 [pid 896] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 908] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 897] <... close resumed>) = 0 [pid 896] <... futex resumed>) = 0 [pid 908] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 6, 0 [pid 905] <... write resumed>) = 4 [pid 901] <... mmap resumed>) = 0x7f6220445000 [pid 897] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 896] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 895] exit_group(0 [pid 298] umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 908] <... mmap resumed>) = 0x20000000 [pid 906] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 905] close(3 [pid 904] <... ioctl resumed>) = 0 [pid 902] <... ioctl resumed>) = 0 [pid 901] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 899] <... futex resumed>) = ? [pid 897] <... futex resumed>) = ? [pid 895] <... exit_group resumed>) = ? [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 908] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 906] <... futex resumed>) = 1 [pid 905] <... close resumed>) = 0 [pid 901] <... mprotect resumed>) = 0 [pid 900] <... futex resumed>) = 0 [pid 899] +++ exited with 0 +++ [pid 897] +++ exited with 0 +++ [pid 908] <... futex resumed>) = 1 [pid 900] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 896] <... futex resumed>) = 0 [pid 908] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 900] <... futex resumed>) = 0 [pid 896] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 908] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 900] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 896] <... futex resumed>) = 0 [pid 908] memfd_create("syzkaller", 0 [pid 906] mount("/dev/loop1", "./bus", NULL, MS_BIND, NULL [pid 905] symlink("/dev/binderfs", "./binderfs" [pid 904] close(3 [pid 902] close(3 [pid 901] rt_sigprocmask(SIG_BLOCK, ~[], [pid 298] newfstatat(AT_FDCWD, "./27/bus", [pid 908] <... memfd_create resumed>) = 8 [pid 906] <... mount resumed>) = 0 [pid 905] <... symlink resumed>) = 0 [pid 904] <... close resumed>) = 0 [pid 902] <... close resumed>) = 0 [pid 901] <... rt_sigprocmask resumed>[], 8) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 908] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 906] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 905] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 904] mkdir(0x20000000, 0777 [pid 902] mkdir("./file0", 0777 [pid 901] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 908] <... mmap resumed>) = 0x7f620fc64000 [pid 906] <... futex resumed>) = 1 [pid 905] <... futex resumed>) = 0 [pid 900] <... futex resumed>) = 0 [pid 298] unlink("./27/bus" [pid 908] write(8, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 906] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 905] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 900] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 908] <... write resumed>) = 65536 [pid 906] <... open resumed>) = 3 [pid 905] <... rt_sigaction resumed>NULL, 8) = 0 [pid 901] <... clone3 resumed> => {parent_tid=[910]}, 88) = 910 [pid 900] <... futex resumed>) = 0 [pid 298] <... unlink resumed>) = 0 [pid 908] munmap(0x7f620fc64000, 65536 [pid 906] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 905] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 901] rt_sigprocmask(SIG_SETMASK, [], [pid 900] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 908] <... munmap resumed>) = 0 [pid 906] <... futex resumed>) = 0 [pid 905] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 901] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 900] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 298] umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 908] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 906] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 905] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 901] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 900] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 908] <... openat resumed>) = 3 [pid 906] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 905] <... mmap resumed>) = 0x7f6220445000 [pid 904] <... mkdir resumed>) = 0 [pid 902] <... mkdir resumed>) = 0 [pid 901] <... futex resumed>) = 0 [pid 900] <... futex resumed>) = 0 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 908] ioctl(3, LOOP_SET_FD, 8 [pid 906] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 905] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 901] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 900] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] newfstatat(AT_FDCWD, "./27/binderfs", [pid 902] mount("/dev/loop1", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 908] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 906] <... socket resumed>) = 6 [pid 905] <... mprotect resumed>) = 0 [pid 901] <... futex resumed>) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 908] ioctl(3, LOOP_CLR_FD [pid 906] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 905] rt_sigprocmask(SIG_BLOCK, ~[], [pid 901] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 298] unlink("./27/binderfs" [pid 908] <... ioctl resumed>) = 0 [pid 906] <... futex resumed>) = 1 [pid 905] <... rt_sigprocmask resumed>[], 8) = 0 [pid 901] <... mmap resumed>) = 0x7f6220424000 [pid 900] <... futex resumed>) = 0 [pid 900] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 910 attached [pid 906] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 3, 0 [pid 905] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 901] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 900] <... futex resumed>) = 0 [pid 298] <... unlink resumed>) = 0 [pid 910] set_robust_list(0x7f62204659a0, 24 [pid 906] <... mmap resumed>) = 0x20000000 [pid 900] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 910] <... set_robust_list resumed>) = 0 [pid 910] rt_sigprocmask(SIG_SETMASK, [], [pid 906] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 905] <... clone3 resumed> => {parent_tid=[911]}, 88) = 911 [pid 901] <... mprotect resumed>) = 0 [pid 910] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 298] getdents64(3, ./strace-static-x86_64: Process 911 attached [pid 906] <... futex resumed>) = 1 [pid 905] rt_sigprocmask(SIG_SETMASK, [], [pid 901] rt_sigprocmask(SIG_BLOCK, ~[], [pid 900] <... futex resumed>) = 0 [pid 298] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 911] set_robust_list(0x7f62204659a0, 24 [pid 910] memfd_create("syzkaller", 0 [pid 908] ioctl(3, LOOP_SET_FD, 8 [pid 906] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 905] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 904] mount("/dev/loop4", 0x20000000, 0x200005c0, MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"... [pid 901] <... rt_sigprocmask resumed>[], 8) = 0 [pid 900] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] close(3 [pid 911] <... set_robust_list resumed>) = 0 [pid 910] <... memfd_create resumed>) = 3 [pid 908] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 906] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 905] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 904] <... mount resumed>) = -1 ENODEV (No such device) [pid 901] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 900] <... futex resumed>) = 0 [pid 298] <... close resumed>) = 0 [pid 910] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 908] close(3 [pid 906] memfd_create("syzkaller", 0 [pid 905] <... futex resumed>) = 0 [pid 904] ioctl(5, LOOP_CLR_FD [pid 911] rt_sigprocmask(SIG_SETMASK, [], [pid 910] <... mmap resumed>) = 0x7f6218024000 [pid 908] <... close resumed>) = 0 [pid 906] <... memfd_create resumed>) = 7 [pid 905] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 904] <... ioctl resumed>) = 0 [pid 298] rmdir("./27"./strace-static-x86_64: Process 912 attached [pid 911] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 910] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 908] close(8 [pid 906] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 905] <... futex resumed>) = 0 [pid 904] close(5 [pid 901] <... clone3 resumed> => {parent_tid=[912]}, 88) = 912 [pid 912] set_robust_list(0x7f62204449a0, 24 [pid 911] memfd_create("syzkaller", 0 [pid 910] <... write resumed>) = 262144 [pid 908] <... close resumed>) = 0 [pid 906] <... mmap resumed>) = 0x7f620fc64000 [pid 905] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 904] <... close resumed>) = 0 [pid 901] rt_sigprocmask(SIG_SETMASK, [], [pid 298] <... rmdir resumed>) = 0 [pid 910] munmap(0x7f6218024000, 262144 [pid 908] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 904] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 910] <... munmap resumed>) = 0 [pid 908] <... futex resumed>) = 0 [pid 906] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 905] <... mmap resumed>) = 0x7f6220424000 [pid 904] <... futex resumed>) = 0 [pid 901] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 298] mkdir("./28", 0777 [pid 911] <... memfd_create resumed>) = 3 [pid 910] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 908] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 904] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 910] <... openat resumed>) = 4 [pid 906] <... write resumed>) = 65536 [pid 905] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 901] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [ 28.455528][ T897] loop3: detected capacity change from 0 to 512 [ 28.486378][ T904] loop4: detected capacity change from 0 to 512 [ 28.492946][ T902] loop1: detected capacity change from 0 to 512 [pid 910] ioctl(4, LOOP_SET_FD, 3 [pid 912] <... set_robust_list resumed>) = 0 [pid 911] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 910] <... ioctl resumed>) = 0 [pid 906] munmap(0x7f620fc64000, 65536 [pid 905] <... mprotect resumed>) = 0 [pid 901] <... futex resumed>) = 0 [pid 298] <... mkdir resumed>) = 0 [pid 912] rt_sigprocmask(SIG_SETMASK, [], [pid 911] <... mmap resumed>) = 0x7f6218024000 [pid 910] close(3 [pid 905] rt_sigprocmask(SIG_BLOCK, ~[], [pid 901] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 896] exit_group(0 [pid 298] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 912] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 911] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 910] <... close resumed>) = 0 [pid 905] <... rt_sigprocmask resumed>[], 8) = 0 [pid 896] <... exit_group resumed>) = ? [pid 895] +++ exited with 0 +++ [pid 298] <... openat resumed>) = 3 [pid 912] creat("./bus", 000 [pid 911] <... write resumed>) = 262144 [pid 910] mkdir("./file0", 0777 [pid 905] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=895, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 298] ioctl(3, LOOP_CLR_FD [pid 912] <... creat resumed>) = 3 [pid 911] munmap(0x7f6218024000, 262144 [pid 910] <... mkdir resumed>) = 0 [pid 298] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 912] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 911] <... munmap resumed>) = 0 [pid 910] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 908] <... futex resumed>) = ? [pid 905] <... clone3 resumed> => {parent_tid=[913]}, 88) = 913 [pid 904] <... futex resumed>) = ? [pid 298] close(3 [pid 912] <... futex resumed>) = 1 [pid 911] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 908] +++ exited with 0 +++ [pid 905] rt_sigprocmask(SIG_SETMASK, [], [pid 901] <... futex resumed>) = 0 [pid 299] umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] <... close resumed>) = 0 [pid 912] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 911] <... openat resumed>) = 4 [pid 905] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 901] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 914 attached ./strace-static-x86_64: Process 913 attached [pid 912] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 911] ioctl(4, LOOP_SET_FD, 3 [pid 906] <... munmap resumed>) = 0 [pid 905] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 901] <... futex resumed>) = 0 [pid 299] openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 914] set_robust_list(0x555556cc76a0, 24 [pid 913] set_robust_list(0x7f62204449a0, 24 [pid 912] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 906] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 914] <... set_robust_list resumed>) = 0 [pid 913] <... set_robust_list resumed>) = 0 [pid 906] <... openat resumed>) = 8 [pid 914] chdir("./28" [pid 913] rt_sigprocmask(SIG_SETMASK, [], [pid 906] ioctl(8, LOOP_SET_FD, 7 [pid 914] <... chdir resumed>) = 0 [pid 913] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 906] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 914] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 913] creat("./bus", 000 [pid 906] ioctl(8, LOOP_CLR_FD [pid 914] <... prctl resumed>) = 0 [pid 913] <... creat resumed>) = 5 [pid 906] <... ioctl resumed>) = 0 [pid 914] setpgid(0, 0 [pid 913] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 914] <... setpgid resumed>) = 0 [pid 913] <... futex resumed>) = 0 [pid 914] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 913] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 914] <... openat resumed>) = 3 [pid 914] write(3, "1000", 4) = 4 [pid 914] close(3) = 0 [pid 914] symlink("/dev/binderfs", "./binderfs") = 0 [pid 914] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 914] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, NULL, 8) = 0 [pid 914] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 906] ioctl(8, LOOP_SET_FD, 7 [pid 914] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 906] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 914] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 906] close(8 [pid 914] <... mmap resumed>) = 0x7f6220445000 [pid 906] <... close resumed>) = 0 [pid 914] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 906] close(7 [pid 914] <... mprotect resumed>) = 0 [pid 906] <... close resumed>) = 0 [pid 914] rt_sigprocmask(SIG_BLOCK, ~[], [pid 906] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 914] <... rt_sigprocmask resumed>[], 8) = 0 [pid 906] <... futex resumed>) = 0 [pid 914] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 906] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 914] <... clone3 resumed> => {parent_tid=[915]}, 88) = 915 [pid 914] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 914] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 914] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 914] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220424000 [pid 914] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 914] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 914] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} => {parent_tid=[916]}, 88) = 916 [pid 914] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 914] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 914] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 916 attached [pid 916] set_robust_list(0x7f62204449a0, 24) = 0 [pid 916] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 916] creat("./bus", 000) = 3 [pid 916] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 914] <... futex resumed>) = 0 [pid 914] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 914] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 916] <... futex resumed>) = 1 [pid 916] mount("/dev/loop2", "./bus", NULL, MS_BIND, NULL) = 0 [pid 916] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 914] <... futex resumed>) = 0 [pid 914] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 914] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 916] <... futex resumed>) = 1 [pid 905] <... futex resumed>) = 1 [pid 901] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] <... openat resumed>) = 3 [pid 913] <... futex resumed>) = 0 [pid 912] <... mount resumed>) = 0 [pid 905] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] newfstatat(3, "", [pid 912] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 905] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 298] <... clone resumed>, child_tidptr=0x555556cc7690) = 914 [pid 905] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 902] <... mount resumed>) = -1 EBADMSG (Bad message) [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 905] <... futex resumed>) = 0 [pid 912] <... futex resumed>) = 1 [pid 901] <... futex resumed>) = 0 [pid 299] getdents64(3, [pid 905] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 902] ioctl(4, LOOP_CLR_FD [pid 912] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 901] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 912] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 901] <... futex resumed>) = 0 [pid 299] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 913] mount("/dev/loop5", "./bus", NULL, MS_BIND, NULL [pid 912] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 902] <... ioctl resumed>) = 0 [pid 901] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 912] <... open resumed>) = 5 [pid 299] umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 902] close(4 [pid 912] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 913] <... mount resumed>) = 0 [pid 912] <... futex resumed>) = 1 [pid 902] <... close resumed>) = 0 [pid 901] <... futex resumed>) = 0 [pid 299] <... umount2 resumed>) = 0 [pid 912] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 902] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 901] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 912] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 902] <... futex resumed>) = 0 [pid 901] <... futex resumed>) = 0 [pid 900] exit_group(0 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 913] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 912] <... socket resumed>) = 6 [pid 906] <... futex resumed>) = ? [pid 901] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 900] <... exit_group resumed>) = ? [pid 299] newfstatat(AT_FDCWD, "./26/bus", [pid 913] <... futex resumed>) = 1 [pid 912] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 906] +++ exited with 0 +++ [pid 905] <... futex resumed>) = 0 [pid 901] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 913] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 299] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 913] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 912] <... futex resumed>) = 0 [pid 905] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 901] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 913] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 912] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 905] <... futex resumed>) = 0 [pid 299] unlink("./26/bus" [pid 901] <... futex resumed>) = 0 [pid 916] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 912] <... mmap resumed>) = 0x20000000 [pid 905] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 901] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 916] <... open resumed>) = 4 [pid 299] <... unlink resumed>) = 0 [pid 916] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 912] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 912] <... futex resumed>) = 1 [pid 901] <... futex resumed>) = 0 [pid 912] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 901] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 912] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 901] <... futex resumed>) = 0 [pid 299] newfstatat(AT_FDCWD, "./26/binderfs", [pid 912] memfd_create("syzkaller", 0) = 7 [pid 299] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 912] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 299] unlink("./26/binderfs" [pid 912] <... mmap resumed>) = 0x7f620fc64000 [pid 914] <... futex resumed>) = 0 [pid 914] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 914] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] <... unlink resumed>) = 0 [pid 916] <... futex resumed>) = 1 [pid 916] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE) = 5 [pid 916] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 914] <... futex resumed>) = 0 [pid 914] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 912] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 914] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 916] <... futex resumed>) = 1 [pid 916] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 4, 0 [pid 912] <... write resumed>) = 65536 [pid 912] munmap(0x7f620fc64000, 65536 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 912] <... munmap resumed>) = 0 [pid 299] newfstatat(AT_FDCWD, "./26/file0", [pid 912] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 912] <... openat resumed>) = 8 [pid 299] umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 912] ioctl(8, LOOP_SET_FD, 7 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 912] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 299] openat(AT_FDCWD, "./26/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 916] <... mmap resumed>) = 0x20000000 [pid 916] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 912] ioctl(8, LOOP_CLR_FD [pid 914] <... futex resumed>) = 0 [pid 299] <... openat resumed>) = 4 [pid 912] <... ioctl resumed>) = 0 [pid 914] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] newfstatat(4, "", [pid 914] <... futex resumed>) = 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 916] <... futex resumed>) = 1 [pid 299] getdents64(4, [pid 916] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000144} --- [pid 299] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 299] getdents64(4, [pid 913] <... open resumed>) = 6 [pid 299] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 913] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] close(4 [pid 913] <... futex resumed>) = 1 [pid 905] <... futex resumed>) = 0 [pid 913] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 905] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... close resumed>) = 0 [pid 913] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 905] <... futex resumed>) = 0 [pid 299] rmdir("./26/file0" [pid 913] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 912] ioctl(8, LOOP_SET_FD, 7 [pid 913] <... socket resumed>) = 7 [pid 905] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 913] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 913] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 299] <... rmdir resumed>) = 0 [pid 905] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 912] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 299] getdents64(3, [pid 905] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 912] close(8 [pid 299] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 913] <... futex resumed>) = 0 [pid 905] <... futex resumed>) = 1 [pid 913] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 6, 0 [pid 912] <... close resumed>) = 0 [pid 299] close(3 [pid 913] <... mmap resumed>) = 0x20000000 [pid 905] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 913] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 905] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 913] <... futex resumed>) = 0 [ 28.513153][ T910] loop0: detected capacity change from 0 to 512 [ 28.519430][ T902] EXT4-fs warning (device loop1): read_mmp_block:115: Error -74 while reading MMP block 12 [ 28.544466][ T911] loop5: detected capacity change from 0 to 512 [pid 912] close(7 [pid 905] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... close resumed>) = 0 ./strace-static-x86_64: Process 915 attached [pid 913] memfd_create("syzkaller", 0 [pid 912] <... close resumed>) = 0 [pid 911] <... ioctl resumed>) = 0 [pid 905] <... futex resumed>) = 0 [pid 299] rmdir("./26" [pid 912] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 911] close(3 [pid 299] <... rmdir resumed>) = 0 [pid 912] <... futex resumed>) = 0 [pid 911] <... close resumed>) = 0 [pid 299] mkdir("./27", 0777 [pid 912] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 911] mkdir(0x20000000, 0777 [pid 299] <... mkdir resumed>) = 0 [pid 911] <... mkdir resumed>) = 0 [pid 299] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 911] mount("/dev/loop5", 0x20000000, 0x200005c0, MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"... [pid 299] <... openat resumed>) = 3 [pid 911] <... mount resumed>) = -1 ENODEV (No such device) [pid 299] ioctl(3, LOOP_CLR_FD [pid 911] ioctl(4, LOOP_CLR_FD [pid 299] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 911] <... ioctl resumed>) = 0 [pid 299] close(3 [pid 911] close(4 [pid 299] <... close resumed>) = 0 [pid 915] +++ killed by SIGBUS +++ [pid 913] <... memfd_create resumed>) = 3 [pid 911] <... close resumed>) = 0 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 916] +++ killed by SIGBUS +++ [pid 914] +++ killed by SIGBUS +++ [pid 911] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 913] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 911] <... futex resumed>) = 0 [pid 904] +++ exited with 0 +++ [pid 896] +++ exited with 0 +++ [pid 299] <... clone resumed>, child_tidptr=0x555556cc7690) = 919 [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=914, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 911] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 298] umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 298] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(3, 0x555556cc8730 /* 4 entries */, 32768) = 104 [pid 298] umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 298] umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./28/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] unlink("./28/bus") = 0 [pid 300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=896, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 913] <... mmap resumed>) = 0x7f620fc64000 [pid 298] umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 919 attached [pid 298] newfstatat(AT_FDCWD, "./28/binderfs", [pid 919] set_robust_list(0x555556cc76a0, 24 [pid 913] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 298] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 919] <... set_robust_list resumed>) = 0 [pid 913] <... write resumed>) = 65536 [pid 298] unlink("./28/binderfs" [pid 919] chdir("./27" [pid 298] <... unlink resumed>) = 0 [pid 919] <... chdir resumed>) = 0 [pid 298] getdents64(3, [pid 919] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 298] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 919] <... prctl resumed>) = 0 [pid 902] +++ exited with 0 +++ [pid 900] +++ exited with 0 +++ [pid 298] close(3 [pid 919] setpgid(0, 0 [pid 298] <... close resumed>) = 0 [pid 919] <... setpgid resumed>) = 0 [pid 298] rmdir("./28" [pid 919] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 298] <... rmdir resumed>) = 0 [pid 919] <... openat resumed>) = 3 [pid 298] mkdir("./29", 0777 [pid 919] write(3, "1000", 4 [pid 298] <... mkdir resumed>) = 0 [pid 919] <... write resumed>) = 4 [pid 298] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 919] close(3 [pid 298] <... openat resumed>) = 3 [pid 919] <... close resumed>) = 0 [pid 298] ioctl(3, LOOP_CLR_FD [pid 919] symlink("/dev/binderfs", "./binderfs" [pid 298] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 919] <... symlink resumed>) = 0 [pid 298] close(3 [pid 919] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... close resumed>) = 0 [pid 919] <... futex resumed>) = 0 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 919] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, NULL, 8) = 0 [pid 298] <... clone resumed>, child_tidptr=0x555556cc7690) = 920 [pid 919] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 919] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220445000 [pid 919] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 919] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 919] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} => {parent_tid=[921]}, 88) = 921 [pid 919] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 919] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 919] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 919] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220424000 [pid 919] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 919] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 913] munmap(0x7f620fc64000, 65536 [pid 919] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} => {parent_tid=[922]}, 88) = 922 [pid 919] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 919] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 919] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 920 attached [pid 920] set_robust_list(0x555556cc76a0, 24) = 0 [pid 920] chdir("./29") = 0 [pid 920] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 920] setpgid(0, 0) = 0 ./strace-static-x86_64: Process 921 attached [pid 920] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 921] set_robust_list(0x7f62204659a0, 24 [pid 920] <... openat resumed>) = 3 [pid 921] <... set_robust_list resumed>) = 0 [pid 920] write(3, "1000", 4 [pid 921] rt_sigprocmask(SIG_SETMASK, [], [pid 920] <... write resumed>) = 4 [pid 921] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 920] close(3./strace-static-x86_64: Process 922 attached [pid 921] memfd_create("syzkaller", 0 [pid 920] <... close resumed>) = 0 [pid 922] set_robust_list(0x7f62204449a0, 24 [pid 921] <... memfd_create resumed>) = 3 [pid 920] symlink("/dev/binderfs", "./binderfs" [pid 922] <... set_robust_list resumed>) = 0 [pid 921] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 920] <... symlink resumed>) = 0 [pid 922] rt_sigprocmask(SIG_SETMASK, [], [pid 921] <... mmap resumed>) = 0x7f6218024000 [pid 920] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 922] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 920] <... futex resumed>) = 0 [pid 913] <... munmap resumed>) = 0 [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=900, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 922] creat("./bus", 000 [pid 921] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 920] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 913] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 922] <... creat resumed>) = 4 [pid 920] <... rt_sigaction resumed>NULL, 8) = 0 [pid 913] <... openat resumed>) = 4 [pid 300] umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW [pid 922] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 920] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 913] ioctl(4, LOOP_SET_FD, 3 [pid 922] <... futex resumed>) = 1 [pid 920] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 919] <... futex resumed>) = 0 [pid 922] mount("/dev/loop3", "./bus", NULL, MS_BIND, NULL [pid 920] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 919] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 922] <... mount resumed>) = 0 [pid 920] <... mmap resumed>) = 0x7f6220445000 [pid 919] <... futex resumed>) = 0 [pid 922] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 921] <... write resumed>) = 262144 [pid 920] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 919] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 922] <... futex resumed>) = 0 [pid 921] munmap(0x7f6218024000, 262144 [pid 920] <... mprotect resumed>) = 0 [pid 919] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 913] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW [pid 922] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 921] <... munmap resumed>) = 0 [pid 920] rt_sigprocmask(SIG_BLOCK, ~[], [pid 919] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 913] ioctl(4, LOOP_CLR_FD [pid 300] openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 922] <... open resumed>) = 5 [pid 921] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 920] <... rt_sigprocmask resumed>[], 8) = 0 [pid 919] <... futex resumed>) = 0 [pid 913] <... ioctl resumed>) = 0 [pid 300] <... openat resumed>) = 3 [pid 297] openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 922] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 921] <... openat resumed>) = 6 [pid 920] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 919] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 300] newfstatat(3, "", [pid 297] <... openat resumed>) = 3 [pid 922] <... futex resumed>) = 0 [ 28.558505][ T917] EXT4-fs warning (device loop0): kmmpd:170: kmmpd being stopped since MMP feature has been disabled. [ 28.559090][ T910] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 28.585722][ T910] EXT4-fs error (device loop0): ext4_init_orphan_info:586: comm syz-executor172: inode #0: comm syz-executor172: iget: illegal inode # [pid 921] ioctl(6, LOOP_SET_FD, 3 [pid 919] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 300] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] newfstatat(3, "", ./strace-static-x86_64: Process 923 attached [pid 922] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 920] <... clone3 resumed> => {parent_tid=[923]}, 88) = 923 [pid 300] getdents64(3, [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 923] set_robust_list(0x7f62204659a0, 24 [pid 919] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 913] ioctl(4, LOOP_SET_FD, 3 [pid 300] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 128 [pid 297] getdents64(3, [pid 923] <... set_robust_list resumed>) = 0 [pid 919] <... futex resumed>) = 0 [pid 913] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 300] umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 923] rt_sigprocmask(SIG_SETMASK, [], [pid 919] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 913] close(4 [pid 300] <... umount2 resumed>) = 0 [pid 297] umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 923] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 920] rt_sigprocmask(SIG_SETMASK, [], [pid 913] <... close resumed>) = 0 [pid 923] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 913] close(3) = 0 [pid 913] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 913] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 921] <... ioctl resumed>) = 0 [pid 921] close(3) = 0 [pid 921] mkdir("./file0", 0777) = 0 [pid 921] mount("/dev/loop3", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 922] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 297] <... umount2 resumed>) = 0 [pid 905] exit_group(0 [pid 297] umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 913] <... futex resumed>) = ? [pid 911] <... futex resumed>) = ? [pid 905] <... exit_group resumed>) = ? [pid 300] umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 913] +++ exited with 0 +++ [pid 911] +++ exited with 0 +++ [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./31/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] unlink("./31/bus" [pid 300] newfstatat(AT_FDCWD, "./27/bus", [pid 297] <... unlink resumed>) = 0 [pid 297] umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 300] unlink("./27/bus" [pid 297] newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] unlink("./31/binderfs" [pid 300] <... unlink resumed>) = 0 [pid 922] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 920] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 300] umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] <... unlink resumed>) = 0 [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 300] newfstatat(AT_FDCWD, "./27/binderfs", [pid 297] umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 300] unlink("./27/binderfs") = 0 [pid 297] newfstatat(AT_FDCWD, "./31/file0", [pid 300] umount2("./27/ext4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 300] newfstatat(AT_FDCWD, "./27/ext4", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 300] umount2("./27/ext4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 300] openat(AT_FDCWD, "./27/ext4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 300] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 300] getdents64(4, 0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 300] getdents64(4, 0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 300] close(4) = 0 [pid 300] rmdir("./27/ext4") = 0 [pid 300] getdents64(3, 0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 300] close(3) = 0 [pid 300] rmdir("./27") = 0 [pid 300] mkdir("./28", 0777) = 0 [pid 300] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 300] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 300] close(3) = 0 [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cc7690) = 924 [pid 920] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 923] <... futex resumed>) = 0 [pid 923] memfd_create("syzkaller", 0) = 3 [pid 923] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6218045000 [pid 923] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 920] <... futex resumed>) = 1 [pid 923] munmap(0x7f6218045000, 262144 [pid 922] <... socket resumed>) = 3 [pid 920] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 923] <... munmap resumed>) = 0 [pid 922] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 920] <... futex resumed>) = 0 [pid 923] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 922] <... futex resumed>) = 1 [pid 920] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 919] <... futex resumed>) = 0 [pid 923] <... openat resumed>) = 4 [pid 922] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 920] <... mmap resumed>) = 0x7f6218064000 [pid 919] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 923] ioctl(4, LOOP_SET_FD, 3 [pid 922] <... mmap resumed>) = 0x20000000 [pid 920] mprotect(0x7f6218065000, 131072, PROT_READ|PROT_WRITE [pid 919] <... futex resumed>) = 0 ./strace-static-x86_64: Process 924 attached [pid 919] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./31/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 297] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(4, 0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 297] getdents64(4, 0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 297] close(4) = 0 [pid 297] rmdir("./31/file0") = 0 [pid 297] getdents64(3, 0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 297] close(3) = 0 [pid 297] rmdir("./31") = 0 [pid 297] mkdir("./32", 0777) = 0 [pid 297] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 297] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 297] close(3) = 0 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cc7690) = 925 [pid 924] set_robust_list(0x555556cc76a0, 24) = 0 [pid 924] chdir("./28") = 0 [pid 924] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 924] setpgid(0, 0) = 0 [pid 910] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 910] ioctl(4, LOOP_CLR_FD./strace-static-x86_64: Process 925 attached [pid 924] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 923] <... ioctl resumed>) = 0 [pid 922] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 920] <... mprotect resumed>) = 0 [pid 905] +++ exited with 0 +++ [pid 925] set_robust_list(0x555556cc76a0, 24 [pid 923] close(3 [pid 922] <... futex resumed>) = 1 [pid 920] rt_sigprocmask(SIG_BLOCK, ~[], [pid 919] <... futex resumed>) = 0 [pid 301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=905, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 925] <... set_robust_list resumed>) = 0 [pid 924] <... openat resumed>) = 3 [pid 923] <... close resumed>) = 0 [pid 922] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 920] <... rt_sigprocmask resumed>[], 8) = 0 [pid 919] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 925] chdir("./32" [pid 924] write(3, "1000", 4 [pid 923] mkdir("./file0", 0777 [pid 922] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 920] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6218084990, parent_tid=0x7f6218084990, exit_signal=0, stack=0x7f6218064000, stack_size=0x20300, tls=0x7f62180846c0} [pid 919] <... futex resumed>) = 0 [pid 925] <... chdir resumed>) = 0 [pid 924] <... write resumed>) = 4 [pid 923] <... mkdir resumed>) = 0 [pid 922] memfd_create("syzkaller", 0 [pid 925] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 924] close(3 [pid 923] mount("/dev/loop2", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 922] <... memfd_create resumed>) = 7 [pid 920] <... clone3 resumed> => {parent_tid=[928]}, 88) = 928 [pid 925] <... prctl resumed>) = 0 [pid 924] <... close resumed>) = 0 [pid 922] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 920] rt_sigprocmask(SIG_SETMASK, [], [pid 925] setpgid(0, 0 [pid 924] symlink("/dev/binderfs", "./binderfs" [pid 922] <... mmap resumed>) = 0x7f620fc64000 [pid 920] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 925] <... setpgid resumed>) = 0 [pid 924] <... symlink resumed>) = 0 [pid 922] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 920] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 910] <... ioctl resumed>) = 0 [pid 301] umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW [pid 925] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 924] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 922] <... write resumed>) = 65536 [pid 920] <... futex resumed>) = 0 [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 925] <... openat resumed>) = 3 [pid 924] <... futex resumed>) = 0 [pid 922] munmap(0x7f620fc64000, 65536 [pid 920] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 925] write(3, "1000", 4 [pid 924] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 922] <... munmap resumed>) = 0 [pid 910] close(4 [pid 301] <... openat resumed>) = 3 [pid 925] <... write resumed>) = 4 [pid 924] <... rt_sigaction resumed>NULL, 8) = 0 [pid 922] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 910] <... close resumed>) = 0 [pid 301] newfstatat(3, "", [pid 925] close(3 [pid 924] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 922] <... openat resumed>) = 8 [pid 910] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 901] exit_group(0 [pid 301] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 925] <... close resumed>) = 0 [pid 924] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 922] ioctl(8, LOOP_SET_FD, 7 [pid 912] <... futex resumed>) = ? [pid 910] <... futex resumed>) = ? [pid 901] <... exit_group resumed>) = ? [pid 301] getdents64(3, [pid 925] symlink("/dev/binderfs", "./binderfs" [pid 924] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 922] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 912] +++ exited with 0 +++ [pid 910] +++ exited with 0 +++ [pid 301] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 128 [pid 925] <... symlink resumed>) = 0 [pid 924] <... mmap resumed>) = 0x7f6220445000 [pid 922] ioctl(8, LOOP_CLR_FD [pid 301] umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 925] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 924] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 922] <... ioctl resumed>) = 0 [pid 301] <... umount2 resumed>) = 0 [pid 925] <... futex resumed>) = 0 [pid 924] <... mprotect resumed>) = 0 [pid 301] umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 925] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 924] rt_sigprocmask(SIG_BLOCK, ~[], [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 925] <... rt_sigaction resumed>NULL, 8) = 0 [pid 924] <... rt_sigprocmask resumed>[], 8) = 0 [pid 301] newfstatat(AT_FDCWD, "./27/bus", [pid 925] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 924] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 301] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 925] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 301] unlink("./27/bus" [pid 925] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 924] <... clone3 resumed> => {parent_tid=[930]}, 88) = 930 [pid 301] <... unlink resumed>) = 0 [pid 925] <... mmap resumed>) = 0x7f6220445000 [pid 924] rt_sigprocmask(SIG_SETMASK, [], [pid 301] umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 925] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 924] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 922] ioctl(8, LOOP_SET_FD, 7 [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 925] <... mprotect resumed>) = 0 [pid 924] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 922] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 301] newfstatat(AT_FDCWD, "./27/binderfs", ./strace-static-x86_64: Process 930 attached ./strace-static-x86_64: Process 928 attached [pid 930] set_robust_list(0x7f62204659a0, 24 [pid 928] set_robust_list(0x7f62180849a0, 24 [pid 930] <... set_robust_list resumed>) = 0 [pid 928] <... set_robust_list resumed>) = 0 [pid 930] rt_sigprocmask(SIG_SETMASK, [], [pid 928] rt_sigprocmask(SIG_SETMASK, [], [pid 930] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 928] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 930] memfd_create("syzkaller", 0 [pid 928] creat("./bus", 000 [pid 930] <... memfd_create resumed>) = 3 [pid 928] <... creat resumed>) = 3 [pid 930] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 928] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 930] <... mmap resumed>) = 0x7f6218045000 [pid 928] <... futex resumed>) = 1 [ 28.616582][ T921] loop3: detected capacity change from 0 to 512 [ 28.625951][ T910] EXT4-fs (loop0): get orphan inode failed [ 28.635506][ T910] EXT4-fs (loop0): mount failed [ 28.643334][ T923] loop2: detected capacity change from 0 to 512 [pid 920] <... futex resumed>) = 0 [pid 930] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 928] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 920] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 928] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 920] <... futex resumed>) = 0 [pid 928] mount("/dev/loop2", "./bus", NULL, MS_BIND, NULL [pid 920] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 928] <... mount resumed>) = 0 [pid 928] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 920] <... futex resumed>) = 0 [pid 928] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 920] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 930] <... write resumed>) = 262144 [pid 928] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 920] <... futex resumed>) = 0 [pid 928] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 920] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 928] <... open resumed>) = 5 [pid 928] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 920] <... futex resumed>) = 0 [pid 928] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 922] close(8 [pid 920] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 930] munmap(0x7f6218045000, 262144 [pid 928] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 925] rt_sigprocmask(SIG_BLOCK, ~[], [pid 924] <... futex resumed>) = 0 [pid 922] <... close resumed>) = 0 [pid 920] <... futex resumed>) = 0 [pid 301] unlink("./27/binderfs" [pid 930] <... munmap resumed>) = 0 [pid 928] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 925] <... rt_sigprocmask resumed>[], 8) = 0 [pid 924] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 922] close(7 [pid 920] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 930] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 928] <... socket resumed>) = 6 [pid 301] <... unlink resumed>) = 0 [pid 930] <... openat resumed>) = 4 [pid 928] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 930] ioctl(4, LOOP_SET_FD, 3 [pid 928] <... futex resumed>) = 1 [pid 920] <... futex resumed>) = 0 [pid 928] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 925] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 924] <... futex resumed>) = 0 [pid 922] <... close resumed>) = 0 [pid 920] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] umount2("./27/ext4", MNT_DETACH|UMOUNT_NOFOLLOW [pid 928] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 920] <... futex resumed>) = 0 [pid 928] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 920] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 928] <... mmap resumed>) = 0x20000000 [pid 928] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 920] <... futex resumed>) = 0 [pid 928] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 920] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 928] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 920] <... futex resumed>) = 0 [pid 928] memfd_create("syzkaller", 0) = 7 [pid 928] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f620fc64000 [pid 928] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536) = 65536 [pid 928] munmap(0x7f620fc64000, 65536) = 0 [pid 928] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 8 [pid 928] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy) [pid 928] ioctl(8, LOOP_CLR_FD) = 0 [pid 930] <... ioctl resumed>) = 0 [pid 930] close(3) = 0 [pid 930] mkdir("./file0", 0777 [pid 928] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy) [pid 928] close(8) = 0 [pid 928] close(7) = 0 [pid 928] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 928] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 930] <... mkdir resumed>) = 0 [pid 930] mount("/dev/loop4", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 924] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 922] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 924] <... mmap resumed>) = 0x7f6218064000 [pid 922] <... futex resumed>) = 0 [pid 301] newfstatat(AT_FDCWD, "./27/ext4", [pid 925] <... clone3 resumed> => {parent_tid=[932]}, 88) = 932 [pid 924] mprotect(0x7f6218065000, 131072, PROT_READ|PROT_WRITE [pid 922] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 301] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 925] rt_sigprocmask(SIG_SETMASK, [], [pid 924] <... mprotect resumed>) = 0 [pid 301] umount2("./27/ext4", MNT_DETACH|UMOUNT_NOFOLLOW [pid 925] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 924] rt_sigprocmask(SIG_BLOCK, ~[], [pid 925] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 924] <... rt_sigprocmask resumed>[], 8) = 0 [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 28.663566][ T921] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 28.674418][ T923] EXT4-fs (loop2): mounted filesystem without journal. Opts: nodiscard,barrier,nouid32,grpquota,,errors=continue. Quota mode: writeback. [ 28.676115][ T930] loop4: detected capacity change from 0 to 512 [ 28.689331][ T921] EXT4-fs error (device loop3): ext4_init_orphan_info:586: comm syz-executor172: inode #0: comm syz-executor172: iget: illegal inode # ./strace-static-x86_64: Process 932 attached [pid 925] <... futex resumed>) = 0 [pid 924] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6218084990, parent_tid=0x7f6218084990, exit_signal=0, stack=0x7f6218064000, stack_size=0x20300, tls=0x7f62180846c0} [pid 923] <... mount resumed>) = 0 [pid 901] +++ exited with 0 +++ [pid 301] openat(AT_FDCWD, "./27/ext4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 925] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] <... openat resumed>) = 4 [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=901, si_uid=0, si_status=0, si_utime=0, si_stime=8} --- [pid 932] set_robust_list(0x7f62204659a0, 24 [pid 925] <... futex resumed>) = 0 [pid 924] <... clone3 resumed> => {parent_tid=[934]}, 88) = 934 [pid 923] openat(AT_FDCWD, 0x20000000, O_RDONLY|O_DIRECTORY [pid 301] newfstatat(4, "", [pid 925] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 924] rt_sigprocmask(SIG_SETMASK, [], [pid 301] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW [pid 932] <... set_robust_list resumed>) = 0 [pid 925] <... mmap resumed>) = 0x7f6220424000 [pid 924] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 923] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 301] getdents64(4, [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 932] rt_sigprocmask(SIG_SETMASK, [], [pid 925] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 924] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 923] ioctl(4, LOOP_CLR_FD [pid 925] <... mprotect resumed>) = 0 [pid 301] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 924] <... futex resumed>) = 0 [pid 932] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 923] <... ioctl resumed>) = 0 [pid 296] openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 925] rt_sigprocmask(SIG_BLOCK, ~[], [pid 924] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] getdents64(4, [pid 296] <... openat resumed>) = 3 [pid 925] <... rt_sigprocmask resumed>[], 8) = 0 [pid 923] close(4 [pid 301] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 932] memfd_create("syzkaller", 0 [pid 296] newfstatat(3, "", [pid 925] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 923] <... close resumed>) = 0 [pid 301] close(4 [pid 932] <... memfd_create resumed>) = 3 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 932] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 923] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] <... close resumed>) = 0 [pid 296] getdents64(3, [pid 932] <... mmap resumed>) = 0x7f6218024000 [pid 925] <... clone3 resumed> => {parent_tid=[936]}, 88) = 936 [pid 923] <... futex resumed>) = 0 [pid 301] rmdir("./27/ext4" [pid 296] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 301] <... rmdir resumed>) = 0 [pid 920] exit_group(0 [pid 925] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 920] <... exit_group resumed>) = ? [pid 301] getdents64(3, [pid 296] umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 925] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 928] <... futex resumed>) = ? [pid 925] <... futex resumed>) = 0 [pid 301] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 923] +++ exited with 0 +++ [pid 296] <... umount2 resumed>) = 0 [pid 928] +++ exited with 0 +++ [pid 925] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 920] +++ exited with 0 +++ [pid 301] close(3 [pid 296] umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 301] <... close resumed>) = 0 [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=920, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 301] rmdir("./27" [pid 298] restart_syscall(<... resuming interrupted clone ...> [pid 296] newfstatat(AT_FDCWD, "./25/bus", [pid 301] <... rmdir resumed>) = 0 [pid 298] <... restart_syscall resumed>) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 932] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 301] mkdir("./28", 0777 [pid 296] unlink("./25/bus" [pid 301] <... mkdir resumed>) = 0 [pid 301] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 296] <... unlink resumed>) = 0 [pid 298] umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW [pid 301] <... openat resumed>) = 3 [pid 296] umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 301] ioctl(3, LOOP_CLR_FD [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 301] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 301] close(3 [pid 296] newfstatat(AT_FDCWD, "./25/binderfs", [pid 301] <... close resumed>) = 0 [pid 298] <... openat resumed>) = 3 [pid 301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 298] newfstatat(3, "", [pid 296] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 ./strace-static-x86_64: Process 937 attached ./strace-static-x86_64: Process 936 attached ./strace-static-x86_64: Process 934 attached [pid 932] <... write resumed>) = 262144 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] unlink("./25/binderfs" [pid 936] set_robust_list(0x7f62204449a0, 24 [pid 934] set_robust_list(0x7f62180849a0, 24 [pid 932] munmap(0x7f6218024000, 262144 [pid 301] <... clone resumed>, child_tidptr=0x555556cc7690) = 937 [pid 298] getdents64(3, [pid 296] <... unlink resumed>) = 0 [pid 936] <... set_robust_list resumed>) = 0 [pid 934] <... set_robust_list resumed>) = 0 [pid 932] <... munmap resumed>) = 0 [pid 298] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 296] umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 936] rt_sigprocmask(SIG_SETMASK, [], [pid 934] rt_sigprocmask(SIG_SETMASK, [], [pid 932] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 298] umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 936] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 934] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 932] <... openat resumed>) = 4 [pid 296] newfstatat(AT_FDCWD, "./25/file0", [pid 936] creat("./bus", 000 [pid 934] creat("./bus", 000 [ 28.709175][ T923] ext4 filesystem being mounted at /root/syzkaller.4RDDfu/29/file0 supports timestamps until 2038 (0x7fffffff) [ 28.709905][ T921] EXT4-fs (loop3): get orphan inode failed [ 28.741082][ T921] EXT4-fs (loop3): mount failed [ 28.749310][ T930] EXT4-fs (loop4): mounted filesystem without journal. Opts: nodiscard,barrier,nouid32,grpquota,,errors=continue. Quota mode: writeback. [pid 932] ioctl(4, LOOP_SET_FD, 3 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 936] <... creat resumed>) = 5 [pid 934] <... creat resumed>) = 3 [pid 298] <... umount2 resumed>) = 0 [pid 296] umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 936] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 934] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 936] <... futex resumed>) = 1 [pid 934] <... futex resumed>) = 1 [pid 925] <... futex resumed>) = 0 [pid 924] <... futex resumed>) = 0 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 936] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 934] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 925] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 924] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] newfstatat(AT_FDCWD, "./29/bus", [pid 296] <... openat resumed>) = 4 [pid 936] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 934] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 925] <... futex resumed>) = 0 [pid 924] <... futex resumed>) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] newfstatat(4, "", [pid 936] mount("/dev/loop1", "./bus", NULL, MS_BIND, NULL [pid 934] mount("/dev/loop4", "./bus", NULL, MS_BIND, NULL [pid 925] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 924] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] unlink("./29/bus" [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 936] <... mount resumed>) = 0 [pid 934] <... mount resumed>) = 0 [pid 298] <... unlink resumed>) = 0 [pid 296] getdents64(4, [pid 936] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 934] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 937] set_robust_list(0x555556cc76a0, 24 [pid 936] <... futex resumed>) = 1 [pid 934] <... futex resumed>) = 1 [pid 925] <... futex resumed>) = 0 [pid 924] <... futex resumed>) = 0 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] getdents64(4, [pid 937] <... set_robust_list resumed>) = 0 [pid 936] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 934] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 925] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 924] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] newfstatat(AT_FDCWD, "./29/binderfs", [pid 296] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 937] chdir("./28" [pid 936] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 934] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 925] <... futex resumed>) = 0 [pid 924] <... futex resumed>) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] close(4 [pid 937] <... chdir resumed>) = 0 [pid 936] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 934] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 925] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 924] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] unlink("./29/binderfs" [pid 296] <... close resumed>) = 0 [pid 937] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 934] <... open resumed>) = 5 [pid 298] <... unlink resumed>) = 0 [pid 296] rmdir("./25/file0" [pid 937] <... prctl resumed>) = 0 [pid 934] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... rmdir resumed>) = 0 [pid 937] setpgid(0, 0 [pid 934] <... futex resumed>) = 1 [pid 924] <... futex resumed>) = 0 [pid 296] getdents64(3, [pid 937] <... setpgid resumed>) = 0 [pid 934] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 924] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 937] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 934] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 924] <... futex resumed>) = 0 [pid 296] close(3 [pid 937] <... openat resumed>) = 3 [pid 934] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 924] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 296] <... close resumed>) = 0 [pid 937] write(3, "1000", 4 [pid 934] <... socket resumed>) = 6 [pid 296] rmdir("./25" [pid 937] <... write resumed>) = 4 [pid 934] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 921] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 296] <... rmdir resumed>) = 0 [pid 937] close(3 [pid 934] <... futex resumed>) = 1 [pid 924] <... futex resumed>) = 0 [pid 296] mkdir("./26", 0777 [pid 937] <... close resumed>) = 0 [pid 934] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 924] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 921] ioctl(6, LOOP_CLR_FD [pid 296] <... mkdir resumed>) = 0 [pid 937] symlink("/dev/binderfs", "./binderfs" [pid 934] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 924] <... futex resumed>) = 0 [pid 296] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 937] <... symlink resumed>) = 0 [pid 934] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 924] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 921] <... ioctl resumed>) = 0 [pid 296] <... openat resumed>) = 3 [pid 937] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 934] <... mmap resumed>) = 0x20000000 [pid 296] ioctl(3, LOOP_CLR_FD [pid 937] <... futex resumed>) = 0 [pid 934] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 921] close(6 [pid 296] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 937] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 934] <... futex resumed>) = 1 [pid 924] <... futex resumed>) = 0 [pid 296] close(3 [pid 937] <... rt_sigaction resumed>NULL, 8) = 0 [pid 934] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 924] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... close resumed>) = 0 [pid 937] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 934] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 924] <... futex resumed>) = 0 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 937] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 934] memfd_create("syzkaller", 0 [pid 937] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 934] <... memfd_create resumed>) = 7 [pid 296] <... clone resumed>, child_tidptr=0x555556cc7690) = 938 [pid 937] <... mmap resumed>) = 0x7f6220445000 [pid 934] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 937] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 934] <... mmap resumed>) = 0x7f620fc64000 [pid 937] <... mprotect resumed>) = 0 [pid 934] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 937] rt_sigprocmask(SIG_BLOCK, ~[], [pid 934] <... write resumed>) = 65536 [pid 937] <... rt_sigprocmask resumed>[], 8) = 0 [pid 934] munmap(0x7f620fc64000, 65536 [pid 937] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 934] <... munmap resumed>) = 0 [pid 934] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 937] <... clone3 resumed> => {parent_tid=[939]}, 88) = 939 [pid 934] <... openat resumed>) = 8 [pid 937] rt_sigprocmask(SIG_SETMASK, [], [pid 934] ioctl(8, LOOP_SET_FD, 7 [pid 937] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 934] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 937] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 934] ioctl(8, LOOP_CLR_FD [pid 937] <... futex resumed>) = 0 [pid 934] <... ioctl resumed>) = 0 [pid 937] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 937] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220424000 [ 28.750711][ T932] loop1: detected capacity change from 0 to 512 [pid 937] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 921] <... close resumed>) = 0 [pid 937] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 937] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} => {parent_tid=[940]}, 88) = 940 [pid 937] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 937] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 934] ioctl(8, LOOP_SET_FD, 7 [pid 937] <... futex resumed>) = 0 [pid 934] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 937] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 934] close(8) = 0 [pid 934] close(7) = 0 [pid 934] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 934] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 936] <... open resumed>) = 6 [pid 936] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 925] <... futex resumed>) = 0 [pid 936] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 925] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 936] <... socket resumed>) = 7 [pid 925] <... futex resumed>) = 0 [pid 936] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 925] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 936] <... futex resumed>) = 0 [pid 925] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 936] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 6, 0 [pid 925] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 936] <... mmap resumed>) = 0x20000000 [pid 925] <... futex resumed>) = 0 [pid 936] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 925] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 936] <... futex resumed>) = 0 [pid 925] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 925] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 932] <... ioctl resumed>) = 0 [pid 932] close(3) = 0 [pid 932] mkdir(0x20000000, 0777 [pid 936] memfd_create("syzkaller", 0) = 3 [pid 936] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f620fc64000 [pid 936] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536) = 65536 [pid 932] <... mkdir resumed>) = 0 [pid 932] mount("/dev/loop1", 0x20000000, 0x200005c0, MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"... [pid 936] munmap(0x7f620fc64000, 65536 [pid 932] <... mount resumed>) = -1 ENODEV (No such device) ./strace-static-x86_64: Process 940 attached ./strace-static-x86_64: Process 939 attached ./strace-static-x86_64: Process 938 attached [pid 936] <... munmap resumed>) = 0 [pid 921] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 936] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 932] ioctl(4, LOOP_CLR_FD [pid 921] <... futex resumed>) = 0 [pid 919] exit_group(0 [pid 932] <... ioctl resumed>) = 0 [pid 922] <... futex resumed>) = ? [pid 919] <... exit_group resumed>) = ? [pid 936] <... openat resumed>) = 8 [pid 940] set_robust_list(0x7f62204449a0, 24 [pid 939] set_robust_list(0x7f62204659a0, 24 [pid 938] set_robust_list(0x555556cc76a0, 24 [pid 936] ioctl(8, LOOP_SET_FD, 3 [pid 932] close(4 [pid 930] <... mount resumed>) = 0 [pid 922] +++ exited with 0 +++ [pid 921] +++ exited with 0 +++ [pid 936] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 936] ioctl(8, LOOP_CLR_FD) = 0 [pid 932] <... close resumed>) = 0 [pid 940] <... set_robust_list resumed>) = 0 [pid 932] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 940] rt_sigprocmask(SIG_SETMASK, [], [pid 939] <... set_robust_list resumed>) = 0 [pid 938] <... set_robust_list resumed>) = 0 [pid 932] <... futex resumed>) = 0 [pid 939] rt_sigprocmask(SIG_SETMASK, [], [pid 932] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 930] openat(AT_FDCWD, 0x20000000, O_RDONLY|O_DIRECTORY [pid 940] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 939] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 938] chdir("./26" [pid 930] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 940] creat("./bus", 000 [pid 938] <... chdir resumed>) = 0 [pid 939] memfd_create("syzkaller", 0 [pid 938] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 930] ioctl(4, LOOP_CLR_FD [pid 938] <... prctl resumed>) = 0 [pid 939] <... memfd_create resumed>) = 4 [pid 938] setpgid(0, 0) = 0 [pid 936] ioctl(8, LOOP_SET_FD, 3 [pid 939] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 930] <... ioctl resumed>) = 0 [pid 940] <... creat resumed>) = 3 [pid 938] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 936] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 939] <... mmap resumed>) = 0x7f6218024000 [pid 936] close(8 [pid 930] close(4 [pid 936] <... close resumed>) = 0 [pid 936] close(3 [pid 938] <... openat resumed>) = 3 [pid 936] <... close resumed>) = 0 [pid 936] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 936] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 940] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 937] <... futex resumed>) = 0 [pid 937] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 937] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 925] exit_group(0 [pid 936] <... futex resumed>) = ? [pid 932] <... futex resumed>) = ? [pid 925] <... exit_group resumed>) = ? [pid 938] write(3, "1000", 4 [pid 936] +++ exited with 0 +++ [pid 932] +++ exited with 0 +++ [pid 940] <... futex resumed>) = 1 [pid 940] mount("/dev/loop5", "./bus", NULL, MS_BIND, NULL) = 0 [pid 940] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 937] <... futex resumed>) = 0 [pid 937] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 937] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 940] <... futex resumed>) = 1 [pid 940] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 938] <... write resumed>) = 4 [pid 940] <... open resumed>) = 5 [pid 940] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 937] <... futex resumed>) = 0 [pid 937] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 937] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 940] <... futex resumed>) = 1 [pid 940] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE) = 6 [pid 938] close(3 [pid 940] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 937] <... futex resumed>) = 0 [pid 937] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 937] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 940] <... futex resumed>) = 1 [pid 940] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000 [pid 938] <... close resumed>) = 0 [pid 940] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 937] <... futex resumed>) = 0 [pid 937] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 940] <... futex resumed>) = 1 [pid 940] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000144} --- [pid 938] symlink("/dev/binderfs", "./binderfs" [pid 930] <... close resumed>) = 0 [pid 939] +++ killed by SIGBUS +++ [pid 938] <... symlink resumed>) = 0 [pid 930] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 940] +++ killed by SIGBUS +++ [pid 937] +++ killed by SIGBUS +++ [pid 924] exit_group(0 [pid 938] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 934] <... futex resumed>) = ? [pid 924] <... exit_group resumed>) = ? [pid 938] <... futex resumed>) = 0 [pid 934] +++ exited with 0 +++ [pid 930] <... futex resumed>) = ? [pid 301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=937, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 301] umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 301] openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 938] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 301] <... openat resumed>) = 3 [pid 301] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 301] getdents64(3, 0x555556cc8730 /* 4 entries */, 32768) = 104 [pid 930] +++ exited with 0 +++ [pid 924] +++ exited with 0 +++ [pid 301] umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 938] <... rt_sigaction resumed>NULL, 8) = 0 [pid 301] <... umount2 resumed>) = 0 [pid 300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=924, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 938] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 938] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 300] restart_syscall(<... resuming interrupted clone ...> [pid 938] <... mmap resumed>) = 0x7f6220445000 [pid 938] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 938] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 938] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 919] +++ exited with 0 +++ [pid 301] umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] <... restart_syscall resumed>) = 0 [pid 938] <... clone3 resumed> => {parent_tid=[941]}, 88) = 941 [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=919, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 938] rt_sigprocmask(SIG_SETMASK, [], [pid 301] newfstatat(AT_FDCWD, "./28/bus", [pid 938] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 301] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 300] umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW [pid 938] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] unlink("./28/bus" [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW [pid 938] <... futex resumed>) = 0 [pid 301] <... unlink resumed>) = 0 [pid 300] openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 301] umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] <... openat resumed>) = 3 [pid 299] openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 938] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 300] newfstatat(3, "", [pid 299] <... openat resumed>) = 3 [pid 301] newfstatat(AT_FDCWD, "./28/binderfs", [pid 300] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] newfstatat(3, "", [pid 301] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 300] getdents64(3, [pid 301] unlink("./28/binderfs" [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 938] <... futex resumed>) = 0 [pid 300] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 299] getdents64(3, [pid 301] <... unlink resumed>) = 0 [pid 300] umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 938] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 301] getdents64(3, [pid 300] <... umount2 resumed>) = 0 [pid 299] umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 938] <... mmap resumed>) = 0x7f6220424000 [pid 301] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 300] umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] <... umount2 resumed>) = 0 [pid 938] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 301] close(3 [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 938] <... mprotect resumed>) = 0 [pid 301] <... close resumed>) = 0 [pid 300] newfstatat(AT_FDCWD, "./28/bus", [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 938] rt_sigprocmask(SIG_BLOCK, ~[], [pid 301] rmdir("./28" [pid 300] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] newfstatat(AT_FDCWD, "./27/bus", [pid 938] <... rt_sigprocmask resumed>[], 8) = 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 938] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 299] unlink("./27/bus" [pid 301] <... rmdir resumed>) = 0 [pid 300] unlink("./28/bus" [pid 299] <... unlink resumed>) = 0 [pid 938] <... clone3 resumed> => {parent_tid=[942]}, 88) = 942 [pid 301] mkdir("./29", 0777 [pid 299] umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 942 attached ./strace-static-x86_64: Process 941 attached [pid 938] rt_sigprocmask(SIG_SETMASK, [], [pid 301] <... mkdir resumed>) = 0 [pid 300] <... unlink resumed>) = 0 [pid 942] set_robust_list(0x7f62204449a0, 24 [pid 941] set_robust_list(0x7f62204659a0, 24 [pid 301] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 300] umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 942] <... set_robust_list resumed>) = 0 [pid 941] <... set_robust_list resumed>) = 0 [pid 301] <... openat resumed>) = 3 [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] <... umount2 resumed>) = 0 [pid 942] rt_sigprocmask(SIG_SETMASK, [], [pid 941] rt_sigprocmask(SIG_SETMASK, [], [pid 938] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 925] +++ exited with 0 +++ [pid 301] ioctl(3, LOOP_CLR_FD [pid 300] newfstatat(AT_FDCWD, "./28/binderfs", [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 938] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 300] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] newfstatat(AT_FDCWD, "./27/binderfs", [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=925, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 938] <... futex resumed>) = 0 [pid 301] close(3 [pid 300] unlink("./28/binderfs" [pid 299] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] newfstatat(AT_FDCWD, "./29/file0", [pid 297] restart_syscall(<... resuming interrupted clone ...> [pid 942] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 938] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] <... close resumed>) = 0 [pid 300] <... unlink resumed>) = 0 [pid 299] unlink("./27/binderfs" [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 942] creat("./bus", 000 [pid 301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 300] umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] <... unlink resumed>) = 0 [pid 298] umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] <... restart_syscall resumed>) = 0 [pid 299] umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 942] <... creat resumed>) = 3 [pid 941] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 943 attached [pid 942] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 941] memfd_create("syzkaller", 0 [pid 301] <... clone resumed>, child_tidptr=0x555556cc7690) = 943 [pid 943] set_robust_list(0x555556cc76a0, 24 [pid 942] <... futex resumed>) = 1 [pid 941] <... memfd_create resumed>) = 4 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./29/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 297] umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW [pid 943] <... set_robust_list resumed>) = 0 [pid 942] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 941] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 299] newfstatat(AT_FDCWD, "./27/file0", [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] <... openat resumed>) = 4 [pid 943] chdir("./29" [pid 941] <... mmap resumed>) = 0x7f6218024000 [pid 938] <... futex resumed>) = 0 [pid 297] openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 943] <... chdir resumed>) = 0 [pid 941] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 938] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] newfstatat(4, "", [pid 297] <... openat resumed>) = 3 [pid 943] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 942] <... futex resumed>) = 0 [pid 941] <... write resumed>) = 262144 [pid 938] <... futex resumed>) = 1 [pid 299] umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] newfstatat(3, "", [pid 943] <... prctl resumed>) = 0 [pid 942] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 941] munmap(0x7f6218024000, 262144 [pid 938] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] getdents64(4, [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 943] setpgid(0, 0 [pid 942] <... mount resumed>) = 0 [pid 941] <... munmap resumed>) = 0 [pid 299] openat(AT_FDCWD, "./27/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 298] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 297] getdents64(3, [pid 943] <... setpgid resumed>) = 0 [pid 942] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 941] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 299] <... openat resumed>) = 4 [pid 298] getdents64(4, [pid 297] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 128 [pid 943] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 942] <... futex resumed>) = 1 [pid 941] <... openat resumed>) = 5 [pid 938] <... futex resumed>) = 0 [pid 297] umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 943] <... openat resumed>) = 3 [pid 942] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 941] ioctl(5, LOOP_SET_FD, 4 [pid 938] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] newfstatat(4, "", [pid 298] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [ 28.788939][ T930] ext4 filesystem being mounted at /root/syzkaller.Zpv55J/28/file0 supports timestamps until 2038 (0x7fffffff) [pid 943] write(3, "1000", 4 [pid 942] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 938] <... futex resumed>) = 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] close(4 [pid 297] <... umount2 resumed>) = 0 [pid 942] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 938] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] getdents64(4, [pid 298] <... close resumed>) = 0 [pid 297] umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 298] rmdir("./29/file0" [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] getdents64(4, [pid 298] <... rmdir resumed>) = 0 [pid 297] newfstatat(AT_FDCWD, "./32/bus", [pid 299] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 298] getdents64(3, [pid 297] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] close(4 [pid 298] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 297] unlink("./32/bus" [pid 299] <... close resumed>) = 0 [pid 298] close(3 [pid 297] <... unlink resumed>) = 0 [pid 299] rmdir("./27/file0" [pid 298] <... close resumed>) = 0 [pid 297] umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] <... rmdir resumed>) = 0 [pid 298] rmdir("./29" [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] getdents64(3, [pid 298] <... rmdir resumed>) = 0 [pid 297] newfstatat(AT_FDCWD, "./32/binderfs", [pid 299] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 298] mkdir("./30", 0777 [pid 297] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] close(3 [pid 298] <... mkdir resumed>) = 0 [pid 297] unlink("./32/binderfs" [pid 299] <... close resumed>) = 0 [pid 298] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 297] <... unlink resumed>) = 0 [pid 299] rmdir("./27" [pid 298] <... openat resumed>) = 3 [pid 297] umount2("./32/ext4", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] <... rmdir resumed>) = 0 [pid 298] ioctl(3, LOOP_CLR_FD [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] mkdir("./28", 0777 [pid 298] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 297] newfstatat(AT_FDCWD, "./32/ext4", [pid 299] <... mkdir resumed>) = 0 [pid 298] close(3 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 298] <... close resumed>) = 0 [pid 297] umount2("./32/ext4", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] <... openat resumed>) = 3 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] ioctl(3, LOOP_CLR_FD [pid 297] openat(AT_FDCWD, "./32/ext4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 299] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 298] <... clone resumed>, child_tidptr=0x555556cc7690) = 944 [pid 297] <... openat resumed>) = 4 [pid 299] close(3 [pid 297] newfstatat(4, "", [pid 299] <... close resumed>) = 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 297] getdents64(4, 0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 299] <... clone resumed>, child_tidptr=0x555556cc7690) = 945 [pid 297] getdents64(4, 0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 297] close(4) = 0 [pid 297] rmdir("./32/ext4" [pid 943] <... write resumed>) = 4 [pid 297] <... rmdir resumed>) = 0 [pid 943] close(3 [pid 297] getdents64(3, [pid 943] <... close resumed>) = 0 [pid 297] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 943] symlink("/dev/binderfs", "./binderfs" [pid 297] close(3) = 0 [pid 297] rmdir("./32") = 0 [pid 943] <... symlink resumed>) = 0 [pid 297] mkdir("./33", 0777./strace-static-x86_64: Process 945 attached ./strace-static-x86_64: Process 944 attached [pid 943] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 942] <... open resumed>) = 6 [pid 941] <... ioctl resumed>) = 0 [pid 297] <... mkdir resumed>) = 0 [pid 942] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 943] <... futex resumed>) = 0 [pid 942] <... futex resumed>) = 1 [pid 941] close(4 [pid 938] <... futex resumed>) = 0 [pid 297] <... openat resumed>) = 3 [pid 942] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 938] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] ioctl(3, LOOP_CLR_FD [pid 942] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 938] <... futex resumed>) = 0 [pid 297] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 942] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 938] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] close(3 [pid 942] <... socket resumed>) = 7 [pid 297] <... close resumed>) = 0 [pid 943] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 942] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 941] <... close resumed>) = 0 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 945] set_robust_list(0x555556cc76a0, 24 [pid 944] set_robust_list(0x555556cc76a0, 24 [pid 943] <... rt_sigaction resumed>NULL, 8) = 0 [pid 942] <... futex resumed>) = 1 [pid 941] mkdir("./file0", 0777 [pid 938] <... futex resumed>) = 0 ./strace-static-x86_64: Process 946 attached [pid 942] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 938] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 946] set_robust_list(0x555556cc76a0, 24 [pid 942] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 938] <... futex resumed>) = 0 [pid 297] <... clone resumed>, child_tidptr=0x555556cc7690) = 946 [pid 946] <... set_robust_list resumed>) = 0 [pid 942] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 6, 0 [pid 938] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 946] chdir("./33" [pid 943] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 942] <... mmap resumed>) = 0x20000000 [pid 946] <... chdir resumed>) = 0 [pid 942] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 945] <... set_robust_list resumed>) = 0 [pid 944] <... set_robust_list resumed>) = 0 [pid 943] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 942] <... futex resumed>) = 1 [pid 938] <... futex resumed>) = 0 [pid 946] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 942] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 941] <... mkdir resumed>) = -1 ENOENT (No such file or directory) [pid 938] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 946] <... prctl resumed>) = 0 [pid 942] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 941] mount("/dev/loop0", 0x20000000, 0x200005c0, MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"... [pid 938] <... futex resumed>) = 0 [pid 946] setpgid(0, 0 [pid 944] chdir("./30" [pid 943] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 942] memfd_create("syzkaller", 0 [pid 941] <... mount resumed>) = -1 ENOENT (No such file or directory) [pid 946] <... setpgid resumed>) = 0 [pid 943] <... mmap resumed>) = 0x7f6220445000 [pid 942] <... memfd_create resumed>) = 4 [pid 941] ioctl(5, LOOP_CLR_FD [pid 946] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 944] <... chdir resumed>) = 0 [pid 943] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 942] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 941] <... ioctl resumed>) = 0 [pid 946] <... openat resumed>) = 3 [pid 944] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 943] <... mprotect resumed>) = 0 [pid 942] <... mmap resumed>) = 0x7f620fc64000 [pid 941] close(5 [pid 946] write(3, "1000", 4 [pid 945] chdir("./28" [pid 944] <... prctl resumed>) = 0 [pid 943] rt_sigprocmask(SIG_BLOCK, ~[], [pid 942] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 941] <... close resumed>) = 0 [pid 946] <... write resumed>) = 4 [pid 944] setpgid(0, 0 [pid 943] <... rt_sigprocmask resumed>[], 8) = 0 [pid 942] <... write resumed>) = 65536 [pid 941] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 946] close(3 [pid 943] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 942] munmap(0x7f620fc64000, 65536 [pid 941] <... futex resumed>) = 0 [pid 946] <... close resumed>) = 0 [pid 942] <... munmap resumed>) = 0 [pid 941] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 946] symlink("/dev/binderfs", "./binderfs" [pid 943] <... clone3 resumed> => {parent_tid=[947]}, 88) = 947 [pid 942] openat(AT_FDCWD, "/dev/loop0", O_RDWR./strace-static-x86_64: Process 947 attached [pid 946] <... symlink resumed>) = 0 [pid 945] <... chdir resumed>) = 0 [pid 944] <... setpgid resumed>) = 0 [pid 943] rt_sigprocmask(SIG_SETMASK, [], [pid 942] <... openat resumed>) = 5 [pid 947] set_robust_list(0x7f62204659a0, 24 [pid 946] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 942] ioctl(5, LOOP_SET_FD, 4 [pid 946] <... futex resumed>) = 0 [pid 944] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 943] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 942] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 946] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 943] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 942] ioctl(5, LOOP_CLR_FD [pid 946] <... rt_sigaction resumed>NULL, 8) = 0 [pid 942] <... ioctl resumed>) = 0 [pid 944] <... openat resumed>) = 3 [pid 946] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 943] <... futex resumed>) = 0 [pid 946] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 943] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 944] write(3, "1000", 4 [pid 947] <... set_robust_list resumed>) = 0 [pid 946] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 945] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 946] <... mmap resumed>) = 0x7f6220445000 [pid 946] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 946] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 946] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 944] <... write resumed>) = 4 [pid 943] <... futex resumed>) = 0 ./strace-static-x86_64: Process 948 attached [pid 947] rt_sigprocmask(SIG_SETMASK, [], [pid 946] <... clone3 resumed> => {parent_tid=[948]}, 88) = 948 [pid 945] <... prctl resumed>) = 0 [pid 947] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 945] setpgid(0, 0 [pid 944] close(3 [pid 943] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 300] <... umount2 resumed>) = 0 [pid 947] memfd_create("syzkaller", 0 [pid 945] <... setpgid resumed>) = 0 [pid 944] <... close resumed>) = 0 [pid 943] <... mmap resumed>) = 0x7f6220424000 [pid 942] ioctl(5, LOOP_SET_FD, 4 [pid 300] umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 947] <... memfd_create resumed>) = 3 [pid 946] rt_sigprocmask(SIG_SETMASK, [], [pid 945] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 944] symlink("/dev/binderfs", "./binderfs" [pid 943] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 942] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 948] set_robust_list(0x7f62204659a0, 24 [pid 947] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 946] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 945] <... openat resumed>) = 3 [pid 944] <... symlink resumed>) = 0 [pid 943] <... mprotect resumed>) = 0 [pid 942] close(5 [pid 300] newfstatat(AT_FDCWD, "./28/file0", [pid 948] <... set_robust_list resumed>) = 0 [pid 947] <... mmap resumed>) = 0x7f6218024000 [pid 946] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 945] write(3, "1000", 4 [pid 944] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 943] rt_sigprocmask(SIG_BLOCK, ~[], [pid 942] <... close resumed>) = 0 [pid 300] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 948] rt_sigprocmask(SIG_SETMASK, [], [pid 947] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 946] <... futex resumed>) = 0 [pid 945] <... write resumed>) = 4 [pid 944] <... futex resumed>) = 0 [pid 943] <... rt_sigprocmask resumed>[], 8) = 0 [pid 942] close(4 [pid 300] umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 948] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 947] <... write resumed>) = 262144 [pid 946] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 945] close(3 [pid 944] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 943] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 942] <... close resumed>) = 0 [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 949 attached [pid 948] memfd_create("syzkaller", 0 [pid 947] munmap(0x7f6218024000, 262144 [pid 946] <... futex resumed>) = 0 [pid 945] <... close resumed>) = 0 [pid 944] <... rt_sigaction resumed>NULL, 8) = 0 [pid 942] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] openat(AT_FDCWD, "./28/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 949] set_robust_list(0x7f62204449a0, 24 [pid 948] <... memfd_create resumed>) = 3 [pid 947] <... munmap resumed>) = 0 [pid 946] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 945] symlink("/dev/binderfs", "./binderfs" [pid 944] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 943] <... clone3 resumed> => {parent_tid=[949]}, 88) = 949 [pid 942] <... futex resumed>) = 0 [pid 938] exit_group(0 [pid 300] <... openat resumed>) = 4 [pid 949] <... set_robust_list resumed>) = 0 [pid 948] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 947] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 946] <... mmap resumed>) = 0x7f6220424000 [pid 945] <... symlink resumed>) = 0 [pid 944] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 943] rt_sigprocmask(SIG_SETMASK, [], [ 28.831741][ T941] loop0: detected capacity change from 0 to 512 [pid 941] <... futex resumed>) = ? [pid 938] <... exit_group resumed>) = ? [pid 300] newfstatat(4, "", [pid 949] rt_sigprocmask(SIG_SETMASK, [], [pid 948] <... mmap resumed>) = 0x7f6218024000 [pid 947] <... openat resumed>) = 4 [pid 946] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 945] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 944] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 943] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 942] +++ exited with 0 +++ [pid 941] +++ exited with 0 +++ [pid 947] ioctl(4, LOOP_SET_FD, 3 [pid 945] <... futex resumed>) = 0 [pid 943] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 949] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 948] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 947] <... ioctl resumed>) = 0 [pid 946] <... mprotect resumed>) = 0 [pid 945] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 944] <... mmap resumed>) = 0x7f6220445000 [pid 943] <... futex resumed>) = 0 [pid 300] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 947] close(3 [pid 945] <... rt_sigaction resumed>NULL, 8) = 0 [pid 943] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 300] getdents64(4, [pid 947] <... close resumed>) = 0 [pid 945] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 300] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 948] <... write resumed>) = 262144 [pid 947] mkdir("./file0", 0777 [pid 946] rt_sigprocmask(SIG_BLOCK, ~[], [pid 945] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 944] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 300] getdents64(4, [pid 949] creat("./bus", 000 [pid 948] munmap(0x7f6218024000, 262144 [pid 947] <... mkdir resumed>) = 0 [pid 946] <... rt_sigprocmask resumed>[], 8) = 0 [pid 945] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 944] <... mprotect resumed>) = 0 [pid 300] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 948] <... munmap resumed>) = 0 [pid 947] mount("/dev/loop5", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 945] <... mmap resumed>) = 0x7f6220445000 [pid 300] close(4 [pid 949] <... creat resumed>) = 3 [pid 948] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 946] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 945] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 944] rt_sigprocmask(SIG_BLOCK, ~[], [pid 300] <... close resumed>) = 0 [pid 948] <... openat resumed>) = 4 [pid 945] <... mprotect resumed>) = 0 [pid 944] <... rt_sigprocmask resumed>[], 8) = 0 [pid 300] rmdir("./28/file0"./strace-static-x86_64: Process 950 attached [pid 949] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 948] ioctl(4, LOOP_SET_FD, 3 [pid 946] <... clone3 resumed> => {parent_tid=[950]}, 88) = 950 [pid 945] rt_sigprocmask(SIG_BLOCK, ~[], [pid 944] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 300] <... rmdir resumed>) = 0 [pid 945] <... rt_sigprocmask resumed>[], 8) = 0 [pid 300] getdents64(3, [pid 945] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 300] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 300] close(3 [pid 945] <... clone3 resumed> => {parent_tid=[952]}, 88) = 952 [pid 300] <... close resumed>) = 0 [pid 945] rt_sigprocmask(SIG_SETMASK, [], [pid 300] rmdir("./28" [pid 945] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 300] <... rmdir resumed>) = 0 [pid 945] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] mkdir("./29", 0777 [pid 945] <... futex resumed>) = 0 [pid 300] <... mkdir resumed>) = 0 [pid 945] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 945] <... futex resumed>) = 0 [pid 300] <... openat resumed>) = 3 [pid 945] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 300] ioctl(3, LOOP_CLR_FD [pid 945] <... mmap resumed>) = 0x7f6220424000 [pid 300] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 945] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 300] close(3 [pid 945] <... mprotect resumed>) = 0 [pid 300] <... close resumed>) = 0 [pid 945] rt_sigprocmask(SIG_BLOCK, ~[], [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 945] <... rt_sigprocmask resumed>[], 8) = 0 [pid 945] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 300] <... clone resumed>, child_tidptr=0x555556cc7690) = 953 [pid 945] <... clone3 resumed> => {parent_tid=[954]}, 88) = 954 [pid 945] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 945] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 945] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 952 attached [pid 952] set_robust_list(0x7f62204659a0, 24) = 0 [pid 952] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 952] memfd_create("syzkaller", 0) = 3 [pid 952] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6218024000 ./strace-static-x86_64: Process 954 attached [pid 954] set_robust_list(0x7f62204449a0, 24) = 0 [pid 954] rt_sigprocmask(SIG_SETMASK, [], [pid 946] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 954] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 954] creat("./bus", 000) = 4 [pid 954] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 945] <... futex resumed>) = 0 [pid 945] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 945] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 954] <... futex resumed>) = 1 [pid 954] mount("/dev/loop3", "./bus", NULL, MS_BIND, NULL) = 0 [pid 954] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 945] <... futex resumed>) = 0 [pid 945] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 945] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 954] <... futex resumed>) = 1 [pid 954] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5 [pid 954] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 945] <... futex resumed>) = 0 [pid 945] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 954] <... futex resumed>) = 1 [pid 945] <... futex resumed>) = 0 [pid 954] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 945] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 954] <... socket resumed>) = 6 [pid 952] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 954] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 952] <... write resumed>) = 262144 [pid 946] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 945] <... futex resumed>) = 0 [pid 954] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 946] <... futex resumed>) = 0 [pid 945] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 944] <... clone3 resumed> => {parent_tid=[956]}, 88) = 956 [pid 954] <... mmap resumed>) = 0x20000000 [pid 946] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 945] <... futex resumed>) = 0 [pid 944] rt_sigprocmask(SIG_SETMASK, [], [pid 954] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 945] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 944] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 954] <... futex resumed>) = 0 [pid 949] <... futex resumed>) = 1 [pid 945] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 944] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 943] <... futex resumed>) = 0 [pid 954] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000144} --- [pid 952] munmap(0x7f6218024000, 262144 [pid 945] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 944] <... futex resumed>) = 0 [pid 943] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 952] <... munmap resumed>) = ? [pid 950] set_robust_list(0x7f62204449a0, 24 [pid 949] mount("/dev/loop5", "./bus", NULL, MS_BIND, NULL [pid 948] <... ioctl resumed>) = 0 [pid 945] <... futex resumed>) = ? [pid 944] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 943] <... futex resumed>) = 0 ./strace-static-x86_64: Process 956 attached ./strace-static-x86_64: Process 953 attached [pid 952] +++ killed by SIGBUS +++ [pid 943] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 954] +++ killed by SIGBUS +++ [pid 949] <... mount resumed>) = 0 [pid 945] +++ killed by SIGBUS +++ [pid 944] <... futex resumed>) = 0 [pid 938] +++ exited with 0 +++ [pid 949] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 944] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=945, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 944] <... mmap resumed>) = 0x7f6220424000 [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=938, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 944] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 296] restart_syscall(<... resuming interrupted clone ...> [pid 944] <... mprotect resumed>) = 0 [pid 299] umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW [pid 944] rt_sigprocmask(SIG_BLOCK, ~[], [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 944] <... rt_sigprocmask resumed>[], 8) = 0 [pid 299] openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 944] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 299] <... openat resumed>) = 3 [pid 299] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 944] <... clone3 resumed> => {parent_tid=[957]}, 88) = 957 [pid 299] getdents64(3, [pid 944] rt_sigprocmask(SIG_SETMASK, [], [pid 949] <... futex resumed>) = 1 [pid 943] <... futex resumed>) = 0 [pid 956] set_robust_list(0x7f62204659a0, 24 [pid 953] set_robust_list(0x555556cc76a0, 24 [pid 950] <... set_robust_list resumed>) = 0 [pid 948] close(3 [pid 299] <... getdents64 resumed>0x555556cc8730 /* 4 entries */, 32768) = 104 [pid 296] <... restart_syscall resumed>) = 0 ./strace-static-x86_64: Process 957 attached [pid 956] <... set_robust_list resumed>) = 0 [pid 953] <... set_robust_list resumed>) = 0 [pid 950] rt_sigprocmask(SIG_SETMASK, [], [pid 949] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 948] <... close resumed>) = 0 [pid 944] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 957] set_robust_list(0x7f62204449a0, 24 [pid 956] rt_sigprocmask(SIG_SETMASK, [], [pid 953] chdir("./29" [pid 950] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 948] mkdir("./file0", 0777 [pid 944] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 957] <... set_robust_list resumed>) = 0 [pid 956] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 953] <... chdir resumed>) = 0 [pid 950] creat("./bus", 000 [pid 948] <... mkdir resumed>) = 0 [pid 944] <... futex resumed>) = 0 [pid 943] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 957] rt_sigprocmask(SIG_SETMASK, [], [pid 956] memfd_create("syzkaller", 0 [pid 953] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 950] <... creat resumed>) = 3 [ 28.887714][ T947] loop5: detected capacity change from 0 to 512 [ 28.898119][ T948] loop1: detected capacity change from 0 to 512 [ 28.916882][ T947] EXT4-fs (loop5): mounted filesystem without journal. Opts: nodiscard,barrier,nouid32,grpquota,,errors=continue. Quota mode: writeback. [pid 948] mount("/dev/loop1", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 944] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 957] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 956] <... memfd_create resumed>) = 3 [pid 953] <... prctl resumed>) = 0 [pid 950] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 949] <... futex resumed>) = 0 [pid 947] <... mount resumed>) = 0 [pid 943] <... futex resumed>) = 1 [pid 299] <... umount2 resumed>) = 0 [pid 956] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 953] setpgid(0, 0 [pid 950] <... futex resumed>) = 1 [pid 949] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 947] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 946] <... futex resumed>) = 0 [pid 943] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW [pid 957] creat("./bus", 000 [pid 956] <... mmap resumed>) = 0x7f6218024000 [pid 953] <... setpgid resumed>) = 0 [pid 950] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 949] <... open resumed>) = 5 [pid 947] <... openat resumed>) = 6 [pid 946] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 950] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 949] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 947] chdir("./file0" [pid 946] <... futex resumed>) = 0 [pid 299] newfstatat(AT_FDCWD, "./28/bus", [pid 296] openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 950] mount("/dev/loop1", "./bus", NULL, MS_BIND, NULL [pid 949] <... futex resumed>) = 1 [pid 947] <... chdir resumed>) = 0 [pid 946] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 943] <... futex resumed>) = 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] <... openat resumed>) = 3 [pid 950] <... mount resumed>) = 0 [pid 949] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 947] ioctl(4, LOOP_CLR_FD [pid 943] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] unlink("./28/bus" [pid 296] newfstatat(3, "", [pid 949] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 947] <... ioctl resumed>) = 0 [pid 943] <... futex resumed>) = 0 [pid 299] <... unlink resumed>) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 956] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 953] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 950] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 949] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 947] close(4 [pid 943] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] getdents64(3, [pid 953] <... openat resumed>) = 3 [pid 950] <... futex resumed>) = 1 [pid 949] <... socket resumed>) = 7 [pid 947] <... close resumed>) = 0 [pid 946] <... futex resumed>) = 0 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... getdents64 resumed>0x555556cc8730 /* 4 entries */, 32768) = 104 [pid 949] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 947] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 946] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] newfstatat(AT_FDCWD, "./28/binderfs", [pid 296] umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 949] <... futex resumed>) = 1 [pid 947] <... futex resumed>) = 0 [pid 950] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 946] <... futex resumed>) = 0 [pid 943] <... futex resumed>) = 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 949] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 947] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 946] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 943] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] unlink("./28/binderfs" [pid 296] <... umount2 resumed>) = 0 [pid 950] <... open resumed>) = 5 [pid 947] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 943] <... futex resumed>) = 0 [pid 299] <... unlink resumed>) = 0 [pid 296] umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 947] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 943] futex(0x7f62205316cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] getdents64(3, [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 947] <... mmap resumed>) = 0x20000000 [pid 299] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 296] newfstatat(AT_FDCWD, "./26/bus", [pid 947] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] close(3 [pid 296] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 950] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 947] <... futex resumed>) = 1 [pid 943] <... futex resumed>) = 0 [pid 299] <... close resumed>) = 0 [pid 296] unlink("./26/bus" [pid 953] write(3, "1000", 4 [pid 950] <... futex resumed>) = 1 [pid 947] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 946] <... futex resumed>) = 0 [pid 943] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] rmdir("./28" [pid 296] <... unlink resumed>) = 0 [pid 956] <... write resumed>) = 262144 [pid 953] <... write resumed>) = 4 [pid 950] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 947] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 946] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 943] <... futex resumed>) = 0 [pid 299] <... rmdir resumed>) = 0 [pid 296] umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 953] close(3 [pid 950] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 947] memfd_create("syzkaller", 0 [pid 946] <... futex resumed>) = 0 [pid 299] mkdir("./29", 0777 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 956] munmap(0x7f6218024000, 262144 [pid 953] <... close resumed>) = 0 [pid 950] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 947] <... memfd_create resumed>) = 4 [pid 946] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] <... mkdir resumed>) = 0 [pid 296] newfstatat(AT_FDCWD, "./26/binderfs", [pid 947] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 299] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 296] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 947] <... mmap resumed>) = 0x7f620fc64000 [pid 299] <... openat resumed>) = 3 [pid 296] unlink("./26/binderfs" [pid 950] <... socket resumed>) = 6 [pid 947] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 299] ioctl(3, LOOP_CLR_FD [pid 296] <... unlink resumed>) = 0 [pid 950] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 947] <... write resumed>) = 65536 [pid 299] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 296] getdents64(3, [pid 950] <... futex resumed>) = 1 [pid 947] munmap(0x7f620fc64000, 65536 [pid 946] <... futex resumed>) = 0 [pid 299] close(3 [pid 296] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 950] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 947] <... munmap resumed>) = 0 [pid 946] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... close resumed>) = 0 [pid 296] close(3 [pid 950] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 947] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 946] <... futex resumed>) = 0 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 296] <... close resumed>) = 0 [pid 953] symlink("/dev/binderfs", "./binderfs" [pid 950] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 947] <... openat resumed>) = 8 [pid 946] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 296] rmdir("./26"./strace-static-x86_64: Process 958 attached [pid 956] <... munmap resumed>) = 0 [pid 953] <... symlink resumed>) = 0 [pid 950] <... mmap resumed>) = 0x20000000 [pid 947] ioctl(8, LOOP_SET_FD, 4 [pid 299] <... clone resumed>, child_tidptr=0x555556cc7690) = 958 [pid 296] <... rmdir resumed>) = 0 [pid 956] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 953] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 950] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 947] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 957] <... creat resumed>) = 4 [pid 296] mkdir("./27", 0777 [pid 957] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 956] <... openat resumed>) = 5 [pid 953] <... futex resumed>) = 0 [pid 950] <... futex resumed>) = 1 [pid 947] ioctl(8, LOOP_CLR_FD [pid 946] <... futex resumed>) = 0 [pid 296] <... mkdir resumed>) = 0 [pid 957] <... futex resumed>) = 1 [pid 956] ioctl(5, LOOP_SET_FD, 3 [pid 953] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 950] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 947] <... ioctl resumed>) = 0 [pid 946] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 944] <... futex resumed>) = 0 [pid 296] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 953] <... rt_sigaction resumed>NULL, 8) = 0 [pid 950] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 946] <... futex resumed>) = 0 [pid 944] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... openat resumed>) = 3 [pid 296] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 296] close(3) = 0 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cc7690) = 959 [pid 947] ioctl(8, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 947] close(8) = 0 [pid 947] close(4) = 0 [pid 947] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 947] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 958] set_robust_list(0x555556cc76a0, 24) = 0 [pid 958] chdir("./29") = 0 [pid 958] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 958] setpgid(0, 0) = 0 [pid 943] exit_group(0 [pid 949] <... futex resumed>) = ? [pid 947] <... futex resumed>) = ? [pid 943] <... exit_group resumed>) = ? [pid 949] +++ exited with 0 +++ [pid 947] +++ exited with 0 +++ [pid 943] +++ exited with 0 +++ [pid 958] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 958] write(3, "1000", 4) = 4 [pid 958] close(3) = 0 [pid 958] symlink("/dev/binderfs", "./binderfs") = 0 [pid 958] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 958] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, NULL, 8) = 0 [pid 958] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 958] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220445000 [pid 958] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 958] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 958] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} => {parent_tid=[960]}, 88) = 960 [pid 958] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 958] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 958] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 958] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220424000 [pid 958] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 958] rt_sigprocmask(SIG_BLOCK, ~[], [pid 950] memfd_create("syzkaller", 0 [pid 944] <... futex resumed>) = 0 [pid 957] mount("/dev/loop2", "./bus", NULL, MS_BIND, NULL [pid 953] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 950] <... memfd_create resumed>) = 7 [pid 944] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=943, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 953] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 957] <... mount resumed>) = 0 [pid 953] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 950] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f620fc64000 [pid 958] <... rt_sigprocmask resumed>[], 8) = 0 [pid 950] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 301] umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW [pid 953] <... mmap resumed>) = 0x7f6220445000 [pid 958] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} => {parent_tid=[961]}, 88) = 961 [pid 950] <... write resumed>) = 65536 [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 950] munmap(0x7f620fc64000, 65536 [pid 301] openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 958] rt_sigprocmask(SIG_SETMASK, [], [pid 950] <... munmap resumed>) = 0 [pid 301] <... openat resumed>) = 3 [pid 957] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 953] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 950] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 301] newfstatat(3, "", [pid 958] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 950] <... openat resumed>) = 8 [pid 301] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 953] <... mprotect resumed>) = 0 [pid 950] ioctl(8, LOOP_SET_FD, 7 [pid 944] <... futex resumed>) = 0 [pid 301] getdents64(3, [pid 957] <... futex resumed>) = 1 [pid 950] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 944] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 944] <... futex resumed>) = 0 [pid 958] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 957] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 953] rt_sigprocmask(SIG_BLOCK, ~[], [pid 950] ioctl(8, LOOP_CLR_FD [pid 944] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 959 attached [pid 958] <... futex resumed>) = 0 [pid 953] <... rt_sigprocmask resumed>[], 8) = 0 [pid 950] <... ioctl resumed>) = 0 [pid 301] <... umount2 resumed>) = 0 [pid 959] set_robust_list(0x555556cc76a0, 24 [pid 958] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 959] <... set_robust_list resumed>) = 0 [pid 959] chdir("./27") = 0 [pid 959] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 959] setpgid(0, 0) = 0 [pid 959] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 959] write(3, "1000", 4) = 4 [pid 959] close(3) = 0 [pid 959] symlink("/dev/binderfs", "./binderfs") = 0 [pid 959] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 959] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 953] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 301] umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 959] <... rt_sigaction resumed>NULL, 8) = 0 [pid 959] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 959] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220445000 [pid 959] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 959] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 959] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} => {parent_tid=[962]}, 88) = 962 [pid 959] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 959] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 959] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 959] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220424000 [pid 959] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 959] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 959] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} => {parent_tid=[963]}, 88) = 963 [pid 959] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 961 attached NULL, 8) = 0 [pid 961] set_robust_list(0x7f62204449a0, 24 [pid 959] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 961] <... set_robust_list resumed>) = 0 [pid 959] <... futex resumed>) = 0 [pid 961] rt_sigprocmask(SIG_SETMASK, [], [pid 959] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 961] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 961] creat("./bus", 000) = 3 [pid 961] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 958] <... futex resumed>) = 0 [pid 958] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 958] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 961] mount("/dev/loop3", "./bus", NULL, MS_BIND, NULL [pid 957] <... open resumed>) = 6 [pid 956] <... ioctl resumed>) = 0 ./strace-static-x86_64: Process 960 attached [pid 961] <... mount resumed>) = 0 [pid 957] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 944] <... futex resumed>) = 0 [pid 957] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 944] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 957] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 944] <... futex resumed>) = 0 [pid 957] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 944] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 957] <... socket resumed>) = 7 [pid 957] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 944] <... futex resumed>) = 0 [pid 957] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 944] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 957] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 944] <... futex resumed>) = 0 [pid 957] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 6, 0 [pid 944] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 957] <... mmap resumed>) = 0x20000000 [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 957] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 944] <... futex resumed>) = 0 [pid 957] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 944] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 957] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 944] <... futex resumed>) = 0 ./strace-static-x86_64: Process 964 attached ./strace-static-x86_64: Process 963 attached ./strace-static-x86_64: Process 962 attached [pid 961] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 960] set_robust_list(0x7f62204659a0, 24 [pid 957] memfd_create("syzkaller", 0 [pid 956] close(3 [pid 953] <... clone3 resumed> => {parent_tid=[964]}, 88) = 964 [pid 948] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 301] newfstatat(AT_FDCWD, "./29/bus", [pid 964] set_robust_list(0x7f62204659a0, 24 [pid 963] set_robust_list(0x7f62204449a0, 24 [pid 962] set_robust_list(0x7f62204659a0, 24 [pid 961] <... futex resumed>) = 1 [pid 960] <... set_robust_list resumed>) = 0 [pid 958] <... futex resumed>) = 0 [pid 957] <... memfd_create resumed>) = 8 [pid 956] <... close resumed>) = 0 [pid 953] rt_sigprocmask(SIG_SETMASK, [], [pid 950] ioctl(8, LOOP_SET_FD, 7 [pid 948] ioctl(4, LOOP_CLR_FD [pid 301] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 964] <... set_robust_list resumed>) = 0 [pid 963] <... set_robust_list resumed>) = 0 [pid 962] <... set_robust_list resumed>) = 0 [pid 961] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 960] rt_sigprocmask(SIG_SETMASK, [], [pid 958] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 957] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 956] mkdir(0x20000000, 0777 [pid 953] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 950] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 948] <... ioctl resumed>) = 0 [pid 301] unlink("./29/bus" [pid 964] rt_sigprocmask(SIG_SETMASK, [], [pid 963] rt_sigprocmask(SIG_SETMASK, [], [pid 962] rt_sigprocmask(SIG_SETMASK, [], [pid 961] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 960] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 958] <... futex resumed>) = 0 [pid 957] <... mmap resumed>) = 0x7f620fc64000 [pid 953] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 950] close(8 [pid 948] close(4 [pid 301] <... unlink resumed>) = 0 [pid 964] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 963] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 962] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 961] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 960] memfd_create("syzkaller", 0 [pid 958] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 957] write(8, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 956] <... mkdir resumed>) = 0 [pid 953] <... futex resumed>) = 0 [pid 950] <... close resumed>) = 0 [pid 301] umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 962] memfd_create("syzkaller", 0 [pid 956] mount("/dev/loop2", 0x20000000, 0x200005c0, MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"... [pid 953] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 950] close(7 [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 962] <... memfd_create resumed>) = 3 [pid 956] <... mount resumed>) = -1 ENODEV (No such device) [pid 953] <... futex resumed>) = 0 [pid 950] <... close resumed>) = 0 [pid 301] newfstatat(AT_FDCWD, "./29/binderfs", [pid 963] creat("./bus", 000 [pid 962] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 961] <... open resumed>) = 4 [pid 960] <... memfd_create resumed>) = 5 [pid 957] <... write resumed>) = 65536 [pid 956] ioctl(5, LOOP_CLR_FD [pid 953] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 950] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 948] <... close resumed>) = 0 [pid 301] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 964] memfd_create("syzkaller", 0 [pid 963] <... creat resumed>) = 4 [pid 962] <... mmap resumed>) = 0x7f6218024000 [pid 961] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 960] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 957] munmap(0x7f620fc64000, 65536 [pid 956] <... ioctl resumed>) = 0 [pid 953] <... mmap resumed>) = 0x7f6220424000 [pid 950] <... futex resumed>) = 0 [pid 948] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] unlink("./29/binderfs" [pid 964] <... memfd_create resumed>) = 3 [pid 963] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 962] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 961] <... futex resumed>) = 1 [pid 960] <... mmap resumed>) = 0x7f6218024000 [pid 958] <... futex resumed>) = 0 [pid 957] <... munmap resumed>) = 0 [pid 956] close(5 [pid 953] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 950] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 948] <... futex resumed>) = 0 [pid 301] <... unlink resumed>) = 0 [pid 964] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 963] <... futex resumed>) = 1 [pid 962] <... write resumed>) = 262144 [pid 961] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 959] <... futex resumed>) = 0 [pid 958] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 957] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 956] <... close resumed>) = 0 [pid 953] <... mprotect resumed>) = 0 [pid 948] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 946] exit_group(0 [pid 301] umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 964] <... mmap resumed>) = 0x7f6218024000 [pid 963] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 962] munmap(0x7f6218024000, 262144 [pid 961] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 960] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 959] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 958] <... futex resumed>) = 0 [pid 957] <... openat resumed>) = 3 [pid 956] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 953] rt_sigprocmask(SIG_BLOCK, ~[], [pid 950] <... futex resumed>) = ? [pid 948] <... futex resumed>) = ? [pid 946] <... exit_group resumed>) = ? [pid 963] <... mount resumed>) = 0 [pid 962] <... munmap resumed>) = 0 [pid 961] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 959] <... futex resumed>) = 0 [pid 958] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 957] ioctl(3, LOOP_SET_FD, 8 [pid 956] <... futex resumed>) = 0 [pid 953] <... rt_sigprocmask resumed>[], 8) = 0 [pid 950] +++ exited with 0 +++ [pid 962] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 957] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 956] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 953] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 963] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 962] <... openat resumed>) = 5 [pid 961] <... socket resumed>) = 6 [pid 959] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 957] ioctl(3, LOOP_CLR_FD [pid 948] +++ exited with 0 +++ [pid 946] +++ exited with 0 +++ [pid 963] <... futex resumed>) = 0 [pid 962] ioctl(5, LOOP_SET_FD, 3 [pid 961] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 959] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 957] <... ioctl resumed>) = 0 [pid 953] <... clone3 resumed> => {parent_tid=[965]}, 88) = 965 [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=946, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 963] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 961] <... futex resumed>) = 1 [pid 960] <... write resumed>) = 262144 [pid 959] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 958] <... futex resumed>) = 0 [pid 953] rt_sigprocmask(SIG_SETMASK, [], [pid 963] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 961] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 960] munmap(0x7f6218024000, 262144 [pid 959] <... futex resumed>) = 0 [pid 958] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 953] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 963] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 961] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 960] <... munmap resumed>) = 0 [pid 959] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 958] <... futex resumed>) = 0 [pid 953] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 961] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 4, 0 [ 28.932818][ T947] ext4 filesystem being mounted at /root/syzkaller.bzF58U/29/file0 supports timestamps until 2038 (0x7fffffff) [ 28.957019][ T956] loop2: detected capacity change from 0 to 512 [ 28.965819][ T948] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (47122!=0) [ 28.975145][ T948] EXT4-fs (loop1): group descriptors corrupted! [pid 960] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 958] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 953] <... futex resumed>) = 0 [pid 297] umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 965 attached [pid 964] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 963] <... open resumed>) = 6 [pid 961] <... mmap resumed>) = 0x20000000 [pid 960] <... openat resumed>) = 7 [pid 953] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 965] set_robust_list(0x7f62204449a0, 24 [pid 963] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 962] <... ioctl resumed>) = 0 [pid 963] <... futex resumed>) = 1 [pid 959] <... futex resumed>) = 0 [pid 963] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 962] close(3 [pid 959] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 965] <... set_robust_list resumed>) = 0 [pid 964] <... write resumed>) = 262144 [pid 963] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 961] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 960] ioctl(7, LOOP_SET_FD, 5 [pid 959] <... futex resumed>) = 0 [pid 957] ioctl(3, LOOP_SET_FD, 8 [pid 297] openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 965] rt_sigprocmask(SIG_SETMASK, [], [pid 964] munmap(0x7f6218024000, 262144 [pid 963] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 962] <... close resumed>) = 0 [pid 961] <... futex resumed>) = 1 [pid 959] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 958] <... futex resumed>) = 0 [pid 963] <... socket resumed>) = 3 [pid 962] mkdir("./file0", 0777 [pid 963] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 962] <... mkdir resumed>) = 0 [pid 959] <... futex resumed>) = 0 [pid 963] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 962] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 959] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 963] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 959] <... futex resumed>) = 0 [pid 963] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 6, 0 [pid 959] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 963] <... mmap resumed>) = 0x20000000 [pid 963] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 959] <... futex resumed>) = 0 [pid 963] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 959] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 963] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 959] <... futex resumed>) = 0 [pid 965] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 964] <... munmap resumed>) = 0 [pid 963] memfd_create("syzkaller", 0 [pid 961] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 960] <... ioctl resumed>) = 0 [pid 958] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 957] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 297] <... openat resumed>) = 3 [pid 965] creat("./bus", 000 [pid 964] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 961] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 960] close(5 [pid 958] <... futex resumed>) = 0 [pid 957] close(3 [pid 297] newfstatat(3, "", [pid 965] <... creat resumed>) = 4 [pid 964] <... openat resumed>) = 5 [pid 960] <... close resumed>) = 0 [pid 957] <... close resumed>) = 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 965] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 964] ioctl(5, LOOP_SET_FD, 3 [pid 960] mkdir(0x20000000, 0777 [pid 957] close(8 [pid 297] getdents64(3, [pid 965] <... futex resumed>) = 1 [pid 964] <... ioctl resumed>) = 0 [pid 963] <... memfd_create resumed>) = 7 [pid 962] <... mount resumed>) = -1 EBADMSG (Bad message) [pid 961] memfd_create("syzkaller", 0 [pid 957] <... close resumed>) = 0 [pid 953] <... futex resumed>) = 0 [pid 297] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 965] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 964] close(3 [pid 963] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 960] <... mkdir resumed>) = 0 [pid 957] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 964] <... close resumed>) = 0 [pid 963] <... mmap resumed>) = 0x7f620fc64000 [pid 961] <... memfd_create resumed>) = 5 [pid 960] mount("/dev/loop3", 0x20000000, 0x200005c0, MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"... [pid 957] <... futex resumed>) = 0 [pid 953] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 944] exit_group(0 [pid 297] <... umount2 resumed>) = 0 [pid 964] mkdir("./file0", 0777 [pid 962] ioctl(5, LOOP_CLR_FD [pid 960] <... mount resumed>) = -1 ENODEV (No such device) [pid 957] syscall_0xffffffffffffffed(0x1, 0x4c01, 0, 0x200810, 0x7f62204650d0, 0x4d4 [pid 965] <... futex resumed>) = 0 [pid 964] <... mkdir resumed>) = 0 [pid 963] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 962] <... ioctl resumed>) = 0 [pid 961] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 960] ioctl(7, LOOP_CLR_FD [pid 957] +++ exited with 0 +++ [pid 956] <... futex resumed>) = ? [pid 953] <... futex resumed>) = 1 [pid 944] <... exit_group resumed>) = ? [pid 297] umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 965] mount("/dev/loop4", "./bus", NULL, MS_BIND, NULL [pid 964] mount("/dev/loop4", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 960] <... ioctl resumed>) = 0 [pid 965] <... mount resumed>) = 0 [pid 963] <... write resumed>) = 65536 [pid 962] close(5 [pid 961] <... mmap resumed>) = 0x7f620fc64000 [pid 956] +++ exited with 0 +++ [pid 953] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 965] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 963] munmap(0x7f620fc64000, 65536 [pid 962] <... close resumed>) = 0 [pid 961] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 953] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 297] newfstatat(AT_FDCWD, "./33/bus", [pid 965] <... futex resumed>) = 0 [pid 963] <... munmap resumed>) = 0 [pid 962] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 961] <... write resumed>) = 65536 [pid 960] close(7 [pid 953] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 965] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 963] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 962] <... futex resumed>) = 0 [pid 961] munmap(0x7f620fc64000, 65536 [pid 960] <... close resumed>) = 0 [pid 953] <... futex resumed>) = 0 [pid 297] unlink("./33/bus" [pid 965] <... open resumed>) = 3 [pid 963] <... openat resumed>) = 5 [pid 962] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 961] <... munmap resumed>) = 0 [pid 960] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 953] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] <... unlink resumed>) = 0 [pid 965] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 963] ioctl(5, LOOP_SET_FD, 7 [pid 961] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 960] <... futex resumed>) = 0 [pid 953] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 297] umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 965] <... futex resumed>) = 0 [pid 963] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 961] <... openat resumed>) = 7 [pid 960] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 953] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 965] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 963] ioctl(5, LOOP_CLR_FD [pid 961] ioctl(7, LOOP_SET_FD, 5 [pid 953] <... futex resumed>) = 0 [pid 297] newfstatat(AT_FDCWD, "./33/binderfs", [pid 965] <... socket resumed>) = 6 [pid 963] <... ioctl resumed>) = 0 [pid 961] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 953] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 965] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 961] ioctl(7, LOOP_CLR_FD [pid 953] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 297] unlink("./33/binderfs" [pid 965] <... futex resumed>) = 0 [pid 961] <... ioctl resumed>) = 0 [pid 953] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... unlink resumed>) = 0 [pid 965] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 3, 0 [pid 953] <... futex resumed>) = 0 [pid 297] umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 965] <... mmap resumed>) = 0x20000000 [pid 963] ioctl(5, LOOP_SET_FD, 7 [pid 953] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 965] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 963] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 953] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 297] newfstatat(AT_FDCWD, "./33/file0", [pid 965] <... futex resumed>) = 0 [pid 963] close(5 [pid 953] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 965] memfd_create("syzkaller", 0 [pid 963] <... close resumed>) = 0 [pid 961] ioctl(7, LOOP_SET_FD, 5 [pid 953] <... futex resumed>) = 0 [pid 297] umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 965] <... memfd_create resumed>) = 7 [pid 963] close(7 [pid 961] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 301] <... umount2 resumed>) = 0 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 963] <... close resumed>) = 0 [pid 961] close(7 [pid 301] umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] openat(AT_FDCWD, "./33/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 963] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 961] <... close resumed>) = 0 [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] <... openat resumed>) = 4 [pid 963] <... futex resumed>) = 0 [pid 961] close(5 [pid 301] newfstatat(AT_FDCWD, "./29/file0", [pid 297] newfstatat(4, "", [pid 965] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 963] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 961] <... close resumed>) = 0 [pid 944] +++ exited with 0 +++ [pid 301] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 29.004733][ T962] loop0: detected capacity change from 0 to 512 [ 29.014142][ T960] loop3: detected capacity change from 0 to 512 [ 29.017900][ T962] EXT4-fs warning (device loop0): read_mmp_block:115: Error -74 while reading MMP block 12 [ 29.026633][ T964] loop4: detected capacity change from 0 to 512 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 961] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 959] exit_group(0 [pid 301] umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] getdents64(4, [pid 963] <... futex resumed>) = ? [pid 962] <... futex resumed>) = ? [pid 961] <... futex resumed>) = 0 [pid 959] <... exit_group resumed>) = ? [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 965] <... mmap resumed>) = 0x7f620fc64000 [pid 963] +++ exited with 0 +++ [pid 962] +++ exited with 0 +++ [pid 961] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 301] openat(AT_FDCWD, "./29/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=944, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 297] getdents64(4, [pid 965] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 301] <... openat resumed>) = 4 [pid 297] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 301] newfstatat(4, "", [pid 297] close(4 [pid 965] <... write resumed>) = 65536 [pid 301] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] <... close resumed>) = 0 [pid 965] munmap(0x7f620fc64000, 65536 [pid 958] exit_group(0 [pid 301] getdents64(4, [pid 298] umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] rmdir("./33/file0" [pid 301] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 297] <... rmdir resumed>) = 0 [pid 301] getdents64(4, [pid 297] getdents64(3, [pid 961] <... futex resumed>) = ? [pid 960] <... futex resumed>) = ? [pid 958] <... exit_group resumed>) = ? [pid 301] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 965] <... munmap resumed>) = 0 [pid 961] +++ exited with 0 +++ [pid 301] close(4 [pid 297] close(3 [pid 301] <... close resumed>) = 0 [pid 297] <... close resumed>) = 0 [pid 301] rmdir("./29/file0" [pid 297] rmdir("./33" [pid 965] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 960] +++ exited with 0 +++ [pid 958] +++ exited with 0 +++ [pid 301] <... rmdir resumed>) = 0 [pid 298] openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 297] <... rmdir resumed>) = 0 [pid 965] <... openat resumed>) = 8 [pid 301] getdents64(3, [pid 297] mkdir("./34", 0777 [pid 301] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 297] <... mkdir resumed>) = 0 [pid 301] close(3 [pid 297] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 301] <... close resumed>) = 0 [pid 297] <... openat resumed>) = 3 [pid 301] rmdir("./29" [pid 297] ioctl(3, LOOP_CLR_FD [pid 301] <... rmdir resumed>) = 0 [pid 297] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 301] mkdir("./30", 0777 [pid 297] close(3 [pid 301] <... mkdir resumed>) = 0 [pid 297] <... close resumed>) = 0 [pid 301] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 301] <... openat resumed>) = 3 [pid 301] ioctl(3, LOOP_CLR_FD [pid 297] <... clone resumed>, child_tidptr=0x555556cc7690) = 968 [pid 301] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 301] close(3) = 0 [pid 301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cc7690) = 969 ./strace-static-x86_64: Process 969 attached ./strace-static-x86_64: Process 968 attached [pid 965] ioctl(8, LOOP_SET_FD, 7 [pid 298] <... openat resumed>) = 3 [pid 969] set_robust_list(0x555556cc76a0, 24 [pid 968] set_robust_list(0x555556cc76a0, 24 [pid 965] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=958, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 298] newfstatat(3, "", [pid 969] <... set_robust_list resumed>) = 0 [pid 968] <... set_robust_list resumed>) = 0 [pid 965] ioctl(8, LOOP_CLR_FD [pid 299] umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 969] chdir("./30" [pid 968] chdir("./34" [pid 965] <... ioctl resumed>) = 0 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] getdents64(3, [pid 969] <... chdir resumed>) = 0 [pid 968] <... chdir resumed>) = 0 [pid 299] openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 298] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 128 [pid 969] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 968] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 299] <... openat resumed>) = 3 [pid 298] umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 969] <... prctl resumed>) = 0 [pid 968] <... prctl resumed>) = 0 [pid 299] newfstatat(3, "", [pid 969] setpgid(0, 0 [pid 968] setpgid(0, 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 969] <... setpgid resumed>) = 0 [pid 968] <... setpgid resumed>) = 0 [pid 299] getdents64(3, [pid 969] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 968] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 299] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 128 [pid 969] <... openat resumed>) = 3 [pid 968] <... openat resumed>) = 3 [pid 299] umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 969] write(3, "1000", 4 [pid 968] write(3, "1000", 4 [pid 965] ioctl(8, LOOP_SET_FD, 7 [pid 969] <... write resumed>) = 4 [pid 968] <... write resumed>) = 4 [pid 965] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 969] close(3 [pid 968] close(3 [pid 965] close(8 [pid 969] <... close resumed>) = 0 [pid 968] <... close resumed>) = 0 [pid 965] <... close resumed>) = 0 [pid 969] symlink("/dev/binderfs", "./binderfs" [pid 968] symlink("/dev/binderfs", "./binderfs" [pid 965] close(7 [pid 969] <... symlink resumed>) = 0 [pid 968] <... symlink resumed>) = 0 [pid 965] <... close resumed>) = 0 [pid 969] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 968] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 965] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 969] <... futex resumed>) = 0 [pid 968] <... futex resumed>) = 0 [pid 965] <... futex resumed>) = 0 [pid 969] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 968] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 965] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 969] <... rt_sigaction resumed>NULL, 8) = 0 [pid 968] <... rt_sigaction resumed>NULL, 8) = 0 [pid 969] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 968] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 969] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 968] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 969] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 968] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 969] <... mmap resumed>) = 0x7f6220445000 [pid 968] <... mmap resumed>) = 0x7f6220445000 [pid 969] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 968] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 969] <... mprotect resumed>) = 0 [pid 968] <... mprotect resumed>) = 0 [pid 969] rt_sigprocmask(SIG_BLOCK, ~[], [pid 968] rt_sigprocmask(SIG_BLOCK, ~[], [pid 969] <... rt_sigprocmask resumed>[], 8) = 0 [pid 968] <... rt_sigprocmask resumed>[], 8) = 0 [pid 969] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 968] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 969] <... clone3 resumed> => {parent_tid=[970]}, 88) = 970 [pid 968] <... clone3 resumed> => {parent_tid=[971]}, 88) = 971 [pid 969] rt_sigprocmask(SIG_SETMASK, [], [pid 968] rt_sigprocmask(SIG_SETMASK, [], [pid 969] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 968] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 969] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 968] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 969] <... futex resumed>) = 0 [pid 968] <... futex resumed>) = 0 [pid 969] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 968] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 969] <... futex resumed>) = 0 [pid 968] <... futex resumed>) = 0 [pid 969] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 968] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 969] <... mmap resumed>) = 0x7f6220424000 [pid 968] <... mmap resumed>) = 0x7f6220424000 [pid 969] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 968] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 969] <... mprotect resumed>) = 0 [pid 968] <... mprotect resumed>) = 0 [pid 969] rt_sigprocmask(SIG_BLOCK, ~[], [pid 968] rt_sigprocmask(SIG_BLOCK, ~[], [pid 969] <... rt_sigprocmask resumed>[], 8) = 0 [pid 968] <... rt_sigprocmask resumed>[], 8) = 0 [pid 969] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 968] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 969] <... clone3 resumed> => {parent_tid=[972]}, 88) = 972 [pid 968] <... clone3 resumed> => {parent_tid=[973]}, 88) = 973 [pid 969] rt_sigprocmask(SIG_SETMASK, [], [pid 968] rt_sigprocmask(SIG_SETMASK, [], [pid 969] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 968] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 969] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 968] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 969] <... futex resumed>) = 0 [pid 968] <... futex resumed>) = 0 [pid 969] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 968] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 973 attached [pid 973] set_robust_list(0x7f62204449a0, 24) = 0 [pid 973] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 973] creat("./bus", 000) = 3 [pid 973] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 968] <... futex resumed>) = 0 [pid 968] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 968] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 973] <... futex resumed>) = 1 [pid 973] mount("/dev/loop1", "./bus", NULL, MS_BIND, NULL) = 0 ./strace-static-x86_64: Process 972 attached [pid 972] set_robust_list(0x7f62204449a0, 24 [pid 973] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 972] <... set_robust_list resumed>) = 0 [pid 972] rt_sigprocmask(SIG_SETMASK, [], [pid 968] <... futex resumed>) = 0 [pid 968] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 968] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 973] <... futex resumed>) = 1 [pid 972] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 973] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 4 [pid 972] creat("./bus", 000 [pid 973] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 968] <... futex resumed>) = 0 [pid 968] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 968] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 973] <... futex resumed>) = 1 [pid 973] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 972] <... creat resumed>) = 3 [pid 973] <... socket resumed>) = 5 [pid 973] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 968] <... futex resumed>) = 0 [pid 968] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 968] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 973] <... futex resumed>) = 1 [pid 973] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 4, 0) = 0x20000000 [pid 972] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 969] <... futex resumed>) = 0 [pid 969] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 969] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 973] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 972] <... futex resumed>) = 1 [pid 972] mount("/dev/loop5", "./bus", NULL, MS_BIND, NULL [pid 968] <... futex resumed>) = 0 [pid 968] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 973] <... futex resumed>) = 1 [pid 973] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000144} --- [pid 972] <... mount resumed>) = 0 [pid 972] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 969] <... futex resumed>) = 0 [pid 969] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 969] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 972] <... futex resumed>) = 1 [pid 299] <... umount2 resumed>) = 0 [pid 298] <... umount2 resumed>) = 0 ./strace-static-x86_64: Process 971 attached ./strace-static-x86_64: Process 970 attached [pid 972] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 4 [pid 971] +++ killed by SIGBUS +++ [pid 970] set_robust_list(0x7f62204659a0, 24 [pid 299] umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 973] +++ killed by SIGBUS +++ [pid 972] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 970] <... set_robust_list resumed>) = 0 [pid 968] +++ killed by SIGBUS +++ [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 972] <... futex resumed>) = 1 [pid 970] rt_sigprocmask(SIG_SETMASK, [], [pid 969] <... futex resumed>) = 0 [pid 299] newfstatat(AT_FDCWD, "./29/bus", [pid 298] newfstatat(AT_FDCWD, "./30/bus", [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=968, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 972] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 970] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 969] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 972] <... socket resumed>) = 5 [pid 970] memfd_create("syzkaller", 0 [pid 969] <... futex resumed>) = 0 [pid 299] unlink("./29/bus" [pid 298] unlink("./30/bus" [pid 972] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 970] <... memfd_create resumed>) = 6 [pid 969] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] <... unlink resumed>) = 0 [pid 298] <... unlink resumed>) = 0 [pid 972] <... futex resumed>) = 0 [pid 970] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 969] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 299] umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 972] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 4, 0 [pid 970] <... mmap resumed>) = 0x7f6218024000 [pid 969] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 972] <... mmap resumed>) = 0x20000000 [pid 970] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 969] <... futex resumed>) = 0 [pid 299] newfstatat(AT_FDCWD, "./29/binderfs", [pid 298] newfstatat(AT_FDCWD, "./30/binderfs", [pid 972] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 970] <... write resumed>) = 262144 [pid 969] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW [pid 972] <... futex resumed>) = 0 [pid 969] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 299] unlink("./29/binderfs" [pid 298] unlink("./30/binderfs" [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 972] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000144} --- [pid 970] munmap(0x7f6218024000, 262144 [pid 969] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... unlink resumed>) = 0 [pid 298] <... unlink resumed>) = 0 [pid 297] openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 969] <... futex resumed>) = 0 [pid 970] <... munmap resumed>) = ? [pid 299] umount2("./29/ext4", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] umount2("./30/ext4", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] <... openat resumed>) = 3 [pid 970] +++ killed by SIGBUS +++ [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(3, "", [pid 972] +++ killed by SIGBUS +++ [pid 969] +++ killed by SIGBUS +++ [pid 299] newfstatat(AT_FDCWD, "./29/ext4", [pid 298] newfstatat(AT_FDCWD, "./30/ext4", [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=969, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] getdents64(3, 0x555556cc8730 /* 4 entries */, 32768) = 104 [pid 301] umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] umount2("./29/ext4", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] umount2("./30/ext4", MNT_DETACH|UMOUNT_NOFOLLOW [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 301] openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] <... umount2 resumed>) = 0 [pid 301] <... openat resumed>) = 3 [pid 299] openat(AT_FDCWD, "./29/ext4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 298] openat(AT_FDCWD, "./30/ext4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 297] umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 964] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 964] ioctl(5, LOOP_CLR_FD) = 0 [pid 964] close(5) = 0 [pid 301] newfstatat(3, "", [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 964] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... openat resumed>) = 4 [pid 301] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] newfstatat(AT_FDCWD, "./34/bus", [pid 299] newfstatat(4, "", [pid 301] getdents64(3, [pid 298] <... openat resumed>) = 4 [pid 297] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 301] <... getdents64 resumed>0x555556cc8730 /* 4 entries */, 32768) = 104 [pid 297] unlink("./34/bus" [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 301] umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] newfstatat(4, "", [pid 964] <... futex resumed>) = 0 [pid 964] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 297] <... unlink resumed>) = 0 [pid 301] <... umount2 resumed>) = 0 [pid 299] getdents64(4, [pid 301] umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 301] newfstatat(AT_FDCWD, "./30/bus", [pid 298] getdents64(4, [pid 297] umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 301] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 301] unlink("./30/bus" [pid 299] getdents64(4, [pid 298] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 301] <... unlink resumed>) = 0 [pid 299] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 297] newfstatat(AT_FDCWD, "./34/binderfs", [pid 298] getdents64(4, [pid 953] exit_group(0 [pid 301] umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] close(4 [pid 297] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 965] <... futex resumed>) = ? [pid 953] <... exit_group resumed>) = ? [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] <... close resumed>) = 0 [pid 298] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 297] unlink("./34/binderfs" [pid 965] +++ exited with 0 +++ [pid 964] <... futex resumed>) = ? [pid 301] newfstatat(AT_FDCWD, "./30/binderfs", [pid 299] rmdir("./29/ext4" [pid 298] close(4 [pid 297] <... unlink resumed>) = 0 [pid 301] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] <... close resumed>) = 0 [pid 301] unlink("./30/binderfs" [pid 299] <... rmdir resumed>) = 0 [pid 298] rmdir("./30/ext4" [pid 297] getdents64(3, [pid 301] <... unlink resumed>) = 0 [pid 299] getdents64(3, [pid 297] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 298] <... rmdir resumed>) = 0 [pid 301] getdents64(3, [pid 299] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 298] getdents64(3, [pid 297] close(3 [pid 301] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 299] close(3 [pid 298] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 297] <... close resumed>) = 0 [pid 301] close(3 [pid 299] <... close resumed>) = 0 [pid 298] close(3 [pid 297] rmdir("./34" [pid 301] <... close resumed>) = 0 [pid 299] rmdir("./29" [pid 298] <... close resumed>) = 0 [pid 298] rmdir("./30" [pid 297] <... rmdir resumed>) = 0 [pid 301] rmdir("./30" [pid 299] <... rmdir resumed>) = 0 [pid 298] <... rmdir resumed>) = 0 [pid 297] mkdir("./35", 0777 [pid 298] mkdir("./31", 0777 [pid 301] <... rmdir resumed>) = 0 [pid 301] mkdir("./31", 0777 [pid 299] mkdir("./30", 0777 [pid 298] <... mkdir resumed>) = 0 [pid 297] <... mkdir resumed>) = 0 [pid 301] <... mkdir resumed>) = 0 [pid 298] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 301] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 299] <... mkdir resumed>) = 0 [pid 298] <... openat resumed>) = 3 [pid 297] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 301] <... openat resumed>) = 3 [pid 299] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 298] ioctl(3, LOOP_CLR_FD [pid 297] <... openat resumed>) = 3 [pid 301] ioctl(3, LOOP_CLR_FD [pid 298] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 297] ioctl(3, LOOP_CLR_FD [pid 301] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 298] close(3 [pid 297] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 301] close(3 [pid 297] close(3 [pid 301] <... close resumed>) = 0 [pid 298] <... close resumed>) = 0 [pid 297] <... close resumed>) = 0 [pid 301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 959] +++ exited with 0 +++ [pid 301] <... clone resumed>, child_tidptr=0x555556cc7690) = 974 [pid 298] <... clone resumed>, child_tidptr=0x555556cc7690) = 975 [pid 297] <... clone resumed>, child_tidptr=0x555556cc7690) = 976 [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=959, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- ./strace-static-x86_64: Process 976 attached ./strace-static-x86_64: Process 975 attached ./strace-static-x86_64: Process 974 attached [pid 976] set_robust_list(0x555556cc76a0, 24 [pid 975] set_robust_list(0x555556cc76a0, 24 [pid 974] set_robust_list(0x555556cc76a0, 24 [pid 296] umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 296] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 976] <... set_robust_list resumed>) = 0 [pid 975] <... set_robust_list resumed>) = 0 [pid 974] <... set_robust_list resumed>) = 0 [pid 296] getdents64(3, 0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 296] umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 976] chdir("./35" [pid 296] <... umount2 resumed>) = 0 [pid 296] umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 976] <... chdir resumed>) = 0 [pid 975] chdir("./31" [pid 974] chdir("./31" [pid 299] <... openat resumed>) = 3 [pid 976] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 975] <... chdir resumed>) = 0 [pid 974] <... chdir resumed>) = 0 [pid 296] newfstatat(AT_FDCWD, "./27/bus", [pid 976] <... prctl resumed>) = 0 [pid 975] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 974] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 299] ioctl(3, LOOP_CLR_FD [pid 976] setpgid(0, 0 [pid 975] <... prctl resumed>) = 0 [pid 974] <... prctl resumed>) = 0 [pid 299] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 296] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 976] <... setpgid resumed>) = 0 [pid 975] setpgid(0, 0 [pid 976] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 975] <... setpgid resumed>) = 0 [pid 974] setpgid(0, 0 [pid 299] close(3 [pid 296] unlink("./27/bus" [pid 976] <... openat resumed>) = 3 [pid 975] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 976] write(3, "1000", 4 [pid 975] <... openat resumed>) = 3 [pid 299] <... close resumed>) = 0 [pid 976] <... write resumed>) = 4 [pid 975] write(3, "1000", 4 [pid 976] close(3 [pid 975] <... write resumed>) = 4 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 296] <... unlink resumed>) = 0 [pid 976] <... close resumed>) = 0 [pid 975] close(3 [pid 976] symlink("/dev/binderfs", "./binderfs" [pid 975] <... close resumed>) = 0 [pid 976] <... symlink resumed>) = 0 [pid 975] symlink("/dev/binderfs", "./binderfs" [pid 976] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 975] <... symlink resumed>) = 0 [pid 296] umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 976] <... futex resumed>) = 0 [pid 975] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... clone resumed>, child_tidptr=0x555556cc7690) = 977 [pid 976] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 975] <... futex resumed>) = 0 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 976] <... rt_sigaction resumed>NULL, 8) = 0 [pid 975] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 296] newfstatat(AT_FDCWD, "./27/binderfs", [pid 976] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 975] <... rt_sigaction resumed>NULL, 8) = 0 [pid 976] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 975] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 296] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 976] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 975] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 296] unlink("./27/binderfs" [pid 976] <... mmap resumed>) = 0x7f6220445000 [pid 975] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 976] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 975] <... mmap resumed>) = 0x7f6220445000 [pid 976] <... mprotect resumed>) = 0 [pid 975] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 976] rt_sigprocmask(SIG_BLOCK, ~[], [pid 975] <... mprotect resumed>) = 0 [pid 296] <... unlink resumed>) = 0 [pid 976] <... rt_sigprocmask resumed>[], 8) = 0 [pid 975] rt_sigprocmask(SIG_BLOCK, ~[], [pid 976] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 975] <... rt_sigprocmask resumed>[], 8) = 0 [pid 296] umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 975] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0}./strace-static-x86_64: Process 978 attached [pid 976] <... clone3 resumed> => {parent_tid=[978]}, 88) = 978 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 976] rt_sigprocmask(SIG_SETMASK, [], [pid 975] <... clone3 resumed> => {parent_tid=[979]}, 88) = 979 [pid 976] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 975] rt_sigprocmask(SIG_SETMASK, [], [pid 296] newfstatat(AT_FDCWD, "./27/file0", [pid 976] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 975] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 976] <... futex resumed>) = 0 [pid 975] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 976] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 975] <... futex resumed>) = 0 [pid 296] umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 976] <... futex resumed>) = 0 [pid 975] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 976] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 975] <... futex resumed>) = 0 [pid 976] <... mmap resumed>) = 0x7f6220424000 [pid 975] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 976] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 975] <... mmap resumed>) = 0x7f6220424000 [pid 296] openat(AT_FDCWD, "./27/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 976] <... mprotect resumed>) = 0 [pid 975] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 976] rt_sigprocmask(SIG_BLOCK, ~[], [pid 975] <... mprotect resumed>) = 0 [pid 296] <... openat resumed>) = 4 [pid 976] <... rt_sigprocmask resumed>[], 8) = 0 [pid 975] rt_sigprocmask(SIG_BLOCK, ~[], [pid 296] newfstatat(4, "", [pid 976] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 975] <... rt_sigprocmask resumed>[], 8) = 0 [pid 975] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 ./strace-static-x86_64: Process 980 attached ./strace-static-x86_64: Process 979 attached ./strace-static-x86_64: Process 977 attached [pid 976] <... clone3 resumed> => {parent_tid=[980]}, 88) = 980 [pid 976] rt_sigprocmask(SIG_SETMASK, [], [pid 975] <... clone3 resumed> => {parent_tid=[981]}, 88) = 981 [pid 976] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 975] rt_sigprocmask(SIG_SETMASK, [], [pid 976] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 975] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 976] <... futex resumed>) = 0 [pid 975] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 976] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 975] <... futex resumed>) = 0 [pid 975] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 974] <... setpgid resumed>) = 0 [pid 974] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 296] getdents64(4, [pid 978] set_robust_list(0x7f62204659a0, 24) = 0 [pid 978] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 978] memfd_create("syzkaller", 0./strace-static-x86_64: Process 981 attached [pid 980] set_robust_list(0x7f62204449a0, 24 [pid 979] set_robust_list(0x7f62204659a0, 24 [pid 977] set_robust_list(0x555556cc76a0, 24 [pid 964] +++ exited with 0 +++ [pid 953] +++ exited with 0 +++ [pid 296] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=953, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- [pid 300] umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 300] openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 300] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 300] getdents64(3, 0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 300] umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 300] umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 300] newfstatat(AT_FDCWD, "./29/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 300] unlink("./29/bus") = 0 [pid 300] umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 300] newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 300] unlink("./29/binderfs" [pid 977] <... set_robust_list resumed>) = 0 [pid 300] <... unlink resumed>) = 0 [pid 296] getdents64(4, [pid 300] umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 300] newfstatat(AT_FDCWD, "./29/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 300] umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 300] openat(AT_FDCWD, "./29/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 300] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 300] getdents64(4, 0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 300] getdents64(4, 0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 300] close(4) = 0 [pid 300] rmdir("./29/file0" [pid 296] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 978] <... memfd_create resumed>) = 3 [pid 977] chdir("./30" [pid 300] <... rmdir resumed>) = 0 [ 29.061358][ T964] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 29.074910][ T966] EXT4-fs warning (device loop4): kmmpd:170: kmmpd being stopped since MMP feature has been disabled. [ 29.080900][ T964] EXT4-fs error (device loop4): ext4_init_orphan_info:586: comm syz-executor172: inode #0: comm syz-executor172: iget: illegal inode # [ 29.099956][ T964] EXT4-fs (loop4): get orphan inode failed [ 29.105941][ T964] EXT4-fs (loop4): mount failed [pid 296] close(4 [pid 978] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 974] <... openat resumed>) = 3 [pid 300] getdents64(3, [pid 978] <... mmap resumed>) = 0x7f6218024000 [pid 974] write(3, "1000", 4 [pid 300] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 978] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 977] <... chdir resumed>) = 0 [pid 974] <... write resumed>) = 4 [pid 300] close(3 [pid 296] <... close resumed>) = 0 [pid 974] close(3 [pid 300] <... close resumed>) = 0 [pid 974] <... close resumed>) = 0 [pid 300] rmdir("./29" [pid 979] <... set_robust_list resumed>) = 0 [pid 977] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 974] symlink("/dev/binderfs", "./binderfs" [pid 300] <... rmdir resumed>) = 0 [pid 296] rmdir("./27/file0" [pid 979] rt_sigprocmask(SIG_SETMASK, [], [pid 977] <... prctl resumed>) = 0 [pid 974] <... symlink resumed>) = 0 [pid 300] mkdir("./30", 0777 [pid 977] setpgid(0, 0 [pid 974] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] <... mkdir resumed>) = 0 [pid 979] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 296] <... rmdir resumed>) = 0 [pid 977] <... setpgid resumed>) = 0 [pid 974] <... futex resumed>) = 0 [pid 300] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 980] <... set_robust_list resumed>) = 0 [pid 979] memfd_create("syzkaller", 0 [pid 978] <... write resumed>) = 262144 [pid 977] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 974] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 300] <... openat resumed>) = 3 [pid 296] getdents64(3, [pid 974] <... rt_sigaction resumed>NULL, 8) = 0 [pid 300] ioctl(3, LOOP_CLR_FD [pid 977] <... openat resumed>) = 3 [pid 974] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 300] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 296] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 977] write(3, "1000", 4 [pid 974] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 300] close(3 [pid 296] close(3 [pid 977] <... write resumed>) = 4 [pid 974] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 300] <... close resumed>) = 0 [pid 977] close(3 [pid 974] <... mmap resumed>) = 0x7f6220445000 [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 296] <... close resumed>) = 0 [pid 980] rt_sigprocmask(SIG_SETMASK, [], [pid 979] <... memfd_create resumed>) = 3 [pid 978] munmap(0x7f6218024000, 262144 [pid 977] <... close resumed>) = 0 [pid 974] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 980] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 979] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 978] <... munmap resumed>) = 0 [pid 977] symlink("/dev/binderfs", "./binderfs" [pid 974] <... mprotect resumed>) = 0 [pid 300] <... clone resumed>, child_tidptr=0x555556cc7690) = 982 [pid 296] rmdir("./27" [pid 978] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 974] rt_sigprocmask(SIG_BLOCK, ~[], [pid 978] <... openat resumed>) = 4 [pid 977] <... symlink resumed>) = 0 [pid 974] <... rt_sigprocmask resumed>[], 8) = 0 [pid 978] ioctl(4, LOOP_SET_FD, 3 [pid 974] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 981] set_robust_list(0x7f62204449a0, 24 [pid 980] creat("./bus", 000 [pid 979] <... mmap resumed>) = 0x7f6218024000 [pid 977] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... rmdir resumed>) = 0 [pid 977] <... futex resumed>) = 0 [pid 974] <... clone3 resumed> => {parent_tid=[983]}, 88) = 983 [pid 296] mkdir("./28", 0777 [pid 977] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 974] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 974] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 974] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 974] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 977] <... rt_sigaction resumed>NULL, 8) = 0 [pid 974] <... mmap resumed>) = 0x7f6220424000 [pid 296] <... mkdir resumed>) = 0 [pid 974] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 977] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 974] <... mprotect resumed>) = 0 [pid 296] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 974] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 977] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 974] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 296] <... openat resumed>) = 3 [pid 977] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 296] ioctl(3, LOOP_CLR_FD [pid 974] <... clone3 resumed> => {parent_tid=[984]}, 88) = 984 [pid 974] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 974] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 296] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 977] <... mmap resumed>) = 0x7f6220445000 [pid 974] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 296] close(3 [pid 977] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 296] <... close resumed>) = 0 ./strace-static-x86_64: Process 982 attached [pid 977] <... mprotect resumed>) = 0 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 982] set_robust_list(0x555556cc76a0, 24) = 0 [pid 982] chdir("./30") = 0 [pid 982] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 982] setpgid(0, 0 [pid 977] rt_sigprocmask(SIG_BLOCK, ~[], [pid 296] <... clone resumed>, child_tidptr=0x555556cc7690) = 985 [pid 977] <... rt_sigprocmask resumed>[], 8) = 0 [pid 982] <... setpgid resumed>) = 0 [pid 982] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 982] write(3, "1000", 4 [pid 977] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 982] <... write resumed>) = 4 [pid 982] close(3) = 0 ./strace-static-x86_64: Process 983 attached [pid 982] symlink("/dev/binderfs", "./binderfs" [pid 983] set_robust_list(0x7f62204659a0, 24 [pid 982] <... symlink resumed>) = 0 [pid 983] <... set_robust_list resumed>) = 0 [pid 982] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 983] rt_sigprocmask(SIG_SETMASK, [], [pid 982] <... futex resumed>) = 0 [pid 983] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 982] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 983] memfd_create("syzkaller", 0 [pid 982] <... rt_sigaction resumed>NULL, 8) = 0 [pid 977] <... clone3 resumed> => {parent_tid=[986]}, 88) = 986 ./strace-static-x86_64: Process 984 attached [pid 983] <... memfd_create resumed>) = 3 [pid 982] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 980] <... creat resumed>) = 5 [pid 977] rt_sigprocmask(SIG_SETMASK, [], [pid 984] set_robust_list(0x7f62204449a0, 24 [pid 983] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 982] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 984] <... set_robust_list resumed>) = 0 [pid 983] <... mmap resumed>) = 0x7f6218024000 [pid 982] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0./strace-static-x86_64: Process 986 attached ./strace-static-x86_64: Process 985 attached [pid 984] rt_sigprocmask(SIG_SETMASK, [], [pid 982] <... mmap resumed>) = 0x7f6220445000 [pid 981] <... set_robust_list resumed>) = 0 [pid 980] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 979] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 977] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 984] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 983] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 982] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 980] <... futex resumed>) = 1 [pid 976] <... futex resumed>) = 0 [pid 984] creat("./bus", 000 [pid 983] <... write resumed>) = 262144 [pid 982] <... mprotect resumed>) = 0 [pid 980] mount("/dev/loop1", "./bus", NULL, MS_BIND, NULL [pid 979] <... write resumed>) = 262144 [pid 977] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 976] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 981] rt_sigprocmask(SIG_SETMASK, [], [pid 986] set_robust_list(0x7f62204659a0, 24 [pid 985] set_robust_list(0x555556cc76a0, 24 [pid 984] <... creat resumed>) = 4 [pid 982] rt_sigprocmask(SIG_BLOCK, ~[], [pid 977] <... futex resumed>) = 0 [pid 976] <... futex resumed>) = 0 [pid 980] <... mount resumed>) = 0 [pid 984] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 982] <... rt_sigprocmask resumed>[], 8) = 0 [pid 976] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 984] <... futex resumed>) = 1 [pid 982] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 974] <... futex resumed>) = 0 [pid 984] mount("/dev/loop5", "./bus", NULL, MS_BIND, NULL [pid 974] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 984] <... mount resumed>) = 0 [pid 983] munmap(0x7f6218024000, 262144 [pid 982] <... clone3 resumed> => {parent_tid=[987]}, 88) = 987 [pid 977] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 974] <... futex resumed>) = 0 [pid 986] <... set_robust_list resumed>) = 0 [pid 985] <... set_robust_list resumed>) = 0 [pid 984] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 983] <... munmap resumed>) = 0 [pid 982] rt_sigprocmask(SIG_SETMASK, [], [pid 981] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 980] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 979] munmap(0x7f6218024000, 262144 [pid 977] <... futex resumed>) = 0 [pid 974] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 984] <... futex resumed>) = 0 [pid 983] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 982] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 974] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 984] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 983] <... openat resumed>) = 5 [pid 982] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 974] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 984] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 983] ioctl(5, LOOP_SET_FD, 3 [pid 982] <... futex resumed>) = 0 [pid 974] <... futex resumed>) = 0 [pid 984] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 982] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 980] <... futex resumed>) = 1 [pid 977] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 976] <... futex resumed>) = 0 [pid 974] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 982] <... futex resumed>) = 0 [pid 979] <... munmap resumed>) = 0 [pid 976] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 977] <... mmap resumed>) = 0x7f6220424000 [pid 980] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 982] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 976] <... futex resumed>) = 0 [pid 982] <... mmap resumed>) = 0x7f6220424000 [pid 976] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 982] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 982] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 982] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 981] creat("./bus", 000 [pid 980] <... open resumed>) = 6 [pid 979] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 977] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 985] chdir("./28" [pid 980] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 982] <... clone3 resumed> => {parent_tid=[988]}, 88) = 988 [pid 982] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 981] <... creat resumed>) = 4 [pid 982] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 980] <... futex resumed>) = 1 [pid 977] <... mprotect resumed>) = 0 [pid 976] <... futex resumed>) = 0 [pid 979] <... openat resumed>) = 5 [pid 981] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 982] <... futex resumed>) = 0 [pid 980] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 979] ioctl(5, LOOP_SET_FD, 3 [pid 977] rt_sigprocmask(SIG_BLOCK, ~[], [pid 976] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 982] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 981] <... futex resumed>) = 1 [pid 980] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 976] <... futex resumed>) = 0 [pid 977] <... rt_sigprocmask resumed>[], 8) = 0 [pid 975] <... futex resumed>) = 0 ./strace-static-x86_64: Process 987 attached [pid 981] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 980] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 977] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 976] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 975] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 987] set_robust_list(0x7f62204659a0, 24 [pid 980] <... socket resumed>) = 7 [pid 975] <... futex resumed>) = 0 [pid 987] <... set_robust_list resumed>) = 0 [pid 981] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 980] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 975] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 987] rt_sigprocmask(SIG_SETMASK, [], [pid 981] mount("/dev/loop2", "./bus", NULL, MS_BIND, NULL [pid 980] <... futex resumed>) = 1 [pid 977] <... clone3 resumed> => {parent_tid=[989]}, 88) = 989 [pid 976] <... futex resumed>) = 0 [pid 987] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 976] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 980] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 6, 0 [pid 987] memfd_create("syzkaller", 0 [pid 981] <... mount resumed>) = 0 [pid 977] rt_sigprocmask(SIG_SETMASK, [], [pid 976] <... futex resumed>) = 0 [pid 987] <... memfd_create resumed>) = 3 [pid 981] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 980] <... mmap resumed>) = 0x20000000 [pid 977] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 976] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 987] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6218024000 [pid 981] <... futex resumed>) = 1 [pid 980] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 977] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 975] <... futex resumed>) = 0 [pid 987] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 986] rt_sigprocmask(SIG_SETMASK, [], [pid 985] <... chdir resumed>) = 0 [pid 984] <... open resumed>) = 6 [pid 981] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 980] <... futex resumed>) = 1 [pid 977] <... futex resumed>) = 0 [pid 976] <... futex resumed>) = 0 [pid 975] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 987] <... write resumed>) = 262144 [pid 984] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 976] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 975] <... futex resumed>) = 0 [pid 984] <... futex resumed>) = 1 [pid 976] <... futex resumed>) = 0 [pid 975] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 974] <... futex resumed>) = 0 [pid 984] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 974] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 984] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 974] <... futex resumed>) = 0 ./strace-static-x86_64: Process 989 attached [pid 984] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 974] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 989] set_robust_list(0x7f62204449a0, 24 [pid 984] <... socket resumed>) = 7 [pid 989] <... set_robust_list resumed>) = 0 [pid 984] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 989] rt_sigprocmask(SIG_SETMASK, [], [pid 987] munmap(0x7f6218024000, 262144 [pid 984] <... futex resumed>) = 1 [pid 974] <... futex resumed>) = 0 [pid 989] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 987] <... munmap resumed>) = 0 [pid 984] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 974] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 989] creat("./bus", 000 [pid 987] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 984] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 974] <... futex resumed>) = 0 ./strace-static-x86_64: Process 988 attached [pid 989] <... creat resumed>) = 3 [pid 987] <... openat resumed>) = 4 [pid 984] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 6, 0 [pid 974] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 989] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 988] set_robust_list(0x7f62204449a0, 24 [pid 987] ioctl(4, LOOP_SET_FD, 3 [pid 984] <... mmap resumed>) = 0x20000000 [pid 989] <... futex resumed>) = 0 [pid 988] <... set_robust_list resumed>) = 0 [pid 986] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 985] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 984] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 980] memfd_create("syzkaller", 0 [pid 977] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 989] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 988] rt_sigprocmask(SIG_SETMASK, [], [pid 984] <... futex resumed>) = 1 [pid 980] <... memfd_create resumed>) = 8 [pid 974] <... futex resumed>) = 0 [pid 977] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 985] <... prctl resumed>) = 0 [pid 988] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 986] memfd_create("syzkaller", 0 [pid 984] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 980] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 977] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 974] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 988] creat("./bus", 000 [pid 984] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 980] <... mmap resumed>) = 0x7f620fc64000 [pid 974] <... futex resumed>) = 0 [pid 989] <... futex resumed>) = 0 [pid 988] <... creat resumed>) = 5 [pid 986] <... memfd_create resumed>) = 4 [pid 985] setpgid(0, 0 [pid 978] <... ioctl resumed>) = 0 [pid 977] <... futex resumed>) = 1 [pid 989] mount("/dev/loop3", "./bus", NULL, MS_BIND, NULL [pid 988] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 989] <... mount resumed>) = 0 [pid 988] <... futex resumed>) = 1 [pid 986] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 985] <... setpgid resumed>) = 0 [pid 984] memfd_create("syzkaller", 0 [pid 982] <... futex resumed>) = 0 [pid 980] write(8, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 977] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 989] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 988] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 984] <... memfd_create resumed>) = 8 [pid 982] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 989] <... futex resumed>) = 0 [pid 988] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 985] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 984] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 982] <... futex resumed>) = 0 [pid 977] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 989] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 988] mount("/dev/loop4", "./bus", NULL, MS_BIND, NULL [pid 987] <... ioctl resumed>) = 0 [pid 984] <... mmap resumed>) = 0x7f620fc64000 [pid 982] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 980] <... write resumed>) = 65536 [pid 977] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 989] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 988] <... mount resumed>) = 0 [pid 987] close(3 [pid 986] <... mmap resumed>) = 0x7f6218024000 [pid 985] <... openat resumed>) = 3 [pid 984] write(8, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 983] <... ioctl resumed>) = 0 [pid 980] munmap(0x7f620fc64000, 65536 [pid 978] close(3 [pid 977] <... futex resumed>) = 0 [pid 989] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 988] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 987] <... close resumed>) = 0 [pid 984] <... write resumed>) = 65536 [pid 983] close(3 [pid 989] <... open resumed>) = 5 [pid 988] <... futex resumed>) = 1 [pid 987] mkdir("./file0", 0777 [pid 984] munmap(0x7f620fc64000, 65536 [pid 983] <... close resumed>) = 0 [pid 982] <... futex resumed>) = 0 [pid 989] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 988] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 987] <... mkdir resumed>) = 0 [pid 984] <... munmap resumed>) = 0 [pid 983] mkdir(0x20000000, 0777 [pid 982] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 977] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 989] <... futex resumed>) = 0 [pid 988] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 987] mount("/dev/loop4", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 986] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 264966 [pid 984] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 983] <... mkdir resumed>) = 0 [pid 982] <... futex resumed>) = 0 [pid 980] <... munmap resumed>) = 0 [pid 989] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 988] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 985] write(3, "1000", 4 [pid 984] <... openat resumed>) = 3 [pid 983] mount("/dev/loop5", 0x20000000, 0x200005c0, MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"... [pid 982] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 980] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 977] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 988] <... open resumed>) = 3 [pid 985] <... write resumed>) = 4 [pid 984] ioctl(3, LOOP_SET_FD, 8 [pid 983] <... mount resumed>) = -1 ENODEV (No such device) [pid 988] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 984] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 980] <... openat resumed>) = 9 [pid 977] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 985] close(3 [pid 989] <... futex resumed>) = 0 [pid 988] <... futex resumed>) = 1 [pid 984] ioctl(3, LOOP_CLR_FD [pid 983] ioctl(5, LOOP_CLR_FD [pid 982] <... futex resumed>) = 0 [pid 980] ioctl(9, LOOP_SET_FD, 8 [pid 977] <... futex resumed>) = 1 [pid 989] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 988] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 985] <... close resumed>) = 0 [pid 984] <... ioctl resumed>) = 0 [pid 983] <... ioctl resumed>) = 0 [pid 982] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 980] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 977] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 989] <... socket resumed>) = 6 [pid 988] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 985] symlink("/dev/binderfs", "./binderfs" [pid 983] close(5 [pid 982] <... futex resumed>) = 0 [pid 980] ioctl(9, LOOP_CLR_FD [pid 989] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 988] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 986] <... write resumed>) = 264966 [pid 983] <... close resumed>) = 0 [pid 982] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 989] <... futex resumed>) = 1 [pid 988] <... socket resumed>) = 6 [pid 986] munmap(0x7f6218024000, 264966 [pid 985] <... symlink resumed>) = 0 [pid 983] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 980] <... ioctl resumed>) = 0 [pid 977] <... futex resumed>) = 0 [pid 989] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 988] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 985] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 983] <... futex resumed>) = 0 [pid 977] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 989] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 988] <... futex resumed>) = 1 [pid 985] <... futex resumed>) = 0 [pid 983] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 982] <... futex resumed>) = 0 [pid 977] <... futex resumed>) = 0 [pid 989] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 988] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 985] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 982] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 978] <... close resumed>) = 0 [pid 977] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 989] <... mmap resumed>) = 0x20000000 [pid 988] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 985] <... rt_sigaction resumed>NULL, 8) = 0 [ 29.148352][ T978] loop1: detected capacity change from 0 to 512 [ 29.167891][ T983] loop5: detected capacity change from 0 to 512 [ 29.167943][ T979] loop2: detected capacity change from 0 to 512 [ 29.178295][ T987] loop4: detected capacity change from 0 to 512 [pid 984] ioctl(3, LOOP_SET_FD, 8 [pid 982] <... futex resumed>) = 0 [pid 981] <... open resumed>) = 6 [pid 979] <... ioctl resumed>) = 0 [pid 978] mkdir(0x20000000, 0777 [pid 986] <... munmap resumed>) = 0 [pid 989] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 985] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 981] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 989] <... futex resumed>) = 0 [pid 988] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 3, 0 [pid 985] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 984] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 982] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 981] <... futex resumed>) = 1 [pid 977] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 975] <... futex resumed>) = 0 [pid 989] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 986] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 985] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 981] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 980] ioctl(9, LOOP_SET_FD, 8 [pid 975] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 985] <... mmap resumed>) = 0x7f6220445000 [pid 981] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 980] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 975] <... futex resumed>) = 0 [pid 986] <... openat resumed>) = 7 [pid 985] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 981] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 980] close(9 [pid 978] <... mkdir resumed>) = 0 [pid 975] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 985] <... mprotect resumed>) = 0 [pid 981] <... socket resumed>) = 7 [pid 980] <... close resumed>) = 0 [pid 988] <... mmap resumed>) = 0x20000000 [pid 986] ioctl(7, LOOP_SET_FD, 4 [pid 985] rt_sigprocmask(SIG_BLOCK, ~[], [pid 984] close(3 [pid 981] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 980] close(8 [pid 978] mount("/dev/loop1", 0x20000000, 0x200005c0, MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"... [pid 977] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 988] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 985] <... rt_sigprocmask resumed>[], 8) = 0 [pid 984] <... close resumed>) = 0 [pid 981] <... futex resumed>) = 1 [pid 980] <... close resumed>) = 0 [pid 977] <... futex resumed>) = 1 [pid 975] <... futex resumed>) = 0 [pid 988] <... futex resumed>) = 1 [pid 984] close(8 [pid 982] <... futex resumed>) = 0 [pid 988] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 984] <... close resumed>) = 0 [pid 982] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 988] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 984] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 982] <... futex resumed>) = 0 [pid 988] memfd_create("syzkaller", 0 [pid 984] <... futex resumed>) = 0 [pid 988] <... memfd_create resumed>) = 7 [pid 984] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 988] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f620fc64000 [pid 988] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536) = 65536 [pid 974] exit_group(0 [pid 988] munmap(0x7f620fc64000, 65536 [pid 984] <... futex resumed>) = ? [pid 983] <... futex resumed>) = ? [pid 974] <... exit_group resumed>) = ? [pid 989] <... futex resumed>) = 0 [pid 988] <... munmap resumed>) = 0 [pid 985] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 984] +++ exited with 0 +++ [pid 983] +++ exited with 0 +++ [pid 981] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 6, 0 [pid 980] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 978] <... mount resumed>) = -1 ENODEV (No such device) [pid 975] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 988] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 975] <... futex resumed>) = 0 [pid 988] <... openat resumed>) = 8 [pid 986] <... ioctl resumed>) = 0 [pid 981] <... mmap resumed>) = 0x20000000 [pid 980] <... futex resumed>) = 0 [pid 978] ioctl(4, LOOP_CLR_FD [pid 975] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 988] ioctl(8, LOOP_SET_FD, 7 [pid 986] close(4 [pid 985] <... clone3 resumed> => {parent_tid=[991]}, 88) = 991 [pid 981] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 980] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 988] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 986] <... close resumed>) = 0 [pid 985] rt_sigprocmask(SIG_SETMASK, [], [pid 981] <... futex resumed>) = 0 [pid 978] <... ioctl resumed>) = 0 [pid 975] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 988] ioctl(8, LOOP_CLR_FD [pid 986] mkdir(0x20000000, 0777 [pid 985] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 981] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 978] close(4 [pid 975] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 988] <... ioctl resumed>) = 0 [pid 979] close(3 [pid 985] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 975] <... futex resumed>) = 0 [pid 981] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 985] <... futex resumed>) = 0 [pid 978] <... close resumed>) = 0 [pid 979] <... close resumed>) = 0 [pid 979] mkdir(0x20000000, 0777./strace-static-x86_64: Process 991 attached [pid 989] memfd_create("syzkaller", 0 [pid 986] <... mkdir resumed>) = -1 ENOENT (No such file or directory) [pid 985] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 981] memfd_create("syzkaller", 0 [pid 978] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 991] set_robust_list(0x7f62204659a0, 24 [pid 989] <... memfd_create resumed>) = 4 [pid 986] mount("/dev/loop3", 0x20000000, 0x200005c0, MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"... [pid 985] <... futex resumed>) = 0 [pid 981] <... memfd_create resumed>) = 3 [pid 978] <... futex resumed>) = 0 [pid 991] <... set_robust_list resumed>) = 0 [pid 989] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 986] <... mount resumed>) = -1 ENOENT (No such file or directory) [pid 985] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 981] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 978] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 991] rt_sigprocmask(SIG_SETMASK, [], [pid 989] <... mmap resumed>) = 0x7f620fc65000 [pid 986] ioctl(7, LOOP_CLR_FD [pid 985] <... mmap resumed>) = 0x7f6220424000 [pid 981] <... mmap resumed>) = 0x7f620fc64000 [pid 991] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 989] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 988] ioctl(8, LOOP_SET_FD, 7 [pid 986] <... ioctl resumed>) = 0 [pid 985] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 981] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 979] <... mkdir resumed>) = 0 [pid 976] exit_group(0 [pid 988] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 991] memfd_create("syzkaller", 0 [pid 989] <... write resumed>) = 65536 [pid 986] close(7 [pid 985] <... mprotect resumed>) = 0 [pid 981] <... write resumed>) = 65536 [pid 991] <... memfd_create resumed>) = 3 [pid 989] munmap(0x7f620fc65000, 65536 [pid 986] <... close resumed>) = 0 [pid 985] rt_sigprocmask(SIG_BLOCK, ~[], [pid 981] munmap(0x7f620fc64000, 65536 [pid 991] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 989] <... munmap resumed>) = 0 [pid 986] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 985] <... rt_sigprocmask resumed>[], 8) = 0 [pid 981] <... munmap resumed>) = 0 [pid 991] <... mmap resumed>) = 0x7f6218024000 [pid 989] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 986] <... futex resumed>) = 0 [pid 985] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 981] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 991] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 986] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 981] <... openat resumed>) = 8 [pid 991] <... write resumed>) = 262144 [pid 985] <... clone3 resumed> => {parent_tid=[993]}, 88) = 993 [pid 981] ioctl(8, LOOP_SET_FD, 3 [pid 991] munmap(0x7f6218024000, 262144 [pid 985] rt_sigprocmask(SIG_SETMASK, [], [pid 981] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 991] <... munmap resumed>) = 0 [pid 985] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 981] ioctl(8, LOOP_CLR_FD [pid 991] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 985] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 981] <... ioctl resumed>) = 0 [pid 991] <... openat resumed>) = 4 [pid 985] <... futex resumed>) = 0 [pid 991] ioctl(4, LOOP_SET_FD, 3 [ 29.197869][ T986] loop3: detected capacity change from 0 to 517 [ 29.206956][ T990] EXT4-fs warning (device loop4): kmmpd:170: kmmpd being stopped since MMP feature has been disabled. [ 29.207170][ T987] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 29.226429][ T987] EXT4-fs error (device loop4): ext4_init_orphan_info:586: comm syz-executor172: inode #0: comm syz-executor172: iget: illegal inode # [ 29.234146][ T991] loop0: detected capacity change from 0 to 512 [pid 985] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 993 attached [pid 988] close(8 [pid 980] <... futex resumed>) = ? [pid 979] mount("/dev/loop2", 0x20000000, 0x200005c0, MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"... [pid 978] <... futex resumed>) = ? [pid 976] <... exit_group resumed>) = ? [pid 993] set_robust_list(0x7f62204449a0, 24 [pid 988] <... close resumed>) = 0 [pid 981] ioctl(8, LOOP_SET_FD, 3 [pid 980] +++ exited with 0 +++ [pid 979] <... mount resumed>) = -1 ENODEV (No such device) [pid 978] +++ exited with 0 +++ [pid 981] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 993] <... set_robust_list resumed>) = 0 [pid 988] close(7 [pid 981] close(8 [pid 979] ioctl(5, LOOP_CLR_FD [pid 993] rt_sigprocmask(SIG_SETMASK, [], [pid 981] <... close resumed>) = 0 [pid 993] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 989] <... openat resumed>) = 7 [pid 988] <... close resumed>) = 0 [pid 981] close(3 [pid 979] <... ioctl resumed>) = 0 [pid 993] creat("./bus", 000 [pid 989] ioctl(7, LOOP_SET_FD, 4 [pid 988] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 981] <... close resumed>) = 0 [pid 981] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 981] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 991] <... ioctl resumed>) = 0 [pid 991] close(3) = 0 [pid 991] mkdir("./file0", 0777) = 0 [pid 991] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 979] close(5) = 0 [pid 979] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 975] exit_group(0 [pid 993] <... creat resumed>) = 3 [pid 989] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 988] <... futex resumed>) = 0 [pid 979] <... futex resumed>) = 0 [pid 993] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 985] <... futex resumed>) = 0 [pid 993] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 985] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 993] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 989] ioctl(7, LOOP_CLR_FD [pid 988] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 985] <... futex resumed>) = 0 [pid 981] <... futex resumed>) = ? [pid 975] <... exit_group resumed>) = ? [pid 993] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 985] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 993] <... mount resumed>) = 0 [pid 989] <... ioctl resumed>) = 0 [pid 979] +++ exited with 0 +++ [pid 993] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 985] <... futex resumed>) = 0 [pid 993] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 985] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 981] +++ exited with 0 +++ [pid 993] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 985] <... futex resumed>) = 0 [pid 993] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 985] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 993] <... open resumed>) = 5 [pid 993] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 985] <... futex resumed>) = 0 [pid 993] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 985] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 993] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 985] <... futex resumed>) = 0 [pid 993] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 985] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 993] <... socket resumed>) = 6 [pid 993] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 985] <... futex resumed>) = 0 [pid 993] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 985] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 993] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 985] <... futex resumed>) = 0 [pid 993] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 985] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 993] <... mmap resumed>) = 0x20000000 [pid 993] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 985] <... futex resumed>) = 0 [pid 993] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 985] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 993] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 985] <... futex resumed>) = 0 [pid 989] ioctl(7, LOOP_SET_FD, 4 [pid 993] memfd_create("syzkaller", 0 [pid 989] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 993] <... memfd_create resumed>) = 7 [pid 993] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f620fc64000 [pid 993] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 989] close(7) = 0 [pid 989] close(4 [pid 993] <... write resumed>) = 65536 [pid 989] <... close resumed>) = 0 [pid 989] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 993] munmap(0x7f620fc64000, 65536 [pid 989] <... futex resumed>) = 0 [pid 974] +++ exited with 0 +++ [pid 989] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 977] exit_group(0 [pid 989] <... futex resumed>) = ? [pid 986] <... futex resumed>) = ? [pid 977] <... exit_group resumed>) = ? [pid 986] +++ exited with 0 +++ [pid 976] +++ exited with 0 +++ [pid 993] <... munmap resumed>) = 0 [pid 993] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 8 [pid 993] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy) [pid 993] ioctl(8, LOOP_CLR_FD) = 0 [pid 991] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 991] ioctl(4, LOOP_CLR_FD) = 0 [pid 991] close(4) = 0 [pid 991] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=976, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 297] restart_syscall(<... resuming interrupted clone ...> [pid 991] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=974, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 993] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy) [pid 993] close(8) = 0 [pid 993] close(7) = 0 [pid 993] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 987] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 297] <... restart_syscall resumed>) = 0 [pid 993] <... futex resumed>) = 0 [pid 987] ioctl(4, LOOP_CLR_FD [pid 985] exit_group(0 [pid 987] <... ioctl resumed>) = 0 [pid 985] <... exit_group resumed>) = ? [pid 297] umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 993] +++ exited with 0 +++ [pid 987] close(4 [pid 297] <... openat resumed>) = 3 [pid 987] <... close resumed>) = 0 [pid 297] newfstatat(3, "", [pid 987] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 987] <... futex resumed>) = 0 [pid 297] getdents64(3, [pid 987] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 991] <... futex resumed>) = ? [pid 297] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 128 [pid 297] umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 982] exit_group(0 [pid 297] umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 987] <... futex resumed>) = ? [pid 982] <... exit_group resumed>) = ? [pid 988] <... futex resumed>) = ? [pid 987] +++ exited with 0 +++ [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 301] umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 301] openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 301] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] newfstatat(AT_FDCWD, "./35/bus", [pid 301] getdents64(3, 0x555556cc8730 /* 5 entries */, 32768) = 128 [pid 301] umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 301] umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 301] newfstatat(AT_FDCWD, "./31/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 301] unlink("./31/bus" [pid 975] +++ exited with 0 +++ [pid 301] <... unlink resumed>) = 0 [pid 301] umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 301] newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 301] unlink("./31/binderfs") = 0 [pid 301] umount2("./31/ext4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 301] newfstatat(AT_FDCWD, "./31/ext4", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 301] umount2("./31/ext4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 301] openat(AT_FDCWD, "./31/ext4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 301] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 301] getdents64(4, 0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 301] getdents64(4, 0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 301] close(4) = 0 [pid 301] rmdir("./31/ext4") = 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=975, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 297] unlink("./35/bus" [pid 301] getdents64(3, [pid 298] restart_syscall(<... resuming interrupted clone ...> [pid 297] <... unlink resumed>) = 0 [pid 301] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 297] umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 301] close(3 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 301] <... close resumed>) = 0 [pid 297] newfstatat(AT_FDCWD, "./35/binderfs", [pid 301] rmdir("./31" [pid 297] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 301] <... rmdir resumed>) = 0 [pid 298] <... restart_syscall resumed>) = 0 [pid 297] unlink("./35/binderfs" [pid 301] mkdir("./32", 0777) = 0 [pid 297] <... unlink resumed>) = 0 [pid 298] umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] umount2("./35/ext4", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 297] newfstatat(AT_FDCWD, "./35/ext4", [pid 301] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 298] <... openat resumed>) = 3 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 301] <... openat resumed>) = 3 [pid 298] newfstatat(3, "", [pid 297] umount2("./35/ext4", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] getdents64(3, [pid 297] openat(AT_FDCWD, "./35/ext4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 301] ioctl(3, LOOP_CLR_FD [pid 298] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 128 [pid 297] <... openat resumed>) = 4 [pid 298] umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] newfstatat(4, "", [pid 301] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 298] <... umount2 resumed>) = 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 301] close(3 [pid 298] umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 301] <... close resumed>) = 0 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] getdents64(4, [pid 301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 298] newfstatat(AT_FDCWD, "./31/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 301] <... clone resumed>, child_tidptr=0x555556cc7690) = 994 [pid 298] unlink("./31/bus" [pid 297] getdents64(4, [pid 298] <... unlink resumed>) = 0 [pid 297] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 298] umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] close(4 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] <... close resumed>) = 0 [pid 298] unlink("./31/binderfs" [pid 297] rmdir("./35/ext4"./strace-static-x86_64: Process 994 attached [pid 298] <... unlink resumed>) = 0 [pid 298] umount2("./31/ext4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./31/ext4", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] umount2("./31/ext4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] <... rmdir resumed>) = 0 [pid 298] openat(AT_FDCWD, "./31/ext4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 297] getdents64(3, [pid 298] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 298] getdents64(4, [pid 297] close(3 [pid 298] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 298] getdents64(4, [pid 297] <... close resumed>) = 0 [pid 298] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 298] close(4) = 0 [pid 297] rmdir("./35" [pid 298] rmdir("./31/ext4") = 0 [pid 298] getdents64(3, [pid 297] <... rmdir resumed>) = 0 [pid 298] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 297] mkdir("./36", 0777 [pid 298] close(3) = 0 [pid 298] rmdir("./31") = 0 [pid 297] <... mkdir resumed>) = 0 [pid 994] set_robust_list(0x555556cc76a0, 24 [pid 989] +++ exited with 0 +++ [pid 977] +++ exited with 0 +++ [pid 298] mkdir("./32", 0777 [pid 297] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 298] <... mkdir resumed>) = 0 [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=977, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 298] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 297] <... openat resumed>) = 3 [pid 299] umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] <... openat resumed>) = 3 [pid 297] ioctl(3, LOOP_CLR_FD [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] ioctl(3, LOOP_CLR_FD [pid 297] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 299] openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 298] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 297] close(3 [pid 299] <... openat resumed>) = 3 [pid 298] close(3 [pid 299] newfstatat(3, "", [pid 298] <... close resumed>) = 0 [pid 297] <... close resumed>) = 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 995 attached [pid 994] <... set_robust_list resumed>) = 0 [pid 299] getdents64(3, [pid 995] set_robust_list(0x555556cc76a0, 24 [pid 298] <... clone resumed>, child_tidptr=0x555556cc7690) = 995 [pid 995] <... set_robust_list resumed>) = 0 [pid 995] chdir("./32") = 0 [pid 299] <... getdents64 resumed>0x555556cc8730 /* 4 entries */, 32768) = 104 [pid 995] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 299] umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] <... clone resumed>, child_tidptr=0x555556cc7690) = 996 [pid 995] <... prctl resumed>) = 0 [pid 995] setpgid(0, 0 [pid 299] <... umount2 resumed>) = 0 [pid 299] umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 995] <... setpgid resumed>) = 0 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./30/bus", [pid 995] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 299] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 995] <... openat resumed>) = 3 [pid 299] unlink("./30/bus" [pid 995] write(3, "1000", 4) = 4 [pid 995] close(3) = 0 [pid 995] symlink("/dev/binderfs", "./binderfs"./strace-static-x86_64: Process 996 attached ) = 0 [pid 994] chdir("./32" [pid 299] <... unlink resumed>) = 0 [pid 995] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 994] <... chdir resumed>) = 0 [pid 299] umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 995] <... futex resumed>) = 0 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 995] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 299] newfstatat(AT_FDCWD, "./30/binderfs", [pid 995] <... rt_sigaction resumed>NULL, 8) = 0 [pid 995] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 995] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220445000 [pid 995] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 995] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 995] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 299] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] unlink("./30/binderfs" [pid 995] <... clone3 resumed> => {parent_tid=[997]}, 88) = 997 [pid 995] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 995] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 299] <... unlink resumed>) = 0 [pid 995] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] getdents64(3, [pid 995] <... futex resumed>) = 0 [pid 299] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 995] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 299] close(3 [pid 995] <... mmap resumed>) = 0x7f6220424000 [pid 995] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 299] <... close resumed>) = 0 [pid 995] <... mprotect resumed>) = 0 [pid 994] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 299] rmdir("./30" [pid 995] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 995] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 299] <... rmdir resumed>) = 0 [pid 995] <... clone3 resumed> => {parent_tid=[998]}, 88) = 998 [pid 299] mkdir("./31", 0777 [pid 995] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 995] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 995] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 997 attached [pid 997] set_robust_list(0x7f62204659a0, 24) = 0 [pid 299] <... mkdir resumed>) = 0 [pid 299] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 997] rt_sigprocmask(SIG_SETMASK, [], [pid 299] <... openat resumed>) = 3 [pid 299] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 299] close(3) = 0 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 997] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 997] memfd_create("syzkaller", 0) = 3 [pid 997] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6218024000 [pid 299] <... clone resumed>, child_tidptr=0x555556cc7690) = 999 [pid 994] <... prctl resumed>) = 0 [pid 994] setpgid(0, 0) = 0 [pid 994] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 ./strace-static-x86_64: Process 999 attached ./strace-static-x86_64: Process 998 attached [pid 996] set_robust_list(0x555556cc76a0, 24 [pid 994] write(3, "1000", 4 [pid 996] <... set_robust_list resumed>) = 0 [pid 994] <... write resumed>) = 4 [pid 999] set_robust_list(0x555556cc76a0, 24 [pid 998] set_robust_list(0x7f62204449a0, 24 [pid 997] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 994] close(3 [pid 996] chdir("./36" [pid 994] <... close resumed>) = 0 [pid 994] symlink("/dev/binderfs", "./binderfs" [pid 999] <... set_robust_list resumed>) = 0 [pid 999] chdir("./31") = 0 [pid 999] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 999] setpgid(0, 0) = 0 [pid 994] <... symlink resumed>) = 0 [pid 999] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 994] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 998] <... set_robust_list resumed>) = 0 [pid 996] <... chdir resumed>) = 0 [pid 999] <... openat resumed>) = 3 [pid 998] rt_sigprocmask(SIG_SETMASK, [], [pid 996] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 994] <... futex resumed>) = 0 [pid 994] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, NULL, 8) = 0 [pid 996] <... prctl resumed>) = 0 [pid 994] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 996] setpgid(0, 0 [pid 994] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 999] write(3, "1000", 4 [pid 998] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 996] <... setpgid resumed>) = 0 [pid 994] <... mmap resumed>) = 0x7f6220445000 [pid 997] <... write resumed>) = 262144 [pid 997] munmap(0x7f6218024000, 262144) = 0 [pid 997] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 997] ioctl(4, LOOP_SET_FD, 3 [pid 994] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 996] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 994] rt_sigprocmask(SIG_BLOCK, ~[], [pid 999] <... write resumed>) = 4 [pid 998] creat("./bus", 000 [pid 996] <... openat resumed>) = 3 [pid 994] <... rt_sigprocmask resumed>[], 8) = 0 [ 29.240526][ T987] EXT4-fs (loop4): get orphan inode failed [ 29.254024][ T987] EXT4-fs (loop4): mount failed [ 29.263119][ T991] EXT4-fs (loop0): Magic mismatch, very weird! [pid 999] close(3 [pid 998] <... creat resumed>) = 5 [pid 996] write(3, "1000", 4 [pid 994] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 999] <... close resumed>) = 0 [pid 998] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 996] <... write resumed>) = 4 [pid 999] symlink("/dev/binderfs", "./binderfs" [pid 998] <... futex resumed>) = 1 [pid 996] close(3 [pid 994] <... clone3 resumed> => {parent_tid=[1000]}, 88) = 1000 [pid 999] <... symlink resumed>) = 0 [pid 998] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 996] <... close resumed>) = 0 [pid 994] rt_sigprocmask(SIG_SETMASK, [], [pid 999] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 996] symlink("/dev/binderfs", "./binderfs" [pid 994] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 999] <... futex resumed>) = 0 [pid 996] <... symlink resumed>) = 0 [pid 994] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 999] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 996] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 994] <... futex resumed>) = 0 [pid 999] <... rt_sigaction resumed>NULL, 8) = 0 [pid 996] <... futex resumed>) = 0 [pid 994] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 999] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 996] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 994] <... futex resumed>) = 0 [pid 999] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 996] <... rt_sigaction resumed>NULL, 8) = 0 [pid 994] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 999] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 996] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 994] <... mmap resumed>) = 0x7f6220424000 [pid 999] <... mmap resumed>) = 0x7f6220445000 [pid 996] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 994] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 999] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 996] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 994] <... mprotect resumed>) = 0 ./strace-static-x86_64: Process 1000 attached [pid 999] <... mprotect resumed>) = 0 [pid 997] <... ioctl resumed>) = 0 [pid 996] <... mmap resumed>) = 0x7f6220445000 [pid 995] <... futex resumed>) = 0 [pid 994] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1000] set_robust_list(0x7f62204659a0, 24 [pid 997] close(3 [pid 996] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 995] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 994] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1000] <... set_robust_list resumed>) = 0 [pid 999] rt_sigprocmask(SIG_BLOCK, ~[], [pid 998] <... futex resumed>) = 0 [pid 997] <... close resumed>) = 0 [pid 996] <... mprotect resumed>) = 0 [pid 995] <... futex resumed>) = 1 [pid 994] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 1000] rt_sigprocmask(SIG_SETMASK, [], [pid 998] mount("/dev/loop2", "./bus", NULL, MS_BIND, NULL [pid 997] mkdir("./file0", 0777 [pid 995] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1001 attached [pid 1000] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 999] <... rt_sigprocmask resumed>[], 8) = 0 [pid 998] <... mount resumed>) = 0 [pid 997] <... mkdir resumed>) = 0 [pid 996] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1000] memfd_create("syzkaller", 0 [pid 998] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1000] <... memfd_create resumed>) = 3 [pid 998] <... futex resumed>) = 1 [pid 997] mount("/dev/loop2", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 995] <... futex resumed>) = 0 [pid 1000] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 998] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 995] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 994] <... clone3 resumed> => {parent_tid=[1001]}, 88) = 1001 [pid 988] +++ exited with 0 +++ [pid 982] +++ exited with 0 +++ [pid 1000] <... mmap resumed>) = 0x7f6218024000 [pid 998] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 995] <... futex resumed>) = 0 [pid 300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=982, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- [pid 1000] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 998] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 995] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1000] <... write resumed>) = 262144 [pid 998] <... open resumed>) = 3 [pid 1000] munmap(0x7f6218024000, 262144 [pid 998] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1000] <... munmap resumed>) = 0 [pid 998] <... futex resumed>) = 1 [pid 995] <... futex resumed>) = 0 [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1000] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 998] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 995] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1000] <... openat resumed>) = 4 [pid 998] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 995] <... futex resumed>) = 0 [pid 300] <... openat resumed>) = 3 [pid 1000] ioctl(4, LOOP_SET_FD, 3 [pid 998] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 995] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 300] newfstatat(3, "", [pid 1001] set_robust_list(0x7f62204449a0, 24 [pid 999] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 998] <... socket resumed>) = 6 [pid 996] <... rt_sigprocmask resumed>[], 8) = 0 [pid 994] rt_sigprocmask(SIG_SETMASK, [], [pid 1001] <... set_robust_list resumed>) = 0 [pid 996] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 994] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1001] rt_sigprocmask(SIG_SETMASK, [], [pid 999] <... clone3 resumed> => {parent_tid=[1002]}, 88) = 1002 [pid 994] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1001] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 999] rt_sigprocmask(SIG_SETMASK, [], [pid 996] <... clone3 resumed> => {parent_tid=[1003]}, 88) = 1003 [pid 994] <... futex resumed>) = 0 [pid 1001] creat("./bus", 000 [pid 999] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 996] rt_sigprocmask(SIG_SETMASK, [], [pid 994] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1003 attached ./strace-static-x86_64: Process 1002 attached [pid 1001] <... creat resumed>) = 5 [pid 1000] <... ioctl resumed>) = 0 [pid 999] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 998] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 996] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 991] +++ exited with 0 +++ [pid 985] +++ exited with 0 +++ [pid 300] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1001] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 999] <... futex resumed>) = 0 [pid 996] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=985, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 1001] <... futex resumed>) = 1 [pid 999] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 996] <... futex resumed>) = 0 [pid 994] <... futex resumed>) = 0 [pid 1001] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 999] <... futex resumed>) = 0 [pid 996] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 994] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1001] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 999] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 996] <... futex resumed>) = 0 [pid 994] <... futex resumed>) = 0 [pid 296] umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1001] mount("/dev/loop5", "./bus", NULL, MS_BIND, NULL [pid 999] <... mmap resumed>) = 0x7f6220424000 [pid 996] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 994] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1001] <... mount resumed>) = 0 [pid 999] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 996] <... mmap resumed>) = 0x7f6220424000 [pid 296] openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1001] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 999] <... mprotect resumed>) = 0 [pid 996] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 296] <... openat resumed>) = 3 [pid 1001] <... futex resumed>) = 1 [pid 999] rt_sigprocmask(SIG_BLOCK, ~[], [pid 996] <... mprotect resumed>) = 0 [pid 994] <... futex resumed>) = 0 [pid 296] newfstatat(3, "", [pid 1001] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 999] <... rt_sigprocmask resumed>[], 8) = 0 [pid 996] rt_sigprocmask(SIG_BLOCK, ~[], [pid 994] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1001] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 999] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 996] <... rt_sigprocmask resumed>[], 8) = 0 [pid 994] <... futex resumed>) = 0 [pid 296] getdents64(3, [pid 1001] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 996] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 994] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 296] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 1001] <... open resumed>) = 6 [pid 999] <... clone3 resumed> => {parent_tid=[1006]}, 88) = 1006 [pid 296] umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1001] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 999] rt_sigprocmask(SIG_SETMASK, [], [pid 996] <... clone3 resumed> => {parent_tid=[1007]}, 88) = 1007 [pid 1001] <... futex resumed>) = 1 [pid 999] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 996] rt_sigprocmask(SIG_SETMASK, [], [pid 994] <... futex resumed>) = 0 [pid 1001] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 999] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 996] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 994] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1001] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 999] <... futex resumed>) = 0 [pid 996] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 994] <... futex resumed>) = 0 [pid 1001] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 999] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 996] <... futex resumed>) = 0 [pid 994] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1001] <... socket resumed>) = 7 [pid 996] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1001] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 994] <... futex resumed>) = 0 [pid 1001] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 994] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1001] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 994] <... futex resumed>) = 0 [pid 1001] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 6, 0 [pid 994] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1001] <... mmap resumed>) = 0x20000000 [pid 1001] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 994] <... futex resumed>) = 0 [pid 1001] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 994] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1001] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 994] <... futex resumed>) = 0 ./strace-static-x86_64: Process 1007 attached [pid 1007] set_robust_list(0x7f62204449a0, 24) = 0 [pid 1007] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1003] set_robust_list(0x7f62204659a0, 24 [pid 1001] memfd_create("syzkaller", 0 [pid 1000] close(3 [pid 998] <... futex resumed>) = 1 [pid 995] <... futex resumed>) = 0 [pid 300] getdents64(3, [pid 296] <... umount2 resumed>) = 0 [pid 1001] <... memfd_create resumed>) = 8 [pid 998] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 995] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 296] umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1001] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 998] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 995] <... futex resumed>) = 0 [pid 300] umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1001] <... mmap resumed>) = 0x7f620fc64000 [pid 998] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 3, 0 [pid 995] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 296] newfstatat(AT_FDCWD, "./28/bus", [pid 1007] creat("./bus", 000 [pid 1003] <... set_robust_list resumed>) = 0 [pid 1002] set_robust_list(0x7f62204659a0, 24 [pid 1001] write(8, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 1000] <... close resumed>) = 0 [pid 300] <... umount2 resumed>) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 ./strace-static-x86_64: Process 1006 attached [pid 1007] <... creat resumed>) = 3 [pid 1003] rt_sigprocmask(SIG_SETMASK, [], [pid 1002] <... set_robust_list resumed>) = 0 [pid 1001] <... write resumed>) = 65536 [pid 1000] mkdir(0x20000000, 0777 [pid 300] umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] unlink("./28/bus" [pid 1007] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1006] set_robust_list(0x7f62204449a0, 24 [pid 1003] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1002] rt_sigprocmask(SIG_SETMASK, [], [pid 1001] munmap(0x7f620fc64000, 65536 [pid 1000] <... mkdir resumed>) = 0 [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... unlink resumed>) = 0 [pid 1007] <... futex resumed>) = 1 [pid 1006] <... set_robust_list resumed>) = 0 [pid 1003] memfd_create("syzkaller", 0 [pid 1002] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1001] <... munmap resumed>) = 0 [pid 1000] mount("/dev/loop5", 0x20000000, 0x200005c0, MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"... [pid 996] <... futex resumed>) = 0 [pid 300] newfstatat(AT_FDCWD, "./30/bus", [pid 296] umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1007] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1006] rt_sigprocmask(SIG_SETMASK, [], [pid 1003] <... memfd_create resumed>) = 4 [pid 1002] memfd_create("syzkaller", 0 [pid 1001] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 1000] <... mount resumed>) = -1 ENODEV (No such device) [pid 996] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1007] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1006] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1003] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1002] <... memfd_create resumed>) = 3 [pid 1001] <... openat resumed>) = 3 [pid 1000] ioctl(4, LOOP_CLR_FD [pid 996] <... futex resumed>) = 0 [pid 300] unlink("./30/bus" [pid 296] newfstatat(AT_FDCWD, "./28/binderfs", [pid 1007] mount("/dev/loop1", "./bus", NULL, MS_BIND, NULL [pid 1006] creat("./bus", 000 [pid 1003] <... mmap resumed>) = 0x7f6218024000 [pid 1002] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1001] ioctl(3, LOOP_SET_FD, 8 [pid 1000] <... ioctl resumed>) = 0 [pid 997] <... mount resumed>) = 0 [pid 996] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 300] <... unlink resumed>) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1007] <... mount resumed>) = 0 [pid 1006] <... creat resumed>) = 4 [ 29.302415][ T997] loop2: detected capacity change from 0 to 512 [ 29.314793][ T1000] loop5: detected capacity change from 0 to 512 [ 29.323764][ T997] EXT4-fs (loop2): mounted filesystem without journal. Opts: nodiscard,barrier,nouid32,grpquota,,errors=continue. Quota mode: writeback. [ 29.337725][ T997] ext4 filesystem being mounted at /root/syzkaller.4RDDfu/32/file0 supports timestamps until 2038 (0x7fffffff) [pid 1003] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 265739 [pid 1002] <... mmap resumed>) = 0x7f6218024000 [pid 1001] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 1000] close(4 [pid 997] openat(AT_FDCWD, 0x20000000, O_RDONLY|O_DIRECTORY [pid 300] umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] unlink("./28/binderfs" [pid 1007] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1006] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1003] <... write resumed>) = 265739 [pid 1001] ioctl(3, LOOP_CLR_FD [pid 1000] <... close resumed>) = 0 [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... unlink resumed>) = 0 [pid 1007] <... futex resumed>) = 1 [pid 1006] <... futex resumed>) = 0 [pid 1003] munmap(0x7f6218024000, 265739 [pid 1002] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 1001] <... ioctl resumed>) = 0 [pid 1000] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 999] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 997] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 996] <... futex resumed>) = 0 [pid 300] newfstatat(AT_FDCWD, "./30/binderfs", [pid 296] umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1007] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1006] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1003] <... munmap resumed>) = 0 [pid 1000] <... futex resumed>) = 0 [pid 999] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 996] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1007] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1003] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 1000] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 999] <... futex resumed>) = 0 [pid 996] <... futex resumed>) = 0 [pid 300] unlink("./30/binderfs" [pid 296] newfstatat(AT_FDCWD, "./28/file0", [pid 1007] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 1006] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1003] <... openat resumed>) = 5 [pid 1002] <... write resumed>) = 262144 [pid 999] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 997] ioctl(4, LOOP_CLR_FD [pid 996] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 300] <... unlink resumed>) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1007] <... open resumed>) = 6 [pid 1006] mount("/dev/loop3", "./bus", NULL, MS_BIND, NULL [pid 1003] ioctl(5, LOOP_SET_FD, 4 [pid 1002] munmap(0x7f6218024000, 262144 [pid 998] <... mmap resumed>) = 0x20000000 [pid 997] <... ioctl resumed>) = 0 [pid 300] umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1007] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1006] <... mount resumed>) = 0 [pid 1002] <... munmap resumed>) = 0 [pid 1001] ioctl(3, LOOP_SET_FD, 8 [pid 997] close(4 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1006] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1002] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 1001] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 997] <... close resumed>) = 0 [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1006] <... futex resumed>) = 1 [pid 1002] <... openat resumed>) = 5 [pid 997] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1006] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1002] ioctl(5, LOOP_SET_FD, 3 [pid 997] <... futex resumed>) = 0 [pid 1007] <... futex resumed>) = 1 [pid 1003] <... ioctl resumed>) = 0 [pid 1002] <... ioctl resumed>) = 0 [pid 1001] close(3 [pid 999] <... futex resumed>) = 0 [pid 998] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 997] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 996] <... futex resumed>) = 0 [pid 995] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 300] newfstatat(AT_FDCWD, "./30/file0", [pid 296] openat(AT_FDCWD, "./28/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1002] close(3) = 0 [pid 1002] mkdir("./file0", 0777 [pid 1007] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1002] <... mkdir resumed>) = 0 [pid 1001] <... close resumed>) = 0 [pid 999] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 996] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 995] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1007] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1006] <... futex resumed>) = 0 [pid 1002] mount("/dev/loop3", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 1001] close(8 [pid 999] <... futex resumed>) = 1 [pid 998] <... futex resumed>) = 0 [pid 997] <... futex resumed>) = 0 [pid 996] <... futex resumed>) = 0 [pid 995] <... futex resumed>) = 1 [pid 296] <... openat resumed>) = 4 [pid 1007] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 1006] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 1003] close(4 [pid 300] umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1001] <... close resumed>) = 0 [pid 999] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 997] memfd_create("syzkaller", 0 [pid 996] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1007] <... socket resumed>) = 7 [pid 296] newfstatat(4, "", [pid 1006] <... open resumed>) = 3 [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 300] openat(AT_FDCWD, "./30/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 296] getdents64(4, [pid 1007] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1006] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1001] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 999] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 998] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 997] <... memfd_create resumed>) = 4 [pid 300] <... openat resumed>) = 4 [pid 296] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 1003] <... close resumed>) = 0 [pid 1003] mkdir("./file0", 0777 [pid 1007] <... futex resumed>) = 1 [pid 1006] <... futex resumed>) = 0 [pid 1003] <... mkdir resumed>) = 0 [pid 1001] <... futex resumed>) = 0 [pid 999] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 997] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 996] <... futex resumed>) = 0 [pid 300] newfstatat(4, "", [pid 296] getdents64(4, [pid 1007] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1006] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 997] <... mmap resumed>) = 0x7f620fc64000 [pid 996] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 1007] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1006] <... socket resumed>) = 6 [pid 1001] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 996] <... futex resumed>) = 0 [pid 300] getdents64(4, [pid 296] close(4 [pid 1003] mount("/dev/loop1", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 997] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 996] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1007] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 6, 0 [pid 300] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 1006] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 999] <... futex resumed>) = 0 [pid 296] <... close resumed>) = 0 [pid 1007] <... mmap resumed>) = 0x20000000 [pid 1006] <... futex resumed>) = 0 [pid 999] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 997] <... write resumed>) = 65536 [pid 994] exit_group(0 [pid 300] getdents64(4, [pid 296] rmdir("./28/file0" [pid 1007] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1006] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1000] <... futex resumed>) = ? [pid 999] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 997] munmap(0x7f620fc64000, 65536 [pid 994] <... exit_group resumed>) = ? [pid 300] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 1007] <... futex resumed>) = 1 [pid 1001] <... futex resumed>) = ? [pid 1000] +++ exited with 0 +++ [pid 999] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 997] <... munmap resumed>) = 0 [pid 996] <... futex resumed>) = 0 [pid 300] close(4 [pid 296] <... rmdir resumed>) = 0 [pid 1006] <... futex resumed>) = 0 [pid 1001] +++ exited with 0 +++ [pid 999] <... futex resumed>) = 1 [pid 996] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 994] +++ exited with 0 +++ [pid 300] <... close resumed>) = 0 [pid 296] getdents64(3, [pid 1006] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 3, 0 [pid 999] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 996] <... futex resumed>) = 0 [pid 300] rmdir("./30/file0" [pid 296] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 1006] <... mmap resumed>) = 0x20000000 [pid 301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=994, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 1007] memfd_create("syzkaller", 0 [pid 1006] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 999] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 997] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 301] restart_syscall(<... resuming interrupted clone ...> [pid 300] <... rmdir resumed>) = 0 [pid 296] close(3 [pid 1007] <... memfd_create resumed>) = 4 [pid 1006] <... futex resumed>) = 0 [pid 999] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 997] <... openat resumed>) = 7 [pid 301] <... restart_syscall resumed>) = 0 [pid 1007] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1006] memfd_create("syzkaller", 0 [pid 296] <... close resumed>) = 0 [pid 1007] <... mmap resumed>) = 0x7f620fc65000 [pid 999] <... futex resumed>) = 0 [pid 300] getdents64(3, [pid 1006] <... memfd_create resumed>) = 7 [pid 1007] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 1006] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 300] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 301] umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] rmdir("./28" [pid 1007] <... write resumed>) = 65536 [pid 1006] <... mmap resumed>) = 0x7f620fc64000 [pid 997] ioctl(7, LOOP_SET_FD, 4 [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 300] close(3 [pid 296] <... rmdir resumed>) = 0 [pid 1006] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 301] openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 300] <... close resumed>) = 0 [pid 301] <... openat resumed>) = 3 [pid 300] rmdir("./30" [pid 301] newfstatat(3, "", [pid 997] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 296] mkdir("./29", 0777 [pid 300] <... rmdir resumed>) = 0 [pid 301] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1007] munmap(0x7f620fc65000, 65536 [pid 1006] <... write resumed>) = 65536 [pid 997] ioctl(7, LOOP_CLR_FD [pid 301] getdents64(3, [pid 300] mkdir("./31", 0777 [pid 296] <... mkdir resumed>) = 0 [pid 1007] <... munmap resumed>) = 0 [pid 1007] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 8 [pid 1007] ioctl(8, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 1007] ioctl(8, LOOP_CLR_FD) = 0 [pid 1006] munmap(0x7f620fc64000, 65536) = 0 [pid 997] <... ioctl resumed>) = 0 [pid 1006] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 8 [pid 1006] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy) [pid 301] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 128 [pid 1006] ioctl(8, LOOP_CLR_FD) = 0 [pid 296] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 300] <... mkdir resumed>) = 0 [pid 296] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 296] close(3 [pid 301] umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 296] <... close resumed>) = 0 [pid 1007] ioctl(8, LOOP_SET_FD, 4 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1007] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 1007] close(8 [pid 1006] ioctl(8, LOOP_SET_FD, 7 [pid 296] <... clone resumed>, child_tidptr=0x555556cc7690) = 1010 [pid 1007] <... close resumed>) = 0 [pid 1006] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 1007] close(4 [pid 1006] close(8 [pid 1007] <... close resumed>) = 0 [pid 1006] <... close resumed>) = 0 [pid 1007] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1006] close(7 [pid 1007] <... futex resumed>) = 0 [pid 1006] <... close resumed>) = 0 [pid 1007] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1006] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1006] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 301] <... umount2 resumed>) = 0 [pid 997] ioctl(7, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 300] <... openat resumed>) = 3 [ 29.392824][ T1003] loop1: detected capacity change from 0 to 519 [ 29.397148][ T1002] loop3: detected capacity change from 0 to 512 [ 29.422887][ T1003] EXT4-fs (loop1): Magic mismatch, very weird! [ 29.430911][ T1008] EXT4-fs warning (device loop3): kmmpd:170: kmmpd being stopped since MMP feature has been disabled. [pid 301] umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 1010 attached [pid 1010] set_robust_list(0x555556cc76a0, 24) = 0 [pid 1010] chdir("./29") = 0 [pid 1010] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1010] setpgid(0, 0) = 0 [pid 1010] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1010] write(3, "1000", 4) = 4 [pid 1010] close(3) = 0 [pid 1010] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1010] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1010] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, NULL, 8) = 0 [pid 1010] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1010] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220445000 [pid 1010] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1010] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1010] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} => {parent_tid=[1011]}, 88) = 1011 [pid 1010] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1010] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1010] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1010] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220424000 [pid 1010] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1010] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1010] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} => {parent_tid=[1012]}, 88) = 1012 [pid 1010] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1010] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 997] close(7 [pid 1010] <... futex resumed>) = 0 [pid 997] <... close resumed>) = 0 [pid 997] close(4 [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 300] ioctl(3, LOOP_CLR_FD [pid 1003] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 997] <... close resumed>) = 0 [pid 301] newfstatat(AT_FDCWD, "./32/bus", [pid 1003] ioctl(5, LOOP_CLR_FD [pid 997] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 301] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1003] <... ioctl resumed>) = 0 [pid 997] <... futex resumed>) = 0 [pid 301] unlink("./32/bus" [pid 300] close(3 [pid 1003] close(5 [pid 997] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1003] <... close resumed>) = 0 [pid 301] <... unlink resumed>) = 0 [pid 300] <... close resumed>) = 0 [pid 995] exit_group(0 [pid 301] umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1003] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 998] <... futex resumed>) = ? [pid 997] <... futex resumed>) = ? [pid 995] <... exit_group resumed>) = ? [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1003] <... futex resumed>) = 0 [pid 998] +++ exited with 0 +++ [pid 1010] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1011 attached [pid 1011] set_robust_list(0x7f62204659a0, 24 [pid 997] +++ exited with 0 +++ [pid 995] +++ exited with 0 +++ [pid 996] exit_group(0 [pid 1007] <... futex resumed>) = ? [pid 996] <... exit_group resumed>) = ? [pid 301] newfstatat(AT_FDCWD, "./32/binderfs", [pid 300] <... clone resumed>, child_tidptr=0x555556cc7690) = 1013 [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=995, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 1007] +++ exited with 0 +++ [pid 301] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 298] umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 301] unlink("./32/binderfs" [pid 298] <... openat resumed>) = 3 [pid 298] newfstatat(3, "", [pid 301] <... unlink resumed>) = 0 [pid 301] umount2("./32/ext4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 301] newfstatat(AT_FDCWD, "./32/ext4", [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 301] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 301] umount2("./32/ext4", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] getdents64(3, [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 301] openat(AT_FDCWD, "./32/ext4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 298] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 301] <... openat resumed>) = 4 [pid 301] newfstatat(4, "", [pid 298] umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 301] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 301] getdents64(4, [pid 298] <... umount2 resumed>) = 0 [pid 301] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 298] umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 301] getdents64(4, 0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 301] close(4) = 0 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 301] rmdir("./32/ext4" [pid 298] newfstatat(AT_FDCWD, "./32/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 301] <... rmdir resumed>) = 0 [pid 298] unlink("./32/bus" [pid 301] getdents64(3, 0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 298] <... unlink resumed>) = 0 [pid 301] close(3 [pid 298] umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 301] <... close resumed>) = 0 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 301] rmdir("./32" [pid 298] newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 301] <... rmdir resumed>) = 0 [pid 298] unlink("./32/binderfs" [pid 301] mkdir("./33", 0777 [pid 298] <... unlink resumed>) = 0 [pid 298] umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 1013 attached [pid 301] <... mkdir resumed>) = 0 [pid 1013] set_robust_list(0x555556cc76a0, 24 [pid 301] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 1011] <... set_robust_list resumed>) = 0 [pid 1013] <... set_robust_list resumed>) = 0 [pid 301] <... openat resumed>) = 3 ./strace-static-x86_64: Process 1012 attached [pid 1011] rt_sigprocmask(SIG_SETMASK, [], [pid 301] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 1011] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 301] close(3 [pid 1011] memfd_create("syzkaller", 0 [pid 301] <... close resumed>) = 0 [pid 301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1011] <... memfd_create resumed>) = 3 [pid 1011] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0./strace-static-x86_64: Process 1014 attached [pid 1014] set_robust_list(0x555556cc76a0, 24 [pid 301] <... clone resumed>, child_tidptr=0x555556cc7690) = 1014 [pid 1014] <... set_robust_list resumed>) = 0 [pid 1014] chdir("./33" [pid 1013] chdir("./31" [pid 1014] <... chdir resumed>) = 0 [pid 1013] <... chdir resumed>) = 0 [pid 1013] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1013] setpgid(0, 0 [pid 1014] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1014] setpgid(0, 0) = 0 [pid 1014] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1014] write(3, "1000", 4) = 4 [pid 1014] close(3) = 0 [pid 1014] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1014] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1014] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, NULL, 8) = 0 [pid 1014] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1014] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220445000 [pid 1014] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1014] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1014] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} => {parent_tid=[1015]}, 88) = 1015 [pid 1014] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1014] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1014] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1014] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220424000 [pid 1014] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1014] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1014] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} => {parent_tid=[1016]}, 88) = 1016 [pid 1014] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1014] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1014] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1015 attached [pid 1015] set_robust_list(0x7f62204659a0, 24) = 0 [pid 1015] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1015] memfd_create("syzkaller", 0) = 3 [pid 1015] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6218024000 [pid 1015] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 1015] munmap(0x7f6218024000, 262144) = 0 [pid 1015] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 1015] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 1016 attached [pid 1013] <... setpgid resumed>) = 0 [pid 1012] set_robust_list(0x7f62204449a0, 24 [pid 1011] <... mmap resumed>) = 0x7f6218024000 [pid 1015] <... ioctl resumed>) = 0 [pid 1015] close(3) = 0 [pid 1015] mkdir("./file0", 0777) = 0 [pid 1015] mount("/dev/loop5", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 1016] set_robust_list(0x7f62204449a0, 24) = 0 [pid 1016] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1016] creat("./bus", 000) = 3 [pid 1016] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1014] <... futex resumed>) = 0 [pid 1016] mount("/dev/loop5", "./bus", NULL, MS_BIND, NULL [pid 1014] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1016] <... mount resumed>) = 0 [pid 1014] <... futex resumed>) = 0 [pid 1016] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1014] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1016] <... futex resumed>) = 0 [pid 1014] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1016] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 1014] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1016] <... open resumed>) = 5 [pid 1014] <... futex resumed>) = 0 [pid 1016] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1014] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1016] <... futex resumed>) = 0 [pid 1014] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1016] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 1014] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1016] <... socket resumed>) = 6 [pid 1014] <... futex resumed>) = 0 [pid 1016] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1014] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1016] <... futex resumed>) = 0 [pid 1014] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1016] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 1014] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1016] <... mmap resumed>) = 0x20000000 [pid 1014] <... futex resumed>) = 0 [pid 1016] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1014] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1016] <... futex resumed>) = 0 [pid 1014] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1003] +++ exited with 0 +++ [pid 996] +++ exited with 0 +++ [pid 1014] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1013] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1012] <... set_robust_list resumed>) = 0 [pid 1014] <... futex resumed>) = 0 [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=996, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 1012] rt_sigprocmask(SIG_SETMASK, [], [pid 1013] <... openat resumed>) = 3 [pid 1012] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1013] write(3, "1000", 4 [pid 1012] creat("./bus", 000 [pid 297] umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1013] <... write resumed>) = 4 [pid 1012] <... creat resumed>) = 4 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1013] close(3 [pid 1012] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1011] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 1012] <... futex resumed>) = 1 [pid 1010] <... futex resumed>) = 0 [pid 297] openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1013] <... close resumed>) = 0 [pid 1010] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1013] symlink("/dev/binderfs", "./binderfs" [pid 1012] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 1010] <... futex resumed>) = 0 [pid 297] <... openat resumed>) = 3 [pid 1011] <... write resumed>) = 262144 [pid 1010] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] newfstatat(3, "", [pid 1012] <... mount resumed>) = 0 [pid 1013] <... symlink resumed>) = 0 [pid 1012] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1013] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1012] <... futex resumed>) = 1 [pid 1011] munmap(0x7f6218024000, 262144 [pid 1010] <... futex resumed>) = 0 [pid 297] getdents64(3, [pid 1013] <... futex resumed>) = 0 [pid 1012] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1010] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1013] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 1012] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1010] <... futex resumed>) = 0 [pid 297] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 1011] <... munmap resumed>) = 0 [pid 1012] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 1010] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] umount2("./36/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1013] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1011] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1012] <... open resumed>) = 5 [pid 1013] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 297] <... umount2 resumed>) = 0 [pid 1012] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] umount2("./36/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1013] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1011] <... openat resumed>) = 6 [ 29.447368][ T1002] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 29.470055][ T1002] EXT4-fs error (device loop3): ext4_init_orphan_info:586: comm syz-executor172: inode #0: comm syz-executor172: iget: illegal inode # [ 29.480560][ T1015] loop5: detected capacity change from 0 to 512 [ 29.486208][ T1002] EXT4-fs (loop3): get orphan inode failed [pid 1013] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1012] <... futex resumed>) = 1 [pid 1010] <... futex resumed>) = 0 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1016] memfd_create("syzkaller", 0 [pid 1013] <... mmap resumed>) = 0x7f6220445000 [pid 1012] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 1011] ioctl(6, LOOP_SET_FD, 3 [pid 1010] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] newfstatat(AT_FDCWD, "./36/bus", [pid 298] <... umount2 resumed>) = 0 [pid 298] umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./32/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./32/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 298] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(4, 0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 298] getdents64(4, 0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 298] close(4) = 0 [pid 298] rmdir("./32/file0") = 0 [pid 298] getdents64(3, 0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 298] close(3) = 0 [pid 298] rmdir("./32") = 0 [pid 298] mkdir("./33", 0777) = 0 [pid 298] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 298] ioctl(3, LOOP_CLR_FD [pid 1016] <... memfd_create resumed>) = 7 [pid 1013] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 1012] <... socket resumed>) = 7 [pid 1010] <... futex resumed>) = 0 [pid 298] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 297] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1016] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1013] <... mprotect resumed>) = 0 [pid 1010] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] close(3 [pid 1016] <... mmap resumed>) = 0x7f620fc64000 [pid 298] <... close resumed>) = 0 [pid 1013] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1012] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 297] unlink("./36/bus" [pid 298] <... clone resumed>, child_tidptr=0x555556cc7690) = 1018 ./strace-static-x86_64: Process 1018 attached [pid 1018] set_robust_list(0x555556cc76a0, 24) = 0 [pid 1018] chdir("./33") = 0 [pid 1018] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1018] setpgid(0, 0) = 0 [pid 1018] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1018] write(3, "1000", 4) = 4 [pid 1018] close(3) = 0 [pid 1018] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1018] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1018] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, NULL, 8) = 0 [pid 1018] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1018] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220445000 [pid 1018] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1018] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1016] munmap(0x7f620fc64000, 138412032 [pid 1012] <... futex resumed>) = 1 [pid 1010] <... futex resumed>) = 0 [pid 297] <... unlink resumed>) = 0 [pid 1016] <... munmap resumed>) = 0 [pid 1013] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1012] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 1010] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1016] close(7 [pid 1013] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 1011] <... ioctl resumed>) = 0 [pid 1002] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 1012] <... mmap resumed>) = 0x20000000 [pid 1016] <... close resumed>) = 0 [pid 1012] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1011] close(3 [pid 1010] <... futex resumed>) = 0 [pid 1002] ioctl(5, LOOP_CLR_FD [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1016] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1013] <... clone3 resumed> => {parent_tid=[1019]}, 88) = 1019 [pid 1012] <... futex resumed>) = 0 [pid 1011] <... close resumed>) = 0 [pid 1010] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1002] <... ioctl resumed>) = 0 [pid 297] newfstatat(AT_FDCWD, "./36/binderfs", [pid 1016] <... futex resumed>) = 0 [pid 1013] rt_sigprocmask(SIG_SETMASK, [], [pid 1012] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1011] mkdir(0x20000000, 0777 [pid 1010] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1002] close(5 [pid 297] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1016] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1013] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1010] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1002] <... close resumed>) = 0 [pid 297] unlink("./36/binderfs" [pid 1013] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1012] <... futex resumed>) = 0 [pid 1010] <... futex resumed>) = 1 [pid 1002] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1013] <... futex resumed>) = 0 [pid 1002] <... futex resumed>) = 0 [pid 297] <... unlink resumed>) = 0 [pid 1013] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1012] memfd_create("syzkaller", 0 [pid 1002] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 999] exit_group(0 [pid 297] umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1013] <... futex resumed>) = 0 [pid 1012] <... memfd_create resumed>) = 3 [pid 1006] <... futex resumed>) = ? [pid 1002] <... futex resumed>) = ? [pid 999] <... exit_group resumed>) = ? [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1013] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1012] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1011] <... mkdir resumed>) = 0 [pid 1006] +++ exited with 0 +++ [pid 1018] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1018] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} => {parent_tid=[1020]}, 88) = 1020 [pid 1018] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1018] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1013] <... mmap resumed>) = 0x7f6220424000 [pid 1012] <... mmap resumed>) = 0x7f620fc64000 [pid 297] newfstatat(AT_FDCWD, "./36/file0", [pid 1018] <... futex resumed>) = 0 [pid 1018] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1012] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 1013] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1018] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1013] <... mprotect resumed>) = 0 [pid 1012] <... write resumed>) = 65536 [pid 297] umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1013] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1012] munmap(0x7f620fc64000, 65536 [pid 1013] <... rt_sigprocmask resumed>[], 8) = 0 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1013] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 1012] <... munmap resumed>) = 0 [pid 297] openat(AT_FDCWD, "./36/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1012] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1018] <... mmap resumed>) = 0x7f6220424000 [pid 1018] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1018] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1018] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} => {parent_tid=[1022]}, 88) = 1022 [pid 1018] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1013] <... clone3 resumed> => {parent_tid=[1021]}, 88) = 1021 [pid 297] <... openat resumed>) = 4 [pid 1018] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1013] rt_sigprocmask(SIG_SETMASK, [], [pid 1018] <... futex resumed>) = 0 [pid 1013] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1012] <... openat resumed>) = 8 [pid 297] newfstatat(4, "", [pid 1018] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1013] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1012] ioctl(8, LOOP_SET_FD, 3 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1013] <... futex resumed>) = 0 [pid 1012] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 1011] mount("/dev/loop0", 0x20000000, 0x200005c0, MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"... [pid 297] getdents64(4, [pid 1013] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1012] ioctl(8, LOOP_CLR_FD [pid 297] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 1012] <... ioctl resumed>) = 0 [pid 1011] <... mount resumed>) = -1 ENODEV (No such device) [pid 297] getdents64(4, [pid 1011] ioctl(6, LOOP_CLR_FD [pid 297] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 1011] <... ioctl resumed>) = 0 [pid 297] close(4./strace-static-x86_64: Process 1019 attached [pid 1011] close(6 [pid 1019] set_robust_list(0x7f62204659a0, 24 [pid 1011] <... close resumed>) = 0 [pid 297] <... close resumed>) = 0 [pid 1019] <... set_robust_list resumed>) = 0 [pid 1011] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] rmdir("./36/file0" [pid 1019] rt_sigprocmask(SIG_SETMASK, [], [pid 1011] <... futex resumed>) = 0 ./strace-static-x86_64: Process 1021 attached [pid 1019] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1011] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 297] <... rmdir resumed>) = 0 [pid 1021] set_robust_list(0x7f62204449a0, 24 [pid 1019] memfd_create("syzkaller", 0 [pid 1012] ioctl(8, LOOP_SET_FD, 3 [pid 297] getdents64(3, [pid 1021] <... set_robust_list resumed>) = 0 [pid 1019] <... memfd_create resumed>) = 3 [pid 1012] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [ 29.503082][ T1002] EXT4-fs (loop3): mount failed [ 29.518632][ T1011] loop0: detected capacity change from 0 to 512 [pid 297] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 1022 attached ./strace-static-x86_64: Process 1020 attached [pid 1021] rt_sigprocmask(SIG_SETMASK, [], [pid 1019] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1012] close(8 [pid 297] close(3 [pid 1021] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1019] <... mmap resumed>) = 0x7f6218024000 [pid 1012] <... close resumed>) = 0 [pid 297] <... close resumed>) = 0 [pid 1021] creat("./bus", 000 [pid 1019] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 1012] close(3 [pid 297] rmdir("./36" [pid 1021] <... creat resumed>) = 4 [pid 1019] <... write resumed>) = 262144 [pid 1012] <... close resumed>) = 0 [pid 297] <... rmdir resumed>) = 0 [pid 1022] set_robust_list(0x7f62204449a0, 24 [pid 1021] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1020] set_robust_list(0x7f62204659a0, 24 [pid 1019] munmap(0x7f6218024000, 262144 [pid 1012] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] mkdir("./37", 0777 [pid 1022] <... set_robust_list resumed>) = 0 [pid 1021] <... futex resumed>) = 1 [pid 1020] <... set_robust_list resumed>) = 0 [pid 1019] <... munmap resumed>) = 0 [pid 1013] <... futex resumed>) = 0 [pid 1012] <... futex resumed>) = 0 [pid 297] <... mkdir resumed>) = 0 [pid 1022] rt_sigprocmask(SIG_SETMASK, [], [pid 1021] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1020] rt_sigprocmask(SIG_SETMASK, [], [pid 1019] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 1013] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1012] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 297] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 1022] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1021] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1020] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1019] <... openat resumed>) = 5 [pid 1013] <... futex resumed>) = 0 [pid 297] <... openat resumed>) = 3 [pid 1022] creat("./bus", 000 [pid 1021] mount("/dev/loop4", "./bus", NULL, MS_BIND, NULL [pid 1020] memfd_create("syzkaller", 0 [pid 1019] ioctl(5, LOOP_SET_FD, 3 [pid 1013] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1010] exit_group(0 [pid 297] ioctl(3, LOOP_CLR_FD [pid 1022] <... creat resumed>) = 3 [pid 1021] <... mount resumed>) = 0 [pid 1020] <... memfd_create resumed>) = 4 [pid 1015] <... mount resumed>) = 0 [pid 1012] <... futex resumed>) = ? [pid 1011] <... futex resumed>) = ? [pid 1010] <... exit_group resumed>) = ? [pid 1002] +++ exited with 0 +++ [pid 999] +++ exited with 0 +++ [pid 297] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 1021] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1015] openat(AT_FDCWD, 0x20000000, O_RDONLY|O_DIRECTORY [pid 1012] +++ exited with 0 +++ [pid 1011] +++ exited with 0 +++ [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=999, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- [pid 1021] <... futex resumed>) = 1 [pid 1015] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 1013] <... futex resumed>) = 0 [pid 1022] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1020] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 297] close(3 [pid 1022] <... futex resumed>) = 1 [pid 1021] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1020] <... mmap resumed>) = 0x7f6218024000 [pid 1018] <... futex resumed>) = 0 [pid 1015] ioctl(4, LOOP_CLR_FD [pid 1022] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1021] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1020] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 1018] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1015] <... ioctl resumed>) = 0 [pid 1013] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] <... close resumed>) = 0 [pid 1022] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1021] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 1020] <... write resumed>) = 262144 [pid 1018] <... futex resumed>) = 0 [pid 1015] close(4 [pid 1013] <... futex resumed>) = 0 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1022] mount("/dev/loop2", "./bus", NULL, MS_BIND, NULL [pid 1020] munmap(0x7f6218024000, 262144 [pid 1018] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1015] <... close resumed>) = 0 [pid 1013] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1022] <... mount resumed>) = 0 [pid 1021] <... open resumed>) = 6 [pid 1020] <... munmap resumed>) = 0 [pid 1019] <... ioctl resumed>) = 0 [pid 1015] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... openat resumed>) = 3 [pid 1022] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1021] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] newfstatat(3, "", [pid 1015] <... futex resumed>) = 0 [pid 1021] <... futex resumed>) = 1 [pid 1019] close(3 [pid 1015] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1014] exit_group(0 [pid 1013] <... futex resumed>) = 0 [pid 1018] <... futex resumed>) = 0 [pid 1022] <... futex resumed>) = 1 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] <... clone resumed>, child_tidptr=0x555556cc7690) = 1025 [pid 1022] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 1021] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1019] <... close resumed>) = 0 [pid 1018] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1016] <... futex resumed>) = ? [pid 1015] <... futex resumed>) = ? [pid 1014] <... exit_group resumed>) = ? [pid 1013] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] getdents64(3, ./strace-static-x86_64: Process 1025 attached [pid 1022] <... open resumed>) = 5 [pid 1021] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1020] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 1018] <... futex resumed>) = 0 [pid 1016] +++ exited with 0 +++ [pid 1015] +++ exited with 0 +++ [pid 1014] +++ exited with 0 +++ [pid 1010] +++ exited with 0 +++ [pid 299] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 1025] set_robust_list(0x555556cc76a0, 24 [pid 1022] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1020] <... openat resumed>) = 6 [pid 1018] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1014, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- [pid 299] umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1010, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 1025] <... set_robust_list resumed>) = 0 [pid 1022] <... futex resumed>) = 0 [pid 1020] ioctl(6, LOOP_SET_FD, 4 [pid 1018] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 299] <... umount2 resumed>) = 0 [pid 1025] chdir("./37" [pid 1022] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1021] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 1019] mkdir("./file0", 0777 [pid 1018] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1013] <... futex resumed>) = 0 [pid 299] umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1022] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1021] <... socket resumed>) = 3 [pid 1019] <... mkdir resumed>) = 0 [pid 1018] <... futex resumed>) = 0 [pid 1013] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1022] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 1021] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1019] mount("/dev/loop4", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 1013] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1022] <... socket resumed>) = 7 [pid 1021] <... futex resumed>) = 0 [pid 1018] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1013] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./31/bus", [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1022] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1021] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 6, 0 [pid 1018] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1013] <... futex resumed>) = 0 [pid 301] openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 299] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1022] <... futex resumed>) = 0 [pid 1021] <... mmap resumed>) = 0x20000000 [pid 1018] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1013] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] <... openat resumed>) = 3 [pid 299] unlink("./31/bus" [pid 296] <... openat resumed>) = 3 [pid 1022] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 1021] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1018] <... futex resumed>) = 0 [pid 1013] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 301] newfstatat(3, "", [pid 299] <... unlink resumed>) = 0 [pid 296] newfstatat(3, "", [pid 1022] <... mmap resumed>) = 0x20000000 [pid 1021] <... futex resumed>) = 0 [pid 1018] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1013] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1022] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1021] memfd_create("syzkaller", 0 [pid 1018] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1013] <... futex resumed>) = 0 [pid 301] getdents64(3, [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] getdents64(3, [pid 1022] <... futex resumed>) = 0 [pid 1021] <... memfd_create resumed>) = 7 [pid 1018] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1022] memfd_create("syzkaller", 0 [pid 1021] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1018] <... futex resumed>) = 0 [pid 301] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 299] newfstatat(AT_FDCWD, "./31/binderfs", [pid 296] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 128 [pid 1022] <... memfd_create resumed>) = 8 [pid 1021] <... mmap resumed>) = 0x7f620fc64000 [pid 301] umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1022] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1021] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 1022] <... mmap resumed>) = 0x7f620fc64000 [pid 1021] <... write resumed>) = 65536 [pid 301] <... umount2 resumed>) = 0 [pid 299] unlink("./31/binderfs" [pid 296] <... umount2 resumed>) = 0 [pid 1021] munmap(0x7f620fc64000, 65536) = 0 [pid 1022] write(8, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 1021] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 296] umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1021] <... openat resumed>) = 8 [pid 301] umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1021] ioctl(8, LOOP_SET_FD, 7 [pid 299] <... unlink resumed>) = 0 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1021] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1021] ioctl(8, LOOP_CLR_FD) = 0 [pid 1022] <... write resumed>) = 65536 [pid 301] newfstatat(AT_FDCWD, "./33/bus", [pid 299] umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] newfstatat(AT_FDCWD, "./29/bus", [pid 1022] munmap(0x7f620fc64000, 65536 [pid 301] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1022] <... munmap resumed>) = 0 [pid 301] unlink("./33/bus" [pid 299] newfstatat(AT_FDCWD, "./31/file0", [pid 296] unlink("./29/bus" [pid 1022] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 1020] <... ioctl resumed>) = 0 [pid 301] <... unlink resumed>) = 0 [pid 1020] close(4 [pid 1021] ioctl(8, LOOP_SET_FD, 7 [pid 296] <... unlink resumed>) = 0 [ 29.542216][ T1015] EXT4-fs (loop5): mounted filesystem without journal. Opts: nodiscard,barrier,nouid32,grpquota,,errors=continue. Quota mode: writeback. [ 29.546457][ T1019] loop4: detected capacity change from 0 to 512 [ 29.556466][ T1015] ext4 filesystem being mounted at /root/syzkaller.bzF58U/33/file0 supports timestamps until 2038 (0x7fffffff) [ 29.592407][ T1020] loop2: detected capacity change from 0 to 512 [pid 1022] <... openat resumed>) = 9 [pid 1021] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 1020] <... close resumed>) = 0 [pid 301] umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1022] ioctl(9, LOOP_SET_FD, 8 [pid 1021] close(8 [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1022] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 1021] <... close resumed>) = 0 [pid 1020] mkdir(0x20000000, 0777 [pid 1021] close(7 [pid 1020] <... mkdir resumed>) = 0 [pid 1021] <... close resumed>) = 0 [pid 1020] mount("/dev/loop2", 0x20000000, 0x200005c0, MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"... [pid 1021] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1020] <... mount resumed>) = -1 ENODEV (No such device) [pid 1021] <... futex resumed>) = 0 [pid 1020] ioctl(6, LOOP_CLR_FD [pid 1021] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1020] <... ioctl resumed>) = 0 [pid 1020] close(6) = 0 [pid 1020] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1020] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1025] <... chdir resumed>) = 0 [pid 1025] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1025] setpgid(0, 0) = 0 [pid 1025] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1025] write(3, "1000", 4) = 4 [pid 1025] close(3) = 0 [pid 1025] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1025] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1025] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, NULL, 8) = 0 [pid 1025] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1025] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220445000 [pid 1025] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1025] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1025] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} => {parent_tid=[1026]}, 88) = 1026 [pid 1025] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1025] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1025] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1025] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220424000 [pid 1025] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1025] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1025] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} => {parent_tid=[1027]}, 88) = 1027 [pid 1025] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1025] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1025] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] newfstatat(AT_FDCWD, "./33/binderfs", [pid 1022] ioctl(9, LOOP_CLR_FD [pid 301] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./29/binderfs", [pid 1022] <... ioctl resumed>) = 0 [pid 301] unlink("./33/binderfs" [pid 299] openat(AT_FDCWD, "./31/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 296] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 301] <... unlink resumed>) = 0 [pid 299] <... openat resumed>) = 4 [pid 296] unlink("./29/binderfs" [pid 301] umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] <... unlink resumed>) = 0 [pid 299] getdents64(4, [pid 296] umount2("./29/ext4", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1022] ioctl(9, LOOP_SET_FD, 8 [pid 299] getdents64(4, [pid 1022] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 299] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 296] newfstatat(AT_FDCWD, "./29/ext4", [pid 1022] close(9 [pid 299] close(4 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] <... close resumed>) = 0 [pid 296] umount2("./29/ext4", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1022] <... close resumed>) = 0 [pid 299] rmdir("./31/file0" [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./29/ext4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 1026 attached [pid 1026] set_robust_list(0x7f62204659a0, 24) = 0 [pid 299] <... rmdir resumed>) = 0 [pid 1026] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 296] <... openat resumed>) = 4 [pid 299] getdents64(3, [pid 1022] close(8 [pid 1019] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(4, "", [pid 299] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 1026] memfd_create("syzkaller", 0 [pid 1022] <... close resumed>) = 0 [pid 299] close(3 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1019] ioctl(5, LOOP_CLR_FD [pid 1022] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... close resumed>) = 0 [pid 296] getdents64(4, [pid 1022] <... futex resumed>) = 0 [pid 1019] <... ioctl resumed>) = 0 [pid 1026] <... memfd_create resumed>) = 3 [pid 1026] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6218024000 [pid 299] rmdir("./31" [pid 296] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 1026] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 1018] exit_group(0 [pid 296] getdents64(4, [pid 1026] <... write resumed>) = 262144 [pid 299] <... rmdir resumed>) = 0 [pid 1018] <... exit_group resumed>) = ? [pid 299] mkdir("./32", 0777 [pid 296] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 1019] close(5 [pid 1022] +++ exited with 0 +++ [pid 1020] <... futex resumed>) = ? [pid 1020] +++ exited with 0 +++ [pid 1019] <... close resumed>) = 0 [pid 1018] +++ exited with 0 +++ [pid 299] <... mkdir resumed>) = 0 [pid 296] close(4 [pid 1019] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1018, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 1019] <... futex resumed>) = 0 [pid 296] <... close resumed>) = 0 [pid 1019] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 299] <... openat resumed>) = 3 [pid 296] rmdir("./29/ext4" [pid 299] ioctl(3, LOOP_CLR_FD [pid 1013] exit_group(0 [pid 1021] <... futex resumed>) = ? [pid 1013] <... exit_group resumed>) = ? [pid 1021] +++ exited with 0 +++ [pid 1019] <... futex resumed>) = ? [pid 299] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 298] umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... rmdir resumed>) = 0 [pid 1026] munmap(0x7f6218024000, 262144) = 0 [pid 1026] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 1026] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 1027 attached [pid 1019] +++ exited with 0 +++ [pid 1013] +++ exited with 0 +++ [pid 299] close(3 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] getdents64(3, [pid 1027] set_robust_list(0x7f62204449a0, 24) = 0 [pid 1027] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1027] creat("./bus", 000) = 5 [pid 1027] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1025] <... futex resumed>) = 0 [pid 1025] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1025] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1027] <... futex resumed>) = 1 [pid 1027] mount("/dev/loop1", "./bus", NULL, MS_BIND, NULL) = 0 [pid 1027] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1025] <... futex resumed>) = 0 [pid 1025] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1025] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1027] <... futex resumed>) = 1 [pid 1027] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1013, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 300] umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 300] openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 300] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 300] getdents64(3, 0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 299] <... close resumed>) = 0 [pid 298] openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1027] <... open resumed>) = 6 [pid 1026] <... ioctl resumed>) = 0 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 296] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 298] <... openat resumed>) = 3 [pid 300] umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 298] newfstatat(3, "", [pid 296] close(3 [pid 300] umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] <... clone resumed>, child_tidptr=0x555556cc7690) = 1028 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] getdents64(3, [pid 296] <... close resumed>) = 0 [pid 300] newfstatat(AT_FDCWD, "./31/bus", [pid 298] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 128 [pid 296] rmdir("./29" [pid 300] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] unlink("./31/bus" [pid 296] <... rmdir resumed>) = 0 [pid 300] <... unlink resumed>) = 0 [pid 298] <... umount2 resumed>) = 0 [pid 300] umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 300] newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 300] unlink("./31/binderfs") = 0 [pid 301] <... umount2 resumed>) = 0 [pid 300] umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 300] newfstatat(AT_FDCWD, "./31/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 300] umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 300] openat(AT_FDCWD, "./31/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 301] umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] newfstatat(4, "", [pid 298] umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] mkdir("./30", 0777 [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 300] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 300] getdents64(4, [pid 301] newfstatat(AT_FDCWD, "./33/file0", [pid 300] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 298] newfstatat(AT_FDCWD, "./33/bus", [pid 296] <... mkdir resumed>) = 0 [pid 1027] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1026] close(3 [pid 301] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 300] getdents64(4, [pid 298] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1027] <... futex resumed>) = 1 [pid 1026] <... close resumed>) = 0 [pid 1025] <... futex resumed>) = 0 [pid 301] umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 298] unlink("./33/bus" [pid 296] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1027] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 1026] mkdir("./file0", 0777 [pid 1025] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 300] close(4 [pid 1025] <... futex resumed>) = 0 [pid 300] <... close resumed>) = 0 [pid 1025] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 300] rmdir("./31/file0") = 0 [pid 300] getdents64(3, 0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 300] close(3) = 0 [pid 300] rmdir("./31") = 0 [pid 300] mkdir("./32", 0777 [pid 301] openat(AT_FDCWD, "./33/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 300] <... mkdir resumed>) = 0 [pid 298] <... unlink resumed>) = 0 [pid 296] <... openat resumed>) = 3 [pid 1027] <... socket resumed>) = 3 [pid 1026] <... mkdir resumed>) = 0 [pid 300] openat(AT_FDCWD, "/dev/loop4", O_RDWR./strace-static-x86_64: Process 1028 attached [pid 1028] set_robust_list(0x555556cc76a0, 24) = 0 [pid 1028] chdir("./32") = 0 [pid 1028] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1028] setpgid(0, 0) = 0 [pid 1027] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1026] mount("/dev/loop1", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 301] <... openat resumed>) = 4 [pid 298] umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] ioctl(3, LOOP_CLR_FD [pid 1027] <... futex resumed>) = 1 [pid 1025] <... futex resumed>) = 0 [pid 301] newfstatat(4, "", [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 1025] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] close(3 [pid 1027] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 6, 0 [pid 1025] <... futex resumed>) = 0 [pid 298] newfstatat(AT_FDCWD, "./33/binderfs", [pid 1027] <... mmap resumed>) = 0x20000000 [pid 1025] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] getdents64(4, [pid 296] <... close resumed>) = 0 [pid 1027] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 301] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 298] unlink("./33/binderfs" [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 301] getdents64(4, [pid 298] <... unlink resumed>) = 0 [pid 1028] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 298] umount2("./33/ext4", MNT_DETACH|UMOUNT_NOFOLLOW [pid 301] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 296] <... clone resumed>, child_tidptr=0x555556cc7690) = 1029 [pid 301] close(4 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 301] <... close resumed>) = 0 [pid 298] newfstatat(AT_FDCWD, "./33/ext4", [pid 301] rmdir("./33/file0" [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1028] <... openat resumed>) = 3 [pid 301] <... rmdir resumed>) = 0 [pid 298] umount2("./33/ext4", MNT_DETACH|UMOUNT_NOFOLLOW [pid 301] getdents64(3, [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 301] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 298] openat(AT_FDCWD, "./33/ext4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 301] close(3 [pid 298] <... openat resumed>) = 4 [pid 301] <... close resumed>) = 0 [pid 298] newfstatat(4, "", [pid 301] rmdir("./33" [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 301] <... rmdir resumed>) = 0 [pid 298] getdents64(4, [pid 301] mkdir("./34", 0777 [pid 298] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 1028] write(3, "1000", 4) = 4 [pid 301] <... mkdir resumed>) = 0 [pid 298] getdents64(4, [pid 301] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 298] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 301] <... openat resumed>) = 3 [pid 298] close(4 [pid 301] ioctl(3, LOOP_CLR_FD [pid 298] <... close resumed>) = 0 [pid 301] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 298] rmdir("./33/ext4" [pid 301] close(3) = 0 [pid 298] <... rmdir resumed>) = 0 [pid 301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 298] getdents64(3, [pid 1028] close(3) = 0 [pid 1028] symlink("/dev/binderfs", "./binderfs" [pid 298] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 301] <... clone resumed>, child_tidptr=0x555556cc7690) = 1030 [pid 298] close(3 [pid 1028] <... symlink resumed>) = 0 [pid 298] <... close resumed>) = 0 [pid 298] rmdir("./33" [pid 1028] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 298] <... rmdir resumed>) = 0 [pid 1028] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 1027] <... futex resumed>) = 1 [pid 1025] <... futex resumed>) = 0 [pid 298] mkdir("./34", 0777 [pid 1028] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1025] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1028] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 1025] <... futex resumed>) = 0 [pid 1028] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 298] <... mkdir resumed>) = 0 [pid 1028] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220445000 [pid 298] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 1028] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1028] rt_sigprocmask(SIG_BLOCK, ~[], [pid 298] <... openat resumed>) = 3 [pid 1028] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1027] memfd_create("syzkaller", 0 [pid 298] ioctl(3, LOOP_CLR_FD./strace-static-x86_64: Process 1029 attached [pid 1028] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 1027] <... memfd_create resumed>) = 7 [pid 298] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 1029] set_robust_list(0x555556cc76a0, 24 [pid 1027] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 298] close(3 [pid 1029] <... set_robust_list resumed>) = 0 [pid 1028] <... clone3 resumed> => {parent_tid=[1031]}, 88) = 1031 [pid 1027] <... mmap resumed>) = 0x7f620fc64000 [pid 298] <... close resumed>) = 0 [pid 1029] chdir("./30" [pid 1028] rt_sigprocmask(SIG_SETMASK, [], [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1029] <... chdir resumed>) = 0 [pid 1028] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1029] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1028] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] <... openat resumed>) = 3 [pid 1029] <... prctl resumed>) = 0 [pid 1028] <... futex resumed>) = 0 [pid 300] ioctl(3, LOOP_CLR_FD [pid 1029] setpgid(0, 0 [pid 1028] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 1029] <... setpgid resumed>) = 0 [pid 1028] <... futex resumed>) = 0 [pid 300] close(3 [pid 1029] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1028] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1027] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 300] <... close resumed>) = 0 [pid 1029] <... openat resumed>) = 3 [pid 1028] <... mmap resumed>) = 0x7f6220424000 [ 29.617392][ T1019] EXT4-fs (loop4): VFS: Can't find ext4 filesystem [ 29.639152][ T1026] loop1: detected capacity change from 0 to 512 [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1029] write(3, "1000", 4 [pid 1028] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 1029] <... write resumed>) = 4 [pid 1028] <... mprotect resumed>) = 0 [pid 300] <... clone resumed>, child_tidptr=0x555556cc7690) = 1033 [pid 1029] close(3 [pid 1028] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1029] <... close resumed>) = 0 [pid 1028] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1029] symlink("/dev/binderfs", "./binderfs" [pid 1028] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 1029] <... symlink resumed>) = 0 [pid 1029] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1028] <... clone3 resumed> => {parent_tid=[1034]}, 88) = 1034 [pid 1029] <... futex resumed>) = 0 [pid 1028] rt_sigprocmask(SIG_SETMASK, [], [pid 1029] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 1028] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1029] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1028] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1029] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 1028] <... futex resumed>) = 0 [pid 1029] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1028] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1029] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0./strace-static-x86_64: Process 1031 attached ) = 0x7f6220445000 [pid 1031] set_robust_list(0x7f62204659a0, 24 [pid 1029] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 1031] <... set_robust_list resumed>) = 0 [pid 1029] <... mprotect resumed>) = 0 [pid 1031] rt_sigprocmask(SIG_SETMASK, [], [pid 1029] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1031] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1029] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1031] memfd_create("syzkaller", 0 [pid 1029] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 1031] <... memfd_create resumed>) = 3 [pid 1031] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1029] <... clone3 resumed> => {parent_tid=[1035]}, 88) = 1035 [pid 1031] <... mmap resumed>) = 0x7f6218024000 [pid 1029] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1029] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1029] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1029] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220424000 ./strace-static-x86_64: Process 1034 attached [pid 1029] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 1034] set_robust_list(0x7f62204449a0, 24 [pid 1029] <... mprotect resumed>) = 0 [pid 1034] <... set_robust_list resumed>) = 0 [pid 1029] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1027] <... write resumed>) = 65536 [pid 298] <... clone resumed>, child_tidptr=0x555556cc7690) = 1032 ./strace-static-x86_64: Process 1033 attached ./strace-static-x86_64: Process 1030 attached [pid 1034] rt_sigprocmask(SIG_SETMASK, [], [pid 1031] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 1029] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1027] munmap(0x7f620fc64000, 65536 [pid 1034] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1033] set_robust_list(0x555556cc76a0, 24 [pid 1029] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 1034] creat("./bus", 000 [pid 1033] <... set_robust_list resumed>) = 0 [pid 1031] <... write resumed>) = 262144 [pid 1034] <... creat resumed>) = 4 [pid 1033] chdir("./32" [pid 1030] set_robust_list(0x555556cc76a0, 24 [pid 1029] <... clone3 resumed> => {parent_tid=[1036]}, 88) = 1036 [pid 1027] <... munmap resumed>) = 0 [pid 1034] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1033] <... chdir resumed>) = 0 [pid 1031] munmap(0x7f6218024000, 262144 [pid 1029] rt_sigprocmask(SIG_SETMASK, [], [pid 1034] <... futex resumed>) = 1 [pid 1033] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1031] <... munmap resumed>) = 0 [pid 1029] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1028] <... futex resumed>) = 0 [pid 1034] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1033] <... prctl resumed>) = 0 [pid 1031] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 1029] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1028] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1027] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 1034] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1033] setpgid(0, 0 [pid 1031] <... openat resumed>) = 5 [pid 1030] <... set_robust_list resumed>) = 0 [pid 1029] <... futex resumed>) = 0 [pid 1028] <... futex resumed>) = 0 [pid 1034] mount("/dev/loop3", "./bus", NULL, MS_BIND, NULL [pid 1033] <... setpgid resumed>) = 0 [pid 1031] ioctl(5, LOOP_SET_FD, 3 [pid 1029] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1028] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1035 attached ./strace-static-x86_64: Process 1032 attached [pid 1034] <... mount resumed>) = 0 [pid 1033] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1030] chdir("./34" [pid 1027] <... openat resumed>) = 8 ./strace-static-x86_64: Process 1036 attached [pid 1034] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1033] <... openat resumed>) = 3 [pid 1036] set_robust_list(0x7f62204449a0, 24 [pid 1034] <... futex resumed>) = 1 [pid 1033] write(3, "1000", 4 [pid 1028] <... futex resumed>) = 0 [pid 1036] <... set_robust_list resumed>) = 0 [pid 1034] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1033] <... write resumed>) = 4 [pid 1028] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1036] rt_sigprocmask(SIG_SETMASK, [], [pid 1035] set_robust_list(0x7f62204659a0, 24 [pid 1034] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1033] close(3 [pid 1032] set_robust_list(0x555556cc76a0, 24 [pid 1030] <... chdir resumed>) = 0 [pid 1028] <... futex resumed>) = 0 [pid 1027] ioctl(8, LOOP_SET_FD, 7 [pid 1036] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1035] <... set_robust_list resumed>) = 0 [pid 1034] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 1033] <... close resumed>) = 0 [pid 1032] <... set_robust_list resumed>) = 0 [pid 1030] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1028] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1027] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 1036] creat("./bus", 000 [pid 1035] rt_sigprocmask(SIG_SETMASK, [], [pid 1033] symlink("/dev/binderfs", "./binderfs" [pid 1032] chdir("./34" [pid 1030] <... prctl resumed>) = 0 [pid 1027] ioctl(8, LOOP_CLR_FD [pid 1036] <... creat resumed>) = 3 [pid 1035] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1033] <... symlink resumed>) = 0 [pid 1032] <... chdir resumed>) = 0 [pid 1030] setpgid(0, 0 [pid 1027] <... ioctl resumed>) = 0 [pid 1036] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1035] memfd_create("syzkaller", 0 [pid 1033] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1032] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1030] <... setpgid resumed>) = 0 [pid 1036] <... futex resumed>) = 1 [pid 1035] <... memfd_create resumed>) = 4 [pid 1033] <... futex resumed>) = 0 [pid 1032] <... prctl resumed>) = 0 [pid 1030] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1029] <... futex resumed>) = 0 [pid 1036] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1035] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1033] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 1032] setpgid(0, 0 [pid 1030] <... openat resumed>) = 3 [pid 1029] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1036] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1035] <... mmap resumed>) = 0x7f6218024000 [pid 1034] <... open resumed>) = 6 [pid 1033] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1029] <... futex resumed>) = 0 [pid 1026] <... mount resumed>) = -1 EBADMSG (Bad message) [pid 1036] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 1034] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1033] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 1032] <... setpgid resumed>) = 0 [pid 1030] write(3, "1000", 4 [pid 1029] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1036] <... mount resumed>) = 0 [pid 1034] <... futex resumed>) = 1 [pid 1033] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1028] <... futex resumed>) = 0 [pid 1036] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1035] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 265481 [pid 1034] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1033] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1032] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1030] <... write resumed>) = 4 [pid 1028] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1027] ioctl(8, LOOP_SET_FD, 7 [pid 1036] <... futex resumed>) = 1 [pid 1034] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1033] <... mmap resumed>) = 0x7f6220445000 [pid 1029] <... futex resumed>) = 0 [pid 1028] <... futex resumed>) = 0 [pid 1036] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1034] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 1033] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 1029] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1028] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1036] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1034] <... socket resumed>) = 7 [pid 1033] <... mprotect resumed>) = 0 [pid 1029] <... futex resumed>) = 0 [pid 1036] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 1034] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1033] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1032] <... openat resumed>) = 3 [pid 1030] close(3 [pid 1029] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1027] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 1036] <... open resumed>) = 5 [pid 1035] <... write resumed>) = 265481 [pid 1034] <... futex resumed>) = 1 [pid 1033] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1032] write(3, "1000", 4 [pid 1031] <... ioctl resumed>) = 0 [pid 1030] <... close resumed>) = 0 [pid 1028] <... futex resumed>) = 0 [pid 1027] close(8 [pid 1026] ioctl(4, LOOP_CLR_FD [pid 1036] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1035] munmap(0x7f6218024000, 265481 [pid 1034] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1033] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 1032] <... write resumed>) = 4 [pid 1031] close(3 [pid 1030] symlink("/dev/binderfs", "./binderfs" [pid 1028] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1027] <... close resumed>) = 0 [pid 1036] <... futex resumed>) = 1 [pid 1034] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1029] <... futex resumed>) = 0 [pid 1028] <... futex resumed>) = 0 [pid 1036] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1034] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 6, 0 [pid 1033] <... clone3 resumed> => {parent_tid=[1037]}, 88) = 1037 [pid 1029] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1028] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1036] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1034] <... mmap resumed>) = 0x20000000 [pid 1033] rt_sigprocmask(SIG_SETMASK, [], [pid 1029] <... futex resumed>) = 0 [pid 1036] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 1034] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1033] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1032] close(3 [pid 1029] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1036] <... socket resumed>) = 6 [pid 1034] <... futex resumed>) = 1 [pid 1033] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1032] <... close resumed>) = 0 [pid 1030] <... symlink resumed>) = 0 [pid 1028] <... futex resumed>) = 0 [pid 1027] close(7 [pid 1036] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1034] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1033] <... futex resumed>) = 0 [pid 1032] symlink("/dev/binderfs", "./binderfs" [pid 1030] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1028] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1036] <... futex resumed>) = 1 [pid 1034] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1033] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1029] <... futex resumed>) = 0 [pid 1028] <... futex resumed>) = 0 [pid 1036] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1034] memfd_create("syzkaller", 0 [pid 1033] <... futex resumed>) = 0 [pid 1032] <... symlink resumed>) = 0 [pid 1029] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 1037 attached [pid 1036] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1035] <... munmap resumed>) = 0 [pid 1034] <... memfd_create resumed>) = 8 [pid 1033] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1032] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1031] <... close resumed>) = 0 [pid 1030] <... futex resumed>) = 0 [pid 1029] <... futex resumed>) = 0 [pid 1027] <... close resumed>) = 0 [pid 1026] <... ioctl resumed>) = 0 [pid 1037] set_robust_list(0x7f62204659a0, 24 [pid 1036] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 1035] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1034] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1033] <... mmap resumed>) = 0x7f6220424000 [pid 1032] <... futex resumed>) = 0 [pid 1031] mkdir(0x20000000, 0777 [pid 1030] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 1029] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1027] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1026] close(4 [pid 1037] <... set_robust_list resumed>) = 0 [pid 1036] <... mmap resumed>) = 0x20000000 [pid 1035] <... openat resumed>) = 7 [pid 1034] <... mmap resumed>) = 0x7f620fc64000 [pid 1033] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 1032] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 1031] <... mkdir resumed>) = 0 [pid 1030] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1027] <... futex resumed>) = 0 [pid 1026] <... close resumed>) = 0 [pid 1037] rt_sigprocmask(SIG_SETMASK, [], [pid 1036] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1035] ioctl(7, LOOP_SET_FD, 4 [pid 1032] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1031] mount("/dev/loop3", 0x20000000, 0x200005c0, MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"... [pid 1030] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 1027] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1026] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1036] <... futex resumed>) = 1 [ 29.669215][ T1026] EXT4-fs warning (device loop1): read_mmp_block:115: Error -74 while reading MMP block 12 [ 29.686427][ T1031] loop3: detected capacity change from 0 to 512 [pid 1034] write(8, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 1033] <... mprotect resumed>) = 0 [pid 1029] <... futex resumed>) = 0 [pid 1025] exit_group(0 [pid 1036] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1034] <... write resumed>) = 65536 [pid 1033] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1029] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1025] <... exit_group resumed>) = ? [pid 1036] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1034] munmap(0x7f620fc64000, 65536 [pid 1033] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1029] <... futex resumed>) = 0 [pid 1037] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1035] <... ioctl resumed>) = 0 [pid 1032] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 1031] <... mount resumed>) = -1 ENODEV (No such device) [pid 1030] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1027] <... futex resumed>) = ? [pid 1026] <... futex resumed>) = ? [pid 1037] memfd_create("syzkaller", 0 [pid 1035] close(4 [pid 1032] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1031] ioctl(5, LOOP_CLR_FD [pid 1030] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1027] +++ exited with 0 +++ [pid 1037] <... memfd_create resumed>) = 3 [pid 1035] <... close resumed>) = 0 [pid 1032] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1031] <... ioctl resumed>) = 0 [pid 1030] <... mmap resumed>) = 0x7f6220445000 [pid 1037] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1035] mkdir(0x20000000, 0777 [pid 1032] <... mmap resumed>) = 0x7f6220445000 [pid 1031] close(5 [pid 1030] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 1037] <... mmap resumed>) = 0x7f6218024000 [pid 1032] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 1031] <... close resumed>) = 0 [pid 1030] <... mprotect resumed>) = 0 [pid 1037] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 1032] <... mprotect resumed>) = 0 [pid 1031] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1030] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1037] <... write resumed>) = 262144 [pid 1032] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1031] <... futex resumed>) = 0 [pid 1030] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1037] munmap(0x7f6218024000, 262144 [pid 1032] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1031] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1030] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 1037] <... munmap resumed>) = 0 [pid 1032] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 1037] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 1030] <... clone3 resumed> => {parent_tid=[1038]}, 88) = 1038 [pid 1037] <... openat resumed>) = 4 [pid 1032] <... clone3 resumed> => {parent_tid=[1039]}, 88) = 1039 [pid 1030] rt_sigprocmask(SIG_SETMASK, [], [pid 1037] ioctl(4, LOOP_SET_FD, 3 [pid 1032] rt_sigprocmask(SIG_SETMASK, [], [pid 1030] <... rt_sigprocmask resumed>NULL, 8) = 0 ./strace-static-x86_64: Process 1039 attached ./strace-static-x86_64: Process 1038 attached [pid 1034] <... munmap resumed>) = 0 [pid 1033] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 1032] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1039] set_robust_list(0x7f62204659a0, 24 [pid 1038] set_robust_list(0x7f62204659a0, 24 [pid 1034] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 1039] <... set_robust_list resumed>) = 0 [pid 1038] <... set_robust_list resumed>) = 0 [pid 1034] <... openat resumed>) = 3 [pid 1033] <... clone3 resumed> => {parent_tid=[1040]}, 88) = 1040 [pid 1039] rt_sigprocmask(SIG_SETMASK, [], [pid 1038] rt_sigprocmask(SIG_SETMASK, [], [pid 1034] ioctl(3, LOOP_SET_FD, 8 [pid 1033] rt_sigprocmask(SIG_SETMASK, [], [pid 1039] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1038] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1034] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 1033] <... rt_sigprocmask resumed>NULL, 8) = 0 ./strace-static-x86_64: Process 1040 attached [pid 1039] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1038] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1037] <... ioctl resumed>) = 0 [pid 1036] memfd_create("syzkaller", 0 [pid 1035] <... mkdir resumed>) = 0 [pid 1034] ioctl(3, LOOP_CLR_FD [pid 1033] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1032] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1030] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1040] set_robust_list(0x7f62204449a0, 24 [pid 1039] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1038] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1036] <... memfd_create resumed>) = 4 [pid 1034] <... ioctl resumed>) = 0 [pid 1033] <... futex resumed>) = 0 [pid 1026] +++ exited with 0 +++ [pid 1025] +++ exited with 0 +++ [pid 1039] memfd_create("syzkaller", 0 [pid 1038] memfd_create("syzkaller", 0 [pid 1036] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1033] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1039] <... memfd_create resumed>) = 3 [pid 1038] <... memfd_create resumed>) = 3 [pid 1036] <... mmap resumed>) = 0x7f620fc65000 [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1025, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 1040] <... set_robust_list resumed>) = 0 [pid 1039] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1038] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1036] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 1035] mount("/dev/loop0", 0x20000000, 0x200005c0, MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"... [pid 1032] <... futex resumed>) = 0 [pid 1030] <... futex resumed>) = 0 [pid 297] umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1040] rt_sigprocmask(SIG_SETMASK, [], [pid 1039] <... mmap resumed>) = 0x7f6218045000 [pid 1038] <... mmap resumed>) = 0x7f6218045000 [pid 1036] <... write resumed>) = 65536 [pid 1035] <... mount resumed>) = -1 ENODEV (No such device) [pid 1034] ioctl(3, LOOP_SET_FD, 8 [pid 1032] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1030] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1040] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1039] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 1038] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 1036] munmap(0x7f620fc65000, 65536 [pid 1035] ioctl(7, LOOP_CLR_FD [pid 1034] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 1032] <... futex resumed>) = 0 [pid 1030] <... futex resumed>) = 0 [pid 297] openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1040] creat("./bus", 000 [pid 1039] <... write resumed>) = 262144 [pid 1038] <... write resumed>) = 262144 [pid 1037] close(3 [pid 1036] <... munmap resumed>) = 0 [pid 1035] <... ioctl resumed>) = 0 [pid 1034] close(3 [pid 1032] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1030] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 297] <... openat resumed>) = 3 [pid 1040] <... creat resumed>) = 5 [pid 1039] munmap(0x7f6218045000, 262144 [pid 1038] munmap(0x7f6218045000, 262144 [pid 1037] <... close resumed>) = 0 [pid 1036] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1035] close(7 [pid 1034] <... close resumed>) = 0 [pid 1032] <... mmap resumed>) = 0x7f6218024000 [pid 1030] <... mmap resumed>) = 0x7f6218024000 [pid 297] newfstatat(3, "", [pid 1040] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1039] <... munmap resumed>) = 0 [pid 1038] <... munmap resumed>) = 0 [pid 1037] mkdir("./file0", 0777 [pid 1036] <... openat resumed>) = 8 [pid 1035] <... close resumed>) = 0 [pid 1034] close(8 [pid 1032] mprotect(0x7f6218025000, 131072, PROT_READ|PROT_WRITE [pid 1030] mprotect(0x7f6218025000, 131072, PROT_READ|PROT_WRITE [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1040] <... futex resumed>) = 1 [pid 1039] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 1038] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 1037] <... mkdir resumed>) = 0 [pid 1036] ioctl(8, LOOP_SET_FD, 4 [pid 1035] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1034] <... close resumed>) = 0 [pid 1033] <... futex resumed>) = 0 [pid 1032] <... mprotect resumed>) = 0 [pid 1030] <... mprotect resumed>) = 0 [pid 297] getdents64(3, [pid 1040] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1039] <... openat resumed>) = 4 [pid 1038] <... openat resumed>) = 4 [pid 1037] mount("/dev/loop4", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 1036] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 1035] <... futex resumed>) = 0 [pid 1034] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1033] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1032] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1030] rt_sigprocmask(SIG_BLOCK, ~[], [pid 297] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [ 29.717719][ T1035] loop0: detected capacity change from 0 to 518 [ 29.720098][ T1036] print_req_error: 9 callbacks suppressed [ 29.720115][ T1036] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 32 prio class 0 [ 29.730193][ T1037] loop4: detected capacity change from 0 to 512 [pid 1040] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1039] ioctl(4, LOOP_SET_FD, 3 [pid 1038] ioctl(4, LOOP_SET_FD, 3 [pid 1036] ioctl(8, LOOP_CLR_FD [pid 1035] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1034] <... futex resumed>) = 0 [pid 1033] <... futex resumed>) = 0 [pid 1032] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1030] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1028] exit_group(0 [pid 297] umount2("./37/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1040] mount("/dev/loop4", "./bus", NULL, MS_BIND, NULL [pid 1032] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6218044990, parent_tid=0x7f6218044990, exit_signal=0, stack=0x7f6218024000, stack_size=0x20300, tls=0x7f62180446c0} [pid 1030] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6218044990, parent_tid=0x7f6218044990, exit_signal=0, stack=0x7f6218024000, stack_size=0x20300, tls=0x7f62180446c0} [pid 1040] <... mount resumed>) = 0 [pid 1040] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1032] <... clone3 resumed> => {parent_tid=[1042]}, 88) = 1042 [pid 1030] <... clone3 resumed> => {parent_tid=[1043]}, 88) = 1043 [pid 1040] <... futex resumed>) = 0 [pid 1032] rt_sigprocmask(SIG_SETMASK, [], [pid 1030] rt_sigprocmask(SIG_SETMASK, [], [pid 1040] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1032] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1030] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1032] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1030] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1032] <... futex resumed>) = 0 [pid 1030] <... futex resumed>) = 0 [pid 1032] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1030] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1042 attached [pid 1042] set_robust_list(0x7f62180449a0, 24) = 0 [pid 1042] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1042] creat("./bus", 000) = 5 [pid 1042] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1032] <... futex resumed>) = 0 [pid 1032] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1032] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1042] <... futex resumed>) = 1 [pid 1042] mount("/dev/loop2", "./bus", NULL, MS_BIND, NULL) = 0 [pid 1042] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1032] <... futex resumed>) = 0 [pid 1032] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1032] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1042] <... futex resumed>) = 1 [pid 1042] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 1039] <... ioctl resumed>) = 0 [pid 1042] <... open resumed>) = 6 [pid 1042] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1032] <... futex resumed>) = 0 [pid 1032] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1032] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1042] <... futex resumed>) = 1 [pid 1038] <... ioctl resumed>) = 0 [pid 1033] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1028] <... exit_group resumed>) = ? [pid 1033] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1031] <... futex resumed>) = ? [pid 297] <... umount2 resumed>) = 0 [pid 1033] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1031] +++ exited with 0 +++ [pid 1042] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE./strace-static-x86_64: Process 1043 attached ) = 7 [pid 1040] <... futex resumed>) = 0 [pid 1039] close(3 [pid 1038] close(3 [pid 1036] <... ioctl resumed>) = 0 [pid 1033] <... futex resumed>) = 1 [pid 297] umount2("./37/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1040] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 1038] <... close resumed>) = 0 [pid 1033] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1040] <... open resumed>) = 3 [pid 1038] mkdir("./file0", 0777 [pid 297] newfstatat(AT_FDCWD, "./37/bus", [pid 1040] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1038] <... mkdir resumed>) = 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1040] <... futex resumed>) = 1 [pid 1038] mount("/dev/loop5", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 1033] <... futex resumed>) = 0 [pid 297] unlink("./37/bus" [pid 1040] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1036] ioctl(8, LOOP_SET_FD, 4 [pid 1033] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... unlink resumed>) = 0 [pid 1040] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1036] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 1033] <... futex resumed>) = 0 [pid 297] umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1040] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 1036] close(8 [pid 1033] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1040] <... socket resumed>) = 6 [pid 1036] <... close resumed>) = 0 [pid 297] newfstatat(AT_FDCWD, "./37/binderfs", [pid 1040] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1036] close(4 [pid 297] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1040] <... futex resumed>) = 1 [pid 1036] <... close resumed>) = 0 [pid 1033] <... futex resumed>) = 0 [pid 297] unlink("./37/binderfs" [pid 1042] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1040] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1036] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1033] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... unlink resumed>) = 0 [pid 1043] set_robust_list(0x7f62180449a0, 24 [pid 1042] <... futex resumed>) = 1 [pid 1040] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1039] <... close resumed>) = 0 [pid 1036] <... futex resumed>) = 0 [pid 1033] <... futex resumed>) = 0 [pid 1029] exit_group(0 [pid 297] umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1043] <... set_robust_list resumed>) = 0 [pid 1042] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1040] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 3, 0 [pid 1039] mkdir("./file0", 0777 [pid 1033] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1029] <... exit_group resumed>) = ? [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1043] rt_sigprocmask(SIG_SETMASK, [], [pid 1039] <... mkdir resumed>) = 0 [pid 1036] +++ exited with 0 +++ [pid 1035] <... futex resumed>) = ? [pid 1032] <... futex resumed>) = 0 [pid 1043] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1039] mount("/dev/loop2", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 1035] +++ exited with 0 +++ [pid 1032] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] newfstatat(AT_FDCWD, "./37/file0", [pid 1032] <... futex resumed>) = 1 [pid 1032] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1043] creat("./bus", 000 [pid 1042] <... futex resumed>) = 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1043] <... creat resumed>) = 3 [pid 1042] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 6, 0 [pid 297] umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1043] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1042] <... mmap resumed>) = 0x20000000 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1043] <... futex resumed>) = 1 [pid 1042] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1030] <... futex resumed>) = 0 [pid 297] openat(AT_FDCWD, "./37/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1030] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 29.772193][ T1039] loop2: detected capacity change from 0 to 512 [ 29.778464][ T1038] loop5: detected capacity change from 0 to 512 [ 29.789991][ T1037] EXT4-fs (loop4): mounted filesystem without journal. Opts: nodiscard,barrier,nouid32,grpquota,,errors=continue. Quota mode: writeback. [ 29.808950][ T1037] ext4 filesystem being mounted at /root/syzkaller.Zpv55J/32/file0 supports timestamps until 2038 (0x7fffffff) [pid 1030] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1043] mount("/dev/loop5", "./bus", NULL, MS_BIND, NULL [pid 1042] <... futex resumed>) = 1 [pid 1040] <... mmap resumed>) = 0x20000000 [pid 1034] +++ exited with 0 +++ [pid 1032] <... futex resumed>) = 0 [pid 1028] +++ exited with 0 +++ [pid 297] <... openat resumed>) = 4 [pid 1043] <... mount resumed>) = 0 [pid 1042] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1040] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1032] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] newfstatat(4, "", [pid 1043] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1042] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1040] <... futex resumed>) = 1 [pid 1033] <... futex resumed>) = 0 [pid 1032] <... futex resumed>) = 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1043] <... futex resumed>) = 0 [pid 1042] memfd_create("syzkaller", 0 [pid 1040] memfd_create("syzkaller", 0 [pid 1033] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] getdents64(4, [pid 1043] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1042] <... memfd_create resumed>) = 3 [pid 1040] <... memfd_create resumed>) = 7 [pid 1033] <... futex resumed>) = 0 [pid 297] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 1042] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1040] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 297] getdents64(4, [pid 1042] <... mmap resumed>) = 0x7f620fc24000 [pid 1040] <... mmap resumed>) = 0x7f620fc64000 [pid 297] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 1040] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 297] close(4 [pid 1040] <... write resumed>) = 65536 [pid 1030] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1028, si_uid=0, si_status=0, si_utime=1, si_stime=0} --- [pid 297] <... close resumed>) = 0 [pid 1030] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1040] munmap(0x7f620fc64000, 65536 [pid 297] rmdir("./37/file0" [pid 1043] <... futex resumed>) = 0 [pid 1030] <... futex resumed>) = 1 [pid 1043] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 1040] <... munmap resumed>) = 0 [pid 1030] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] <... rmdir resumed>) = 0 [pid 1040] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 297] getdents64(3, [pid 1040] <... openat resumed>) = 8 [pid 297] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 1040] ioctl(8, LOOP_SET_FD, 7 [pid 297] close(3 [pid 1040] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 297] <... close resumed>) = 0 [pid 1040] ioctl(8, LOOP_CLR_FD [pid 297] rmdir("./37" [pid 1040] <... ioctl resumed>) = 0 [pid 297] <... rmdir resumed>) = 0 [pid 297] mkdir("./38", 0777) = 0 [pid 297] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 297] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 297] close(3) = 0 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cc7690) = 1049 [pid 1040] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy) [pid 1040] close(8) = 0 [pid 1040] close(7) = 0 [pid 1040] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1040] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1049 attached [pid 1049] set_robust_list(0x555556cc76a0, 24) = 0 [pid 1049] chdir("./38") = 0 [pid 1049] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1049] setpgid(0, 0) = 0 [pid 1049] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1049] write(3, "1000", 4) = 4 [pid 1049] close(3) = 0 [pid 1049] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1049] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1049] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, NULL, 8) = 0 [pid 1049] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1049] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220445000 [pid 1049] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1049] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1049] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} => {parent_tid=[1050]}, 88) = 1050 [pid 1049] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1049] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1049] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1049] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220424000 [pid 1049] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1049] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1049] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} => {parent_tid=[1051]}, 88) = 1051 [pid 1049] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1049] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1049] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1043] <... open resumed>) = 5 [pid 1043] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1029] +++ exited with 0 +++ [pid 1042] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536) = 65536 [pid 1042] munmap(0x7f620fc24000, 65536) = 0 [pid 1042] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 8 [pid 1042] ioctl(8, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 1042] ioctl(8, LOOP_CLR_FD) = 0 [pid 1037] <... mount resumed>) = 0 [pid 1037] openat(AT_FDCWD, 0x20000000, O_RDONLY|O_DIRECTORY) = -1 ENOENT (No such file or directory) [pid 1037] ioctl(4, LOOP_CLR_FD) = 0 [pid 1037] close(4) = 0 [pid 1037] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1037] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1039] <... mount resumed>) = 0 [pid 1039] openat(AT_FDCWD, 0x20000000, O_RDONLY|O_DIRECTORY [pid 1033] exit_group(0 [pid 1040] <... futex resumed>) = ? [pid 1037] <... futex resumed>) = ? [pid 1033] <... exit_group resumed>) = ? [pid 1040] +++ exited with 0 +++ [pid 1037] +++ exited with 0 +++ [pid 1033] +++ exited with 0 +++ [pid 1042] ioctl(8, LOOP_SET_FD, 3 [pid 300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1033, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- [pid 1042] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 1042] close(8) = 0 [pid 1042] close(3) = 0 [pid 1042] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1042] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1039] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 1039] ioctl(4, LOOP_CLR_FD) = 0 [pid 1039] close(4) = 0 [pid 1039] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1039] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1050 attached [pid 1050] set_robust_list(0x7f62204659a0, 24) = 0 [pid 1050] rt_sigprocmask(SIG_SETMASK, [], [pid 1032] exit_group(0 [pid 1042] <... futex resumed>) = ? [pid 1032] <... exit_group resumed>) = ? [pid 1042] +++ exited with 0 +++ [pid 300] umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 300] openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 300] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 300] getdents64(3, 0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 300] umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1039] <... futex resumed>) = ? [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1029, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 1043] <... futex resumed>) = 1 [pid 1030] <... futex resumed>) = 0 [pid 299] umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1043] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1030] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1043] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1030] <... futex resumed>) = 0 [pid 299] openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1043] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 1030] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 300] <... umount2 resumed>) = 0 [pid 1043] <... socket resumed>) = 6 [pid 300] umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] <... openat resumed>) = 3 [pid 296] openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1043] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1039] +++ exited with 0 +++ [pid 1032] +++ exited with 0 +++ [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(3, "", [pid 296] <... openat resumed>) = 3 [pid 1050] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1050] memfd_create("syzkaller", 0) = 3 [pid 1050] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6218024000 [pid 1050] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 1050] munmap(0x7f6218024000, 262144) = 0 [pid 1050] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [ 29.812134][ T1039] EXT4-fs (loop2): mounted filesystem without journal. Opts: nodiscard,barrier,nouid32,grpquota,,errors=continue. Quota mode: writeback. [ 29.835423][ T1039] ext4 filesystem being mounted at /root/syzkaller.4RDDfu/34/file0 supports timestamps until 2038 (0x7fffffff) [ 29.856518][ T1038] EXT4-fs (loop5): mounted filesystem without journal. Opts: nodiscard,barrier,nouid32,grpquota,,errors=continue. Quota mode: writeback. [pid 1050] ioctl(4, LOOP_SET_FD, 3 [pid 1043] <... futex resumed>) = 1 [pid 1030] <... futex resumed>) = 0 [pid 300] newfstatat(AT_FDCWD, "./32/bus", [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] newfstatat(3, "", [pid 1050] <... ioctl resumed>) = 0 [pid 1050] close(3) = 0 [pid 1050] mkdir("./file0", 0777 [pid 1043] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1030] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 ./strace-static-x86_64: Process 1051 attached [pid 299] getdents64(3, [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1032, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1051] set_robust_list(0x7f62204449a0, 24 [pid 1050] <... mkdir resumed>) = 0 [pid 1043] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1030] <... futex resumed>) = 0 [pid 300] unlink("./32/bus" [pid 299] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 128 [pid 298] umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] getdents64(3, [pid 1051] <... set_robust_list resumed>) = 0 [pid 1050] mount("/dev/loop1", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 1051] rt_sigprocmask(SIG_SETMASK, [], [pid 1030] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 300] <... unlink resumed>) = 0 [pid 1043] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 296] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 128 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1051] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1051] creat("./bus", 000 [pid 1043] <... mmap resumed>) = 0x20000000 [pid 300] umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1043] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 296] umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1051] <... creat resumed>) = 3 [pid 1043] <... futex resumed>) = 1 [pid 1030] <... futex resumed>) = 0 [pid 298] <... openat resumed>) = 3 [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... umount2 resumed>) = 0 [pid 1030] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... umount2 resumed>) = 0 [pid 298] newfstatat(3, "", [pid 1043] memfd_create("syzkaller", 0 [pid 1030] <... futex resumed>) = 0 [pid 300] newfstatat(AT_FDCWD, "./32/binderfs", [pid 299] umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1043] <... memfd_create resumed>) = 7 [pid 300] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1051] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1049] <... futex resumed>) = 0 [pid 298] getdents64(3, [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1043] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 300] unlink("./32/binderfs" [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1051] mount("/dev/loop1", "./bus", NULL, MS_BIND, NULL [pid 1049] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1051] <... mount resumed>) = 0 [pid 1049] <... futex resumed>) = 0 [pid 299] newfstatat(AT_FDCWD, "./32/bus", [pid 298] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 296] newfstatat(AT_FDCWD, "./30/bus", [pid 1043] <... mmap resumed>) = 0x7f620fc24000 [pid 300] <... unlink resumed>) = 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] unlink("./32/bus" [pid 1051] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1049] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 296] unlink("./30/bus" [pid 1051] <... futex resumed>) = 0 [pid 1049] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1051] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1049] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1051] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1049] <... futex resumed>) = 0 [pid 1051] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 1049] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1043] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 1051] <... open resumed>) = 5 [pid 1051] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... unlink resumed>) = 0 [pid 1051] <... futex resumed>) = 1 [pid 1049] <... futex resumed>) = 0 [pid 1051] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1049] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... unlink resumed>) = 0 [pid 1051] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1049] <... futex resumed>) = 0 [pid 300] umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] <... umount2 resumed>) = 0 [pid 296] umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1051] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 1049] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1051] <... socket resumed>) = 6 [pid 1043] <... write resumed>) = 65536 [pid 299] umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1051] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1049] <... futex resumed>) = 0 [pid 1051] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1049] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1051] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1049] <... futex resumed>) = 0 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./30/binderfs", [pid 1051] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 1049] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1051] <... mmap resumed>) = 0x20000000 [pid 1051] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1049] <... futex resumed>) = 0 [pid 1051] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1049] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1051] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1049] <... futex resumed>) = 0 [pid 1043] munmap(0x7f620fc24000, 65536 [pid 299] newfstatat(AT_FDCWD, "./32/binderfs", [pid 298] newfstatat(AT_FDCWD, "./34/bus", [pid 296] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1051] memfd_create("syzkaller", 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] unlink("./30/binderfs" [pid 1051] <... memfd_create resumed>) = 7 [pid 1043] <... munmap resumed>) = 0 [pid 1051] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f620fc64000 [pid 1051] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 1043] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 299] unlink("./32/binderfs" [pid 298] unlink("./34/bus" [pid 296] <... unlink resumed>) = 0 [pid 1051] <... write resumed>) = 65536 [pid 1051] munmap(0x7f620fc64000, 65536) = 0 [pid 298] <... unlink resumed>) = 0 [pid 1051] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 8 [pid 299] <... unlink resumed>) = 0 [pid 298] umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] umount2("./30/ext4", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1051] ioctl(8, LOOP_SET_FD, 7 [pid 1043] <... openat resumed>) = 8 [pid 1051] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 299] umount2("./32/ext4", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1051] ioctl(8, LOOP_CLR_FD) = 0 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./34/binderfs", [pid 296] newfstatat(AT_FDCWD, "./30/ext4", [pid 1051] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy) [pid 1051] close(8) = 0 [pid 1051] close(7) = 0 [pid 1051] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1051] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1043] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy) [pid 1043] ioctl(8, LOOP_CLR_FD) = 0 [pid 1038] <... mount resumed>) = 0 [pid 1038] openat(AT_FDCWD, 0x20000000, O_RDONLY|O_DIRECTORY) = -1 ENOENT (No such file or directory) [pid 1038] ioctl(4, LOOP_CLR_FD) = 0 [pid 1038] close(4) = 0 [pid 1038] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1038] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1043] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy) [pid 1043] close(8) = 0 [pid 1043] close(7) = 0 [pid 1043] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1043] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1050] <... mount resumed>) = -1 EBADMSG (Bad message) [pid 299] newfstatat(AT_FDCWD, "./32/ext4", [pid 298] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1050] ioctl(4, LOOP_CLR_FD [pid 1030] exit_group(0 [pid 1050] <... ioctl resumed>) = 0 [pid 1050] close(4) = 0 [pid 1050] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] unlink("./34/binderfs" [pid 1043] <... futex resumed>) = ? [pid 1030] <... exit_group resumed>) = ? [pid 299] umount2("./32/ext4", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] umount2("./30/ext4", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1050] <... futex resumed>) = 0 [pid 1050] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 298] <... unlink resumed>) = 0 [pid 1043] +++ exited with 0 +++ [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./30/ext4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 299] openat(AT_FDCWD, "./32/ext4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 298] umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] newfstatat(4, "", [pid 1038] <... futex resumed>) = ? [pid 299] <... openat resumed>) = 4 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1049] exit_group(0 [pid 1051] <... futex resumed>) = ? [pid 1049] <... exit_group resumed>) = ? [pid 299] newfstatat(4, "", [pid 296] getdents64(4, [pid 1051] +++ exited with 0 +++ [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 299] getdents64(4, [pid 296] getdents64(4, [pid 299] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 296] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 1050] <... futex resumed>) = ? [pid 299] getdents64(4, [pid 296] close(4 [pid 1038] +++ exited with 0 +++ [pid 1030] +++ exited with 0 +++ [pid 299] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 296] <... close resumed>) = 0 [pid 301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1030, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 299] close(4 [pid 296] rmdir("./30/ext4" [pid 299] <... close resumed>) = 0 [pid 299] rmdir("./32/ext4") = 0 [pid 296] <... rmdir resumed>) = 0 [pid 299] getdents64(3, 0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 299] close(3) = 0 [pid 299] rmdir("./32") = 0 [pid 296] getdents64(3, [pid 299] mkdir("./33", 0777) = 0 [pid 296] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 301] umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] <... openat resumed>) = 3 [pid 296] close(3 [pid 301] openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 299] ioctl(3, LOOP_CLR_FD [pid 301] <... openat resumed>) = 3 [pid 299] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 296] <... close resumed>) = 0 [pid 301] newfstatat(3, "", [pid 299] close(3 [pid 301] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] <... close resumed>) = 0 [pid 301] getdents64(3, [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 301] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 296] rmdir("./30" [pid 301] umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] <... clone resumed>, child_tidptr=0x555556cc7690) = 1052 ./strace-static-x86_64: Process 1052 attached [pid 1052] set_robust_list(0x555556cc76a0, 24 [pid 296] <... rmdir resumed>) = 0 [pid 1052] <... set_robust_list resumed>) = 0 [pid 1052] chdir("./33") = 0 [pid 301] <... umount2 resumed>) = 0 [pid 296] mkdir("./31", 0777 [pid 1052] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1052] setpgid(0, 0) = 0 [pid 1052] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 301] umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... mkdir resumed>) = 0 [pid 1052] write(3, "1000", 4) = 4 [pid 1052] close(3) = 0 [pid 1052] symlink("/dev/binderfs", "./binderfs" [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1052] <... symlink resumed>) = 0 [pid 301] newfstatat(AT_FDCWD, "./34/bus", [pid 296] <... openat resumed>) = 3 [pid 1052] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1052] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, NULL, 8) = 0 [pid 1052] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 301] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] ioctl(3, LOOP_CLR_FD [pid 1052] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1052] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220445000 [pid 301] unlink("./34/bus" [pid 296] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 1052] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1052] rt_sigprocmask(SIG_BLOCK, ~[], [pid 301] <... unlink resumed>) = 0 [pid 296] close(3 [pid 1052] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1052] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} => {parent_tid=[1053]}, 88) = 1053 [pid 301] umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... close resumed>) = 0 [pid 1052] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1052] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1052] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1052] <... futex resumed>) = 0 [pid 1052] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220424000 [pid 1052] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1052] rt_sigprocmask(SIG_BLOCK, ~[], [pid 301] newfstatat(AT_FDCWD, "./34/binderfs", [pid 296] <... clone resumed>, child_tidptr=0x555556cc7690) = 1054 [pid 301] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 301] unlink("./34/binderfs" [pid 1052] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1052] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 301] <... unlink resumed>) = 0 [pid 301] umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1052] <... clone3 resumed> => {parent_tid=[1055]}, 88) = 1055 [pid 1052] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1052] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1052] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1053 attached [pid 1053] set_robust_list(0x7f62204659a0, 24) = 0 [pid 1053] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1053] memfd_create("syzkaller", 0) = 3 [pid 1053] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6218024000 ./strace-static-x86_64: Process 1055 attached ./strace-static-x86_64: Process 1054 attached [pid 1050] +++ exited with 0 +++ [pid 1049] +++ exited with 0 +++ [pid 300] <... umount2 resumed>) = 0 [pid 298] <... umount2 resumed>) = 0 [pid 300] umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1049, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 298] umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 300] newfstatat(AT_FDCWD, "./32/file0", [pid 298] newfstatat(AT_FDCWD, "./34/file0", [pid 1054] set_robust_list(0x555556cc76a0, 24 [pid 297] umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1055] set_robust_list(0x7f62204449a0, 24 [pid 300] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 300] umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 300] openat(AT_FDCWD, "./32/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1055] <... set_robust_list resumed>) = 0 [pid 1054] <... set_robust_list resumed>) = 0 [pid 298] umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 300] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 300] getdents64(4, [pid 297] <... openat resumed>) = 3 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(3, "", [pid 1054] chdir("./31" [pid 1055] rt_sigprocmask(SIG_SETMASK, [], [pid 300] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 298] openat(AT_FDCWD, "./34/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 300] getdents64(4, [pid 297] getdents64(3, [pid 300] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 298] <... openat resumed>) = 4 [pid 297] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 298] newfstatat(4, "", [pid 300] close(4) = 0 [pid 300] rmdir("./32/file0" [pid 1055] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1054] <... chdir resumed>) = 0 [pid 300] <... rmdir resumed>) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] umount2("./38/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] getdents64(3, 0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 298] getdents64(4, [pid 297] <... umount2 resumed>) = 0 [pid 300] close(3 [pid 297] umount2("./38/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] <... close resumed>) = 0 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 300] rmdir("./32" [pid 297] newfstatat(AT_FDCWD, "./38/bus", [pid 298] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 300] <... rmdir resumed>) = 0 [pid 298] getdents64(4, [pid 297] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 300] mkdir("./33", 0777 [pid 298] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 297] unlink("./38/bus" [pid 1055] creat("./bus", 000 [pid 1054] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 300] <... mkdir resumed>) = 0 [pid 298] close(4 [pid 297] <... unlink resumed>) = 0 [pid 300] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 298] <... close resumed>) = 0 [pid 297] umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1054] <... prctl resumed>) = 0 [pid 300] <... openat resumed>) = 3 [pid 298] rmdir("./34/file0" [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 300] ioctl(3, LOOP_CLR_FD [pid 297] newfstatat(AT_FDCWD, "./38/binderfs", [pid 300] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 297] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 300] close(3 [pid 297] unlink("./38/binderfs" [pid 298] <... rmdir resumed>) = 0 [pid 1054] setpgid(0, 0 [pid 300] <... close resumed>) = 0 [pid 298] getdents64(3, [pid 297] <... unlink resumed>) = 0 [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 298] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 297] umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1055] <... creat resumed>) = 4 [pid 1054] <... setpgid resumed>) = 0 [pid 298] close(3 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 1056 attached [pid 300] <... clone resumed>, child_tidptr=0x555556cc7690) = 1056 [pid 297] newfstatat(AT_FDCWD, "./38/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1054] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 298] <... close resumed>) = 0 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1055] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] openat(AT_FDCWD, "./38/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 297] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(4, 0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 297] getdents64(4, 0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 297] close(4) = 0 [pid 297] rmdir("./38/file0" [pid 1056] set_robust_list(0x555556cc76a0, 24 [pid 1055] <... futex resumed>) = 1 [pid 1054] <... openat resumed>) = 3 [pid 1052] <... futex resumed>) = 0 [pid 298] rmdir("./34" [pid 297] <... rmdir resumed>) = 0 [pid 1052] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] getdents64(3, [pid 1052] <... futex resumed>) = 0 [pid 297] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 1052] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] close(3 [pid 298] <... rmdir resumed>) = 0 [pid 297] <... close resumed>) = 0 [pid 297] rmdir("./38" [pid 1056] <... set_robust_list resumed>) = 0 [pid 1055] mount("/dev/loop3", "./bus", NULL, MS_BIND, NULL [pid 1054] write(3, "1000", 4 [pid 298] mkdir("./35", 0777 [pid 297] <... rmdir resumed>) = 0 [pid 297] mkdir("./39", 0777 [pid 298] <... mkdir resumed>) = 0 [pid 297] <... mkdir resumed>) = 0 [pid 297] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 1054] <... write resumed>) = 4 [pid 298] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 297] <... openat resumed>) = 3 [pid 298] <... openat resumed>) = 3 [pid 297] ioctl(3, LOOP_CLR_FD [pid 1054] close(3 [pid 298] ioctl(3, LOOP_CLR_FD [pid 297] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 1054] <... close resumed>) = 0 [pid 298] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 297] close(3 [pid 1055] <... mount resumed>) = 0 [pid 1054] symlink("/dev/binderfs", "./binderfs" [pid 298] close(3 [pid 297] <... close resumed>) = 0 [pid 1055] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1054] <... symlink resumed>) = 0 [pid 1053] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 298] <... close resumed>) = 0 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 1057 attached [pid 1056] chdir("./33" [pid 1055] <... futex resumed>) = 1 [pid 1054] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1053] <... write resumed>) = 262144 [pid 1052] <... futex resumed>) = 0 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1052] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... clone resumed>, child_tidptr=0x555556cc7690) = 1057 [pid 1052] <... futex resumed>) = 0 [pid 1052] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1053] munmap(0x7f6218024000, 262144 [pid 1056] <... chdir resumed>) = 0 [pid 1055] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 1054] <... futex resumed>) = 0 [pid 1053] <... munmap resumed>) = 0 [pid 1057] set_robust_list(0x555556cc76a0, 24 [pid 1053] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 5 [pid 1053] ioctl(5, LOOP_SET_FD, 3 [pid 1055] <... open resumed>) = 6 [ 29.859994][ T1050] loop1: detected capacity change from 0 to 512 [ 29.877080][ T1038] ext4 filesystem being mounted at /root/syzkaller.bzF58U/34/file0 supports timestamps until 2038 (0x7fffffff) [ 29.898141][ T1050] EXT4-fs warning (device loop1): read_mmp_block:115: Error -74 while reading MMP block 12 [pid 1054] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 1056] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 298] <... clone resumed>, child_tidptr=0x555556cc7690) = 1058 [pid 1057] <... set_robust_list resumed>) = 0 [pid 1055] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1054] <... rt_sigaction resumed>NULL, 8) = 0 ./strace-static-x86_64: Process 1058 attached [pid 1054] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 1055] <... futex resumed>) = 1 [pid 1052] <... futex resumed>) = 0 [pid 1057] chdir("./39" [pid 1056] <... prctl resumed>) = 0 [pid 1053] <... ioctl resumed>) = 0 [pid 1052] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1052] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1058] set_robust_list(0x555556cc76a0, 24 [pid 1056] setpgid(0, 0 [pid 1055] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 1054] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1057] <... chdir resumed>) = 0 [pid 1053] close(3 [pid 1058] <... set_robust_list resumed>) = 0 [pid 1058] chdir("./35" [pid 1055] <... socket resumed>) = 7 [pid 1056] <... setpgid resumed>) = 0 [pid 1054] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1055] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1058] <... chdir resumed>) = 0 [pid 1054] <... mmap resumed>) = 0x7f6220445000 [pid 1058] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1056] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1055] <... futex resumed>) = 1 [pid 1054] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 1052] <... futex resumed>) = 0 [pid 1052] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1052] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1058] <... prctl resumed>) = 0 [pid 1058] setpgid(0, 0 [pid 1054] <... mprotect resumed>) = 0 [pid 1055] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 6, 0 [pid 1058] <... setpgid resumed>) = 0 [pid 1058] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1056] <... openat resumed>) = 3 [pid 1054] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1058] <... openat resumed>) = 3 [pid 1057] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1056] write(3, "1000", 4 [pid 1055] <... mmap resumed>) = 0x20000000 [pid 1054] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1053] <... close resumed>) = 0 [pid 1058] write(3, "1000", 4 [pid 1057] <... prctl resumed>) = 0 [pid 1056] <... write resumed>) = 4 [pid 1055] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1054] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 1053] mkdir(0x20000000, 0777 [pid 1058] <... write resumed>) = 4 [pid 1057] setpgid(0, 0 [pid 1056] close(3 [pid 1055] <... futex resumed>) = 1 [pid 1052] <... futex resumed>) = 0 [pid 1058] close(3 [pid 1052] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1058] <... close resumed>) = 0 [pid 1052] <... futex resumed>) = 0 [pid 1058] symlink("/dev/binderfs", "./binderfs"./strace-static-x86_64: Process 1059 attached [pid 1057] <... setpgid resumed>) = 0 [pid 1056] <... close resumed>) = 0 [pid 1055] memfd_create("syzkaller", 0 [pid 1054] <... clone3 resumed> => {parent_tid=[1059]}, 88) = 1059 [pid 1059] set_robust_list(0x7f62204659a0, 24 [pid 1058] <... symlink resumed>) = 0 [pid 1057] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1056] symlink("/dev/binderfs", "./binderfs" [pid 1055] <... memfd_create resumed>) = 3 [pid 1053] <... mkdir resumed>) = 0 [pid 1058] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1055] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1054] rt_sigprocmask(SIG_SETMASK, [], [pid 1053] mount("/dev/loop3", 0x20000000, 0x200005c0, MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"... [pid 1058] <... futex resumed>) = 0 [pid 1055] <... mmap resumed>) = 0x7f620fc64000 [pid 1053] <... mount resumed>) = -1 ENODEV (No such device) [pid 1058] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 1055] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 1053] ioctl(5, LOOP_CLR_FD [pid 301] <... umount2 resumed>) = 0 [pid 1058] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1056] <... symlink resumed>) = 0 [pid 1055] <... write resumed>) = 65536 [pid 1053] <... ioctl resumed>) = 0 [pid 1058] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 1055] munmap(0x7f620fc64000, 65536 [pid 1053] close(5 [pid 1058] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1055] <... munmap resumed>) = 0 [pid 1053] <... close resumed>) = 0 [pid 1058] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1055] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 1053] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1058] <... mmap resumed>) = 0x7f6220445000 [pid 1055] <... openat resumed>) = 5 [pid 1053] <... futex resumed>) = 0 [pid 1058] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 1055] ioctl(5, LOOP_SET_FD, 3 [pid 1053] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1058] <... mprotect resumed>) = 0 [pid 1055] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 1058] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1055] ioctl(5, LOOP_CLR_FD [pid 1058] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1055] <... ioctl resumed>) = 0 [pid 1058] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} => {parent_tid=[1060]}, 88) = 1060 [pid 1058] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1058] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1058] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1058] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220424000 [pid 1058] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1058] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1058] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} => {parent_tid=[1061]}, 88) = 1061 [pid 1058] rt_sigprocmask(SIG_SETMASK, [], [pid 1055] ioctl(5, LOOP_SET_FD, 3 [pid 1058] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1055] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 1058] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1055] close(5 [pid 1058] <... futex resumed>) = 0 [pid 1055] <... close resumed>) = 0 [pid 1058] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1055] close(3) = 0 [pid 1055] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1055] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1060 attached [pid 1060] set_robust_list(0x7f62204659a0, 24) = 0 [pid 1060] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1060] memfd_create("syzkaller", 0) = 3 [pid 1060] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6218024000 [pid 1052] exit_group(0 [pid 1055] <... futex resumed>) = ? [pid 1053] <... futex resumed>) = ? [pid 1052] <... exit_group resumed>) = ? [pid 1055] +++ exited with 0 +++ [pid 1053] +++ exited with 0 +++ [pid 1059] <... set_robust_list resumed>) = 0 [pid 1057] <... openat resumed>) = 3 [pid 1056] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1054] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 301] umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1057] write(3, "1000", 4 [pid 1056] <... futex resumed>) = 0 [pid 1057] <... write resumed>) = 4 [pid 1054] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1056] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 1054] <... futex resumed>) = 0 [pid 1059] rt_sigprocmask(SIG_SETMASK, [], [pid 1057] close(3 [pid 301] newfstatat(AT_FDCWD, "./34/file0", [pid 1054] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1056] <... rt_sigaction resumed>NULL, 8) = 0 [pid 301] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1057] <... close resumed>) = 0 [pid 1056] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 1054] <... futex resumed>) = 0 [pid 1056] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1054] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1059] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1057] symlink("/dev/binderfs", "./binderfs" [pid 301] umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1056] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1054] <... mmap resumed>) = 0x7f6220424000 [pid 1057] <... symlink resumed>) = 0 [pid 1056] <... mmap resumed>) = 0x7f6220445000 [pid 1054] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1060] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 1059] memfd_create("syzkaller", 0 [pid 1057] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1056] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 1054] <... mprotect resumed>) = 0 [pid 301] openat(AT_FDCWD, "./34/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1057] <... futex resumed>) = 0 [pid 1056] <... mprotect resumed>) = 0 [pid 1054] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1057] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 301] <... openat resumed>) = 4 [pid 1056] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1054] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1057] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1056] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1054] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 301] newfstatat(4, "", [pid 1059] <... memfd_create resumed>) = 3 [pid 1057] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 1056] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 301] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1057] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1060] <... write resumed>) = 262144 [pid 1059] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1057] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1054] <... clone3 resumed> => {parent_tid=[1062]}, 88) = 1062 [pid 301] getdents64(4, [pid 1060] munmap(0x7f6218024000, 262144) = 0 [pid 1057] <... mmap resumed>) = 0x7f6220445000 [pid 1054] rt_sigprocmask(SIG_SETMASK, [], [pid 1056] <... clone3 resumed> => {parent_tid=[1063]}, 88) = 1063 [pid 1059] <... mmap resumed>) = 0x7f6218024000 [pid 301] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 1060] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 1057] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 1054] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1057] <... mprotect resumed>) = 0 [pid 1056] rt_sigprocmask(SIG_SETMASK, [], [pid 301] getdents64(4, [pid 1054] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1057] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1056] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1054] <... futex resumed>) = 0 [pid 301] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 1057] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1056] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1054] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] close(4 [pid 1057] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 1056] <... futex resumed>) = 0 [pid 301] <... close resumed>) = 0 [pid 1060] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 1064 attached ./strace-static-x86_64: Process 1063 attached ./strace-static-x86_64: Process 1062 attached ./strace-static-x86_64: Process 1061 attached [pid 1059] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 1056] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] rmdir("./34/file0" [pid 1064] set_robust_list(0x7f62204659a0, 24 [pid 1062] set_robust_list(0x7f62204449a0, 24 [pid 1061] set_robust_list(0x7f62204449a0, 24 [pid 1059] <... write resumed>) = 262144 [pid 1057] <... clone3 resumed> => {parent_tid=[1064]}, 88) = 1064 [pid 1056] <... futex resumed>) = 0 [pid 301] <... rmdir resumed>) = 0 [pid 1064] <... set_robust_list resumed>) = 0 [pid 1062] <... set_robust_list resumed>) = 0 [pid 1061] <... set_robust_list resumed>) = 0 [pid 1059] munmap(0x7f6218024000, 262144 [pid 1057] rt_sigprocmask(SIG_SETMASK, [], [pid 1056] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 301] getdents64(3, [pid 1064] rt_sigprocmask(SIG_SETMASK, [], [pid 1062] rt_sigprocmask(SIG_SETMASK, [], [pid 1063] set_robust_list(0x7f62204659a0, 24 [pid 1062] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1057] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1063] <... set_robust_list resumed>) = 0 [pid 1062] creat("./bus", 000 [pid 1059] <... munmap resumed>) = 0 [pid 1056] <... mmap resumed>) = 0x7f6220424000 [pid 1057] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 1064] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1063] rt_sigprocmask(SIG_SETMASK, [], [pid 1062] <... creat resumed>) = 4 [pid 1061] rt_sigprocmask(SIG_SETMASK, [], [pid 1059] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1057] <... futex resumed>) = 0 [pid 1056] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 301] close(3 [pid 1063] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1062] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1059] <... openat resumed>) = 5 [pid 1057] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1056] <... mprotect resumed>) = 0 [pid 301] <... close resumed>) = 0 [pid 1057] <... futex resumed>) = 0 [pid 1063] memfd_create("syzkaller", 0 [pid 1062] <... futex resumed>) = 1 [pid 1059] ioctl(5, LOOP_SET_FD, 3 [pid 1057] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1056] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1054] <... futex resumed>) = 0 [pid 301] rmdir("./34" [pid 1063] <... memfd_create resumed>) = 3 [pid 1062] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 1057] <... mmap resumed>) = 0x7f6220424000 [pid 1054] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1063] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1062] <... mount resumed>) = 0 [pid 1054] <... futex resumed>) = 0 [pid 1063] <... mmap resumed>) = 0x7f6218024000 [pid 1062] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1054] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1063] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 1062] <... futex resumed>) = 0 [pid 1054] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1063] <... write resumed>) = 262144 [pid 1062] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1054] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1062] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1054] <... futex resumed>) = 0 [pid 1062] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 1054] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1063] munmap(0x7f6218024000, 262144) = 0 [pid 1063] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 1063] ioctl(4, LOOP_SET_FD, 3 [pid 1064] memfd_create("syzkaller", 0 [pid 1061] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1060] <... ioctl resumed>) = 0 [pid 1059] <... ioctl resumed>) = 0 [pid 1057] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 1056] <... rt_sigprocmask resumed>[], 8) = 0 [pid 301] <... rmdir resumed>) = 0 [pid 1064] <... memfd_create resumed>) = 3 [pid 1061] creat("./bus", 000 [pid 1057] <... mprotect resumed>) = 0 [pid 1056] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 301] mkdir("./35", 0777 [pid 1064] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1061] <... creat resumed>) = 5 [pid 1057] rt_sigprocmask(SIG_BLOCK, ~[], [pid 301] <... mkdir resumed>) = 0 [pid 1064] <... mmap resumed>) = 0x7f6218024000 [pid 1061] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1057] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1056] <... clone3 resumed> => {parent_tid=[1065]}, 88) = 1065 [pid 301] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 1064] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 1061] <... futex resumed>) = 1 [pid 1057] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 1056] rt_sigprocmask(SIG_SETMASK, [], [pid 301] <... openat resumed>) = 3 ./strace-static-x86_64: Process 1066 attached ./strace-static-x86_64: Process 1065 attached [pid 1064] <... write resumed>) = 262144 [pid 1063] <... ioctl resumed>) = 0 [pid 1062] <... open resumed>) = 6 [pid 1061] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1060] close(3 [pid 1059] close(3 [pid 1058] <... futex resumed>) = 0 [pid 1056] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 301] ioctl(3, LOOP_CLR_FD [pid 1066] set_robust_list(0x7f62204449a0, 24 [pid 1065] set_robust_list(0x7f62204449a0, 24 [pid 1062] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1061] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1058] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1057] <... clone3 resumed> => {parent_tid=[1066]}, 88) = 1066 [pid 1056] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 1066] <... set_robust_list resumed>) = 0 [pid 1065] <... set_robust_list resumed>) = 0 [pid 1062] <... futex resumed>) = 1 [pid 1061] mount("/dev/loop2", "./bus", NULL, MS_BIND, NULL [pid 1058] <... futex resumed>) = 0 [pid 1057] rt_sigprocmask(SIG_SETMASK, [], [pid 1056] <... futex resumed>) = 0 [pid 1054] <... futex resumed>) = 0 [pid 301] close(3 [pid 1066] rt_sigprocmask(SIG_SETMASK, [], [pid 1065] rt_sigprocmask(SIG_SETMASK, [], [pid 1064] munmap(0x7f6218024000, 262144 [pid 1062] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1060] <... close resumed>) = 0 [pid 1058] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1057] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1054] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1056] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1066] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1065] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1064] <... munmap resumed>) = 0 [pid 1062] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1061] <... mount resumed>) = 0 [pid 1060] mkdir("./file0", 0777 [pid 1057] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1054] <... futex resumed>) = 0 [pid 301] <... close resumed>) = 0 [pid 1066] creat("./bus", 000 [pid 1065] creat("./bus", 000 [pid 1064] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 1062] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 1061] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1060] <... mkdir resumed>) = 0 [pid 1057] <... futex resumed>) = 0 [pid 1054] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1066] <... creat resumed>) = 4 [pid 1064] <... openat resumed>) = 5 [pid 1062] <... socket resumed>) = 7 [pid 1060] mount("/dev/loop2", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1066] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1065] <... creat resumed>) = 5 [pid 1064] ioctl(5, LOOP_SET_FD, 3 [ 29.947818][ T1053] loop3: detected capacity change from 0 to 512 [ 29.975720][ T1060] loop2: detected capacity change from 0 to 512 [ 29.984141][ T1059] loop0: detected capacity change from 0 to 512 [ 29.987168][ T1063] loop4: detected capacity change from 0 to 512 [pid 1062] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1057] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1067 attached [pid 1066] <... futex resumed>) = 0 [pid 1065] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1062] <... futex resumed>) = 1 [pid 1061] <... futex resumed>) = 1 [pid 1058] <... futex resumed>) = 0 [pid 1057] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1054] <... futex resumed>) = 0 [pid 1067] set_robust_list(0x555556cc76a0, 24 [pid 1066] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1065] <... futex resumed>) = 1 [pid 1064] <... ioctl resumed>) = 0 [pid 1063] close(3 [pid 1062] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1061] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1059] <... close resumed>) = 0 [pid 1058] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1057] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1056] <... futex resumed>) = 0 [pid 1054] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1052] +++ exited with 0 +++ [pid 301] <... clone resumed>, child_tidptr=0x555556cc7690) = 1067 [pid 1067] <... set_robust_list resumed>) = 0 [pid 1066] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1065] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1064] close(3 [pid 1063] <... close resumed>) = 0 [pid 1062] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1061] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1059] mkdir("./file0", 0777 [pid 1058] <... futex resumed>) = 0 [pid 1057] <... futex resumed>) = 0 [pid 1056] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1054] <... futex resumed>) = 0 [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1052, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 1067] chdir("./35" [pid 1066] mount("/dev/loop1", "./bus", NULL, MS_BIND, NULL [pid 1065] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1064] <... close resumed>) = 0 [pid 1063] mkdir("./file0", 0777 [pid 1062] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 6, 0 [pid 1061] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 1059] <... mkdir resumed>) = 0 [pid 1058] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1056] <... futex resumed>) = 0 [pid 1054] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1057] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1067] <... chdir resumed>) = 0 [pid 1066] <... mount resumed>) = 0 [pid 1065] mount("/dev/loop4", "./bus", NULL, MS_BIND, NULL [pid 1064] mkdir("./file0", 0777 [pid 1063] <... mkdir resumed>) = 0 [pid 1062] <... mmap resumed>) = 0x20000000 [pid 1061] <... open resumed>) = 3 [pid 1056] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1067] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1066] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1065] <... mount resumed>) = 0 [pid 1064] <... mkdir resumed>) = 0 [pid 1063] mount("/dev/loop4", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 1062] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1059] mount("/dev/loop0", 0x20000000, 0x200005c0, MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"... [pid 1061] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1067] <... prctl resumed>) = 0 [pid 1066] <... futex resumed>) = 1 [pid 1065] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1064] mount("/dev/loop1", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 1062] <... futex resumed>) = 1 [pid 1057] <... futex resumed>) = 0 [pid 1054] <... futex resumed>) = 0 [pid 1067] setpgid(0, 0 [pid 1062] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1057] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1054] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1066] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 1067] <... setpgid resumed>) = 0 [pid 1065] <... futex resumed>) = 1 [pid 1062] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1061] <... futex resumed>) = 1 [pid 1059] <... mount resumed>) = -1 ENOENT (No such file or directory) [pid 1058] <... futex resumed>) = 0 [pid 1057] <... futex resumed>) = 0 [pid 1056] <... futex resumed>) = 0 [pid 1054] <... futex resumed>) = 0 [pid 1067] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1062] memfd_create("syzkaller", 0 [pid 1058] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1067] <... openat resumed>) = 3 [pid 1062] <... memfd_create resumed>) = 3 [pid 1058] <... futex resumed>) = 0 [pid 1067] write(3, "1000", 4 [pid 1062] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1058] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1067] <... write resumed>) = 4 [pid 1062] <... mmap resumed>) = 0x7f620fc64000 [pid 1067] close(3 [pid 1062] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 1067] <... close resumed>) = 0 [pid 1062] <... write resumed>) = 65536 [pid 1067] symlink("/dev/binderfs", "./binderfs" [pid 1062] munmap(0x7f620fc64000, 65536 [pid 1067] <... symlink resumed>) = 0 [pid 1062] <... munmap resumed>) = 0 [pid 1067] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1062] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1067] <... futex resumed>) = 0 [pid 1062] <... openat resumed>) = 8 [pid 1067] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 1062] ioctl(8, LOOP_SET_FD, 3 [pid 1056] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1067] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1066] <... open resumed>) = 3 [pid 1065] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 1062] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 1061] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 1059] ioctl(5, LOOP_CLR_FD [pid 1057] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1056] <... futex resumed>) = 0 [pid 1067] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 1066] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1065] <... open resumed>) = 3 [pid 1062] ioctl(8, LOOP_CLR_FD [pid 1061] <... socket resumed>) = 6 [pid 1057] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1056] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1067] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1066] <... futex resumed>) = 0 [pid 1065] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1062] <... ioctl resumed>) = 0 [pid 1061] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1059] <... ioctl resumed>) = 0 [pid 1057] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1056] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1067] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1066] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 1065] <... futex resumed>) = 0 [pid 1061] <... futex resumed>) = 1 [pid 1059] close(5 [pid 1058] <... futex resumed>) = 0 [pid 1057] <... futex resumed>) = 0 [pid 1056] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1067] <... mmap resumed>) = 0x7f6220445000 [pid 1066] <... socket resumed>) = 6 [pid 1065] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 1061] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 3, 0 [pid 1059] <... close resumed>) = 0 [pid 1058] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1057] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1056] <... futex resumed>) = 0 [pid 299] <... openat resumed>) = 3 [pid 1067] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 1066] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1065] <... socket resumed>) = 6 [pid 1059] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1058] <... futex resumed>) = 0 [pid 1061] <... mmap resumed>) = 0x20000000 [pid 1056] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1057] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1067] <... mprotect resumed>) = 0 [pid 1066] <... futex resumed>) = 0 [pid 1065] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1061] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1059] <... futex resumed>) = 0 [pid 1058] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1057] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1056] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 299] newfstatat(3, "", [pid 1067] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1066] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 3, 0 [pid 1065] <... futex resumed>) = 0 [pid 1062] ioctl(8, LOOP_SET_FD, 3 [pid 1061] <... futex resumed>) = 0 [pid 1059] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1058] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1057] <... futex resumed>) = 0 [pid 1056] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1067] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1066] <... mmap resumed>) = 0x20000000 [pid 1065] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 3, 0 [pid 1062] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 1061] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1058] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1057] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1056] <... futex resumed>) = 0 [pid 299] getdents64(3, [pid 1067] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 1066] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1065] <... mmap resumed>) = 0x20000000 [pid 1062] close(8 [pid 1061] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1058] <... futex resumed>) = 0 [pid 1057] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1056] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1066] <... futex resumed>) = 0 [pid 1065] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1062] <... close resumed>) = 0 [pid 1061] memfd_create("syzkaller", 0 [pid 1057] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1056] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 299] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 128 [pid 1067] <... clone3 resumed> => {parent_tid=[1072]}, 88) = 1072 [pid 1066] memfd_create("syzkaller", 0 [pid 1065] <... futex resumed>) = 0 [pid 1062] close(3 [pid 1061] <... memfd_create resumed>) = 7 [pid 1057] <... futex resumed>) = 0 [pid 1056] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1067] rt_sigprocmask(SIG_SETMASK, [], [pid 1066] <... memfd_create resumed>) = 7 [pid 1065] memfd_create("syzkaller", 0 [pid 1062] <... close resumed>) = 0 [pid 1061] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1067] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1062] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1054] exit_group(0 [pid 1067] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1062] <... futex resumed>) = ? [pid 1054] <... exit_group resumed>) = ? [pid 1067] <... futex resumed>) = 0 [pid 1062] +++ exited with 0 +++ [pid 1067] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1067] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220424000 [pid 1067] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1067] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1067] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} => {parent_tid=[1074]}, 88) = 1074 [pid 1067] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1067] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1067] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1072 attached [pid 1072] set_robust_list(0x7f62204659a0, 24) = 0 [pid 1072] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1072] memfd_create("syzkaller", 0 [pid 1066] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1061] <... mmap resumed>) = 0x7f620fc64000 [pid 1056] <... futex resumed>) = 0 [ 30.001731][ T1064] loop1: detected capacity change from 0 to 512 [ 30.024798][ T1060] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 30.035576][ T1068] EXT4-fs warning (device loop4): kmmpd:170: kmmpd being stopped since MMP feature has been disabled. [pid 1059] <... futex resumed>) = -1 (errno 18446744073709551555) ./strace-static-x86_64: Process 1074 attached [pid 1072] <... memfd_create resumed>) = 3 [pid 1066] <... mmap resumed>) = 0x7f620fc64000 [pid 1065] <... memfd_create resumed>) = 7 [pid 1061] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 68515 [pid 299] <... umount2 resumed>) = 0 [pid 1072] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1066] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 1065] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1061] <... write resumed>) = 68515 [ 30.037080][ T1070] EXT4-fs warning (device loop1): kmmpd:170: kmmpd being stopped since MMP feature has been disabled. [ 30.059566][ T1063] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 30.067674][ T1064] EXT4-fs (loop1): revision level too high, forcing read-only mode [ 30.068000][ T1063] EXT4-fs error (device loop4): ext4_init_orphan_info:586: comm syz-executor172: inode #0: comm syz-executor172: iget: illegal inode # [pid 299] umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1065] <... mmap resumed>) = 0x7f620fc64000 [pid 1061] munmap(0x7f620fc64000, 68515 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1074] set_robust_list(0x7f62204449a0, 24 [pid 1072] <... mmap resumed>) = 0x7f6218024000 [pid 1067] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 1066] <... write resumed>) = 65536 [pid 1061] <... munmap resumed>) = 0 [pid 299] newfstatat(AT_FDCWD, "./33/bus", [pid 1074] <... set_robust_list resumed>) = 0 [pid 1067] futex(0x7f62205316ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 1066] munmap(0x7f620fc64000, 65536 [pid 1061] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 299] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1074] rt_sigprocmask(SIG_SETMASK, [], [pid 1067] <... futex resumed>) = 0 [pid 1066] <... munmap resumed>) = 0 [pid 1061] <... openat resumed>) = 8 [pid 299] unlink("./33/bus" [pid 1074] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1072] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 1067] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1066] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 1061] ioctl(8, LOOP_SET_FD, 7 [pid 299] <... unlink resumed>) = 0 [pid 1074] creat("./bus", 000 [pid 1067] <... mmap resumed>) = 0x7f6218003000 [pid 1066] <... openat resumed>) = 8 [pid 1061] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 299] umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1074] <... creat resumed>) = 4 [pid 1067] mprotect(0x7f6218004000, 131072, PROT_READ|PROT_WRITE [pid 1066] ioctl(8, LOOP_SET_FD, 7 [pid 1061] ioctl(8, LOOP_CLR_FD [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1074] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1067] <... mprotect resumed>) = 0 [pid 1066] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 1061] <... ioctl resumed>) = 0 [pid 299] newfstatat(AT_FDCWD, "./33/binderfs", [pid 1074] <... futex resumed>) = 0 [pid 1067] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1066] ioctl(8, LOOP_CLR_FD [pid 299] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1074] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1067] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1066] <... ioctl resumed>) = 0 [pid 299] unlink("./33/binderfs" [pid 1067] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6218023990, parent_tid=0x7f6218023990, exit_signal=0, stack=0x7f6218003000, stack_size=0x20300, tls=0x7f62180236c0} [pid 299] <... unlink resumed>) = 0 [pid 299] umount2("./33/ext4", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1067] <... clone3 resumed> => {parent_tid=[1076]}, 88) = 1076 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1067] rt_sigprocmask(SIG_SETMASK, [], [pid 1061] ioctl(8, LOOP_SET_FD, 7 [pid 299] newfstatat(AT_FDCWD, "./33/ext4", [pid 1067] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1061] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1067] futex(0x7f62205316e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1061] close(8 [pid 299] umount2("./33/ext4", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1067] futex(0x7f62205316ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1066] ioctl(8, LOOP_SET_FD, 7 [pid 1061] <... close resumed>) = 0 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1066] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 1061] close(7 [pid 299] openat(AT_FDCWD, "./33/ext4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1066] close(8 [pid 1061] <... close resumed>) = 0 [pid 299] <... openat resumed>) = 4 [pid 1066] <... close resumed>) = 0 [pid 1061] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] newfstatat(4, "", [pid 1066] close(7 [pid 1061] <... futex resumed>) = 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1066] <... close resumed>) = 0 [pid 1061] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 299] getdents64(4, [pid 1066] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 1066] <... futex resumed>) = 0 [pid 299] getdents64(4, [pid 1066] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 299] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 299] close(4) = 0 [pid 299] rmdir("./33/ext4") = 0 [pid 299] getdents64(3, 0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 299] close(3) = 0 [pid 299] rmdir("./33") = 0 [pid 299] mkdir("./34", 0777) = 0 [pid 299] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 299] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 299] close(3) = 0 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cc7690) = 1077 [pid 1065] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536) = 65536 ./strace-static-x86_64: Process 1077 attached ./strace-static-x86_64: Process 1076 attached [pid 1072] <... write resumed>) = 262144 [pid 1065] munmap(0x7f620fc64000, 65536) = 0 [pid 1059] +++ exited with 0 +++ [pid 1054] +++ exited with 0 +++ [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1054, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 296] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 296] umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 296] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] getdents64(3, 0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 296] umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1065] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 1076] set_robust_list(0x7f62180239a0, 24 [pid 296] <... umount2 resumed>) = 0 [pid 1072] munmap(0x7f6218024000, 262144 [pid 296] umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1076] <... set_robust_list resumed>) = 0 [pid 1072] <... munmap resumed>) = 0 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./31/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] unlink("./31/bus") = 0 [pid 296] umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1065] <... openat resumed>) = 8 [pid 296] unlink("./31/binderfs" [pid 1065] ioctl(8, LOOP_SET_FD, 7 [pid 296] <... unlink resumed>) = 0 [pid 1065] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 296] umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1065] ioctl(8, LOOP_CLR_FD [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1065] <... ioctl resumed>) = 0 [pid 296] newfstatat(AT_FDCWD, "./31/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./31/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 296] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] getdents64(4, 0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 296] getdents64(4, 0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 296] close(4 [pid 1065] ioctl(8, LOOP_SET_FD, 7 [pid 296] <... close resumed>) = 0 [pid 1065] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 296] rmdir("./31/file0" [pid 1077] set_robust_list(0x555556cc76a0, 24 [pid 1076] rt_sigprocmask(SIG_SETMASK, [], [pid 1072] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 1065] close(8 [pid 296] <... rmdir resumed>) = 0 [pid 1077] <... set_robust_list resumed>) = 0 [pid 1076] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1072] <... openat resumed>) = 5 [pid 1065] <... close resumed>) = 0 [pid 1063] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 296] getdents64(3, [pid 1077] chdir("./34" [pid 1076] mount("/dev/loop5", "./bus", NULL, MS_BIND, NULL [pid 1072] ioctl(5, LOOP_SET_FD, 3 [pid 1065] close(7 [pid 1063] ioctl(4, LOOP_CLR_FD [pid 296] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 1077] <... chdir resumed>) = 0 [pid 1076] <... mount resumed>) = 0 [pid 1065] <... close resumed>) = 0 [pid 296] close(3 [pid 1065] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... close resumed>) = 0 [pid 1065] <... futex resumed>) = 0 [pid 296] rmdir("./31" [pid 1065] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 296] <... rmdir resumed>) = 0 [pid 296] mkdir("./32", 0777) = 0 [pid 296] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 296] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 296] close(3) = 0 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cc7690) = 1078 [ 30.075831][ T1064] EXT4-fs error (device loop1): ext4_init_orphan_info:586: comm syz-executor172: inode #0: comm syz-executor172: iget: illegal inode # [ 30.107542][ T1060] EXT4-fs error (device loop2): ext4_init_orphan_info:586: comm syz-executor172: inode #0: comm syz-executor172: iget: illegal inode # [ 30.124080][ T1063] EXT4-fs (loop4): get orphan inode failed [ 30.130357][ T1060] EXT4-fs (loop2): get orphan inode failed [ 30.136642][ T1063] EXT4-fs (loop4): mount failed [pid 1077] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1076] futex(0x7f62205316ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 1067] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 1077] <... prctl resumed>) = 0 [pid 1076] <... futex resumed>) = 0 [pid 1067] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1077] setpgid(0, 0 [pid 1076] futex(0x7f62205316e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1077] <... setpgid resumed>) = 0 [pid 1074] <... futex resumed>) = 0 [pid 1067] <... futex resumed>) = 1 [pid 1077] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1074] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 1067] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1077] <... openat resumed>) = 3 [pid 1077] write(3, "1000", 4) = 4 [pid 1077] close(3) = 0 [pid 1077] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1077] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1077] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, NULL, 8) = 0 [pid 1077] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1077] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220445000 [pid 1077] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1077] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1077] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} => {parent_tid=[1079]}, 88) = 1079 [pid 1077] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1077] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1077] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1077] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220424000 [pid 1077] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1077] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1077] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} => {parent_tid=[1080]}, 88) = 1080 [pid 1077] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1077] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1077] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1063] <... ioctl resumed>) = 0 [pid 1063] close(4) = 0 [pid 1063] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1063] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1074] <... open resumed>) = 6 [pid 1074] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1067] <... futex resumed>) = 0 [pid 1074] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1067] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1074] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1067] <... futex resumed>) = 0 [pid 1074] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 1067] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1074] <... socket resumed>) = 7 [pid 1056] exit_group(0 [pid 1074] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1065] <... futex resumed>) = ? [pid 1056] <... exit_group resumed>) = ? [pid 1074] <... futex resumed>) = 1 [pid 1067] <... futex resumed>) = 0 [pid 1065] +++ exited with 0 +++ [pid 1074] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1067] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1074] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1067] <... futex resumed>) = 0 [pid 1074] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 6, 0 [pid 1067] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1074] <... mmap resumed>) = 0x20000000 [pid 1074] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1067] <... futex resumed>) = 0 [pid 1074] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1067] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1074] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1067] <... futex resumed>) = 0 ./strace-static-x86_64: Process 1078 attached [pid 1074] memfd_create("syzkaller", 0 [pid 1063] <... futex resumed>) = ? [pid 1074] <... memfd_create resumed>) = 8 [pid 1074] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f620fc03000 [pid 1074] write(8, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 1078] set_robust_list(0x555556cc76a0, 24 [pid 1074] <... write resumed>) = 65536 [pid 1074] munmap(0x7f620fc03000, 65536 [pid 1078] <... set_robust_list resumed>) = 0 [pid 1074] <... munmap resumed>) = 0 [pid 1074] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 9 [pid 1078] chdir("./32" [pid 1074] ioctl(9, LOOP_SET_FD, 8 [pid 1072] <... ioctl resumed>) = 0 [pid 1074] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 1072] close(3 [pid 1074] ioctl(9, LOOP_CLR_FD [pid 1072] <... close resumed>) = 0 [pid 1078] <... chdir resumed>) = 0 [pid 1074] <... ioctl resumed>) = 0 [pid 1072] mkdir(0x20000000, 0777 [pid 1078] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1072] <... mkdir resumed>) = 0 [pid 1078] <... prctl resumed>) = 0 [pid 1072] mount("/dev/loop5", 0x20000000, 0x200005c0, MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"... [pid 1078] setpgid(0, 0 [pid 1072] <... mount resumed>) = -1 ENODEV (No such device) [pid 1078] <... setpgid resumed>) = 0 [pid 1072] ioctl(5, LOOP_CLR_FD) = 0 [pid 1072] close(5) = 0 [pid 1072] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1074] ioctl(9, LOOP_SET_FD, 8 [pid 1072] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1074] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 1078] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1074] close(9./strace-static-x86_64: Process 1080 attached ./strace-static-x86_64: Process 1079 attached ) = 0 [pid 1080] set_robust_list(0x7f62204449a0, 24 [pid 1079] set_robust_list(0x7f62204659a0, 24 [pid 1074] close(8 [pid 1080] <... set_robust_list resumed>) = 0 [pid 1079] <... set_robust_list resumed>) = 0 [pid 1078] <... openat resumed>) = 3 [pid 1074] <... close resumed>) = 0 [pid 1080] rt_sigprocmask(SIG_SETMASK, [], [pid 1079] rt_sigprocmask(SIG_SETMASK, [], [pid 1074] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1064] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 1078] write(3, "1000", 4 [pid 1080] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1079] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1074] <... futex resumed>) = 0 [pid 1080] creat("./bus", 000 [pid 1079] memfd_create("syzkaller", 0 [pid 1078] <... write resumed>) = 4 [pid 1074] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1064] ioctl(5, LOOP_CLR_FD [pid 1080] <... creat resumed>) = 3 [pid 1079] <... memfd_create resumed>) = 4 [pid 1078] close(3 [pid 1067] exit_group(0 [pid 1064] <... ioctl resumed>) = 0 [pid 1080] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1079] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1076] <... futex resumed>) = ? [pid 1074] <... futex resumed>) = ? [pid 1072] <... futex resumed>) = ? [pid 1067] <... exit_group resumed>) = ? [pid 1078] <... close resumed>) = 0 [pid 1064] close(5 [pid 1080] <... futex resumed>) = 1 [pid 1079] <... mmap resumed>) = 0x7f6218024000 [pid 1078] symlink("/dev/binderfs", "./binderfs" [pid 1077] <... futex resumed>) = 0 [pid 1076] +++ exited with 0 +++ [pid 1074] +++ exited with 0 +++ [pid 1072] +++ exited with 0 +++ [pid 1064] <... close resumed>) = 0 [pid 1060] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 1078] <... symlink resumed>) = 0 [pid 1064] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1078] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1077] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1064] <... futex resumed>) = 0 [pid 1060] ioctl(4, LOOP_CLR_FD [pid 1078] <... futex resumed>) = 0 [pid 1064] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1078] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 1060] <... ioctl resumed>) = 0 [pid 1078] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1078] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 1060] close(4 [pid 1078] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1078] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1060] <... close resumed>) = 0 [pid 1078] <... mmap resumed>) = 0x7f6220445000 [pid 1077] <... futex resumed>) = 0 [pid 1078] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 1060] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1078] <... mprotect resumed>) = 0 [pid 1078] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1060] <... futex resumed>) = 0 [pid 1080] mount("/dev/loop3", "./bus", NULL, MS_BIND, NULL [pid 1077] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1058] exit_group(0 [pid 1078] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1078] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 1060] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 1080] <... mount resumed>) = 0 [pid 1061] <... futex resumed>) = ? [pid 1058] <... exit_group resumed>) = ? [pid 1057] exit_group(0 [pid 1080] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1078] <... clone3 resumed> => {parent_tid=[1081]}, 88) = 1081 [pid 1066] <... futex resumed>) = ? [pid 1064] <... futex resumed>) = ? [pid 1061] +++ exited with 0 +++ [pid 1060] +++ exited with 0 +++ [pid 1057] <... exit_group resumed>) = ? [pid 1078] rt_sigprocmask(SIG_SETMASK, [], [pid 1066] +++ exited with 0 +++ [pid 1064] +++ exited with 0 +++ [pid 1078] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1078] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1078] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1078] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220424000 [pid 1078] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1078] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1078] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} => {parent_tid=[1082]}, 88) = 1082 [pid 1078] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1078] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1078] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1082 attached [pid 1077] <... futex resumed>) = 0 [pid 1077] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1082] set_robust_list(0x7f62204449a0, 24 [pid 1077] <... futex resumed>) = 0 [pid 1082] <... set_robust_list resumed>) = 0 [pid 1077] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1082] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1082] creat("./bus", 000 [pid 1080] <... futex resumed>) = 1 [pid 1080] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5 [pid 1082] <... creat resumed>) = 3 [pid 1080] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1082] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1078] <... futex resumed>) = 0 [pid 1078] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1078] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1082] <... futex resumed>) = 1 [pid 1082] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 1080] <... futex resumed>) = 1 [pid 1077] <... futex resumed>) = 0 [pid 1082] <... mount resumed>) = 0 [pid 1077] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 1081 attached [pid 1080] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 1079] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 264966 [pid 1077] <... futex resumed>) = 0 [pid 1067] +++ exited with 0 +++ [pid 1063] +++ exited with 0 +++ [pid 1058] +++ exited with 0 +++ [pid 1057] +++ exited with 0 +++ [pid 1056] +++ exited with 0 +++ [pid 1077] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1067, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1058, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1057, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- [pid 300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1056, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- [pid 1082] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1078] <... futex resumed>) = 0 [pid 301] umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] umount2("./39", MNT_DETACH|UMOUNT_NOFOLLOW [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 301] openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 300] openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 298] openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 297] openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 301] <... openat resumed>) = 3 [pid 300] <... openat resumed>) = 3 [pid 298] <... openat resumed>) = 3 [pid 301] newfstatat(3, "", [pid 300] newfstatat(3, "", [pid 298] newfstatat(3, "", [pid 297] <... openat resumed>) = 3 [pid 301] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 300] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] newfstatat(3, "", [pid 301] getdents64(3, [pid 300] getdents64(3, [pid 298] getdents64(3, [pid 301] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 128 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 300] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 298] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 297] getdents64(3, [pid 300] umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 301] umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 1082] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 1078] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] <... umount2 resumed>) = 0 [pid 300] <... umount2 resumed>) = 0 [pid 298] <... umount2 resumed>) = 0 [pid 297] umount2("./39/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1082] <... open resumed>) = 4 [pid 1078] <... futex resumed>) = 0 [pid 301] umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] <... umount2 resumed>) = 0 [pid 297] umount2("./39/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1080] <... socket resumed>) = 6 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./39/bus", [pid 1082] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1078] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1080] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1082] <... futex resumed>) = 0 [pid 1078] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 301] newfstatat(AT_FDCWD, "./35/bus", [pid 300] newfstatat(AT_FDCWD, "./33/bus", [pid 298] newfstatat(AT_FDCWD, "./35/bus", [pid 297] unlink("./39/bus" [pid 1082] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 1078] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 300] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1082] <... socket resumed>) = 5 [pid 1080] <... futex resumed>) = 1 [pid 1078] <... futex resumed>) = 0 [pid 1077] <... futex resumed>) = 0 [pid 301] unlink("./35/bus" [pid 300] unlink("./33/bus" [pid 298] unlink("./35/bus" [pid 297] <... unlink resumed>) = 0 [pid 1082] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1080] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1078] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1077] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] <... unlink resumed>) = 0 [pid 300] <... unlink resumed>) = 0 [pid 298] <... unlink resumed>) = 0 [pid 297] umount2("./39/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1082] <... futex resumed>) = 0 [pid 1080] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1078] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1077] <... futex resumed>) = 0 [pid 301] umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1082] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1080] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 1078] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1077] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./39/binderfs", [pid 1082] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1078] <... futex resumed>) = 0 [pid 301] newfstatat(AT_FDCWD, "./35/binderfs", [pid 300] newfstatat(AT_FDCWD, "./33/binderfs", [pid 298] newfstatat(AT_FDCWD, "./35/binderfs", [pid 297] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1082] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 4, 0 [pid 1081] set_robust_list(0x7f62204659a0, 24 [pid 1080] <... mmap resumed>) = 0x20000000 [pid 1078] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 300] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1082] <... mmap resumed>) = 0x20000000 [pid 1081] <... set_robust_list resumed>) = 0 [pid 1079] <... write resumed>) = 264966 [pid 301] unlink("./35/binderfs" [pid 1080] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] unlink("./33/binderfs" [pid 298] unlink("./35/binderfs" [pid 297] unlink("./39/binderfs" [pid 1082] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1081] rt_sigprocmask(SIG_SETMASK, [], [pid 1080] <... futex resumed>) = 1 [pid 1079] munmap(0x7f6218024000, 264966 [pid 1077] <... futex resumed>) = 0 [pid 301] <... unlink resumed>) = 0 [pid 300] <... unlink resumed>) = 0 [pid 298] <... unlink resumed>) = 0 [pid 1082] <... futex resumed>) = 1 [pid 1081] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1080] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1078] <... futex resumed>) = 0 [pid 1077] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] umount2("./35/ext4", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] <... unlink resumed>) = 0 [pid 1082] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1081] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200005c4} --- [pid 1080] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1079] <... munmap resumed>) = 0 [pid 1078] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1077] <... futex resumed>) = 0 [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1082] <... futex resumed>) = ? [pid 1080] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000144} --- [pid 1079] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 1078] <... futex resumed>) = ? [pid 1077] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 301] newfstatat(AT_FDCWD, "./35/ext4", [pid 300] newfstatat(AT_FDCWD, "./33/file0", [pid 298] newfstatat(AT_FDCWD, "./35/file0", [pid 297] umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1082] +++ killed by SIGBUS +++ [pid 1079] <... openat resumed>) = ? [pid 301] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 300] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1081] +++ killed by SIGBUS +++ [pid 1079] +++ killed by SIGBUS +++ [pid 1078] +++ killed by SIGBUS +++ [pid 301] umount2("./35/ext4", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] newfstatat(AT_FDCWD, "./39/file0", [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 301] openat(AT_FDCWD, "./35/ext4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 300] openat(AT_FDCWD, "./33/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 298] openat(AT_FDCWD, "./35/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 297] umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 301] <... openat resumed>) = 4 [pid 300] <... openat resumed>) = 4 [pid 298] <... openat resumed>) = 4 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 301] newfstatat(4, "", [pid 300] newfstatat(4, "", [pid 298] newfstatat(4, "", [pid 297] openat(AT_FDCWD, "./39/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1078, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 301] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 300] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 301] getdents64(4, [pid 300] getdents64(4, [pid 298] getdents64(4, [pid 297] <... openat resumed>) = 4 [pid 296] restart_syscall(<... resuming interrupted clone ...> [pid 1080] +++ killed by SIGBUS +++ [pid 1077] +++ killed by SIGBUS +++ [pid 301] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 300] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 298] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 297] newfstatat(4, "", [pid 296] <... restart_syscall resumed>) = 0 [pid 301] getdents64(4, [pid 300] getdents64(4, [pid 298] getdents64(4, [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1077, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 301] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 300] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 299] restart_syscall(<... resuming interrupted clone ...> [pid 298] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 297] getdents64(4, [pid 301] close(4 [pid 300] close(4 [pid 299] <... restart_syscall resumed>) = 0 [pid 298] close(4 [pid 301] <... close resumed>) = 0 [pid 300] <... close resumed>) = 0 [pid 298] <... close resumed>) = 0 [pid 297] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 296] umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW [pid 301] rmdir("./35/ext4" [pid 300] rmdir("./33/file0" [pid 298] rmdir("./35/file0" [pid 297] getdents64(4, [pid 301] <... rmdir resumed>) = 0 [pid 300] <... rmdir resumed>) = 0 [pid 299] umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] <... rmdir resumed>) = 0 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 301] getdents64(3, [pid 300] getdents64(3, [pid 298] getdents64(3, [pid 301] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 300] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 298] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 301] close(3 [pid 300] close(3 [pid 298] close(3 [pid 301] <... close resumed>) = 0 [pid 300] <... close resumed>) = 0 [pid 298] <... close resumed>) = 0 [pid 301] rmdir("./35" [pid 300] rmdir("./33" [pid 298] rmdir("./35" [pid 301] <... rmdir resumed>) = 0 [pid 300] <... rmdir resumed>) = 0 [pid 298] <... rmdir resumed>) = 0 [pid 301] mkdir("./36", 0777 [pid 300] mkdir("./34", 0777 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] mkdir("./36", 0777 [pid 297] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 296] openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 301] <... mkdir resumed>) = 0 [pid 300] <... mkdir resumed>) = 0 [pid 299] openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 298] <... mkdir resumed>) = 0 [pid 297] close(4 [pid 301] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 300] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 299] <... openat resumed>) = 3 [pid 298] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 296] <... openat resumed>) = 3 [pid 301] <... openat resumed>) = 3 [pid 300] <... openat resumed>) = 3 [pid 299] newfstatat(3, "", [pid 298] <... openat resumed>) = 3 [pid 297] <... close resumed>) = 0 [pid 296] newfstatat(3, "", [pid 301] ioctl(3, LOOP_CLR_FD [pid 300] ioctl(3, LOOP_CLR_FD [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] ioctl(3, LOOP_CLR_FD [pid 297] rmdir("./39/file0" [pid 301] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 300] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 299] getdents64(3, [pid 298] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 301] close(3 [pid 300] close(3 [pid 298] close(3 [pid 301] <... close resumed>) = 0 [pid 300] <... close resumed>) = 0 [pid 299] <... getdents64 resumed>0x555556cc8730 /* 4 entries */, 32768) = 104 [pid 298] <... close resumed>) = 0 [pid 297] <... rmdir resumed>) = 0 [pid 296] getdents64(3, [pid 301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 299] umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 297] getdents64(3, [pid 299] <... umount2 resumed>) = 0 [pid 296] <... getdents64 resumed>0x555556cc8730 /* 4 entries */, 32768) = 104 [pid 301] <... clone resumed>, child_tidptr=0x555556cc7690) = 1083 [pid 300] <... clone resumed>, child_tidptr=0x555556cc7690) = 1084 [pid 299] umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] <... clone resumed>, child_tidptr=0x555556cc7690) = 1085 [pid 297] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] close(3 [pid 296] umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] newfstatat(AT_FDCWD, "./34/bus", [pid 297] <... close resumed>) = 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] rmdir("./39" [pid 296] <... umount2 resumed>) = 0 [pid 299] unlink("./34/bus"./strace-static-x86_64: Process 1085 attached ./strace-static-x86_64: Process 1084 attached ./strace-static-x86_64: Process 1083 attached ) = 0 [pid 297] <... rmdir resumed>) = 0 [pid 296] umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1085] set_robust_list(0x555556cc76a0, 24 [pid 1084] set_robust_list(0x555556cc76a0, 24 [pid 1083] set_robust_list(0x555556cc76a0, 24 [pid 299] umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] mkdir("./40", 0777 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1085] <... set_robust_list resumed>) = 0 [pid 1084] <... set_robust_list resumed>) = 0 [pid 1083] <... set_robust_list resumed>) = 0 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] <... mkdir resumed>) = 0 [pid 296] newfstatat(AT_FDCWD, "./32/bus", [pid 1085] chdir("./36" [pid 1084] chdir("./34" [pid 1083] chdir("./36" [pid 299] newfstatat(AT_FDCWD, "./34/binderfs", [pid 297] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 296] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1085] <... chdir resumed>) = 0 [pid 1084] <... chdir resumed>) = 0 [pid 1083] <... chdir resumed>) = 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] <... openat resumed>) = 3 [pid 296] unlink("./32/bus" [ 30.146996][ T1072] loop5: detected capacity change from 0 to 512 [ 30.151673][ T1060] EXT4-fs (loop2): mount failed [ 30.153523][ T1064] EXT4-fs (loop1): get orphan inode failed [ 30.173701][ T1064] EXT4-fs (loop1): mount failed [pid 1085] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1084] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1083] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 299] unlink("./34/binderfs" [pid 297] ioctl(3, LOOP_CLR_FD [pid 296] <... unlink resumed>) = 0 [pid 1085] <... prctl resumed>) = 0 [pid 1084] <... prctl resumed>) = 0 [pid 1083] <... prctl resumed>) = 0 [pid 299] <... unlink resumed>) = 0 [pid 297] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 296] umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1085] setpgid(0, 0 [pid 1084] setpgid(0, 0 [pid 1083] setpgid(0, 0 [pid 299] getdents64(3, [pid 297] close(3 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1085] <... setpgid resumed>) = 0 [pid 1084] <... setpgid resumed>) = 0 [pid 1083] <... setpgid resumed>) = 0 [pid 299] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 297] <... close resumed>) = 0 [pid 296] newfstatat(AT_FDCWD, "./32/binderfs", [pid 1085] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1084] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1083] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 299] close(3 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 296] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 ./strace-static-x86_64: Process 1086 attached [pid 1085] <... openat resumed>) = 3 [pid 1084] <... openat resumed>) = 3 [pid 1083] <... openat resumed>) = 3 [pid 299] <... close resumed>) = 0 [pid 1085] write(3, "1000", 4 [pid 1084] write(3, "1000", 4 [pid 1083] write(3, "1000", 4 [pid 297] <... clone resumed>, child_tidptr=0x555556cc7690) = 1086 [pid 1086] set_robust_list(0x555556cc76a0, 24 [pid 1085] <... write resumed>) = 4 [pid 1084] <... write resumed>) = 4 [pid 1083] <... write resumed>) = 4 [pid 299] rmdir("./34" [pid 296] unlink("./32/binderfs" [pid 1085] close(3 [pid 1084] close(3 [pid 1083] close(3 [pid 1085] <... close resumed>) = 0 [pid 1084] <... close resumed>) = 0 [pid 1083] <... close resumed>) = 0 [pid 1085] symlink("/dev/binderfs", "./binderfs" [pid 1084] symlink("/dev/binderfs", "./binderfs" [pid 1083] symlink("/dev/binderfs", "./binderfs" [pid 1086] <... set_robust_list resumed>) = 0 [pid 1085] <... symlink resumed>) = 0 [pid 1084] <... symlink resumed>) = 0 [pid 1083] <... symlink resumed>) = 0 [pid 299] <... rmdir resumed>) = 0 [pid 296] <... unlink resumed>) = 0 [pid 1085] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1084] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1083] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] mkdir("./35", 0777 [pid 296] getdents64(3, [pid 1085] <... futex resumed>) = 0 [pid 1084] <... futex resumed>) = 0 [pid 1083] <... futex resumed>) = 0 [pid 1085] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 1084] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 1083] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 1085] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1084] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1083] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1085] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 1084] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 1083] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 1085] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1084] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1083] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 299] <... mkdir resumed>) = 0 [pid 296] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 1085] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1084] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1083] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 299] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 296] close(3 [pid 1086] chdir("./40" [pid 1085] <... mmap resumed>) = 0x7f6220445000 [pid 1084] <... mmap resumed>) = 0x7f6220445000 [pid 1083] <... mmap resumed>) = 0x7f6220445000 [pid 299] <... openat resumed>) = 3 [pid 1085] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 1084] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 1083] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 299] ioctl(3, LOOP_CLR_FD [pid 296] <... close resumed>) = 0 [pid 1085] <... mprotect resumed>) = 0 [pid 1084] <... mprotect resumed>) = 0 [pid 1083] <... mprotect resumed>) = 0 [pid 1086] <... chdir resumed>) = 0 [pid 1085] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1084] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1083] rt_sigprocmask(SIG_BLOCK, ~[], [pid 299] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 296] rmdir("./32" [pid 1086] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1085] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1084] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1083] <... rt_sigprocmask resumed>[], 8) = 0 [pid 299] close(3 [pid 1085] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 1084] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 1083] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 299] <... close resumed>) = 0 [pid 296] <... rmdir resumed>) = 0 [pid 1085] <... clone3 resumed> => {parent_tid=[1087]}, 88) = 1087 [pid 1084] <... clone3 resumed> => {parent_tid=[1088]}, 88) = 1088 [pid 1083] <... clone3 resumed> => {parent_tid=[1089]}, 88) = 1089 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 296] mkdir("./33", 0777 [pid 1085] rt_sigprocmask(SIG_SETMASK, [], [pid 1084] rt_sigprocmask(SIG_SETMASK, [], [pid 1083] rt_sigprocmask(SIG_SETMASK, [], [pid 1085] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1084] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1083] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 296] <... mkdir resumed>) = 0 [pid 1085] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1084] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1083] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... clone resumed>, child_tidptr=0x555556cc7690) = 1090 [pid 296] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1085] <... futex resumed>) = 0 [pid 1084] <... futex resumed>) = 0 [pid 1083] <... futex resumed>) = 0 [pid 1085] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1084] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1083] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... openat resumed>) = 3 [pid 1085] <... futex resumed>) = 0 [pid 1084] <... futex resumed>) = 0 [pid 1083] <... futex resumed>) = 0 [pid 296] ioctl(3, LOOP_CLR_FD [pid 1085] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1084] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1083] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 296] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 1085] <... mmap resumed>) = 0x7f6220424000 [pid 1084] <... mmap resumed>) = 0x7f6220424000 [pid 1083] <... mmap resumed>) = 0x7f6220424000 [pid 296] close(3 [pid 1085] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 1084] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 1083] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 1085] <... mprotect resumed>) = 0 [pid 1084] <... mprotect resumed>) = 0 [pid 1083] <... mprotect resumed>) = 0 [pid 296] <... close resumed>) = 0 [pid 1085] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1084] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1083] rt_sigprocmask(SIG_BLOCK, ~[], [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1086] <... prctl resumed>) = 0 [pid 1085] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1084] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1083] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1085] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 1084] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 1083] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 1086] setpgid(0, 0 [pid 1085] <... clone3 resumed> => {parent_tid=[1091]}, 88) = 1091 [pid 1084] <... clone3 resumed> => {parent_tid=[1092]}, 88) = 1092 [pid 1083] <... clone3 resumed> => {parent_tid=[1094]}, 88) = 1094 [pid 296] <... clone resumed>, child_tidptr=0x555556cc7690) = 1093 [pid 1085] rt_sigprocmask(SIG_SETMASK, [], [pid 1084] rt_sigprocmask(SIG_SETMASK, [], [pid 1083] rt_sigprocmask(SIG_SETMASK, [], [pid 1085] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1084] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1083] <... rt_sigprocmask resumed>NULL, 8) = 0 ./strace-static-x86_64: Process 1089 attached [pid 1086] <... setpgid resumed>) = 0 [pid 1085] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1084] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1083] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1089] set_robust_list(0x7f62204659a0, 24 [pid 1085] <... futex resumed>) = 0 [pid 1084] <... futex resumed>) = 0 [pid 1083] <... futex resumed>) = 0 [pid 1089] <... set_robust_list resumed>) = 0 [pid 1085] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1084] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1083] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1089] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 1087 attached [pid 1089] memfd_create("syzkaller", 0) = 3 [pid 1087] set_robust_list(0x7f62204659a0, 24 [pid 1089] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1087] <... set_robust_list resumed>) = 0 [pid 1086] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1089] <... mmap resumed>) = 0x7f6218024000 [pid 1087] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 1093 attached ./strace-static-x86_64: Process 1092 attached ./strace-static-x86_64: Process 1090 attached ./strace-static-x86_64: Process 1088 attached [pid 1089] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 1087] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1086] <... openat resumed>) = 3 [pid 1087] memfd_create("syzkaller", 0 [pid 1086] write(3, "1000", 4./strace-static-x86_64: Process 1094 attached [pid 1093] set_robust_list(0x555556cc76a0, 24 [pid 1087] <... memfd_create resumed>) = 3 [pid 1086] <... write resumed>) = 4 [pid 1086] close(3 [pid 1094] set_robust_list(0x7f62204449a0, 24 [pid 1093] <... set_robust_list resumed>) = 0 [pid 1092] set_robust_list(0x7f62204449a0, 24 [pid 1090] set_robust_list(0x555556cc76a0, 24 [pid 1089] <... write resumed>) = 262144 [pid 1088] set_robust_list(0x7f62204659a0, 24 [pid 1087] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1086] <... close resumed>) = 0 [pid 1094] <... set_robust_list resumed>) = 0 [pid 1094] rt_sigprocmask(SIG_SETMASK, [], [pid 1087] <... mmap resumed>) = 0x7f6218024000 [pid 1094] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1093] chdir("./33" [pid 1092] <... set_robust_list resumed>) = 0 [pid 1090] <... set_robust_list resumed>) = 0 [pid 1088] <... set_robust_list resumed>) = 0 [pid 1087] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 1086] symlink("/dev/binderfs", "./binderfs"./strace-static-x86_64: Process 1091 attached [pid 1094] creat("./bus", 000 [pid 1093] <... chdir resumed>) = 0 [pid 1092] rt_sigprocmask(SIG_SETMASK, [], [pid 1090] chdir("./35" [pid 1089] munmap(0x7f6218024000, 262144 [pid 1088] rt_sigprocmask(SIG_SETMASK, [], [pid 1087] <... write resumed>) = 262144 [pid 1086] <... symlink resumed>) = 0 [pid 1094] <... creat resumed>) = 4 [pid 1093] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1092] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1091] set_robust_list(0x7f62204449a0, 24 [pid 1090] <... chdir resumed>) = 0 [pid 1089] <... munmap resumed>) = 0 [pid 1088] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1087] munmap(0x7f6218024000, 262144 [pid 1086] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1093] <... prctl resumed>) = 0 [pid 1092] creat("./bus", 000 [pid 1090] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1086] <... futex resumed>) = 0 [pid 1093] setpgid(0, 0 [pid 1090] <... prctl resumed>) = 0 [pid 1088] memfd_create("syzkaller", 0 [pid 1086] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 1094] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1093] <... setpgid resumed>) = 0 [pid 1092] <... creat resumed>) = 3 [pid 1091] <... set_robust_list resumed>) = 0 [pid 1090] setpgid(0, 0 [pid 1089] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 1088] <... memfd_create resumed>) = 4 [pid 1087] <... munmap resumed>) = 0 [pid 1086] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1086] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 1094] <... futex resumed>) = 1 [pid 1093] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1092] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1091] rt_sigprocmask(SIG_SETMASK, [], [pid 1090] <... setpgid resumed>) = 0 [pid 1089] <... openat resumed>) = 5 [pid 1088] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1087] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 1086] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1083] <... futex resumed>) = 0 [pid 1094] mount("/dev/loop5", "./bus", NULL, MS_BIND, NULL [pid 1093] <... openat resumed>) = 3 [pid 1091] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1089] ioctl(5, LOOP_SET_FD, 3 [pid 1087] <... openat resumed>) = 4 [pid 1086] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1083] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1094] <... mount resumed>) = 0 [pid 1093] write(3, "1000", 4 [pid 1092] <... futex resumed>) = 1 [pid 1091] creat("./bus", 000 [pid 1090] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1088] <... mmap resumed>) = 0x7f6218024000 [pid 1086] <... mmap resumed>) = 0x7f6220445000 [pid 1084] <... futex resumed>) = 0 [pid 1083] <... futex resumed>) = 0 [pid 1094] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1093] <... write resumed>) = 4 [pid 1092] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1091] <... creat resumed>) = 5 [pid 1090] <... openat resumed>) = 3 [pid 1089] <... ioctl resumed>) = 0 [pid 1087] ioctl(4, LOOP_SET_FD, 3 [pid 1086] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 1084] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1083] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1094] <... futex resumed>) = 0 [pid 1093] close(3 [pid 1092] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1091] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1090] write(3, "1000", 4 [pid 1088] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 1086] <... mprotect resumed>) = 0 [pid 1093] <... close resumed>) = 0 [pid 1092] mount("/dev/loop4", "./bus", NULL, MS_BIND, NULL [pid 1090] <... write resumed>) = 4 [pid 1088] <... write resumed>) = 262144 [pid 1086] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1093] symlink("/dev/binderfs", "./binderfs" [pid 1092] <... mount resumed>) = 0 [pid 1090] close(3 [pid 1086] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1093] <... symlink resumed>) = 0 [pid 1092] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1090] <... close resumed>) = 0 [pid 1086] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 1093] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1092] <... futex resumed>) = 0 [pid 1090] symlink("/dev/binderfs", "./binderfs" [pid 1088] munmap(0x7f6218024000, 262144 [pid 1093] <... futex resumed>) = 0 [pid 1092] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1090] <... symlink resumed>) = 0 [pid 1088] <... munmap resumed>) = 0 [pid 1086] <... clone3 resumed> => {parent_tid=[1095]}, 88) = 1095 [pid 1093] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 1090] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1088] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 1086] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 1095 attached [pid 1094] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1093] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1092] <... futex resumed>) = 0 [pid 1091] <... futex resumed>) = 1 [pid 1090] <... futex resumed>) = 0 [pid 1089] close(3 [pid 1087] <... ioctl resumed>) = 0 [pid 1086] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1085] <... futex resumed>) = 0 [pid 1084] <... futex resumed>) = 1 [pid 1083] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1088] <... openat resumed>) = 5 [pid 1095] set_robust_list(0x7f62204659a0, 24 [pid 1093] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 1092] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1091] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1090] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 1089] <... close resumed>) = 0 [pid 1088] ioctl(5, LOOP_SET_FD, 4 [pid 1087] close(3 [pid 1086] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1085] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1084] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1083] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1095] <... set_robust_list resumed>) = 0 [pid 1094] <... futex resumed>) = 0 [pid 1093] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1091] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1090] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1089] mkdir("./file0", 0777 [pid 1087] <... close resumed>) = 0 [pid 1086] <... futex resumed>) = 0 [pid 1085] <... futex resumed>) = 0 [pid 1084] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1083] <... futex resumed>) = 1 [pid 1095] rt_sigprocmask(SIG_SETMASK, [], [pid 1094] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 1091] mount("/dev/loop2", "./bus", NULL, MS_BIND, NULL [pid 1089] <... mkdir resumed>) = 0 [pid 1087] mkdir("./file0", 0777 [pid 1085] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1084] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1083] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1095] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1094] <... open resumed>) = 3 [pid 1091] <... mount resumed>) = 0 [pid 1089] mount("/dev/loop5", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 1087] <... mkdir resumed>) = 0 [pid 1084] <... futex resumed>) = 1 [pid 1095] memfd_create("syzkaller", 0 [pid 1094] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1093] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1092] <... futex resumed>) = 0 [pid 1091] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1090] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 1087] mount("/dev/loop2", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 1086] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1084] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1095] <... memfd_create resumed>) = 3 [pid 1094] <... futex resumed>) = 1 [pid 1093] <... mmap resumed>) = 0x7f6220445000 [pid 1092] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 1091] <... futex resumed>) = 1 [pid 1090] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1088] <... ioctl resumed>) = 0 [pid 1086] <... futex resumed>) = 0 [pid 1085] <... futex resumed>) = 0 [pid 1083] <... futex resumed>) = 0 [pid 1095] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1094] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1091] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1085] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1083] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1095] <... mmap resumed>) = 0x7f6218045000 [pid 1094] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1091] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1085] <... futex resumed>) = 0 [pid 1083] <... futex resumed>) = 0 [pid 1094] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 1093] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 1092] <... open resumed>) = 6 [pid 1091] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 1090] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1088] close(4 [pid 1086] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1085] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1083] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1095] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 1094] <... socket resumed>) = 6 [pid 1093] <... mprotect resumed>) = 0 [pid 1092] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1091] <... open resumed>) = 3 [pid 1090] <... mmap resumed>) = 0x7f6220445000 [pid 1095] <... write resumed>) = 262144 [pid 1094] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1093] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1092] <... futex resumed>) = 1 [pid 1091] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1090] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 1088] <... close resumed>) = 0 [pid 1086] <... mmap resumed>) = 0x7f6218024000 [pid 1084] <... futex resumed>) = 0 [pid 1095] munmap(0x7f6218045000, 262144 [pid 1094] <... futex resumed>) = 1 [pid 1093] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1092] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1091] <... futex resumed>) = 1 [pid 1090] <... mprotect resumed>) = 0 [pid 1086] mprotect(0x7f6218025000, 131072, PROT_READ|PROT_WRITE [pid 1085] <... futex resumed>) = 0 [pid 1084] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1083] <... futex resumed>) = 0 [pid 1095] <... munmap resumed>) = 0 [pid 1094] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1091] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1088] mkdir("./file0", 0777 [pid 1085] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1084] <... futex resumed>) = 0 [pid 1083] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1095] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 1094] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1093] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 1092] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1091] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1090] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1086] <... mprotect resumed>) = 0 [pid 1085] <... futex resumed>) = 0 [pid 1084] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1083] <... futex resumed>) = 0 [pid 1095] <... openat resumed>) = 4 [pid 1094] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 3, 0 [pid 1092] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 1091] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 1090] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1086] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1085] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1083] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1095] ioctl(4, LOOP_SET_FD, 3 [pid 1094] <... mmap resumed>) = 0x20000000 [pid 1093] <... clone3 resumed> => {parent_tid=[1096]}, 88) = 1096 [pid 1092] <... socket resumed>) = 4 [pid 1091] <... socket resumed>) = 6 [pid 1090] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 1086] <... rt_sigprocmask resumed>[], 8) = 0 ./strace-static-x86_64: Process 1096 attached [pid 1094] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1093] rt_sigprocmask(SIG_SETMASK, [], [pid 1092] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1088] <... mkdir resumed>) = 0 [pid 1086] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6218044990, parent_tid=0x7f6218044990, exit_signal=0, stack=0x7f6218024000, stack_size=0x20300, tls=0x7f62180446c0} [pid 1096] set_robust_list(0x7f62204659a0, 24 [pid 1093] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1092] <... futex resumed>) = 1 [pid 1090] <... clone3 resumed> => {parent_tid=[1098]}, 88) = 1098 [pid 1088] mount("/dev/loop4", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 1096] <... set_robust_list resumed>) = 0 [pid 1093] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1092] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1090] rt_sigprocmask(SIG_SETMASK, [], [pid 1086] <... clone3 resumed> => {parent_tid=[1099]}, 88) = 1099 [pid 1096] rt_sigprocmask(SIG_SETMASK, [], [pid 1093] <... futex resumed>) = 0 [pid 1090] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1086] rt_sigprocmask(SIG_SETMASK, [], [pid 1096] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1093] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1090] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1086] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1096] memfd_create("syzkaller", 0 [pid 1095] <... ioctl resumed>) = 0 [pid 1094] <... futex resumed>) = 1 [pid 1093] <... futex resumed>) = 0 [pid 1091] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1090] <... futex resumed>) = 0 [pid 1086] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1084] <... futex resumed>) = 0 [pid 1083] <... futex resumed>) = 0 [pid 1096] <... memfd_create resumed>) = 3 [pid 1093] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1090] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1086] <... futex resumed>) = 0 [pid 1096] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1093] <... mmap resumed>) = 0x7f6220424000 [pid 1090] <... futex resumed>) = 0 [pid 1086] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1096] <... mmap resumed>) = 0x7f6218024000 [pid 1093] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 1090] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1096] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 1093] <... mprotect resumed>) = 0 [pid 1090] <... mmap resumed>) = 0x7f6220424000 [pid 1096] <... write resumed>) = 262144 [pid 1093] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1090] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 1096] munmap(0x7f6218024000, 262144 [pid 1093] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1090] <... mprotect resumed>) = 0 [pid 1096] <... munmap resumed>) = 0 [pid 1093] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 1090] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1096] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1090] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1096] <... openat resumed>) = 4 [pid 1093] <... clone3 resumed> => {parent_tid=[1102]}, 88) = 1102 [ 30.271812][ T1089] loop5: detected capacity change from 0 to 512 [ 30.278638][ T1087] loop2: detected capacity change from 0 to 512 [ 30.285725][ T1088] loop4: detected capacity change from 0 to 512 [ 30.299016][ T1095] loop1: detected capacity change from 0 to 512 [ 30.306646][ T1087] EXT4-fs (loop2): mounted filesystem without journal. Opts: nodiscard,barrier,nouid32,grpquota,,errors=continue. Quota mode: writeback. [pid 1090] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 1096] ioctl(4, LOOP_SET_FD, 3 [pid 1093] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 1102 attached ./strace-static-x86_64: Process 1099 attached ./strace-static-x86_64: Process 1098 attached [pid 1096] <... ioctl resumed>) = 0 [pid 1095] close(3 [pid 1094] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1093] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1091] <... futex resumed>) = 1 [pid 1090] <... clone3 resumed> => {parent_tid=[1103]}, 88) = 1103 [pid 1085] <... futex resumed>) = 0 [pid 1084] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1083] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1096] close(3 [pid 1093] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1090] rt_sigprocmask(SIG_SETMASK, [], [pid 1096] <... close resumed>) = 0 [pid 1093] <... futex resumed>) = 0 [pid 1090] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1096] mkdir("./file0", 0777 [pid 1093] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1090] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1096] <... mkdir resumed>) = 0 [pid 1090] <... futex resumed>) = 0 [pid 1096] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 1090] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1103 attached [pid 1103] set_robust_list(0x7f62204449a0, 24) = 0 [pid 1103] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1103] creat("./bus", 000) = 3 [pid 1103] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1090] <... futex resumed>) = 0 [pid 1090] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1090] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1103] <... futex resumed>) = 1 [pid 1103] mount("/dev/loop3", "./bus", NULL, MS_BIND, NULL) = 0 [pid 1103] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1090] <... futex resumed>) = 0 [pid 1090] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1090] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1103] <... futex resumed>) = 1 [pid 1103] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 4 [pid 1103] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1090] <... futex resumed>) = 0 [pid 1090] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1090] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1103] <... futex resumed>) = 1 [pid 1103] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 1102] set_robust_list(0x7f62204449a0, 24 [pid 1099] set_robust_list(0x7f62180449a0, 24 [pid 1098] set_robust_list(0x7f62204659a0, 24 [pid 1095] <... close resumed>) = 0 [pid 1094] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1091] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1102] <... set_robust_list resumed>) = 0 [pid 1099] <... set_robust_list resumed>) = 0 [pid 1098] <... set_robust_list resumed>) = 0 [pid 1095] mkdir("./file0", 0777 [pid 1094] memfd_create("syzkaller", 0 [pid 1092] <... futex resumed>) = 0 [pid 1087] <... mount resumed>) = 0 [pid 1085] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1084] <... futex resumed>) = 1 [pid 1083] <... futex resumed>) = 0 [pid 1102] rt_sigprocmask(SIG_SETMASK, [], [pid 1099] rt_sigprocmask(SIG_SETMASK, [], [pid 1098] rt_sigprocmask(SIG_SETMASK, [], [pid 1095] <... mkdir resumed>) = 0 [pid 1094] <... memfd_create resumed>) = 7 [pid 1091] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1085] <... futex resumed>) = 0 [pid 1084] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1102] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1099] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1098] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1095] mount("/dev/loop1", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 1094] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1091] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 3, 0 [pid 1085] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1103] <... socket resumed>) = 5 [pid 1102] creat("./bus", 000 [pid 1099] creat("./bus", 000 [pid 1098] memfd_create("syzkaller", 0 [pid 1094] <... mmap resumed>) = 0x7f620fc64000 [pid 1092] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 6, 0 [pid 1091] <... mmap resumed>) = 0x20000000 [pid 1103] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1102] <... creat resumed>) = 3 [pid 1099] <... creat resumed>) = 3 [pid 1098] <... memfd_create resumed>) = 6 [pid 1094] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 69425 [pid 1092] <... mmap resumed>) = 0x20000000 [pid 1091] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1087] openat(AT_FDCWD, 0x20000000, O_RDONLY|O_DIRECTORY [pid 1086] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 1103] <... futex resumed>) = 1 [pid 1102] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1099] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1098] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1094] <... write resumed>) = 69425 [pid 1091] <... futex resumed>) = 1 [pid 1090] <... futex resumed>) = 0 [pid 1085] <... futex resumed>) = 0 [pid 1103] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1102] <... futex resumed>) = 1 [pid 1099] <... futex resumed>) = 0 [pid 1098] <... mmap resumed>) = 0x7f6218024000 [pid 1094] munmap(0x7f620fc64000, 69425 [pid 1091] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1085] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1102] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1099] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1098] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 1094] <... munmap resumed>) = 0 [pid 1093] <... futex resumed>) = 0 [pid 1092] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1091] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1090] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1087] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 1086] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1085] <... futex resumed>) = 0 [pid 1099] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1098] <... write resumed>) = 262144 [pid 1094] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 1091] memfd_create("syzkaller", 0 [pid 1099] mount("/dev/loop1", "./bus", NULL, MS_BIND, NULL [pid 1098] munmap(0x7f6218024000, 262144 [pid 1094] <... openat resumed>) = 8 [pid 1091] <... memfd_create resumed>) = 7 [pid 1099] <... mount resumed>) = 0 [pid 1098] <... munmap resumed>) = 0 [pid 1094] ioctl(8, LOOP_SET_FD, 7 [pid 1091] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1099] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1098] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 1094] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 1091] <... mmap resumed>) = 0x7f620fc64000 [pid 1099] <... futex resumed>) = 0 [pid 1098] <... openat resumed>) = 7 [pid 1094] ioctl(8, LOOP_CLR_FD [pid 1091] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [ 30.318173][ T1096] loop0: detected capacity change from 0 to 512 [ 30.321212][ T1087] ext4 filesystem being mounted at /root/syzkaller.4RDDfu/36/file0 supports timestamps until 2038 (0x7fffffff) [ 30.339505][ T1089] EXT4-fs error (device loop5): ext4_init_orphan_info:586: comm syz-executor172: inode #0: comm syz-executor172: iget: illegal inode # [ 30.353717][ T1089] EXT4-fs (loop5): get orphan inode failed [ 30.360665][ T1089] EXT4-fs (loop5): mount failed [pid 1099] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1098] ioctl(7, LOOP_SET_FD, 6 [pid 1094] <... ioctl resumed>) = 0 [pid 1091] <... write resumed>) = 65536 [pid 1103] <... futex resumed>) = 0 [pid 1099] <... futex resumed>) = 0 [pid 1093] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1092] <... futex resumed>) = 1 [pid 1090] <... futex resumed>) = 1 [pid 1087] ioctl(4, LOOP_CLR_FD [pid 1086] <... futex resumed>) = 1 [pid 1084] <... futex resumed>) = 0 [pid 1103] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 4, 0 [pid 1099] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1093] <... futex resumed>) = 1 [pid 1092] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1090] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1087] <... ioctl resumed>) = 0 [pid 1086] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1084] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1103] <... mmap resumed>) = 0x20000000 [pid 1102] <... futex resumed>) = 0 [pid 1098] <... ioctl resumed>) = 0 [pid 1093] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1092] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 30.366956][ T1088] EXT4-fs (loop4): mounted filesystem without journal. Opts: nodiscard,barrier,nouid32,grpquota,,errors=continue. Quota mode: writeback. [ 30.370793][ T1098] loop3: detected capacity change from 0 to 512 [ 30.387669][ T1088] ext4 filesystem being mounted at /root/syzkaller.Zpv55J/34/file0 supports timestamps until 2038 (0x7fffffff) [ 30.388668][ T1096] EXT4-fs (loop0): mounted filesystem without journal. Opts: nodiscard,barrier,nouid32,grpquota,,errors=continue. Quota mode: writeback. [pid 1091] munmap(0x7f620fc64000, 65536 [pid 1088] <... mount resumed>) = 0 [pid 1086] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1084] <... futex resumed>) = 0 [pid 1103] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1102] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 1098] close(6 [pid 1092] memfd_create("syzkaller", 0 [pid 1091] <... munmap resumed>) = 0 [pid 1089] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 1088] openat(AT_FDCWD, 0x20000000, O_RDONLY|O_DIRECTORY [pid 1087] close(4 [pid 1086] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1103] <... futex resumed>) = 1 [pid 1102] <... mount resumed>) = 0 [pid 1098] <... close resumed>) = 0 [pid 1092] <... memfd_create resumed>) = 7 [pid 1091] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 1090] <... futex resumed>) = 0 [pid 1089] ioctl(5, LOOP_CLR_FD [pid 1088] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 1086] <... futex resumed>) = 1 [pid 1102] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1098] mkdir(0x20000000, 0777 [pid 1091] <... openat resumed>) = 4 [pid 1088] ioctl(5, LOOP_CLR_FD [pid 1102] <... futex resumed>) = 1 [pid 1094] ioctl(8, LOOP_SET_FD, 7 [pid 1091] ioctl(4, LOOP_SET_FD, 7 [pid 1102] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1094] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 1091] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 1088] <... ioctl resumed>) = 0 [pid 1094] close(8 [pid 1091] ioctl(4, LOOP_CLR_FD [pid 1094] <... close resumed>) = 0 [pid 1091] <... ioctl resumed>) = 0 [pid 1088] close(5 [pid 1094] close(7) = 0 [pid 1088] <... close resumed>) = 0 [pid 1094] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1088] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1094] <... futex resumed>) = 0 [pid 1088] <... futex resumed>) = 0 [pid 1094] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1088] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1103] memfd_create("syzkaller", 0 [pid 1099] <... futex resumed>) = 0 [pid 1098] <... mkdir resumed>) = -1 ENOENT (No such file or directory) [pid 1093] <... futex resumed>) = 0 [pid 1092] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1090] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1089] <... ioctl resumed>) = 0 [pid 1087] <... close resumed>) = 0 [pid 1086] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1091] ioctl(4, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy) [pid 1091] close(4) = 0 [pid 1091] close(7) = 0 [pid 1091] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1091] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1096] <... mount resumed>) = 0 [pid 1096] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1096] chdir("./file0") = 0 [pid 1096] ioctl(4, LOOP_CLR_FD) = 0 [pid 1096] close(4) = 0 [pid 1096] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1096] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1103] <... memfd_create resumed>) = 6 [pid 1103] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f620fc64000 [pid 1103] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536) = 65536 [pid 1103] munmap(0x7f620fc64000, 65536) = 0 [pid 1103] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 1099] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5 [pid 1099] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1099] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1098] mount("/dev/loop3", 0x20000000, 0x200005c0, MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"...) = -1 ENOENT (No such file or directory) [pid 1098] ioctl(7, LOOP_CLR_FD) = 0 [pid 1093] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1092] <... mmap resumed>) = 0x7f620fc64000 [pid 1090] <... futex resumed>) = 0 [pid 1089] close(5 [pid 1087] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1086] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1085] exit_group(0 [pid 1087] <... futex resumed>) = 0 [pid 1089] <... close resumed>) = 0 [pid 1098] close(7 [pid 1086] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1093] <... futex resumed>) = 1 [pid 1087] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1092] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 1093] futex(0x7f62205316cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1086] <... futex resumed>) = 1 [pid 1085] <... exit_group resumed>) = ? [pid 1091] <... futex resumed>) = ? [pid 1087] <... futex resumed>) = 1 [pid 1091] +++ exited with 0 +++ [pid 1087] +++ exited with 0 +++ [pid 1086] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1089] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1085] +++ exited with 0 +++ [pid 1083] exit_group(0 [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1085, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 1094] <... futex resumed>) = ? [pid 1089] <... futex resumed>) = ? [pid 1083] <... exit_group resumed>) = ? [pid 1099] <... futex resumed>) = 0 [pid 1094] +++ exited with 0 +++ [pid 1099] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 298] umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1099] <... socket resumed>) = 6 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1092] <... write resumed>) = 65536 [pid 298] openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1099] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1092] munmap(0x7f620fc64000, 65536 [pid 1099] <... futex resumed>) = 1 [pid 1086] <... futex resumed>) = 0 [pid 298] <... openat resumed>) = 3 [pid 1099] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 1092] <... munmap resumed>) = 0 [pid 1086] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1099] <... mmap resumed>) = 0x20000000 [pid 1086] <... futex resumed>) = 0 [pid 298] newfstatat(3, "", [pid 1092] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 1099] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1086] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1092] <... openat resumed>) = 5 [pid 1086] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 298] getdents64(3, [pid 1099] <... futex resumed>) = 0 [pid 1092] ioctl(5, LOOP_SET_FD, 7 [pid 1086] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 1099] memfd_create("syzkaller", 0 [pid 1092] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 1086] <... futex resumed>) = 0 [pid 298] umount2("./36/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1099] <... memfd_create resumed>) = 7 [pid 1092] ioctl(5, LOOP_CLR_FD [pid 1099] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 298] <... umount2 resumed>) = 0 [pid 1092] <... ioctl resumed>) = 0 [pid 1099] <... mmap resumed>) = 0x7f620fc24000 [pid 298] umount2("./36/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 1096] <... futex resumed>) = 0 [pid 298] newfstatat(AT_FDCWD, "./36/bus", [pid 1096] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 298] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1103] <... openat resumed>) = 8 [pid 1099] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 1098] <... close resumed>) = 0 [pid 1096] <... open resumed>) = -1 ENOENT (No such file or directory) [pid 1095] <... mount resumed>) = 0 [pid 298] unlink("./36/bus" [pid 1103] ioctl(8, LOOP_SET_FD, 6 [pid 1098] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1096] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... unlink resumed>) = 0 [pid 1103] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 1098] <... futex resumed>) = 0 [pid 1096] <... futex resumed>) = 1 [pid 1093] <... futex resumed>) = 0 [pid 1092] ioctl(5, LOOP_SET_FD, 7 [pid 298] umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1103] ioctl(8, LOOP_CLR_FD [pid 1098] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1096] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 1093] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1092] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1103] <... ioctl resumed>) = 0 [pid 1096] <... socket resumed>) = 4 [pid 1093] <... futex resumed>) = 0 [pid 1092] close(5 [pid 298] newfstatat(AT_FDCWD, "./36/binderfs", [pid 1096] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1093] futex(0x7f62205316cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1092] <... close resumed>) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1096] <... futex resumed>) = 0 [pid 1093] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1092] close(7 [pid 298] unlink("./36/binderfs" [pid 1096] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, -1, 0 [pid 1093] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1092] <... close resumed>) = 0 [pid 298] <... unlink resumed>) = 0 [pid 1096] <... mmap resumed>) = -1 EBADF (Bad file descriptor) [pid 1093] <... futex resumed>) = 0 [pid 1092] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1096] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1093] futex(0x7f62205316cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1092] <... futex resumed>) = 0 [pid 1103] ioctl(8, LOOP_SET_FD, 6 [pid 1096] <... futex resumed>) = 0 [pid 1093] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1092] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1103] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 1095] openat(AT_FDCWD, 0x20000000, O_RDONLY|O_DIRECTORY) = -1 ENOENT (No such file or directory) [pid 1095] ioctl(4, LOOP_CLR_FD [pid 1084] exit_group(0) = ? [pid 1088] <... futex resumed>) = ? [pid 1103] close(8 [pid 1088] +++ exited with 0 +++ [pid 1103] <... close resumed>) = 0 [pid 1093] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1103] close(6 [pid 1096] memfd_create("syzkaller", 0 [pid 1093] <... futex resumed>) = 0 [pid 1092] <... futex resumed>) = ? [pid 1095] <... ioctl resumed>) = 0 [pid 1095] close(4) = 0 [pid 1095] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1095] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1089] +++ exited with 0 +++ [pid 1083] +++ exited with 0 +++ [pid 1099] <... write resumed>) = 65536 [pid 1099] munmap(0x7f620fc24000, 65536) = 0 [pid 1099] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 1099] ioctl(4, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy) [pid 1099] ioctl(4, LOOP_CLR_FD) = 0 [pid 1103] <... close resumed>) = 0 [pid 1096] <... memfd_create resumed>) = 6 [pid 1092] +++ exited with 0 +++ [pid 1084] +++ exited with 0 +++ [pid 1103] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1096] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1083, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- [pid 300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1084, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- [pid 1096] <... mmap resumed>) = 0x7f620fc64000 [pid 1103] <... futex resumed>) = 0 [pid 1099] ioctl(4, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy) [pid 1099] close(4 [pid 1096] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 1103] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 300] umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1099] <... close resumed>) = 0 [pid 1096] <... write resumed>) = 65536 [pid 301] umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1096] munmap(0x7f620fc64000, 65536 [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1096] <... munmap resumed>) = 0 [pid 1090] exit_group(0 [pid 1096] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 301] openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 300] openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1103] <... futex resumed>) = ? [pid 1098] <... futex resumed>) = ? [pid 1090] <... exit_group resumed>) = ? [pid 1098] +++ exited with 0 +++ [pid 301] <... openat resumed>) = 3 [pid 300] <... openat resumed>) = 3 [pid 301] newfstatat(3, "", [pid 300] newfstatat(3, "", [pid 1096] <... openat resumed>) = 7 [pid 1099] close(7) = 0 [pid 1099] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1099] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 301] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1086] exit_group(0 [pid 1096] ioctl(7, LOOP_SET_FD, 6 [pid 1086] <... exit_group resumed>) = ? [pid 301] getdents64(3, [pid 300] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 300] getdents64(3, [pid 301] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 301] umount2("./36/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 1096] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 300] umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 301] <... umount2 resumed>) = 0 [pid 300] <... umount2 resumed>) = 0 [pid 301] umount2("./36/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1096] ioctl(7, LOOP_CLR_FD [pid 300] umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 301] newfstatat(AT_FDCWD, "./36/bus", [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1096] <... ioctl resumed>) = 0 [pid 301] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 300] newfstatat(AT_FDCWD, "./34/bus", [pid 1099] <... futex resumed>) = ? [pid 300] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 301] unlink("./36/bus" [pid 300] unlink("./34/bus" [pid 301] <... unlink resumed>) = 0 [pid 1099] +++ exited with 0 +++ [pid 1095] <... futex resumed>) = ? [pid 301] umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] <... unlink resumed>) = 0 [pid 1096] ioctl(7, LOOP_SET_FD, 6 [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 300] umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1096] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 301] newfstatat(AT_FDCWD, "./36/binderfs", [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1096] close(7 [pid 1095] +++ exited with 0 +++ [pid 1086] +++ exited with 0 +++ [pid 301] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 300] newfstatat(AT_FDCWD, "./34/binderfs", [pid 1096] <... close resumed>) = 0 [pid 301] unlink("./36/binderfs" [pid 300] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1096] close(6 [pid 301] <... unlink resumed>) = 0 [pid 300] unlink("./34/binderfs" [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1086, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- [pid 1096] <... close resumed>) = 0 [pid 297] restart_syscall(<... resuming interrupted clone ...> [pid 300] <... unlink resumed>) = 0 [pid 301] umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1096] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1096] <... futex resumed>) = 0 [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 301] newfstatat(AT_FDCWD, "./36/file0", [pid 1096] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 297] <... restart_syscall resumed>) = 0 [pid 301] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 301] umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] umount2("./40", MNT_DETACH|UMOUNT_NOFOLLOW [pid 301] openat(AT_FDCWD, "./36/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1093] exit_group(0 [pid 301] <... openat resumed>) = 4 [pid 297] openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1102] <... futex resumed>) = ? [pid 1096] <... futex resumed>) = ? [pid 1093] <... exit_group resumed>) = ? [pid 301] newfstatat(4, "", [pid 1102] +++ exited with 0 +++ [pid 1096] +++ exited with 0 +++ [pid 301] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] <... openat resumed>) = 3 [pid 301] getdents64(4, [pid 297] newfstatat(3, "", [pid 1093] +++ exited with 0 +++ [pid 301] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 301] getdents64(4, 0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 297] getdents64(3, [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1093, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- [pid 301] close(4 [pid 297] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 301] <... close resumed>) = 0 [pid 297] umount2("./40/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 301] rmdir("./36/file0" [pid 297] <... umount2 resumed>) = 0 [pid 297] umount2("./40/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 301] <... rmdir resumed>) = 0 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 301] getdents64(3, 0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 297] newfstatat(AT_FDCWD, "./40/bus", [pid 301] close(3) = 0 [pid 301] rmdir("./36" [pid 297] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] unlink("./40/bus" [pid 301] <... rmdir resumed>) = 0 [pid 301] mkdir("./37", 0777 [pid 297] <... unlink resumed>) = 0 [pid 297] umount2("./40/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 301] <... mkdir resumed>) = 0 [pid 297] newfstatat(AT_FDCWD, "./40/binderfs", [pid 301] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 297] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 301] <... openat resumed>) = 3 [pid 297] unlink("./40/binderfs" [pid 301] ioctl(3, LOOP_CLR_FD [pid 297] <... unlink resumed>) = 0 [pid 296] umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW [pid 301] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 297] umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 301] close(3) = 0 [pid 301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cc7690) = 1111 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 1111 attached [pid 296] openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1111] set_robust_list(0x555556cc76a0, 24 [pid 296] <... openat resumed>) = 3 [pid 296] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1111] <... set_robust_list resumed>) = 0 [pid 296] getdents64(3, 0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 296] umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 1111] chdir("./37" [pid 296] umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./33/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] unlink("./33/bus" [pid 1111] <... chdir resumed>) = 0 [pid 1111] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 296] <... unlink resumed>) = 0 [pid 296] umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./33/binderfs", [pid 1111] <... prctl resumed>) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1111] setpgid(0, 0 [pid 296] unlink("./33/binderfs" [pid 1111] <... setpgid resumed>) = 0 [pid 1111] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 296] <... unlink resumed>) = 0 [pid 1111] <... openat resumed>) = 3 [pid 296] umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1111] write(3, "1000", 4) = 4 [pid 1111] close(3) = 0 [pid 1111] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1111] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1111] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, NULL, 8) = 0 [pid 1111] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1111] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220445000 [pid 1111] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1111] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1111] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0}./strace-static-x86_64: Process 1112 attached => {parent_tid=[1112]}, 88) = 1112 [pid 1112] set_robust_list(0x7f62204659a0, 24 [pid 1111] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1111] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1111] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1111] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220424000 [pid 1111] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1111] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1111] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 1112] <... set_robust_list resumed>) = 0 [pid 1111] <... clone3 resumed> => {parent_tid=[1113]}, 88) = 1113 [pid 1111] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1111] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1111] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1113 attached [pid 1113] set_robust_list(0x7f62204449a0, 24) = 0 [pid 1113] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1113] creat("./bus", 000 [pid 1112] rt_sigprocmask(SIG_SETMASK, [], [pid 1113] <... creat resumed>) = 3 [pid 1112] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1113] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1111] <... futex resumed>) = 0 [pid 1111] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1111] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1113] <... futex resumed>) = 1 [pid 1113] mount("/dev/loop5", "./bus", NULL, MS_BIND, NULL) = 0 [pid 1113] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1112] memfd_create("syzkaller", 0 [pid 1111] <... futex resumed>) = 0 [pid 1111] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1112] <... memfd_create resumed>) = 4 [pid 1111] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1113] <... futex resumed>) = 1 [pid 1113] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5 [pid 1113] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1111] <... futex resumed>) = 0 [pid 1111] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1111] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1113] <... futex resumed>) = 1 [pid 1113] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE) = 6 [pid 1112] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1113] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1112] <... mmap resumed>) = 0x7f6218024000 [pid 1111] <... futex resumed>) = 0 [pid 1111] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1111] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1113] <... futex resumed>) = 1 [pid 1113] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0) = 0x20000000 [pid 1112] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x2000116c} --- [pid 1111] <... futex resumed>) = ? [pid 1113] +++ killed by SIGBUS +++ [pid 1112] +++ killed by SIGBUS +++ [pid 1111] +++ killed by SIGBUS +++ [pid 301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1111, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 301] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 301] umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 301] openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 301] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 301] getdents64(3, 0x555556cc8730 /* 4 entries */, 32768) = 104 [pid 301] umount2("./37/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 301] umount2("./37/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 301] newfstatat(AT_FDCWD, "./37/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 301] unlink("./37/bus") = 0 [pid 301] umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 301] newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 301] unlink("./37/binderfs") = 0 [pid 301] getdents64(3, 0x555556cc8730 /* 0 entries */, 32768) = 0 [ 30.416387][ T1096] ext4 filesystem being mounted at /root/syzkaller.sY6u5M/33/file0 supports timestamps until 2038 (0x7fffffff) [ 30.428303][ T1095] EXT4-fs (loop1): mounted filesystem without journal. Opts: nodiscard,barrier,nouid32,grpquota,,errors=continue. Quota mode: writeback. [ 30.451073][ T1095] ext4 filesystem being mounted at /root/syzkaller.9gSDIa/40/file0 supports timestamps until 2038 (0x7fffffff) [pid 301] close(3) = 0 [pid 301] rmdir("./37") = 0 [pid 301] mkdir("./38", 0777) = 0 [pid 301] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 301] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 301] close(3) = 0 [pid 301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cc7690) = 1114 ./strace-static-x86_64: Process 1114 attached [pid 1114] set_robust_list(0x555556cc76a0, 24) = 0 [pid 1114] chdir("./38") = 0 [pid 1114] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1114] setpgid(0, 0) = 0 [pid 1114] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1114] write(3, "1000", 4) = 4 [pid 1114] close(3) = 0 [pid 1114] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1114] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1114] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, NULL, 8) = 0 [pid 1114] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1114] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220445000 [pid 1103] +++ exited with 0 +++ [pid 1090] +++ exited with 0 +++ [pid 298] <... umount2 resumed>) = 0 [pid 300] <... umount2 resumed>) = 0 [pid 297] <... umount2 resumed>) = 0 [pid 296] <... umount2 resumed>) = 0 [pid 1114] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 300] umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1090, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 300] newfstatat(AT_FDCWD, "./34/file0", [pid 299] umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 300] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 298] newfstatat(AT_FDCWD, "./36/file0", [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 300] umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] <... openat resumed>) = 3 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] newfstatat(AT_FDCWD, "./40/file0", [pid 296] newfstatat(AT_FDCWD, "./33/file0", [pid 1114] <... mprotect resumed>) = 0 [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(3, "", [pid 298] umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 300] openat(AT_FDCWD, "./34/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] <... openat resumed>) = 4 [pid 299] getdents64(3, [pid 298] openat(AT_FDCWD, "./36/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1114] rt_sigprocmask(SIG_BLOCK, ~[], [pid 300] newfstatat(4, "", [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] <... getdents64 resumed>0x555556cc8730 /* 4 entries */, 32768) = 104 [pid 298] <... openat resumed>) = 4 [pid 300] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] newfstatat(4, "", [pid 1114] <... rt_sigprocmask resumed>[], 8) = 0 [pid 300] getdents64(4, [pid 297] openat(AT_FDCWD, "./40/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 296] openat(AT_FDCWD, "./33/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 299] <... umount2 resumed>) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 300] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 299] umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] getdents64(4, [pid 298] getdents64(4, [pid 296] <... openat resumed>) = 4 [pid 1114] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 300] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] <... openat resumed>) = 4 [pid 300] close(4 [pid 299] newfstatat(AT_FDCWD, "./35/bus", [pid 298] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 297] newfstatat(4, "", [pid 296] newfstatat(4, "", [pid 300] <... close resumed>) = 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] getdents64(4, [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1114] <... clone3 resumed> => {parent_tid=[1116]}, 88) = 1116 [pid 300] rmdir("./34/file0" [pid 299] unlink("./35/bus" [pid 298] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 297] getdents64(4, [pid 296] getdents64(4, [pid 300] <... rmdir resumed>) = 0 [pid 299] <... unlink resumed>) = 0 [pid 298] close(4 [pid 296] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 298] <... close resumed>) = 0 [pid 297] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 300] getdents64(3, [pid 299] umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] rmdir("./36/file0" [pid 297] getdents64(4, [pid 296] getdents64(4, [pid 298] <... rmdir resumed>) = 0 [pid 296] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] getdents64(3, [pid 297] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 300] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 299] newfstatat(AT_FDCWD, "./35/binderfs", [pid 298] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 296] close(4 [pid 297] close(4 [pid 300] close(3 [pid 299] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] close(3 [pid 296] <... close resumed>) = 0 [pid 300] <... close resumed>) = 0 [pid 299] unlink("./35/binderfs" [pid 297] <... close resumed>) = 0 [pid 298] <... close resumed>) = 0 [pid 300] rmdir("./34" [pid 296] rmdir("./33/file0" [pid 299] <... unlink resumed>) = 0 [pid 297] rmdir("./40/file0" [pid 296] <... rmdir resumed>) = 0 [pid 297] <... rmdir resumed>) = 0 [pid 298] rmdir("./36" [pid 300] <... rmdir resumed>) = 0 [pid 299] getdents64(3, [pid 298] <... rmdir resumed>) = 0 [pid 297] getdents64(3, [pid 296] getdents64(3, [pid 299] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 297] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 296] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 299] close(3 [pid 297] close(3 [pid 298] mkdir("./37", 0777 [pid 296] close(3 [pid 300] mkdir("./35", 0777 [pid 299] <... close resumed>) = 0 [pid 297] <... close resumed>) = 0 ./strace-static-x86_64: Process 1116 attached [pid 1116] set_robust_list(0x7f62204659a0, 24) = 0 [pid 1116] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 298] <... mkdir resumed>) = 0 [pid 1116] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 296] <... close resumed>) = 0 [pid 299] rmdir("./35" [pid 297] rmdir("./40" [pid 300] <... mkdir resumed>) = 0 [pid 296] rmdir("./33" [pid 297] <... rmdir resumed>) = 0 [pid 296] <... rmdir resumed>) = 0 [pid 299] <... rmdir resumed>) = 0 [pid 297] mkdir("./41", 0777 [pid 299] mkdir("./36", 0777 [pid 296] mkdir("./34", 0777 [pid 300] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 298] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 299] <... mkdir resumed>) = 0 [pid 296] <... mkdir resumed>) = 0 [pid 297] <... mkdir resumed>) = 0 [pid 300] <... openat resumed>) = 3 [pid 298] <... openat resumed>) = 3 [pid 297] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 300] ioctl(3, LOOP_CLR_FD [pid 299] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 298] ioctl(3, LOOP_CLR_FD [pid 296] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 300] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 298] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 300] close(3 [pid 298] close(3 [pid 296] <... openat resumed>) = 3 [pid 297] <... openat resumed>) = 3 [pid 300] <... close resumed>) = 0 [pid 298] <... close resumed>) = 0 [pid 299] <... openat resumed>) = 3 [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 296] ioctl(3, LOOP_CLR_FD [pid 299] ioctl(3, LOOP_CLR_FD [pid 297] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 296] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 300] <... clone resumed>, child_tidptr=0x555556cc7690) = 1117 [pid 299] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 298] <... clone resumed>, child_tidptr=0x555556cc7690) = 1118 [pid 297] close(3 [pid 296] close(3 [pid 299] close(3 [pid 297] <... close resumed>) = 0 [pid 296] <... close resumed>) = 0 [pid 299] <... close resumed>) = 0 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cc7690) = 1120 [pid 299] <... clone resumed>, child_tidptr=0x555556cc7690) = 1121 [pid 297] <... clone resumed>, child_tidptr=0x555556cc7690) = 1119 [pid 1114] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 1117 attached [pid 1117] set_robust_list(0x555556cc76a0, 24) = 0 [pid 1117] chdir("./35" [pid 1114] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1114] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1114] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1116] <... futex resumed>) = 0 [pid 1116] memfd_create("syzkaller", 0./strace-static-x86_64: Process 1118 attached [pid 1114] <... futex resumed>) = 0 [pid 1116] <... memfd_create resumed>) = 3 [pid 1116] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6218045000 [pid 1114] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0./strace-static-x86_64: Process 1120 attached ) = 0x7f6218024000 [pid 1118] set_robust_list(0x555556cc76a0, 24 [pid 1114] mprotect(0x7f6218025000, 131072, PROT_READ|PROT_WRITE [pid 1117] <... chdir resumed>) = 0 [pid 1114] <... mprotect resumed>) = 0 [pid 1120] set_robust_list(0x555556cc76a0, 24 [pid 1114] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1114] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6218044990, parent_tid=0x7f6218044990, exit_signal=0, stack=0x7f6218024000, stack_size=0x20300, tls=0x7f62180446c0} => {parent_tid=[1122]}, 88) = 1122 [pid 1120] <... set_robust_list resumed>) = 0 ./strace-static-x86_64: Process 1122 attached [pid 1118] <... set_robust_list resumed>) = 0 [pid 1114] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1116] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 1114] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 1121 attached ./strace-static-x86_64: Process 1119 attached [pid 1122] set_robust_list(0x7f62180449a0, 24 [pid 1120] chdir("./34" [pid 1118] chdir("./37" [pid 1117] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1114] <... futex resumed>) = 0 [pid 1120] <... chdir resumed>) = 0 [pid 1118] <... chdir resumed>) = 0 [pid 1117] <... prctl resumed>) = 0 [pid 1116] <... write resumed>) = 262144 [pid 1114] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1117] setpgid(0, 0) = 0 [pid 1116] munmap(0x7f6218045000, 262144 [pid 1117] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1116] <... munmap resumed>) = 0 [pid 1120] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1118] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1120] <... prctl resumed>) = 0 [pid 1120] setpgid(0, 0 [pid 1118] setpgid(0, 0 [pid 1117] <... openat resumed>) = 3 [pid 1116] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 1120] <... setpgid resumed>) = 0 [pid 1118] <... setpgid resumed>) = 0 [pid 1117] write(3, "1000", 4 [pid 1116] <... openat resumed>) = 4 [pid 1117] <... write resumed>) = 4 [pid 1116] ioctl(4, LOOP_SET_FD, 3 [pid 1122] <... set_robust_list resumed>) = 0 [pid 1121] set_robust_list(0x555556cc76a0, 24 [pid 1120] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1119] set_robust_list(0x555556cc76a0, 24 [pid 1118] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1117] close(3 [pid 1116] <... ioctl resumed>) = 0 [pid 1117] <... close resumed>) = 0 [pid 1117] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1117] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1117] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, NULL, 8) = 0 [pid 1117] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1117] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220445000 [pid 1117] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1117] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1117] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 1120] <... openat resumed>) = 3 [pid 1118] <... openat resumed>) = 3 [pid 1117] <... clone3 resumed> => {parent_tid=[1123]}, 88) = 1123 [pid 1117] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1117] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1117] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1117] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220424000 [pid 1117] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1117] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1117] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 1122] rt_sigprocmask(SIG_SETMASK, [], [pid 1120] write(3, "1000", 4 [pid 1119] <... set_robust_list resumed>) = 0 [pid 1118] write(3, "1000", 4 [pid 1117] <... clone3 resumed> => {parent_tid=[1124]}, 88) = 1124 [pid 1117] rt_sigprocmask(SIG_SETMASK, [], [pid 1120] <... write resumed>) = 4 [pid 1118] <... write resumed>) = 4 [pid 1120] close(3 [pid 1122] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1120] <... close resumed>) = 0 [pid 1119] chdir("./41" [pid 1118] close(3 [pid 1117] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1122] creat("./bus", 000 [pid 1121] <... set_robust_list resumed>) = 0 [pid 1120] symlink("/dev/binderfs", "./binderfs" [pid 1119] <... chdir resumed>) = 0 [pid 1118] <... close resumed>) = 0 [pid 1117] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1117] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1118] symlink("/dev/binderfs", "./binderfs" [pid 1120] <... symlink resumed>) = 0 [pid 1118] <... symlink resumed>) = 0 [pid 1120] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1118] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1120] <... futex resumed>) = 0 [pid 1118] <... futex resumed>) = 0 [pid 1120] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 1118] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 1122] <... creat resumed>) = 5 [pid 1121] chdir("./36" [pid 1120] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1119] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1118] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1122] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1121] <... chdir resumed>) = 0 [pid 1120] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 1119] <... prctl resumed>) = 0 [pid 1118] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 1116] close(3) = 0 [pid 1116] mkdir("./file0", 0777 [pid 1122] <... futex resumed>) = 1 [pid 1120] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1118] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1116] <... mkdir resumed>) = 0 [pid 1114] <... futex resumed>) = 0 [pid 1122] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1120] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1118] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1114] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1120] <... mmap resumed>) = 0x7f6220445000 [pid 1118] <... mmap resumed>) = 0x7f6220445000 [pid 1114] <... futex resumed>) = 0 [pid 1122] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1120] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 1118] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 1114] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1122] mount("/dev/loop5", "./bus", NULL, MS_BIND, NULL [pid 1120] <... mprotect resumed>) = 0 [pid 1118] <... mprotect resumed>) = 0 [pid 1116] mount("/dev/loop5", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 1120] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1122] <... mount resumed>) = 0 [pid 1121] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1120] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1119] setpgid(0, 0 [pid 1118] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1122] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1120] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 1119] <... setpgid resumed>) = 0 [pid 1118] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1122] <... futex resumed>) = 1 [pid 1114] <... futex resumed>) = 0 [pid 1122] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 1121] <... prctl resumed>) = 0 [pid 1119] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1118] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 1114] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1122] <... open resumed>) = 3 [pid 1120] <... clone3 resumed> => {parent_tid=[1125]}, 88) = 1125 [pid 1120] rt_sigprocmask(SIG_SETMASK, [], [pid 1122] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1114] <... futex resumed>) = 0 [pid 1122] <... futex resumed>) = 0 [pid 1120] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1119] <... openat resumed>) = 3 [pid 1118] <... clone3 resumed> => {parent_tid=[1126]}, 88) = 1126 [pid 1114] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1122] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1121] setpgid(0, 0 [pid 1120] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1119] write(3, "1000", 4 [pid 1118] rt_sigprocmask(SIG_SETMASK, [], [pid 1114] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1121] <... setpgid resumed>) = 0 [pid 1120] <... futex resumed>) = 0 [pid 1119] <... write resumed>) = 4 [pid 1118] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1114] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1120] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1119] close(3 [pid 1118] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1114] <... futex resumed>) = 1 [pid 1122] <... futex resumed>) = 0 [pid 1120] <... futex resumed>) = 0 [pid 1119] <... close resumed>) = 0 [pid 1118] <... futex resumed>) = 0 [pid 1114] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1122] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 1121] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1120] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1119] symlink("/dev/binderfs", "./binderfs" [pid 1118] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1120] <... mmap resumed>) = 0x7f6220424000 ./strace-static-x86_64: Process 1124 attached [pid 1122] <... socket resumed>) = 6 [pid 1120] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 1119] <... symlink resumed>) = 0 [pid 1118] <... futex resumed>) = 0 [pid 1122] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1120] <... mprotect resumed>) = 0 [pid 1119] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1118] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1120] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1122] <... futex resumed>) = 1 [pid 1120] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1119] <... futex resumed>) = 0 [pid 1118] <... mmap resumed>) = 0x7f6220424000 [pid 1114] <... futex resumed>) = 0 [pid 1122] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1120] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 1119] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 1118] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 1114] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 1123 attached [pid 1124] set_robust_list(0x7f62204449a0, 24 [pid 1114] <... futex resumed>) = 0 [pid 1118] <... mprotect resumed>) = 0 [pid 1120] <... clone3 resumed> => {parent_tid=[1127]}, 88) = 1127 [pid 1122] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1120] rt_sigprocmask(SIG_SETMASK, [], [pid 1119] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1118] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1114] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1122] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 3, 0 [pid 1120] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1119] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 1118] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1121] <... openat resumed>) = 3 ./strace-static-x86_64: Process 1126 attached ./strace-static-x86_64: Process 1125 attached [pid 1124] <... set_robust_list resumed>) = 0 [pid 1123] set_robust_list(0x7f62204659a0, 24 [pid 1122] <... mmap resumed>) = 0x20000000 [pid 1120] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1119] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1118] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 1122] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1121] write(3, "1000", 4 [pid 1120] <... futex resumed>) = 0 [pid 1119] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1126] set_robust_list(0x7f62204659a0, 24 [pid 1125] set_robust_list(0x7f62204659a0, 24 [pid 1124] rt_sigprocmask(SIG_SETMASK, [], [pid 1123] <... set_robust_list resumed>) = 0 [pid 1120] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1118] <... clone3 resumed> => {parent_tid=[1128]}, 88) = 1128 [pid 1122] <... futex resumed>) = 1 [pid 1114] <... futex resumed>) = 0 [pid 1121] <... write resumed>) = 4 [pid 1119] <... mmap resumed>) = 0x7f6220445000 [pid 1118] rt_sigprocmask(SIG_SETMASK, [], [pid 1114] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1122] memfd_create("syzkaller", 0 [pid 1118] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1119] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 1114] <... futex resumed>) = 0 [pid 1121] close(3 [pid 1118] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1122] <... memfd_create resumed>) = 7 [pid 1118] <... futex resumed>) = 0 [pid 1122] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1119] <... mprotect resumed>) = 0 [pid 1118] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1122] <... mmap resumed>) = 0x7f620fc24000 [pid 1119] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1126] <... set_robust_list resumed>) = 0 [pid 1125] <... set_robust_list resumed>) = 0 [pid 1124] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1123] rt_sigprocmask(SIG_SETMASK, [], [pid 1126] rt_sigprocmask(SIG_SETMASK, [], [pid 1125] rt_sigprocmask(SIG_SETMASK, [], [pid 1124] creat("./bus", 000 [pid 1123] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1126] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1125] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1124] <... creat resumed>) = 3 [pid 1123] memfd_create("syzkaller", 0 [pid 1122] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 1121] <... close resumed>) = 0 [pid 1119] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1126] memfd_create("syzkaller", 0 [pid 1125] memfd_create("syzkaller", 0 [pid 1124] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1123] <... memfd_create resumed>) = 4 [pid 1126] <... memfd_create resumed>) = 3 [pid 1125] <... memfd_create resumed>) = 3 [pid 1124] <... futex resumed>) = 1 [pid 1123] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1117] <... futex resumed>) = 0 ./strace-static-x86_64: Process 1128 attached [pid 1126] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1125] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1124] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1123] <... mmap resumed>) = 0x7f6218024000 [pid 1122] <... write resumed>) = 65536 [pid 1121] symlink("/dev/binderfs", "./binderfs" [pid 1119] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 1117] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1128] set_robust_list(0x7f62204449a0, 24 [pid 1126] <... mmap resumed>) = 0x7f6218024000 [pid 1125] <... mmap resumed>) = 0x7f6218024000 [pid 1124] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1123] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 1117] <... futex resumed>) = 0 ./strace-static-x86_64: Process 1129 attached ./strace-static-x86_64: Process 1127 attached [pid 1122] munmap(0x7f620fc24000, 65536 [pid 1121] <... symlink resumed>) = 0 [pid 1129] set_robust_list(0x7f62204659a0, 24 [pid 1128] <... set_robust_list resumed>) = 0 [pid 1127] set_robust_list(0x7f62204449a0, 24 [pid 1126] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 1125] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 1124] mount("/dev/loop4", "./bus", NULL, MS_BIND, NULL [pid 1122] <... munmap resumed>) = 0 [pid 1117] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1129] <... set_robust_list resumed>) = 0 [pid 1128] rt_sigprocmask(SIG_SETMASK, [], [pid 1127] <... set_robust_list resumed>) = 0 [pid 1126] <... write resumed>) = 262144 [pid 1125] <... write resumed>) = 262144 [pid 1124] <... mount resumed>) = 0 [pid 1121] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1119] <... clone3 resumed> => {parent_tid=[1129]}, 88) = 1129 [pid 1116] <... mount resumed>) = -1 EBADMSG (Bad message) [pid 1125] munmap(0x7f6218024000, 262144 [pid 1124] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1125] <... munmap resumed>) = 0 [pid 1124] <... futex resumed>) = 1 [pid 1117] <... futex resumed>) = 0 [pid 1116] ioctl(4, LOOP_CLR_FD [pid 1125] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1124] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1117] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1125] <... openat resumed>) = 4 [pid 1124] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1117] <... futex resumed>) = 0 [pid 1116] <... ioctl resumed>) = 0 [pid 1125] ioctl(4, LOOP_SET_FD, 3 [pid 1124] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 1117] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1129] rt_sigprocmask(SIG_SETMASK, [], [pid 1128] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1127] rt_sigprocmask(SIG_SETMASK, [], [pid 1126] munmap(0x7f6218024000, 262144 [pid 1124] <... open resumed>) = 5 [pid 1123] <... write resumed>) = 262144 [pid 1122] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 1121] <... futex resumed>) = 0 [pid 1119] rt_sigprocmask(SIG_SETMASK, [], [pid 1129] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1128] creat("./bus", 000 [pid 1127] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1126] <... munmap resumed>) = 0 [pid 1123] munmap(0x7f6218024000, 262144 [pid 1122] <... openat resumed>) = 8 [pid 1121] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 1119] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1129] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1128] <... creat resumed>) = 4 [pid 1127] creat("./bus", 000 [pid 1126] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 1123] <... munmap resumed>) = 0 [pid 1122] ioctl(8, LOOP_SET_FD, 7 [pid 1121] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1119] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1129] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1128] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1127] <... creat resumed>) = 5 [pid 1126] <... openat resumed>) = 5 [pid 1125] <... ioctl resumed>) = 0 [pid 1124] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1123] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 1122] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 1121] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 1119] <... futex resumed>) = 0 [ 30.550569][ T1116] loop5: detected capacity change from 0 to 512 [ 30.578522][ T1116] EXT4-fs warning (device loop5): read_mmp_block:115: Error -74 while reading MMP block 12 [ 30.592092][ T1125] loop0: detected capacity change from 0 to 512 [pid 1116] close(4 [pid 1129] memfd_create("syzkaller", 0 [pid 1128] <... futex resumed>) = 1 [pid 1127] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1126] ioctl(5, LOOP_SET_FD, 3 [pid 1125] close(3 [pid 1124] <... futex resumed>) = 1 [pid 1123] <... openat resumed>) = 6 [pid 1122] ioctl(8, LOOP_CLR_FD [pid 1121] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1119] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1118] <... futex resumed>) = 0 [pid 1117] <... futex resumed>) = 0 [pid 1116] <... close resumed>) = 0 [pid 1129] <... memfd_create resumed>) = 3 [pid 1128] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1127] <... futex resumed>) = 1 [pid 1126] <... ioctl resumed>) = 0 [pid 1125] <... close resumed>) = 0 [pid 1124] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1123] ioctl(6, LOOP_SET_FD, 4 [pid 1122] <... ioctl resumed>) = 0 [pid 1121] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1120] <... futex resumed>) = 0 [pid 1119] <... futex resumed>) = 0 [pid 1118] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1117] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1116] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1129] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1128] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1127] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1125] mkdir("./file0", 0777 [pid 1124] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1117] <... futex resumed>) = 0 [pid 1116] <... futex resumed>) = 0 [pid 1125] <... mkdir resumed>) = 0 [pid 1124] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 1117] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1116] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1125] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 1124] <... socket resumed>) = 7 [pid 1124] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1129] <... mmap resumed>) = 0x7f6218045000 [pid 1128] mount("/dev/loop2", "./bus", NULL, MS_BIND, NULL [pid 1127] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1126] close(3 [pid 1124] <... futex resumed>) = 1 [pid 1123] <... ioctl resumed>) = 0 [pid 1121] <... mmap resumed>) = 0x7f6220445000 [pid 1120] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1119] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1118] <... futex resumed>) = 0 [pid 1117] <... futex resumed>) = 0 [pid 1124] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1117] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1124] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1117] <... futex resumed>) = 0 [pid 1124] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 1117] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1129] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 1128] <... mount resumed>) = 0 [pid 1127] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 1126] <... close resumed>) = 0 [pid 1124] <... mmap resumed>) = 0x20000000 [pid 1121] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 1123] close(4 [pid 1120] <... futex resumed>) = 0 [pid 1119] <... mmap resumed>) = 0x7f6218024000 [pid 1118] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1129] <... write resumed>) = 262144 [pid 1128] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1127] <... mount resumed>) = 0 [pid 1126] mkdir("./file0", 0777 [pid 1124] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1122] ioctl(8, LOOP_SET_FD, 7 [pid 1121] <... mprotect resumed>) = 0 [pid 1120] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1118] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1129] munmap(0x7f6218045000, 262144 [pid 1128] <... futex resumed>) = 0 [pid 1127] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1126] <... mkdir resumed>) = 0 [pid 1124] <... futex resumed>) = 1 [pid 1123] <... close resumed>) = 0 [pid 1122] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 1121] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1120] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1119] mprotect(0x7f6218025000, 131072, PROT_READ|PROT_WRITE [pid 1118] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1117] <... futex resumed>) = 0 [pid 1129] <... munmap resumed>) = 0 [pid 1128] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 1127] <... futex resumed>) = 0 [pid 1126] mount("/dev/loop2", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 1124] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1123] mkdir(0x20000000, 0777 [pid 1122] close(8 [pid 1121] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1120] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1119] <... mprotect resumed>) = 0 [pid 1118] <... futex resumed>) = 0 [pid 1129] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 1128] <... open resumed>) = 3 [pid 1122] <... close resumed>) = 0 [pid 1121] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 1120] <... futex resumed>) = 0 [pid 1119] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1118] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1129] <... openat resumed>) = 4 [pid 1128] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1122] close(7 [pid 1120] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1119] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1118] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1129] ioctl(4, LOOP_SET_FD, 3 [pid 1128] <... futex resumed>) = 0 [pid 1122] <... close resumed>) = 0 [pid 1121] <... clone3 resumed> => {parent_tid=[1132]}, 88) = 1132 [pid 1119] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6218044990, parent_tid=0x7f6218044990, exit_signal=0, stack=0x7f6218024000, stack_size=0x20300, tls=0x7f62180446c0} [pid 1118] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 1132 attached [pid 1128] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 1127] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 1124] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1123] <... mkdir resumed>) = -1 ENOENT (No such file or directory) [pid 1122] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1121] rt_sigprocmask(SIG_SETMASK, [], [pid 1118] <... futex resumed>) = 0 [pid 1117] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1114] exit_group(0 [pid 1128] <... socket resumed>) = 6 [pid 1123] mount("/dev/loop4", 0x20000000, 0x200005c0, MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"... [pid 1122] <... futex resumed>) = ? [pid 1121] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1119] <... clone3 resumed> => {parent_tid=[1133]}, 88) = 1133 [pid 1118] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1116] <... futex resumed>) = ? [pid 1114] <... exit_group resumed>) = ? ./strace-static-x86_64: Process 1133 attached [pid 1132] set_robust_list(0x7f62204659a0, 24 [pid 1128] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1127] <... open resumed>) = 3 [pid 1124] memfd_create("syzkaller", 0 [pid 1123] <... mount resumed>) = -1 ENOENT (No such file or directory) [pid 1122] +++ exited with 0 +++ [pid 1121] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1119] rt_sigprocmask(SIG_SETMASK, [], [pid 1118] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1117] <... futex resumed>) = 0 [pid 1116] +++ exited with 0 +++ [pid 1133] set_robust_list(0x7f62180449a0, 24 [pid 1132] <... set_robust_list resumed>) = 0 [pid 1129] <... ioctl resumed>) = 0 [pid 1128] <... futex resumed>) = 0 [pid 1127] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1125] <... mount resumed>) = 0 [pid 1124] <... memfd_create resumed>) = 4 [pid 1123] ioctl(6, LOOP_CLR_FD [pid 1121] <... futex resumed>) = 0 [pid 1119] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1118] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1133] <... set_robust_list resumed>) = 0 [pid 1132] rt_sigprocmask(SIG_SETMASK, [], [pid 1129] close(3 [pid 1128] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 3, 0 [pid 1127] <... futex resumed>) = 1 [pid 1125] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 1124] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1123] <... ioctl resumed>) = 0 [pid 1121] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1120] <... futex resumed>) = 0 [pid 1119] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1118] <... futex resumed>) = 0 [pid 1133] rt_sigprocmask(SIG_SETMASK, [], [pid 1132] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1129] <... close resumed>) = 0 [pid 1128] <... mmap resumed>) = 0x20000000 [pid 1127] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1125] <... openat resumed>) = 6 [pid 1124] <... mmap resumed>) = 0x7f620fc64000 [pid 1123] close(6 [pid 1121] <... futex resumed>) = 0 [pid 1120] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1119] <... futex resumed>) = 0 [pid 1118] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1133] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1132] memfd_create("syzkaller", 0 [pid 1129] mkdir("./file0", 0777 [pid 1128] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1127] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1125] chdir("./file0" [pid 1124] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 1123] <... close resumed>) = 0 [pid 1121] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1120] <... futex resumed>) = 0 [pid 1119] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1118] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 30.602143][ T1126] loop2: detected capacity change from 0 to 512 [ 30.609281][ T1123] loop4: detected capacity change from 0 to 512 [ 30.620178][ T1125] EXT4-fs (loop0): mounted filesystem without journal. Opts: nodiscard,barrier,nouid32,grpquota,,errors=continue. Quota mode: writeback. [ 30.627555][ T1129] loop1: detected capacity change from 0 to 512 [ 30.640653][ T1125] ext4 filesystem being mounted at /root/syzkaller.sY6u5M/34/file0 supports timestamps until 2038 (0x7fffffff) [pid 1133] creat("./bus", 000 [pid 1132] <... memfd_create resumed>) = 3 [pid 1128] <... futex resumed>) = 0 [pid 1127] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 1123] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1121] <... mmap resumed>) = 0x7f6220424000 [pid 1120] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1118] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1128] memfd_create("syzkaller", 0 [pid 1123] <... futex resumed>) = 0 [pid 1121] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 1118] <... futex resumed>) = 0 [pid 1128] <... memfd_create resumed>) = 7 [pid 1123] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1121] <... mprotect resumed>) = 0 [pid 1128] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1121] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1128] <... mmap resumed>) = 0x7f620fc64000 [pid 1121] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1127] <... socket resumed>) = 7 [pid 1125] <... chdir resumed>) = 0 [pid 1133] <... creat resumed>) = 3 [pid 1121] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 1132] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1133] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1132] <... mmap resumed>) = 0x7f6218024000 [pid 1129] <... mkdir resumed>) = 0 [pid 1127] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1125] ioctl(4, LOOP_CLR_FD [pid 1124] <... write resumed>) = 65536 [pid 1121] <... clone3 resumed> => {parent_tid=[1136]}, 88) = 1136 [pid 1121] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1121] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1121] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1136 attached [pid 1136] set_robust_list(0x7f62204449a0, 24) = 0 [pid 1136] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1136] creat("./bus", 000) = 4 [pid 1136] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1121] <... futex resumed>) = 0 [pid 1121] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1121] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1136] <... futex resumed>) = 1 [pid 1136] mount("/dev/loop3", "./bus", NULL, MS_BIND, NULL) = 0 [pid 1136] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1121] <... futex resumed>) = 0 [pid 1121] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1121] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1136] <... futex resumed>) = 1 [pid 1136] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 5 [pid 1136] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1121] <... futex resumed>) = 0 [pid 1136] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 1121] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1136] <... socket resumed>) = 6 [pid 1121] <... futex resumed>) = 0 [pid 1136] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1121] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1136] <... futex resumed>) = 0 [pid 1121] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1136] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 1121] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1136] <... mmap resumed>) = 0x20000000 [pid 1121] <... futex resumed>) = 0 [pid 1136] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1121] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1136] <... futex resumed>) = 0 [pid 1121] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1136] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000144} --- [pid 1121] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = ? [pid 1133] <... futex resumed>) = 1 [pid 1129] mount("/dev/loop1", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 1127] <... futex resumed>) = 1 [pid 1133] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1127] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1125] <... ioctl resumed>) = 0 [pid 1124] munmap(0x7f620fc64000, 65536 [pid 1120] <... futex resumed>) = 0 [pid 1119] <... futex resumed>) = 0 [pid 1127] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1125] close(4 [pid 1124] <... munmap resumed>) = 0 [pid 1120] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1119] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1133] <... futex resumed>) = 0 [pid 1132] +++ killed by SIGBUS +++ [pid 1127] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 3, 0 [pid 1125] <... close resumed>) = 0 [pid 1124] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 1120] <... futex resumed>) = 0 [pid 1128] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 1119] <... futex resumed>) = 1 [pid 1126] <... mount resumed>) = 0 [pid 1126] openat(AT_FDCWD, 0x20000000, O_RDONLY|O_DIRECTORY [pid 1136] +++ killed by SIGBUS +++ [pid 1121] +++ killed by SIGBUS +++ [pid 1133] mount("/dev/loop1", "./bus", NULL, MS_BIND, NULL [pid 1127] <... mmap resumed>) = 0x20000000 [pid 1126] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 1125] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1126] ioctl(5, LOOP_CLR_FD [pid 1120] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1121, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 1128] <... write resumed>) = 65536 [pid 1119] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1133] <... mount resumed>) = 0 [pid 1128] munmap(0x7f620fc64000, 65536 [pid 1127] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1126] <... ioctl resumed>) = 0 [pid 1125] <... futex resumed>) = 0 [pid 1124] <... openat resumed>) = 6 [pid 299] restart_syscall(<... resuming interrupted clone ...> [pid 1133] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1128] <... munmap resumed>) = 0 [pid 1127] <... futex resumed>) = 1 [pid 1125] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1124] ioctl(6, LOOP_SET_FD, 4 [pid 1120] <... futex resumed>) = 0 [pid 299] <... restart_syscall resumed>) = 0 [pid 1133] <... futex resumed>) = 1 [pid 1128] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 1127] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1126] close(5 [pid 1124] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 1120] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1119] <... futex resumed>) = 0 [pid 1133] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1128] <... openat resumed>) = 8 [pid 1125] <... futex resumed>) = 0 [pid 1124] ioctl(6, LOOP_CLR_FD [pid 1120] <... futex resumed>) = 1 [pid 1119] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1133] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1128] ioctl(8, LOOP_SET_FD, 7 [pid 1125] memfd_create("syzkaller", 0 [pid 1124] <... ioctl resumed>) = 0 [pid 1119] <... futex resumed>) = 0 [pid 1133] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 1128] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 1125] <... memfd_create resumed>) = 4 [pid 1119] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1114] +++ exited with 0 +++ [pid 1133] <... open resumed>) = 5 [pid 1128] ioctl(8, LOOP_CLR_FD [pid 1125] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1133] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1128] <... ioctl resumed>) = 0 [pid 1125] <... mmap resumed>) = 0x7f620fc64000 [pid 1133] <... futex resumed>) = 1 [pid 1125] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 1119] <... futex resumed>) = 0 [pid 1133] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1125] <... write resumed>) = 65536 [pid 1119] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1133] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1125] munmap(0x7f620fc64000, 65536 [pid 1119] <... futex resumed>) = 0 [pid 1133] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 1125] <... munmap resumed>) = 0 [pid 1124] ioctl(6, LOOP_SET_FD, 4 [pid 1119] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1133] <... socket resumed>) = 6 [pid 1125] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1124] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 1133] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1125] <... openat resumed>) = 8 [pid 1124] close(6 [pid 1133] <... futex resumed>) = 1 [pid 1128] ioctl(8, LOOP_SET_FD, 7 [pid 1125] ioctl(8, LOOP_SET_FD, 4 [pid 1124] <... close resumed>) = 0 [pid 1119] <... futex resumed>) = 0 [pid 1133] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1128] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 1125] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 1124] close(4 [pid 1119] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1133] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1128] close(8 [pid 1125] ioctl(8, LOOP_CLR_FD [pid 1124] <... close resumed>) = 0 [pid 1119] <... futex resumed>) = 0 [pid 1133] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 1128] <... close resumed>) = 0 [pid 1125] <... ioctl resumed>) = 0 [pid 1124] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1119] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1133] <... mmap resumed>) = 0x20000000 [pid 1128] close(7 [pid 1124] <... futex resumed>) = 0 [pid 1133] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1128] <... close resumed>) = 0 [pid 1124] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1117] exit_group(0 [pid 1133] <... futex resumed>) = 1 [pid 1128] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1124] <... futex resumed>) = ? [pid 1123] <... futex resumed>) = ? [pid 1119] <... futex resumed>) = 0 [pid 1117] <... exit_group resumed>) = ? [pid 1133] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1128] <... futex resumed>) = 0 [pid 1124] +++ exited with 0 +++ [pid 1123] +++ exited with 0 +++ [pid 1119] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1133] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1128] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1125] ioctl(8, LOOP_SET_FD, 4 [pid 1119] <... futex resumed>) = 0 [pid 1133] memfd_create("syzkaller", 0 [pid 1125] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 1133] <... memfd_create resumed>) = 7 [pid 1125] close(8 [pid 1133] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1125] <... close resumed>) = 0 [pid 1133] <... mmap resumed>) = 0x7f620fc24000 [pid 1125] close(4 [pid 1133] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 1125] <... close resumed>) = 0 [pid 1133] <... write resumed>) = 65536 [pid 1126] <... close resumed>) = 0 [pid 1126] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1114, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [ 30.656597][ T1126] EXT4-fs (loop2): mounted filesystem without journal. Opts: nodiscard,barrier,nouid32,grpquota,,errors=continue. Quota mode: writeback. [ 30.671728][ T1126] ext4 filesystem being mounted at /root/syzkaller.4RDDfu/37/file0 supports timestamps until 2038 (0x7fffffff) [pid 299] umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1133] munmap(0x7f620fc24000, 65536 [pid 1126] <... futex resumed>) = 0 [pid 1125] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] restart_syscall(<... resuming interrupted clone ...> [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1126] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1118] exit_group(0 [pid 301] <... restart_syscall resumed>) = 0 [pid 299] openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1126] <... futex resumed>) = ? [pid 1118] <... exit_group resumed>) = ? [pid 299] <... openat resumed>) = 3 [pid 1126] +++ exited with 0 +++ [pid 299] newfstatat(3, "", [pid 301] umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] getdents64(3, [pid 301] openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 299] <... getdents64 resumed>0x555556cc8730 /* 4 entries */, 32768) = 104 [pid 301] <... openat resumed>) = 3 [pid 299] umount2("./36/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 301] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 301] getdents64(3, 0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 301] umount2("./38/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1133] <... munmap resumed>) = 0 [pid 1125] <... futex resumed>) = 0 [pid 1120] exit_group(0 [pid 301] <... umount2 resumed>) = 0 [pid 299] <... umount2 resumed>) = 0 [pid 1133] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 1128] <... futex resumed>) = ? [pid 301] umount2("./38/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] umount2("./36/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 301] newfstatat(AT_FDCWD, "./38/bus", [pid 299] newfstatat(AT_FDCWD, "./36/bus", [pid 301] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 301] unlink("./38/bus" [pid 299] unlink("./36/bus" [pid 301] <... unlink resumed>) = 0 [pid 299] <... unlink resumed>) = 0 [pid 301] umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 301] newfstatat(AT_FDCWD, "./38/binderfs", [pid 299] newfstatat(AT_FDCWD, "./36/binderfs", [pid 301] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 301] unlink("./38/binderfs" [pid 299] unlink("./36/binderfs" [pid 301] <... unlink resumed>) = 0 [pid 299] <... unlink resumed>) = 0 [pid 301] umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] getdents64(3, [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 301] newfstatat(AT_FDCWD, "./38/file0", [pid 299] close(3 [pid 301] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] <... close resumed>) = 0 [pid 301] umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] rmdir("./36" [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] <... rmdir resumed>) = 0 [pid 301] openat(AT_FDCWD, "./38/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 299] mkdir("./37", 0777 [pid 301] <... openat resumed>) = 4 [pid 299] <... mkdir resumed>) = 0 [pid 301] newfstatat(4, "", [pid 299] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 301] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] <... openat resumed>) = 3 [pid 301] getdents64(4, [pid 299] ioctl(3, LOOP_CLR_FD [pid 1120] <... exit_group resumed>) = ? [pid 301] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 299] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 301] getdents64(4, [pid 299] close(3 [pid 301] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 299] <... close resumed>) = 0 [pid 1128] +++ exited with 0 +++ [pid 1118] +++ exited with 0 +++ [pid 301] close(4 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1133] <... openat resumed>) = 8 [pid 1127] <... futex resumed>) = ? [pid 1117] +++ exited with 0 +++ [pid 301] <... close resumed>) = 0 [pid 1133] ioctl(8, LOOP_SET_FD, 7 [pid 1127] +++ exited with 0 +++ [pid 1125] +++ exited with 0 +++ [pid 1120] +++ exited with 0 +++ [pid 1133] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1120, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- [pid 1133] ioctl(8, LOOP_CLR_FD [pid 296] restart_syscall(<... resuming interrupted clone ...> [pid 1133] <... ioctl resumed>) = 0 [pid 301] rmdir("./38/file0" [pid 296] <... restart_syscall resumed>) = 0 [pid 1133] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy) [pid 1133] close(8 [pid 301] <... rmdir resumed>) = 0 [pid 296] umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1133] <... close resumed>) = 0 [pid 301] getdents64(3, [pid 300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1117, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 299] <... clone resumed>, child_tidptr=0x555556cc7690) = 1139 [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1118, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1133] close(7 [pid 301] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 300] umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1133] <... close resumed>) = 0 [pid 301] close(3 [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... openat resumed>) = 3 [pid 1133] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] <... close resumed>) = 0 [pid 300] openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 298] openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 296] newfstatat(3, "", [pid 1133] <... futex resumed>) = 0 [pid 301] rmdir("./38" [pid 300] <... openat resumed>) = 3 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1133] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 298] <... openat resumed>) = 3 [pid 296] getdents64(3, [pid 301] <... rmdir resumed>) = 0 [pid 300] newfstatat(3, "", [pid 298] newfstatat(3, "", [pid 296] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 301] mkdir("./39", 0777 [pid 300] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] getdents64(3, [pid 298] getdents64(3, [pid 296] <... umount2 resumed>) = 0 [pid 296] umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 301] <... mkdir resumed>) = 0 [pid 300] <... getdents64 resumed>0x555556cc8730 /* 4 entries */, 32768) = 104 [pid 298] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 301] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 301] <... openat resumed>) = 3 [pid 300] umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] umount2("./37/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] newfstatat(AT_FDCWD, "./34/bus", [pid 301] ioctl(3, LOOP_CLR_FD [pid 300] <... umount2 resumed>) = 0 [pid 298] <... umount2 resumed>) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 301] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 300] umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] umount2("./37/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] unlink("./34/bus" [pid 301] close(3 [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... unlink resumed>) = 0 [pid 301] <... close resumed>) = 0 [pid 300] newfstatat(AT_FDCWD, "./35/bus", [pid 298] newfstatat(AT_FDCWD, "./37/bus", [pid 296] umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 300] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 300] unlink("./35/bus" [pid 298] unlink("./37/bus" [pid 296] unlink("./34/binderfs" [pid 301] <... clone resumed>, child_tidptr=0x555556cc7690) = 1140 [pid 300] <... unlink resumed>) = 0 [pid 298] <... unlink resumed>) = 0 [pid 296] <... unlink resumed>) = 0 [pid 300] umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 1140 attached ./strace-static-x86_64: Process 1139 attached [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1140] set_robust_list(0x555556cc76a0, 24 [pid 1139] set_robust_list(0x555556cc76a0, 24 [pid 300] newfstatat(AT_FDCWD, "./35/binderfs", [pid 298] newfstatat(AT_FDCWD, "./37/binderfs", [pid 1140] <... set_robust_list resumed>) = 0 [pid 1139] <... set_robust_list resumed>) = 0 [pid 300] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1140] chdir("./39" [pid 1139] chdir("./37" [pid 300] unlink("./35/binderfs" [pid 298] unlink("./37/binderfs" [pid 1140] <... chdir resumed>) = 0 [pid 1139] <... chdir resumed>) = 0 [pid 300] <... unlink resumed>) = 0 [pid 298] <... unlink resumed>) = 0 [pid 300] getdents64(3, [pid 298] umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1140] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1139] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 300] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 1140] <... prctl resumed>) = 0 [pid 1139] <... prctl resumed>) = 0 [pid 300] close(3 [pid 1140] setpgid(0, 0 [pid 1139] setpgid(0, 0 [pid 300] <... close resumed>) = 0 [ 30.698191][ T1137] EXT4-fs warning (device loop1): kmmpd:170: kmmpd being stopped since MMP feature has been disabled. [ 30.698484][ T1129] EXT4-fs (loop1): revision level too high, forcing read-only mode [ 30.717522][ T1129] EXT4-fs error (device loop1): ext4_init_orphan_info:586: comm syz-executor172: inode #0: comm syz-executor172: iget: illegal inode # [ 30.735505][ T1129] EXT4-fs (loop1): get orphan inode failed [pid 1140] <... setpgid resumed>) = 0 [pid 1139] <... setpgid resumed>) = 0 [pid 300] rmdir("./35" [pid 1140] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1139] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 300] <... rmdir resumed>) = 0 [pid 1140] <... openat resumed>) = 3 [pid 1139] <... openat resumed>) = 3 [pid 300] mkdir("./36", 0777 [pid 1140] write(3, "1000", 4 [pid 1139] write(3, "1000", 4 [pid 300] <... mkdir resumed>) = 0 [pid 1140] <... write resumed>) = 4 [pid 1139] <... write resumed>) = 4 [pid 300] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 1140] close(3 [pid 1139] close(3 [pid 300] <... openat resumed>) = 3 [pid 1140] <... close resumed>) = 0 [pid 1139] <... close resumed>) = 0 [pid 300] ioctl(3, LOOP_CLR_FD [pid 1140] symlink("/dev/binderfs", "./binderfs" [pid 1139] symlink("/dev/binderfs", "./binderfs" [pid 300] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 1140] <... symlink resumed>) = 0 [pid 1139] <... symlink resumed>) = 0 [pid 300] close(3 [pid 1140] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1139] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] <... close resumed>) = 0 [pid 1140] <... futex resumed>) = 0 [pid 1139] <... futex resumed>) = 0 [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1140] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 1139] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 1140] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1139] <... rt_sigaction resumed>NULL, 8) = 0 [pid 300] <... clone resumed>, child_tidptr=0x555556cc7690) = 1141 [pid 1140] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 1139] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 1140] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1139] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1140] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1139] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1140] <... mmap resumed>) = 0x7f6220445000 [pid 1139] <... mmap resumed>) = 0x7f6220445000 [pid 1140] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 1139] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 1140] <... mprotect resumed>) = 0 [pid 1139] <... mprotect resumed>) = 0 [pid 1140] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1139] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1140] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1139] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1140] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 1139] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 1140] <... clone3 resumed> => {parent_tid=[1142]}, 88) = 1142 [pid 1139] <... clone3 resumed> => {parent_tid=[1143]}, 88) = 1143 [pid 1140] rt_sigprocmask(SIG_SETMASK, [], [pid 1139] rt_sigprocmask(SIG_SETMASK, [], [pid 1140] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1139] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1140] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1139] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 1141 attached ./strace-static-x86_64: Process 1143 attached ./strace-static-x86_64: Process 1142 attached [pid 1140] <... futex resumed>) = 0 [pid 1139] <... futex resumed>) = 0 [pid 1140] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1139] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1140] <... futex resumed>) = 0 [pid 1139] <... futex resumed>) = 0 [pid 1140] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1139] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1140] <... mmap resumed>) = 0x7f6220424000 [pid 1139] <... mmap resumed>) = 0x7f6220424000 [pid 1140] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 1139] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 1140] <... mprotect resumed>) = 0 [pid 1139] <... mprotect resumed>) = 0 [pid 1140] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1139] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1140] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1139] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1140] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 1139] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0}./strace-static-x86_64: Process 1144 attached [pid 1143] set_robust_list(0x7f62204659a0, 24 [pid 1142] set_robust_list(0x7f62204659a0, 24 [pid 1141] set_robust_list(0x555556cc76a0, 24 [pid 1140] <... clone3 resumed> => {parent_tid=[1144]}, 88) = 1144 [pid 1139] <... clone3 resumed> => {parent_tid=[1145]}, 88) = 1145 [pid 1129] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 1140] rt_sigprocmask(SIG_SETMASK, [], [pid 1139] rt_sigprocmask(SIG_SETMASK, [], [pid 1140] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1139] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1140] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1139] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1140] <... futex resumed>) = 0 [pid 1139] <... futex resumed>) = 0 [pid 1140] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1139] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1145 attached [pid 1143] <... set_robust_list resumed>) = 0 [pid 1142] <... set_robust_list resumed>) = 0 [pid 1141] <... set_robust_list resumed>) = 0 [pid 1129] ioctl(4, LOOP_CLR_FD [pid 1145] set_robust_list(0x7f62204449a0, 24) = 0 [pid 1142] rt_sigprocmask(SIG_SETMASK, [], [pid 1141] chdir("./36" [pid 1145] rt_sigprocmask(SIG_SETMASK, [], [pid 1143] rt_sigprocmask(SIG_SETMASK, [], [pid 1129] <... ioctl resumed>) = 0 [pid 1145] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1145] creat("./bus", 000 [pid 1144] set_robust_list(0x7f62204449a0, 24 [pid 1143] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1142] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1141] <... chdir resumed>) = 0 [pid 1129] close(4 [pid 1145] <... creat resumed>) = 3 [pid 1144] <... set_robust_list resumed>) = 0 [pid 1143] memfd_create("syzkaller", 0 [pid 1142] memfd_create("syzkaller", 0 [pid 1141] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1145] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1129] <... close resumed>) = 0 [pid 1145] <... futex resumed>) = 1 [pid 1139] <... futex resumed>) = 0 [pid 1145] mount("/dev/loop3", "./bus", NULL, MS_BIND, NULL [pid 1139] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1144] rt_sigprocmask(SIG_SETMASK, [], [pid 1143] <... memfd_create resumed>) = 4 [pid 1142] <... memfd_create resumed>) = 3 [pid 1141] <... prctl resumed>) = 0 [pid 1139] <... futex resumed>) = 0 [pid 1129] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... umount2 resumed>) = 0 [pid 296] <... umount2 resumed>) = 0 [pid 1144] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1143] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1142] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1141] setpgid(0, 0 [pid 1139] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1129] <... futex resumed>) = 0 [pid 298] umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1144] creat("./bus", 000 [pid 1143] <... mmap resumed>) = 0x7f6218024000 [pid 1142] <... mmap resumed>) = 0x7f6218024000 [pid 1141] <... setpgid resumed>) = 0 [pid 1129] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1119] exit_group(0 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1145] <... mount resumed>) = 0 [pid 1144] <... creat resumed>) = 4 [pid 1143] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 264966 [pid 1142] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 1141] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1145] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1139] <... futex resumed>) = 0 [pid 1145] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1139] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1145] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1139] <... futex resumed>) = 0 [pid 1145] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 1139] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1145] <... open resumed>) = 5 [pid 1145] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1139] <... futex resumed>) = 0 [pid 1145] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1139] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1145] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1139] <... futex resumed>) = 0 [pid 1145] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 1139] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1145] <... socket resumed>) = 6 [pid 1145] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1139] <... futex resumed>) = 0 [pid 1119] <... exit_group resumed>) = ? [pid 298] newfstatat(AT_FDCWD, "./37/file0", [pid 296] newfstatat(AT_FDCWD, "./34/file0", [pid 1145] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1139] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1133] <... futex resumed>) = ? [pid 1129] <... futex resumed>) = ? [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1145] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1139] <... futex resumed>) = 0 [pid 1133] +++ exited with 0 +++ [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1145] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 1139] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1145] <... mmap resumed>) = 0x20000000 [pid 1145] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1129] +++ exited with 0 +++ [pid 1119] +++ exited with 0 +++ [pid 1145] <... futex resumed>) = 1 [pid 1139] <... futex resumed>) = 0 [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1119, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- [pid 1145] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1139] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] restart_syscall(<... resuming interrupted clone ...> [pid 296] umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1145] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1139] <... futex resumed>) = 0 [pid 1145] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000144} --- [pid 1141] <... openat resumed>) = 3 [pid 1139] close(2012415488 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./37/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1141] write(3, "1000", 4 [pid 296] openat(AT_FDCWD, "./34/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 298] <... openat resumed>) = 4 [pid 296] <... openat resumed>) = 4 [pid 1141] <... write resumed>) = 4 [pid 298] newfstatat(4, "", [pid 297] <... restart_syscall resumed>) = 0 [pid 296] newfstatat(4, "", [pid 1141] close(3 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1141] <... close resumed>) = 0 [pid 297] umount2("./41", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1144] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1143] <... write resumed>) = ? [pid 1142] <... write resumed>) = 262144 [pid 1141] symlink("/dev/binderfs", "./binderfs" [pid 298] getdents64(4, [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] getdents64(4, [pid 297] openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 298] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 297] <... openat resumed>) = 3 [pid 296] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 1141] <... symlink resumed>) = 0 [pid 298] getdents64(4, [pid 297] newfstatat(3, "", [pid 296] getdents64(4, [pid 1144] <... futex resumed>) = 1 [pid 1141] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1140] <... futex resumed>) = 0 [pid 298] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1145] +++ killed by SIGBUS +++ [pid 1144] mount("/dev/loop5", "./bus", NULL, MS_BIND, NULL [pid 1141] <... futex resumed>) = 0 [pid 1140] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] getdents64(3, [pid 296] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 1143] +++ killed by SIGBUS +++ [pid 1141] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 1140] <... futex resumed>) = 0 [pid 1139] +++ killed by SIGBUS +++ [pid 1144] <... mount resumed>) = 0 [pid 298] close(4 [pid 297] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 296] close(4 [pid 1144] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1141] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1140] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1139, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 297] umount2("./41/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1144] <... futex resumed>) = 0 [pid 1142] munmap(0x7f6218024000, 262144 [pid 1141] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 1140] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 299] restart_syscall(<... resuming interrupted clone ...> [pid 298] <... close resumed>) = 0 [pid 297] <... umount2 resumed>) = 0 [pid 296] <... close resumed>) = 0 [pid 1144] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1142] <... munmap resumed>) = 0 [pid 1141] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1140] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... restart_syscall resumed>) = 0 [pid 298] rmdir("./37/file0" [pid 297] umount2("./41/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] rmdir("./34/file0" [pid 1140] <... futex resumed>) = 0 [pid 1140] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] <... rmdir resumed>) = 0 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1144] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1141] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 299] umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] getdents64(3, [pid 1142] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 297] newfstatat(AT_FDCWD, "./41/bus", [pid 296] <... rmdir resumed>) = 0 [pid 1144] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 1142] <... openat resumed>) = 5 [pid 1141] <... mmap resumed>) = 0x7f6220445000 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] getdents64(3, [pid 1144] <... open resumed>) = 6 [pid 1142] ioctl(5, LOOP_SET_FD, 3 [pid 1141] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 299] openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [ 30.755324][ T1129] EXT4-fs (loop1): mount failed [pid 298] close(3 [pid 297] unlink("./41/bus" [pid 296] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 1144] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1141] <... mprotect resumed>) = 0 [pid 299] <... openat resumed>) = 3 [pid 299] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(3, 0x555556cc8730 /* 4 entries */, 32768) = 104 [pid 299] umount2("./37/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1144] <... futex resumed>) = 1 [pid 1142] <... ioctl resumed>) = 0 [pid 1141] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1140] <... futex resumed>) = 0 [pid 299] <... umount2 resumed>) = 0 [pid 298] <... close resumed>) = 0 [pid 297] <... unlink resumed>) = 0 [pid 296] close(3 [pid 1144] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1142] close(3 [pid 1141] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1140] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] umount2("./37/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] rmdir("./37" [pid 297] umount2("./41/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... close resumed>) = 0 [pid 1144] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1142] <... close resumed>) = 0 [pid 1141] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 1140] <... futex resumed>) = 0 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] <... rmdir resumed>) = 0 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] rmdir("./34" [pid 1144] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 1142] mkdir("./file0", 0777 [pid 1140] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] newfstatat(AT_FDCWD, "./37/bus", [pid 298] mkdir("./38", 0777 [pid 297] newfstatat(AT_FDCWD, "./41/binderfs", [pid 296] <... rmdir resumed>) = 0 [pid 1144] <... socket resumed>) = 3 [pid 1142] <... mkdir resumed>) = 0 [pid 1141] <... clone3 resumed> => {parent_tid=[1146]}, 88) = 1146 [pid 299] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] <... mkdir resumed>) = 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] mkdir("./35", 0777 [pid 1144] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1142] mount("/dev/loop5", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 1141] rt_sigprocmask(SIG_SETMASK, [], [pid 299] unlink("./37/bus" [pid 298] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 297] unlink("./41/binderfs" [pid 296] <... mkdir resumed>) = 0 [pid 1144] <... futex resumed>) = 1 [pid 1141] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1140] <... futex resumed>) = 0 [pid 299] <... unlink resumed>) = 0 [pid 298] <... openat resumed>) = 3 [pid 297] <... unlink resumed>) = 0 [pid 296] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1144] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1141] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1140] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] ioctl(3, LOOP_CLR_FD [pid 297] umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... openat resumed>) = 3 [pid 1144] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1141] <... futex resumed>) = 0 [pid 1140] <... futex resumed>) = 0 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] ioctl(3, LOOP_CLR_FD [pid 1144] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 6, 0 [pid 1141] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1140] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] newfstatat(AT_FDCWD, "./37/binderfs", [pid 298] close(3 [pid 297] newfstatat(AT_FDCWD, "./41/file0", [pid 296] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 1144] <... mmap resumed>) = 0x20000000 [pid 1141] <... futex resumed>) = 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] <... close resumed>) = 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] close(3 [pid 1144] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1141] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 299] unlink("./37/binderfs" [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 297] umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... close resumed>) = 0 [pid 1144] <... futex resumed>) = 1 [pid 1141] <... mmap resumed>) = 0x7f6220424000 [pid 1140] <... futex resumed>) = 0 [pid 299] <... unlink resumed>) = 0 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1144] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1141] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 1140] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] getdents64(3, [pid 298] <... clone resumed>, child_tidptr=0x555556cc7690) = 1148 [pid 297] openat(AT_FDCWD, "./41/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1144] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1141] <... mprotect resumed>) = 0 [pid 1140] <... futex resumed>) = 0 [pid 299] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 297] <... openat resumed>) = 4 [pid 296] <... clone resumed>, child_tidptr=0x555556cc7690) = 1149 [pid 1144] memfd_create("syzkaller", 0 [pid 1141] rt_sigprocmask(SIG_BLOCK, ~[], [pid 299] close(3 [pid 297] newfstatat(4, "", [pid 1144] <... memfd_create resumed>) = 7 [pid 1141] <... rt_sigprocmask resumed>[], 8) = 0 [pid 299] <... close resumed>) = 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1144] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1141] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 299] rmdir("./37" [pid 297] getdents64(4, [pid 1144] <... mmap resumed>) = 0x7f620fc64000 [pid 299] <... rmdir resumed>) = 0 [pid 297] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 ./strace-static-x86_64: Process 1150 attached ./strace-static-x86_64: Process 1149 attached ./strace-static-x86_64: Process 1148 attached ./strace-static-x86_64: Process 1146 attached [pid 1144] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 1141] <... clone3 resumed> => {parent_tid=[1150]}, 88) = 1150 [pid 299] mkdir("./38", 0777 [pid 297] getdents64(4, [pid 1150] set_robust_list(0x7f62204449a0, 24 [pid 1149] set_robust_list(0x555556cc76a0, 24 [pid 1148] set_robust_list(0x555556cc76a0, 24 [pid 1146] set_robust_list(0x7f62204659a0, 24 [pid 1150] <... set_robust_list resumed>) = 0 [pid 1149] <... set_robust_list resumed>) = 0 [pid 1148] <... set_robust_list resumed>) = 0 [pid 1146] <... set_robust_list resumed>) = 0 [pid 1150] rt_sigprocmask(SIG_SETMASK, [], [pid 1149] chdir("./35" [pid 1148] chdir("./38" [pid 1146] rt_sigprocmask(SIG_SETMASK, [], [pid 1150] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1149] <... chdir resumed>) = 0 [pid 1148] <... chdir resumed>) = 0 [pid 1146] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1150] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1149] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1148] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1146] memfd_create("syzkaller", 0 [pid 1149] <... prctl resumed>) = 0 [pid 1148] <... prctl resumed>) = 0 [pid 1146] <... memfd_create resumed>) = 3 [pid 1149] setpgid(0, 0 [pid 1148] setpgid(0, 0 [pid 1146] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1141] rt_sigprocmask(SIG_SETMASK, [], [pid 297] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 1149] <... setpgid resumed>) = 0 [pid 1148] <... setpgid resumed>) = 0 [pid 1146] <... mmap resumed>) = 0x7f6218024000 [pid 1144] <... write resumed>) = 65536 [pid 1141] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 299] <... mkdir resumed>) = 0 [pid 1149] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1148] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1146] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 297] close(4 [pid 1149] <... openat resumed>) = 3 [pid 1148] <... openat resumed>) = 3 [pid 1146] <... write resumed>) = 262144 [pid 1144] munmap(0x7f620fc64000, 65536 [pid 1141] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 1149] write(3, "1000", 4 [pid 1148] write(3, "1000", 4 [pid 1146] munmap(0x7f6218024000, 262144 [pid 1149] <... write resumed>) = 4 [pid 1148] <... write resumed>) = 4 [pid 1146] <... munmap resumed>) = 0 [pid 1149] close(3 [pid 1148] close(3 [pid 1146] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 1149] <... close resumed>) = 0 [pid 1148] <... close resumed>) = 0 [pid 1146] <... openat resumed>) = 4 [pid 1149] symlink("/dev/binderfs", "./binderfs" [ 30.795141][ T1142] loop5: detected capacity change from 0 to 512 [ 30.813587][ T1147] EXT4-fs warning (device loop5): kmmpd:170: kmmpd being stopped since MMP feature has been disabled. [ 30.827085][ T1142] EXT4-fs (loop5): revision level too high, forcing read-only mode [pid 1148] symlink("/dev/binderfs", "./binderfs" [pid 1146] ioctl(4, LOOP_SET_FD, 3 [pid 1150] <... futex resumed>) = 0 [pid 1149] <... symlink resumed>) = 0 [pid 1148] <... symlink resumed>) = 0 [pid 1144] <... munmap resumed>) = 0 [pid 1141] <... futex resumed>) = 1 [pid 299] <... openat resumed>) = 3 [pid 297] <... close resumed>) = 0 [pid 1149] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1148] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1149] <... futex resumed>) = 0 [pid 1148] <... futex resumed>) = 0 [pid 1149] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 1148] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 1149] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1148] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1149] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 1148] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 1149] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1148] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1149] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1148] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1149] <... mmap resumed>) = 0x7f6220445000 [pid 1148] <... mmap resumed>) = 0x7f6220445000 [pid 1149] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 1148] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 1149] <... mprotect resumed>) = 0 [pid 1148] <... mprotect resumed>) = 0 [pid 1149] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1148] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1149] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1148] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1149] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 1148] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 1149] <... clone3 resumed> => {parent_tid=[1152]}, 88) = 1152 [pid 1148] <... clone3 resumed> => {parent_tid=[1153]}, 88) = 1153 ./strace-static-x86_64: Process 1153 attached ./strace-static-x86_64: Process 1152 attached [pid 1150] creat("./bus", 000 [pid 1149] rt_sigprocmask(SIG_SETMASK, [], [pid 1148] rt_sigprocmask(SIG_SETMASK, [], [pid 1144] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 1141] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] ioctl(3, LOOP_CLR_FD [pid 297] rmdir("./41/file0" [pid 1153] set_robust_list(0x7f62204659a0, 24 [pid 1152] set_robust_list(0x7f62204659a0, 24 [pid 1150] <... creat resumed>) = 5 [pid 1149] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1148] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1144] <... openat resumed>) = 8 [pid 299] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 1149] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1148] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1149] <... futex resumed>) = 0 [pid 1148] <... futex resumed>) = 0 [pid 1149] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1148] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1149] <... futex resumed>) = 0 [pid 1148] <... futex resumed>) = 0 [pid 1149] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1148] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1149] <... mmap resumed>) = 0x7f6220424000 [pid 1148] <... mmap resumed>) = 0x7f6220424000 [pid 1149] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 1148] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 1149] <... mprotect resumed>) = 0 [pid 1148] <... mprotect resumed>) = 0 [pid 1149] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1148] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1146] <... ioctl resumed>) = 0 [pid 1149] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1148] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1146] close(3 [pid 1149] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 1148] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 1146] <... close resumed>) = 0 [pid 1149] <... clone3 resumed> => {parent_tid=[1154]}, 88) = 1154 [pid 1148] <... clone3 resumed> => {parent_tid=[1155]}, 88) = 1155 [pid 1146] mkdir("./file0", 0777 [pid 1149] rt_sigprocmask(SIG_SETMASK, [], [pid 1148] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 1155 attached ./strace-static-x86_64: Process 1154 attached [pid 1153] <... set_robust_list resumed>) = 0 [pid 1152] <... set_robust_list resumed>) = 0 [pid 1150] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1149] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1148] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1144] ioctl(8, LOOP_SET_FD, 7 [pid 299] close(3 [pid 297] <... rmdir resumed>) = 0 [pid 1155] set_robust_list(0x7f62204449a0, 24 [pid 1154] set_robust_list(0x7f62204449a0, 24 [pid 1153] rt_sigprocmask(SIG_SETMASK, [], [pid 1152] rt_sigprocmask(SIG_SETMASK, [], [pid 1150] <... futex resumed>) = 1 [pid 1149] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1148] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1146] <... mkdir resumed>) = 0 [pid 1144] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 1142] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 1141] <... futex resumed>) = 0 [pid 299] <... close resumed>) = 0 [pid 297] getdents64(3, [pid 1155] <... set_robust_list resumed>) = 0 [pid 1154] <... set_robust_list resumed>) = 0 [pid 1153] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1152] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1150] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1144] ioctl(8, LOOP_CLR_FD [pid 1142] ioctl(5, LOOP_CLR_FD [pid 1141] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 297] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 1155] rt_sigprocmask(SIG_SETMASK, [], [pid 1154] rt_sigprocmask(SIG_SETMASK, [], [pid 1153] memfd_create("syzkaller", 0 [pid 1152] memfd_create("syzkaller", 0 [pid 1150] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1144] <... ioctl resumed>) = 0 [pid 1142] <... ioctl resumed>) = 0 [pid 1141] <... futex resumed>) = 0 [pid 297] close(3 [pid 1155] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1154] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1153] <... memfd_create resumed>) = 3 [pid 1152] <... memfd_create resumed>) = 3 [pid 1150] mount("/dev/loop4", "./bus", NULL, MS_BIND, NULL [pid 1142] close(5 [pid 1141] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] <... clone resumed>, child_tidptr=0x555556cc7690) = 1156 [pid 297] <... close resumed>) = 0 [pid 1155] creat("./bus", 000 [pid 1154] creat("./bus", 000 [pid 1153] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1152] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1150] <... mount resumed>) = 0 [pid 1142] <... close resumed>) = 0 [pid 297] rmdir("./41" [pid 1155] <... creat resumed>) = 4 [pid 1154] <... creat resumed>) = 4 [pid 1153] <... mmap resumed>) = 0x7f6218024000 [pid 1152] <... mmap resumed>) = 0x7f6218024000 [pid 1150] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1142] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... rmdir resumed>) = 0 [pid 1155] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1154] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1153] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 1152] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 1150] <... futex resumed>) = 1 [pid 1149] <... futex resumed>) = 0 [pid 1148] <... futex resumed>) = 0 [pid 1144] ioctl(8, LOOP_SET_FD, 7 [pid 1142] <... futex resumed>) = 0 [pid 1141] <... futex resumed>) = 0 [pid 297] mkdir("./42", 0777./strace-static-x86_64: Process 1156 attached [pid 1155] <... futex resumed>) = 0 [pid 1154] <... futex resumed>) = 0 [pid 1153] <... write resumed>) = 262144 [pid 1152] <... write resumed>) = 262144 [pid 1150] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1149] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1148] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1146] mount("/dev/loop4", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 1144] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 1142] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1141] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... mkdir resumed>) = 0 [pid 1155] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1154] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1153] munmap(0x7f6218024000, 262144 [pid 1152] munmap(0x7f6218024000, 262144 [pid 1150] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1144] close(8 [pid 1141] <... futex resumed>) = 0 [pid 297] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 1153] <... munmap resumed>) = 0 [pid 1152] <... munmap resumed>) = 0 [pid 1150] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 1144] <... close resumed>) = 0 [pid 1141] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] <... openat resumed>) = 3 [pid 1153] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 1152] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1150] <... open resumed>) = 3 [pid 1149] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1148] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1144] close(7 [pid 297] ioctl(3, LOOP_CLR_FD [pid 1153] <... openat resumed>) = 5 [pid 1152] <... openat resumed>) = 5 [pid 1150] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1144] <... close resumed>) = 0 [pid 297] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 1153] ioctl(5, LOOP_SET_FD, 3 [pid 1152] ioctl(5, LOOP_SET_FD, 3 [pid 1150] <... futex resumed>) = 1 [pid 1144] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1141] <... futex resumed>) = 0 [pid 297] close(3 [pid 1156] set_robust_list(0x555556cc76a0, 24 [pid 1153] <... ioctl resumed>) = 0 [pid 1149] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1148] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1156] <... set_robust_list resumed>) = 0 [pid 1153] close(3 [pid 1149] <... futex resumed>) = 1 [pid 1148] <... futex resumed>) = 1 [pid 1156] chdir("./38" [pid 1153] <... close resumed>) = 0 [pid 1149] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1148] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1156] <... chdir resumed>) = 0 [pid 1153] mkdir("./file0", 0777 [pid 1156] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1153] <... mkdir resumed>) = 0 [pid 1156] <... prctl resumed>) = 0 [pid 1153] mount("/dev/loop2", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 1156] setpgid(0, 0) = 0 [pid 1150] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1144] <... futex resumed>) = 0 [pid 1140] exit_group(0 [pid 1141] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1155] <... futex resumed>) = 0 [pid 1154] <... futex resumed>) = 0 [pid 1152] <... ioctl resumed>) = 0 [pid 1150] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1142] <... futex resumed>) = ? [pid 1141] <... futex resumed>) = 0 [pid 1140] <... exit_group resumed>) = ? [pid 297] <... close resumed>) = 0 [pid 1155] mount("/dev/loop2", "./bus", NULL, MS_BIND, NULL [pid 1154] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 1152] close(3 [pid 1150] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 1144] +++ exited with 0 +++ [pid 1142] +++ exited with 0 +++ [pid 1141] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1155] <... mount resumed>) = 0 [pid 1154] <... mount resumed>) = 0 [pid 1152] <... close resumed>) = 0 [pid 1150] <... socket resumed>) = 6 [pid 1155] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1154] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1152] mkdir("./file0", 0777 [pid 1150] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... clone resumed>, child_tidptr=0x555556cc7690) = 1157 [pid 1155] <... futex resumed>) = 1 [pid 1154] <... futex resumed>) = 1 [pid 1152] <... mkdir resumed>) = 0 [pid 1150] <... futex resumed>) = 1 [pid 1141] <... futex resumed>) = 0 [pid 1155] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1154] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1152] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 1150] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1141] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1150] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1141] <... futex resumed>) = 0 [pid 1150] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 3, 0 [pid 1149] <... futex resumed>) = 0 [pid 1148] <... futex resumed>) = 0 [pid 1141] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1156] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1150] <... mmap resumed>) = 0x20000000 [pid 1149] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1148] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1155] <... futex resumed>) = 0 [pid 1154] <... futex resumed>) = 0 [pid 1150] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1149] <... futex resumed>) = 1 [pid 1148] <... futex resumed>) = 1 [pid 1155] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 1154] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 1150] <... futex resumed>) = 1 [pid 1149] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1141] <... futex resumed>) = 0 [pid 1156] <... openat resumed>) = 3 [pid 1155] <... open resumed>) = 3 [pid 1154] <... open resumed>) = 3 [pid 1150] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1148] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1141] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1156] write(3, "1000", 4 [pid 1155] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1154] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1150] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1148] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1141] <... futex resumed>) = 0 [pid 1156] <... write resumed>) = 4 [pid 1155] <... futex resumed>) = 0 [pid 1154] <... futex resumed>) = 1 [ 30.835476][ T1142] EXT4-fs error (device loop5): ext4_init_orphan_info:586: comm syz-executor172: inode #0: comm syz-executor172: iget: illegal inode # [ 30.841417][ T1146] loop4: detected capacity change from 0 to 512 [ 30.849668][ T1142] EXT4-fs (loop5): get orphan inode failed [ 30.861853][ T1142] EXT4-fs (loop5): mount failed [ 30.878650][ T1153] loop2: detected capacity change from 0 to 512 [ 30.884913][ T1152] loop0: detected capacity change from 0 to 512 [pid 1150] memfd_create("syzkaller", 0 [pid 1149] <... futex resumed>) = 0 [pid 1148] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 1157 attached [pid 1156] close(3 [pid 1155] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 1154] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1150] <... memfd_create resumed>) = 7 [pid 1149] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1155] <... socket resumed>) = 6 [pid 1154] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1150] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1149] <... futex resumed>) = 0 [pid 1155] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1154] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 1150] <... mmap resumed>) = 0x7f620fc64000 [pid 1149] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1155] <... futex resumed>) = 0 [pid 1154] <... socket resumed>) = 6 [pid 1155] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1154] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1149] <... futex resumed>) = 0 [pid 1154] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1149] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1154] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1155] <... futex resumed>) = 0 [pid 1149] <... futex resumed>) = 0 [pid 1148] <... futex resumed>) = 1 [pid 1156] <... close resumed>) = 0 [pid 1155] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1154] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 3, 0 [pid 1149] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1148] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1154] <... mmap resumed>) = 0x20000000 [pid 1154] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1148] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1156] symlink("/dev/binderfs", "./binderfs" [pid 1154] <... futex resumed>) = 1 [pid 1149] <... futex resumed>) = 0 [pid 1148] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1155] <... futex resumed>) = 0 [pid 1154] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1149] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1148] <... futex resumed>) = 1 [pid 1155] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 3, 0 [pid 1154] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1149] <... futex resumed>) = 0 [pid 1148] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1156] <... symlink resumed>) = 0 [pid 1155] <... mmap resumed>) = 0x20000000 [pid 1154] memfd_create("syzkaller", 0 [pid 1157] set_robust_list(0x555556cc76a0, 24) = 0 [pid 1156] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1155] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1154] <... memfd_create resumed>) = 7 [pid 1157] chdir("./42" [pid 1156] <... futex resumed>) = 0 [pid 1155] <... futex resumed>) = 1 [pid 1154] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1148] <... futex resumed>) = 0 [pid 1146] <... mount resumed>) = -1 EBADMSG (Bad message) [pid 1155] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1154] <... mmap resumed>) = 0x7f620fc64000 [pid 1157] <... chdir resumed>) = 0 [pid 1156] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 1154] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 1148] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1146] ioctl(4, LOOP_CLR_FD [pid 1157] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1156] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1154] <... write resumed>) = 65536 [pid 1154] munmap(0x7f620fc64000, 65536 [pid 1157] <... prctl resumed>) = 0 [pid 1156] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 1155] <... futex resumed>) = 0 [pid 1154] <... munmap resumed>) = 0 [pid 1148] <... futex resumed>) = 1 [pid 1146] <... ioctl resumed>) = 0 [pid 1157] setpgid(0, 0 [pid 1156] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1155] memfd_create("syzkaller", 0 [pid 1154] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1155] <... memfd_create resumed>) = 7 [pid 1154] <... openat resumed>) = 8 [pid 1157] <... setpgid resumed>) = 0 [pid 1156] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1155] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1150] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 1146] close(4 [pid 1157] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1156] <... mmap resumed>) = 0x7f6220445000 [pid 1150] <... write resumed>) = 65536 [pid 1146] <... close resumed>) = 0 [pid 1157] <... openat resumed>) = 3 [pid 1156] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 1150] munmap(0x7f620fc64000, 65536 [pid 1146] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1157] write(3, "1000", 4 [pid 1156] <... mprotect resumed>) = 0 [pid 1150] <... munmap resumed>) = 0 [pid 1146] <... futex resumed>) = 0 [pid 1157] <... write resumed>) = 4 [pid 1156] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1150] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 1146] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1157] close(3 [pid 1156] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1150] <... openat resumed>) = 4 [pid 1157] <... close resumed>) = 0 [pid 1156] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 1150] ioctl(4, LOOP_SET_FD, 7 [pid 1157] symlink("/dev/binderfs", "./binderfs" [pid 1150] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 1157] <... symlink resumed>) = 0 [pid 1156] <... clone3 resumed> => {parent_tid=[1162]}, 88) = 1162 [pid 1150] ioctl(4, LOOP_CLR_FD [pid 1157] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1156] rt_sigprocmask(SIG_SETMASK, [], [pid 1150] <... ioctl resumed>) = 0 [pid 1157] <... futex resumed>) = 0 [pid 1156] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1157] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 1156] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1157] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1156] <... futex resumed>) = 0 [pid 1157] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 1156] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1157] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1156] <... futex resumed>) = 0 [pid 1157] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1156] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1150] ioctl(4, LOOP_SET_FD, 7 [pid 1157] <... mmap resumed>) = 0x7f6220445000 [pid 1156] <... mmap resumed>) = 0x7f6220424000 [pid 1150] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 1157] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [ 30.897826][ T1146] EXT4-fs warning (device loop4): read_mmp_block:115: Error -74 while reading MMP block 12 [ 30.912936][ T1158] EXT4-fs warning (device loop0): kmmpd:170: kmmpd being stopped since MMP feature has been disabled. [ 30.913161][ T1152] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 30.933475][ T1153] EXT4-fs (loop2): revision level too high, forcing read-only mode [pid 1156] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 1150] close(4 [pid 1157] <... mprotect resumed>) = 0 [pid 1155] <... mmap resumed>) = 0x7f620fc64000 [pid 1154] ioctl(8, LOOP_SET_FD, 7 [pid 1140] +++ exited with 0 +++ [pid 1155] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 1154] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 1155] <... write resumed>) = 65536 [pid 1154] ioctl(8, LOOP_CLR_FD [pid 1155] munmap(0x7f620fc64000, 65536 [pid 1154] <... ioctl resumed>) = 0 [pid 1155] <... munmap resumed>) = 0 [pid 1155] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 8 [pid 1155] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy) [pid 1155] ioctl(8, LOOP_CLR_FD) = 0 ./strace-static-x86_64: Process 1162 attached [pid 1157] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1156] <... mprotect resumed>) = 0 [pid 1150] <... close resumed>) = 0 [pid 301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1140, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 1157] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1156] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1155] ioctl(8, LOOP_SET_FD, 7 [pid 1154] ioctl(8, LOOP_SET_FD, 7 [pid 1150] close(7 [pid 1157] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 1156] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1155] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 1154] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 1150] <... close resumed>) = 0 [pid 1156] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 1155] close(8 [pid 1154] close(8 [pid 1150] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] umount2("./39", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1157] <... clone3 resumed> => {parent_tid=[1163]}, 88) = 1163 [pid 1155] <... close resumed>) = 0 [pid 1154] <... close resumed>) = 0 [pid 1157] rt_sigprocmask(SIG_SETMASK, [], [pid 1156] <... clone3 resumed> => {parent_tid=[1164]}, 88) = 1164 [pid 1155] close(7 [pid 1154] close(7 [pid 1150] <... futex resumed>) = 0 [pid 1141] exit_group(0 [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1162] set_robust_list(0x7f62204659a0, 24) = 0 [pid 1162] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1162] memfd_create("syzkaller", 0) = 3 [pid 1162] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6218024000 [pid 1162] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 1162] munmap(0x7f6218024000, 262144) = 0 [pid 1162] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 1162] ioctl(4, LOOP_SET_FD, 3 [pid 1157] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1156] rt_sigprocmask(SIG_SETMASK, [], [pid 1155] <... close resumed>) = 0 [pid 1154] <... close resumed>) = 0 [pid 1146] <... futex resumed>) = ? [pid 1141] <... exit_group resumed>) = ? [pid 301] openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 1164 attached ./strace-static-x86_64: Process 1163 attached [pid 1157] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1156] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1155] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1154] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1164] set_robust_list(0x7f62204449a0, 24 [pid 1163] set_robust_list(0x7f62204659a0, 24 [pid 1150] +++ exited with 0 +++ [pid 1146] +++ exited with 0 +++ [pid 1164] <... set_robust_list resumed>) = 0 [pid 1163] <... set_robust_list resumed>) = 0 [pid 1164] rt_sigprocmask(SIG_SETMASK, [], [pid 1163] rt_sigprocmask(SIG_SETMASK, [], [pid 1164] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1163] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1164] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1163] memfd_create("syzkaller", 0) = 3 [pid 1163] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6218045000 [ 30.942779][ T1152] EXT4-fs error (device loop0): ext4_init_orphan_info:586: comm syz-executor172: inode #0: comm syz-executor172: iget: illegal inode # [ 30.944998][ T1153] EXT4-fs error (device loop2): ext4_init_orphan_info:586: comm syz-executor172: inode #0: comm syz-executor172: iget: illegal inode # [ 30.972454][ T1153] EXT4-fs (loop2): get orphan inode failed [ 30.973422][ T1152] EXT4-fs (loop0): get orphan inode failed [ 30.979649][ T1153] EXT4-fs (loop2): mount failed [ 30.987409][ T1162] loop3: detected capacity change from 0 to 512 [pid 1163] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 1157] <... futex resumed>) = 0 [pid 1156] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1155] <... futex resumed>) = 0 [pid 1154] <... futex resumed>) = 0 [pid 301] <... openat resumed>) = 3 [pid 1163] <... write resumed>) = 262144 [pid 1153] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 1153] ioctl(5, LOOP_CLR_FD) = 0 [pid 1153] close(5 [pid 1162] <... ioctl resumed>) = 0 [pid 1153] <... close resumed>) = 0 [pid 1163] munmap(0x7f6218045000, 262144 [pid 1162] close(3 [pid 1153] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1163] <... munmap resumed>) = 0 [pid 1162] <... close resumed>) = 0 [pid 1153] <... futex resumed>) = 0 [pid 1163] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 1162] mkdir("./file0", 0777 [pid 1153] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1163] <... openat resumed>) = 4 [pid 1162] <... mkdir resumed>) = 0 [pid 1163] ioctl(4, LOOP_SET_FD, 3 [pid 1164] <... futex resumed>) = 0 [pid 1157] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1156] <... futex resumed>) = 1 [pid 1155] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1154] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1148] exit_group(0 [pid 301] newfstatat(3, "", [pid 1164] creat("./bus", 000 [pid 1162] mount("/dev/loop3", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 1164] <... creat resumed>) = 3 [pid 1164] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1157] <... futex resumed>) = 0 [pid 1141] +++ exited with 0 +++ [pid 1164] <... futex resumed>) = 0 [pid 1156] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1164] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1153] <... futex resumed>) = ? [pid 1148] <... exit_group resumed>) = ? [pid 301] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1153] +++ exited with 0 +++ [pid 1163] <... ioctl resumed>) = 0 [pid 1163] close(3) = 0 [pid 1163] mkdir("./file0", 0777) = 0 [pid 1163] mount("/dev/loop1", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1141, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- [pid 300] umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 300] openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 300] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 300] getdents64(3, 0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 300] umount2("./36/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 300] umount2("./36/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 300] newfstatat(AT_FDCWD, "./36/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 300] unlink("./36/bus" [pid 1157] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1156] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1155] <... futex resumed>) = ? [pid 301] getdents64(3, [pid 300] <... unlink resumed>) = 0 [pid 1157] <... mmap resumed>) = 0x7f6218064000 [pid 1156] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1164] <... futex resumed>) = 0 [pid 1156] <... futex resumed>) = 1 [pid 1155] +++ exited with 0 +++ [pid 1148] +++ exited with 0 +++ [pid 1157] mprotect(0x7f6218065000, 131072, PROT_READ|PROT_WRITE [pid 301] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 1156] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1157] <... mprotect resumed>) = 0 [pid 301] umount2("./39/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1148, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- [pid 1157] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1164] mount("/dev/loop3", "./bus", NULL, MS_BIND, NULL [pid 1157] <... rt_sigprocmask resumed>[], 8) = 0 [pid 301] <... umount2 resumed>) = 0 [pid 298] restart_syscall(<... resuming interrupted clone ...> [pid 1164] <... mount resumed>) = 0 [pid 1157] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6218084990, parent_tid=0x7f6218084990, exit_signal=0, stack=0x7f6218064000, stack_size=0x20300, tls=0x7f62180846c0} [pid 301] umount2("./39/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1164] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] <... restart_syscall resumed>) = 0 ./strace-static-x86_64: Process 1166 attached [pid 1164] <... futex resumed>) = 1 [pid 1157] <... clone3 resumed> => {parent_tid=[1166]}, 88) = 1166 [pid 1156] <... futex resumed>) = 0 [pid 1152] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 301] newfstatat(AT_FDCWD, "./39/bus", [pid 300] umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1157] rt_sigprocmask(SIG_SETMASK, [], [pid 1164] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 1156] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1157] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1157] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 298] umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] newfstatat(AT_FDCWD, "./36/binderfs", [pid 1157] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1164] <... open resumed>) = 5 [pid 1156] <... futex resumed>) = 0 [pid 301] unlink("./39/bus" [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1164] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1156] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] <... unlink resumed>) = 0 [pid 300] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1164] <... futex resumed>) = 0 [pid 1156] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 301] umount2("./39/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1164] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1156] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 300] unlink("./36/binderfs" [pid 298] <... openat resumed>) = 3 [pid 1164] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1156] <... futex resumed>) = 0 [pid 301] newfstatat(AT_FDCWD, "./39/binderfs", [pid 298] newfstatat(3, "", [pid 1164] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 1156] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 300] <... unlink resumed>) = 0 [pid 1164] <... socket resumed>) = 6 [pid 301] unlink("./39/binderfs" [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 300] umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1164] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] <... unlink resumed>) = 0 [pid 298] getdents64(3, [pid 1164] <... futex resumed>) = 1 [pid 1156] <... futex resumed>) = 0 [pid 301] umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1164] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1156] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 300] newfstatat(AT_FDCWD, "./36/file0", [pid 298] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 1164] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1156] <... futex resumed>) = 0 [pid 301] newfstatat(AT_FDCWD, "./39/file0", [pid 298] umount2("./38/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1164] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 1156] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 300] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1164] <... mmap resumed>) = 0x20000000 [pid 301] umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] <... umount2 resumed>) = 0 [pid 1164] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] umount2("./38/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1164] <... futex resumed>) = 1 [pid 1156] <... futex resumed>) = 0 [pid 301] openat(AT_FDCWD, "./39/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1164] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1156] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] <... openat resumed>) = 4 [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1164] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1156] <... futex resumed>) = 0 [pid 301] newfstatat(4, "", [pid 298] newfstatat(AT_FDCWD, "./38/bus", [pid 1164] memfd_create("syzkaller", 0 [pid 301] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 300] openat(AT_FDCWD, "./36/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1164] <... memfd_create resumed>) = 7 [pid 301] getdents64(4, [pid 298] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1164] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 301] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 300] <... openat resumed>) = 4 [pid 298] unlink("./38/bus" [pid 1164] <... mmap resumed>) = 0x7f620fc64000 [pid 301] getdents64(4, [pid 300] newfstatat(4, "", [pid 1164] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 301] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 298] <... unlink resumed>) = 0 [pid 1164] <... write resumed>) = 65536 [pid 301] close(4 [pid 300] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1164] munmap(0x7f620fc64000, 65536 [pid 301] <... close resumed>) = 0 [pid 298] umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1164] <... munmap resumed>) = 0 [pid 301] rmdir("./39/file0" [pid 300] getdents64(4, [pid 1164] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 301] <... rmdir resumed>) = 0 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1164] <... openat resumed>) = 8 [pid 301] getdents64(3, [pid 300] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 298] newfstatat(AT_FDCWD, "./38/binderfs", [pid 1164] ioctl(8, LOOP_SET_FD, 7 [pid 301] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 300] getdents64(4, [pid 298] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1164] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 301] close(3 [pid 300] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 298] unlink("./38/binderfs" [pid 1164] ioctl(8, LOOP_CLR_FD [pid 301] <... close resumed>) = 0 [pid 300] close(4 [pid 1164] <... ioctl resumed>) = 0 [pid 301] rmdir("./39") = 0 [pid 300] <... close resumed>) = 0 [pid 298] <... unlink resumed>) = 0 [pid 301] mkdir("./40", 0777 [pid 300] rmdir("./36/file0" [pid 298] umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1166] set_robust_list(0x7f62180849a0, 24 [pid 1152] ioctl(5, LOOP_CLR_FD [pid 301] <... mkdir resumed>) = 0 [pid 300] <... rmdir resumed>) = 0 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 300] getdents64(3, [pid 298] newfstatat(AT_FDCWD, "./38/file0", [pid 300] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 300] close(3 [pid 298] umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] <... close resumed>) = 0 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 300] rmdir("./36" [pid 298] openat(AT_FDCWD, "./38/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 300] <... rmdir resumed>) = 0 [pid 298] <... openat resumed>) = 4 [pid 300] mkdir("./37", 0777 [pid 298] newfstatat(4, "", [pid 1166] <... set_robust_list resumed>) = 0 [pid 300] <... mkdir resumed>) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1166] rt_sigprocmask(SIG_SETMASK, [], [pid 300] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 298] getdents64(4, [pid 1166] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 300] <... openat resumed>) = 3 [pid 298] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [ 30.997990][ T1152] EXT4-fs (loop0): mount failed [ 31.000976][ T1163] loop1: detected capacity change from 0 to 512 [ 31.028551][ T1162] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 31.031875][ T1167] EXT4-fs warning (device loop3): kmmpd:170: kmmpd being stopped since MMP feature has been disabled. [pid 1166] creat("./bus", 000 [pid 300] ioctl(3, LOOP_CLR_FD [pid 298] getdents64(4, [pid 1166] <... creat resumed>) = 3 [pid 300] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 298] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 1166] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] close(3 [pid 298] close(4 [pid 1166] <... futex resumed>) = 1 [pid 1157] <... futex resumed>) = 0 [pid 300] <... close resumed>) = 0 [pid 298] <... close resumed>) = 0 [pid 1166] mount("/dev/loop1", "./bus", NULL, MS_BIND, NULL [pid 1157] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 298] rmdir("./38/file0" [pid 1166] <... mount resumed>) = 0 [pid 1157] <... futex resumed>) = 0 [pid 298] <... rmdir resumed>) = 0 [pid 1166] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1157] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 300] <... clone resumed>, child_tidptr=0x555556cc7690) = 1170 [pid 298] getdents64(3, [pid 1166] <... futex resumed>) = 0 [pid 1157] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 298] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 1166] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 1157] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] close(3 [pid 1166] <... open resumed>) = 5 [pid 1157] <... futex resumed>) = 0 [pid 298] <... close resumed>) = 0 [pid 1166] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1157] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] rmdir("./38" [pid 1166] <... futex resumed>) = 0 [pid 1157] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 298] <... rmdir resumed>) = 0 [pid 1166] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 1157] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] mkdir("./39", 0777 [pid 1166] <... socket resumed>) = 6 [pid 1157] <... futex resumed>) = 0 [pid 298] <... mkdir resumed>) = 0 [pid 1166] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1157] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 1166] <... futex resumed>) = 0 [pid 1157] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1166] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 1157] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1166] <... mmap resumed>) = 0x20000000 [pid 1157] <... futex resumed>) = 0 [pid 1166] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1157] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1166] <... futex resumed>) = 0 [pid 1157] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1166] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1157] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1166] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1157] <... futex resumed>) = 0 [pid 1166] memfd_create("syzkaller", 0 [pid 1164] ioctl(8, LOOP_SET_FD, 7 [pid 301] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 1166] <... memfd_create resumed>) = 7 [pid 1164] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 1152] <... ioctl resumed>) = 0 [pid 301] <... openat resumed>) = 3 [pid 1166] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f620fc64000 [pid 1166] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536) = 65536 ./strace-static-x86_64: Process 1170 attached [pid 1166] munmap(0x7f620fc64000, 65536 [pid 1170] set_robust_list(0x555556cc76a0, 24 [pid 1166] <... munmap resumed>) = 0 [pid 1170] <... set_robust_list resumed>) = 0 [pid 1166] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 1170] chdir("./37" [pid 1166] <... openat resumed>) = 8 [pid 1170] <... chdir resumed>) = 0 [pid 1166] ioctl(8, LOOP_SET_FD, 7 [pid 1170] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1166] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 1170] <... prctl resumed>) = 0 [pid 1166] ioctl(8, LOOP_CLR_FD [pid 1170] setpgid(0, 0 [pid 1166] <... ioctl resumed>) = 0 [pid 1170] <... setpgid resumed>) = 0 [pid 1170] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1170] write(3, "1000", 4) = 4 [pid 1170] close(3) = 0 [pid 1170] symlink("/dev/binderfs", "./binderfs" [pid 1166] ioctl(8, LOOP_SET_FD, 7 [pid 1170] <... symlink resumed>) = 0 [pid 1166] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 1170] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1166] close(8 [pid 1170] <... futex resumed>) = 0 [pid 1166] <... close resumed>) = 0 [pid 1170] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 1166] close(7 [pid 1170] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1166] <... close resumed>) = 0 [pid 1170] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 1166] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1170] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1166] <... futex resumed>) = 0 [pid 1164] close(8 [pid 1152] close(5 [pid 301] ioctl(3, LOOP_CLR_FD [pid 1170] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1166] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1170] <... mmap resumed>) = 0x7f6220445000 [pid 1170] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1170] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1170] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} => {parent_tid=[1172]}, 88) = 1172 [pid 1170] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1170] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1170] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1170] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220424000 [pid 1170] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1170] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1170] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} => {parent_tid=[1173]}, 88) = 1173 [pid 1170] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1170] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1170] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1173 attached ./strace-static-x86_64: Process 1172 attached [ 31.037241][ T1162] EXT4-fs error (device loop3): ext4_init_orphan_info:586: comm syz-executor172: inode #0: comm syz-executor172: iget: illegal inode # [ 31.061953][ T1168] EXT4-fs warning (device loop1): kmmpd:170: kmmpd being stopped since MMP feature has been disabled. [ 31.073028][ T1163] EXT4-fs (loop1): revision level too high, forcing read-only mode [ 31.073147][ T1162] EXT4-fs (loop3): get orphan inode failed [ 31.089823][ T1162] EXT4-fs (loop3): mount failed [pid 1164] <... close resumed>) = 0 [pid 1152] <... close resumed>) = 0 [pid 301] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 298] <... openat resumed>) = 3 [pid 1173] set_robust_list(0x7f62204449a0, 24 [pid 1172] set_robust_list(0x7f62204659a0, 24 [pid 1164] close(7 [pid 1152] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] close(3 [pid 298] ioctl(3, LOOP_CLR_FD [pid 1173] <... set_robust_list resumed>) = 0 [pid 1172] <... set_robust_list resumed>) = 0 [pid 1164] <... close resumed>) = 0 [pid 1162] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 1152] <... futex resumed>) = 0 [pid 301] <... close resumed>) = 0 [pid 298] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 1173] rt_sigprocmask(SIG_SETMASK, [], [pid 1172] rt_sigprocmask(SIG_SETMASK, [], [pid 1164] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1162] ioctl(4, LOOP_CLR_FD [pid 1152] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 298] close(3 [pid 1173] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1172] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1164] <... futex resumed>) = 0 [pid 1162] <... ioctl resumed>) = 0 [pid 1149] exit_group(0 [pid 298] <... close resumed>) = 0 [pid 1173] creat("./bus", 000 [pid 1172] memfd_create("syzkaller", 0 [pid 1164] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1162] close(4 [pid 1154] <... futex resumed>) = ? [pid 1152] <... futex resumed>) = ? [pid 1149] <... exit_group resumed>) = ? [pid 301] <... clone resumed>, child_tidptr=0x555556cc7690) = 1174 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1173] <... creat resumed>) = 3 [pid 1172] <... memfd_create resumed>) = 4 [pid 1162] <... close resumed>) = 0 [pid 1154] +++ exited with 0 +++ [pid 1152] +++ exited with 0 +++ [pid 1173] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1172] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1162] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... clone resumed>, child_tidptr=0x555556cc7690) = 1175 [pid 1173] <... futex resumed>) = 1 [pid 1172] <... mmap resumed>) = 0x7f6218024000 [pid 1170] <... futex resumed>) = 0 [pid 1162] <... futex resumed>) = 0 [pid 1173] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1172] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 1170] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1162] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1173] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1172] <... write resumed>) = 262144 [pid 1170] <... futex resumed>) = 0 [pid 1156] exit_group(0 [pid 1173] mount("/dev/loop4", "./bus", NULL, MS_BIND, NULL [pid 1172] munmap(0x7f6218024000, 262144 [pid 1170] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1164] <... futex resumed>) = ? [pid 1162] <... futex resumed>) = ? [pid 1156] <... exit_group resumed>) = ? [pid 1173] <... mount resumed>) = 0 [pid 1172] <... munmap resumed>) = 0 [pid 1164] +++ exited with 0 +++ [pid 1173] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1172] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 1173] <... futex resumed>) = 1 [pid 1172] <... openat resumed>) = 5 [pid 1170] <... futex resumed>) = 0 [pid 1173] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1172] ioctl(5, LOOP_SET_FD, 4 [pid 1170] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 1175 attached ./strace-static-x86_64: Process 1174 attached [pid 1173] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1175] set_robust_list(0x555556cc76a0, 24 [pid 1174] set_robust_list(0x555556cc76a0, 24 [pid 1175] <... set_robust_list resumed>) = 0 [pid 1174] <... set_robust_list resumed>) = 0 [pid 1175] chdir("./39" [pid 1174] chdir("./40" [pid 1175] <... chdir resumed>) = 0 [pid 1174] <... chdir resumed>) = 0 [pid 1175] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1174] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1175] <... prctl resumed>) = 0 [pid 1174] <... prctl resumed>) = 0 [pid 1175] setpgid(0, 0 [pid 1174] setpgid(0, 0 [pid 1175] <... setpgid resumed>) = 0 [pid 1174] <... setpgid resumed>) = 0 [pid 1175] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1174] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1175] <... openat resumed>) = 3 [pid 1174] <... openat resumed>) = 3 [pid 1175] write(3, "1000", 4 [pid 1174] write(3, "1000", 4 [pid 1175] <... write resumed>) = 4 [pid 1174] <... write resumed>) = 4 [pid 1175] close(3 [pid 1174] close(3 [pid 1175] <... close resumed>) = 0 [pid 1174] <... close resumed>) = 0 [pid 1175] symlink("/dev/binderfs", "./binderfs" [pid 1174] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1173] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 1172] <... ioctl resumed>) = 0 [pid 1170] <... futex resumed>) = 0 [pid 1175] <... symlink resumed>) = 0 [pid 1174] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1173] <... open resumed>) = 6 [pid 1172] close(4 [pid 1170] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1163] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 1175] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1174] <... futex resumed>) = 0 [pid 1173] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1172] <... close resumed>) = 0 [pid 1170] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1163] ioctl(4, LOOP_CLR_FD [pid 1175] <... futex resumed>) = 0 [pid 1174] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 1173] <... futex resumed>) = 0 [pid 1172] mkdir("./file0", 0777 [pid 1170] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1163] <... ioctl resumed>) = 0 [pid 1175] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 1174] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1173] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 1170] <... futex resumed>) = 0 [pid 1163] close(4 [pid 1175] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1174] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 1173] <... socket resumed>) = 4 [pid 1170] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1163] <... close resumed>) = 0 [pid 1175] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 1174] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1173] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1170] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1163] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1175] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1174] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1173] <... futex resumed>) = 0 [pid 1172] <... mkdir resumed>) = 0 [pid 1170] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1163] <... futex resumed>) = 0 [pid 1157] exit_group(0 [pid 1175] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1174] <... mmap resumed>) = 0x7f6220445000 [pid 1173] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 6, 0 [pid 1172] mount("/dev/loop4", 0x20000000, 0x200005c0, MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 1170] <... futex resumed>) = 0 [pid 1166] <... futex resumed>) = ? [pid 1157] <... exit_group resumed>) = ? [pid 1175] <... mmap resumed>) = 0x7f6220445000 [pid 1174] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 1173] <... mmap resumed>) = 0x20000000 [pid 1172] <... mount resumed>) = -1 ENOENT (No such file or directory) [pid 1170] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1166] +++ exited with 0 +++ [pid 1163] +++ exited with 0 +++ [pid 1175] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 1174] <... mprotect resumed>) = 0 [pid 1173] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1172] ioctl(5, LOOP_CLR_FD [pid 1170] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1175] <... mprotect resumed>) = 0 [pid 1174] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1173] <... futex resumed>) = 0 [pid 1172] <... ioctl resumed>) = 0 [pid 1170] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1175] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1174] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1173] memfd_create("syzkaller", 0 [pid 1170] <... futex resumed>) = 0 [pid 1172] close(5 [pid 1175] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1174] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 1173] <... memfd_create resumed>) = 7 [pid 1172] <... close resumed>) = 0 [pid 1175] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 1173] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1174] <... clone3 resumed> => {parent_tid=[1176]}, 88) = 1176 [pid 1172] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1175] <... clone3 resumed> => {parent_tid=[1177]}, 88) = 1177 [pid 1174] rt_sigprocmask(SIG_SETMASK, [], [pid 1173] <... mmap resumed>) = 0x7f620fc64000 [pid 1175] rt_sigprocmask(SIG_SETMASK, [], [pid 1174] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1172] <... futex resumed>) = 0 [pid 1174] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1174] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1174] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220424000 [pid 1174] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1175] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1174] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1173] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 1172] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1175] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1174] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1174] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 1175] <... futex resumed>) = 0 [pid 1173] <... write resumed>) = 65536 [pid 1175] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1174] <... clone3 resumed> => {parent_tid=[1178]}, 88) = 1178 [pid 1173] munmap(0x7f620fc64000, 65536 [pid 1175] <... futex resumed>) = 0 [pid 1174] rt_sigprocmask(SIG_SETMASK, [], [pid 1173] <... munmap resumed>) = 0 ./strace-static-x86_64: Process 1176 attached [pid 1175] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1174] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1157] +++ exited with 0 +++ [pid 1149] +++ exited with 0 +++ [pid 1176] set_robust_list(0x7f62204659a0, 24 [pid 1174] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1173] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 1162] +++ exited with 0 +++ [pid 1156] +++ exited with 0 +++ [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1157, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1149, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- [pid 1174] <... futex resumed>) = 0 [pid 1174] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1156, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- [pid 299] umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] umount2("./42", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 297] openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 296] openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 299] <... openat resumed>) = 3 [pid 297] <... openat resumed>) = 3 [pid 296] <... openat resumed>) = 3 [pid 299] newfstatat(3, "", [pid 297] newfstatat(3, "", [pid 296] newfstatat(3, "", [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(3, [pid 297] getdents64(3, [pid 296] getdents64(3, [pid 299] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 297] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 296] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 299] umount2("./38/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] umount2("./42/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 1177 attached [pid 1177] set_robust_list(0x7f62204659a0, 24) = 0 [pid 1177] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1177] memfd_create("syzkaller", 0) = 3 [pid 1177] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6218045000 ./strace-static-x86_64: Process 1178 attached [pid 1175] <... mmap resumed>) = 0x7f6218024000 [pid 1175] mprotect(0x7f6218025000, 131072, PROT_READ|PROT_WRITE [pid 1173] <... openat resumed>) = 5 [pid 299] <... umount2 resumed>) = 0 [pid 1175] <... mprotect resumed>) = 0 [pid 1173] ioctl(5, LOOP_SET_FD, 7 [pid 299] umount2("./38/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] <... umount2 resumed>) = 0 [pid 296] <... umount2 resumed>) = 0 [pid 1175] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1173] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] umount2("./42/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1177] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 1175] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1173] ioctl(5, LOOP_CLR_FD [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./38/bus", [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1175] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6218044990, parent_tid=0x7f6218044990, exit_signal=0, stack=0x7f6218024000, stack_size=0x20300, tls=0x7f62180446c0} [pid 1173] <... ioctl resumed>) = 0 [pid 296] newfstatat(AT_FDCWD, "./35/bus", [pid 1178] set_robust_list(0x7f62204449a0, 24) = 0 [pid 1178] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1178] creat("./bus", 000) = 3 [pid 299] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] newfstatat(AT_FDCWD, "./42/bus", [pid 296] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1178] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1174] <... futex resumed>) = 0 [pid 1178] mount("/dev/loop5", "./bus", NULL, MS_BIND, NULL [pid 1174] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1178] <... mount resumed>) = 0 [pid 1174] <... futex resumed>) = 0 [pid 1178] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1177] <... write resumed>) = 262144 [pid 1175] <... clone3 resumed> => {parent_tid=[1179]}, 88) = 1179 [pid 1174] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] unlink("./38/bus" [pid 297] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] unlink("./35/bus" [pid 1178] <... futex resumed>) = 0 [pid 1174] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1178] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 1174] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1178] <... open resumed>) = 4 [pid 1174] <... futex resumed>) = 0 [pid 299] <... unlink resumed>) = 0 [pid 1178] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1175] rt_sigprocmask(SIG_SETMASK, [], [pid 1174] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1173] ioctl(5, LOOP_SET_FD, 7 [pid 297] unlink("./42/bus" [pid 296] <... unlink resumed>) = 0 [pid 1178] <... futex resumed>) = 0 [pid 1175] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1174] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1173] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 299] umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1178] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 1177] munmap(0x7f6218045000, 262144 [pid 1175] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1174] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1173] close(5 [pid 297] <... unlink resumed>) = 0 [pid 296] umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1178] <... socket resumed>) = 5 [pid 1177] <... munmap resumed>) = 0 [pid 1174] <... futex resumed>) = 0 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1178] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1177] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 1174] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1178] <... futex resumed>) = 0 [pid 1177] <... openat resumed>) = 4 [pid 1175] <... futex resumed>) = 0 [pid 1174] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1173] <... close resumed>) = 0 [pid 299] newfstatat(AT_FDCWD, "./38/binderfs", [pid 297] umount2("./42/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1178] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 4, 0 [pid 1177] ioctl(4, LOOP_SET_FD, 3 [pid 1175] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1174] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1173] close(7 [pid 296] newfstatat(AT_FDCWD, "./35/binderfs", [pid 1178] <... mmap resumed>) = 0x20000000 [pid 1174] <... futex resumed>) = 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1178] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1174] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1173] <... close resumed>) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1178] <... futex resumed>) = 0 [pid 1174] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 299] unlink("./38/binderfs" [pid 297] newfstatat(AT_FDCWD, "./42/binderfs", [pid 1178] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000144} --- [pid 1174] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = ? [pid 1173] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] unlink("./35/binderfs" [pid 1173] <... futex resumed>) = 0 [pid 299] <... unlink resumed>) = 0 [pid 297] unlink("./42/binderfs" [pid 296] <... unlink resumed>) = 0 [pid 297] <... unlink resumed>) = 0 [pid 1173] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 296] umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1170] exit_group(0 [ 31.093130][ T1163] EXT4-fs error (device loop1): ext4_init_orphan_info:586: comm syz-executor172: inode #0: comm syz-executor172: iget: illegal inode # [ 31.108648][ T1163] EXT4-fs (loop1): get orphan inode failed [ 31.119151][ T1163] EXT4-fs (loop1): mount failed [ 31.121874][ T1172] loop4: detected capacity change from 0 to 512 [pid 1173] <... futex resumed>) = ? [pid 1172] <... futex resumed>) = ? [pid 1170] <... exit_group resumed>) = ? [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 1179 attached [pid 1176] <... set_robust_list resumed>) = ? [pid 1173] +++ exited with 0 +++ [pid 1172] +++ exited with 0 +++ [pid 299] newfstatat(AT_FDCWD, "./38/file0", [pid 297] newfstatat(AT_FDCWD, "./42/file0", [pid 296] newfstatat(AT_FDCWD, "./35/file0", [pid 1179] set_robust_list(0x7f62180449a0, 24 [pid 1177] <... ioctl resumed>) = 0 [pid 1176] +++ killed by SIGBUS +++ [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1179] <... set_robust_list resumed>) = 0 [pid 1178] +++ killed by SIGBUS +++ [pid 1174] +++ killed by SIGBUS +++ [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1177] close(3 [pid 299] umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1179] rt_sigprocmask(SIG_SETMASK, [], [pid 296] umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1179] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1177] <... close resumed>) = 0 [pid 301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1174, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1179] creat("./bus", 000 [pid 301] umount2("./40", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] openat(AT_FDCWD, "./38/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 297] openat(AT_FDCWD, "./42/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 296] openat(AT_FDCWD, "./35/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1179] <... creat resumed>) = 3 [pid 1177] mkdir("./file0", 0777 [pid 297] <... openat resumed>) = 4 [pid 299] <... openat resumed>) = 4 [pid 296] <... openat resumed>) = 4 [pid 1179] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(4, "", [pid 297] newfstatat(4, "", [pid 296] newfstatat(4, "", [pid 1179] <... futex resumed>) = 1 [pid 1175] <... futex resumed>) = 0 [pid 301] openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1179] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1175] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] <... openat resumed>) = 3 [pid 299] getdents64(4, [pid 297] getdents64(4, [pid 296] getdents64(4, [pid 1179] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1175] <... futex resumed>) = 0 [pid 301] newfstatat(3, "", [pid 1179] mount("/dev/loop2", "./bus", NULL, MS_BIND, NULL [pid 1175] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 297] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 296] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 1179] <... mount resumed>) = 0 [pid 301] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(4, [pid 297] getdents64(4, [pid 296] getdents64(4, [pid 1179] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] getdents64(3, [pid 299] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 297] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 296] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 1179] <... futex resumed>) = 1 [pid 1177] <... mkdir resumed>) = 0 [pid 1175] <... futex resumed>) = 0 [pid 301] <... getdents64 resumed>0x555556cc8730 /* 4 entries */, 32768) = 104 [pid 299] close(4 [pid 297] close(4 [pid 296] close(4 [pid 1179] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1177] mount("/dev/loop2", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 1175] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] umount2("./40/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] <... close resumed>) = 0 [pid 297] <... close resumed>) = 0 [pid 296] <... close resumed>) = 0 [pid 1179] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1175] <... futex resumed>) = 0 [pid 301] <... umount2 resumed>) = 0 [pid 299] rmdir("./38/file0" [pid 297] rmdir("./42/file0" [pid 296] rmdir("./35/file0" [pid 1179] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 1175] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] umount2("./40/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] <... rmdir resumed>) = 0 [pid 1179] <... open resumed>) = 5 [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] getdents64(3, [pid 297] <... rmdir resumed>) = 0 [pid 1179] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] newfstatat(AT_FDCWD, "./40/bus", [pid 299] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 297] getdents64(3, [pid 296] <... rmdir resumed>) = 0 [pid 1179] <... futex resumed>) = 1 [pid 1175] <... futex resumed>) = 0 [pid 301] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] close(3 [pid 297] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 296] getdents64(3, [pid 1179] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1175] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] unlink("./40/bus" [pid 299] <... close resumed>) = 0 [pid 297] close(3 [pid 1179] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1175] <... futex resumed>) = 0 [pid 301] <... unlink resumed>) = 0 [pid 299] rmdir("./38" [pid 297] <... close resumed>) = 0 [pid 296] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 1179] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 1175] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] umount2("./40/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] <... rmdir resumed>) = 0 [pid 297] rmdir("./42" [pid 296] close(3 [pid 1179] <... socket resumed>) = 6 [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] mkdir("./39", 0777 [pid 297] <... rmdir resumed>) = 0 [pid 296] <... close resumed>) = 0 [pid 1179] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] newfstatat(AT_FDCWD, "./40/binderfs", [pid 299] <... mkdir resumed>) = 0 [pid 297] mkdir("./43", 0777 [pid 296] rmdir("./35" [pid 1179] <... futex resumed>) = 1 [pid 1175] <... futex resumed>) = 0 [pid 301] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 297] <... mkdir resumed>) = 0 [pid 296] <... rmdir resumed>) = 0 [pid 1179] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1175] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] unlink("./40/binderfs" [pid 299] <... openat resumed>) = 3 [pid 297] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 296] mkdir("./36", 0777 [pid 1179] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1175] <... futex resumed>) = 0 [pid 301] <... unlink resumed>) = 0 [pid 299] ioctl(3, LOOP_CLR_FD [pid 297] <... openat resumed>) = 3 [pid 1179] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 1175] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] getdents64(3, [pid 299] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 297] ioctl(3, LOOP_CLR_FD [pid 1179] <... mmap resumed>) = 0x20000000 [pid 301] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 299] close(3 [pid 297] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 296] <... mkdir resumed>) = 0 [pid 1179] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] close(3 [pid 299] <... close resumed>) = 0 [pid 297] close(3 [pid 296] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1179] <... futex resumed>) = 1 [pid 1175] <... futex resumed>) = 0 [pid 301] <... close resumed>) = 0 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 297] <... close resumed>) = 0 [pid 1179] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1175] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] rmdir("./40" [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 296] <... openat resumed>) = 3 [pid 1179] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1175] <... futex resumed>) = 0 [pid 301] <... rmdir resumed>) = 0 [pid 299] <... clone resumed>, child_tidptr=0x555556cc7690) = 1182 [pid 296] ioctl(3, LOOP_CLR_FD [pid 1179] memfd_create("syzkaller", 0 [pid 301] mkdir("./41", 0777 [pid 297] <... clone resumed>, child_tidptr=0x555556cc7690) = 1183 [pid 1179] <... memfd_create resumed>) = 7 [pid 301] <... mkdir resumed>) = 0 [pid 1179] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 301] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 1179] <... mmap resumed>) = 0x7f620fc24000 [pid 301] <... openat resumed>) = 3 [pid 301] ioctl(3, LOOP_CLR_FD [pid 296] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 301] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 296] close(3 [pid 301] close(3) = 0 [pid 296] <... close resumed>) = 0 [pid 301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 1182 attached [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 301] <... clone resumed>, child_tidptr=0x555556cc7690) = 1184 [pid 1182] set_robust_list(0x555556cc76a0, 24./strace-static-x86_64: Process 1183 attached [pid 1183] set_robust_list(0x555556cc76a0, 24) = 0 [pid 1182] <... set_robust_list resumed>) = 0 ./strace-static-x86_64: Process 1185 attached [pid 1183] chdir("./43" [pid 1179] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 1182] chdir("./39" [pid 1170] +++ exited with 0 +++ [pid 296] <... clone resumed>, child_tidptr=0x555556cc7690) = 1185 [pid 1179] <... write resumed>) = 65536 [pid 1183] <... chdir resumed>) = 0 [pid 1183] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1183] setpgid(0, 0) = 0 [pid 1183] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1179] munmap(0x7f620fc24000, 65536) = 0 [pid 1183] <... openat resumed>) = 3 [ 31.160852][ T1177] loop2: detected capacity change from 0 to 512 [ 31.181926][ T1177] EXT4-fs (loop2): mounted filesystem without journal. Opts: nodiscard,barrier,nouid32,grpquota,,errors=continue. Quota mode: writeback. [pid 1183] write(3, "1000", 4) = 4 [pid 1183] close(3) = 0 [pid 1183] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1183] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1183] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, NULL, 8) = 0 [pid 1183] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1183] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220445000 [pid 1183] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1183] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1182] <... chdir resumed>) = 0 [pid 1182] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1170, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- ./strace-static-x86_64: Process 1184 attached [pid 1182] <... prctl resumed>) = 0 [pid 300] umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1184] set_robust_list(0x555556cc76a0, 24 [pid 1182] setpgid(0, 0 [pid 1184] <... set_robust_list resumed>) = 0 [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1182] <... setpgid resumed>) = 0 [pid 1184] chdir("./41" [pid 1183] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1179] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 1182] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 300] openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1185] set_robust_list(0x555556cc76a0, 24 [pid 1184] <... chdir resumed>) = 0 [pid 1183] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 1177] <... mount resumed>) = 0 [pid 1184] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1182] <... openat resumed>) = 3 [pid 300] <... openat resumed>) = 3 [pid 1185] <... set_robust_list resumed>) = 0 [pid 1184] <... prctl resumed>) = 0 [pid 1182] write(3, "1000", 4 [pid 1177] openat(AT_FDCWD, 0x20000000, O_RDONLY|O_DIRECTORY [pid 300] newfstatat(3, "", [pid 1184] setpgid(0, 0 [pid 1182] <... write resumed>) = 4 [pid 300] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1184] <... setpgid resumed>) = 0 [pid 1182] close(3 [pid 1177] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 300] getdents64(3, [pid 1185] chdir("./36" [pid 1184] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1182] <... close resumed>) = 0 [pid 1179] <... openat resumed>) = 8 [pid 1177] ioctl(4, LOOP_CLR_FD [pid 300] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 1185] <... chdir resumed>) = 0 [pid 1184] <... openat resumed>) = 3 [pid 1183] <... clone3 resumed> => {parent_tid=[1186]}, 88) = 1186 [pid 1182] symlink("/dev/binderfs", "./binderfs" [pid 1179] ioctl(8, LOOP_SET_FD, 7 [pid 1177] <... ioctl resumed>) = 0 [pid 300] umount2("./37/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1185] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1184] write(3, "1000", 4 [pid 1182] <... symlink resumed>) = 0 [pid 1184] <... write resumed>) = 4 [pid 1183] rt_sigprocmask(SIG_SETMASK, [], [pid 1179] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 300] <... umount2 resumed>) = 0 [pid 1182] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1177] close(4 [pid 1185] <... prctl resumed>) = 0 [pid 1184] close(3 [pid 1183] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1179] ioctl(8, LOOP_CLR_FD [pid 1183] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1179] <... ioctl resumed>) = 0 [pid 1183] <... futex resumed>) = 0 [pid 1183] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1183] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220424000 [pid 1184] <... close resumed>) = 0 [pid 1183] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 1182] <... futex resumed>) = 0 [pid 300] umount2("./37/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1185] setpgid(0, 0 [pid 1184] symlink("/dev/binderfs", "./binderfs" [pid 1183] <... mprotect resumed>) = 0 [pid 1182] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 1177] <... close resumed>) = 0 [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1185] <... setpgid resumed>) = 0 [pid 1184] <... symlink resumed>) = 0 [pid 1183] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1182] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1179] ioctl(8, LOOP_SET_FD, 7 [pid 1177] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] newfstatat(AT_FDCWD, "./37/bus", [pid 1185] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1184] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1183] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1182] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 1179] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 1177] <... futex resumed>) = 0 [pid 300] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 ./strace-static-x86_64: Process 1186 attached [pid 1185] <... openat resumed>) = 3 [pid 1184] <... futex resumed>) = 0 [pid 1183] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 1182] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1179] close(8 [pid 1177] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 300] unlink("./37/bus" [pid 1186] set_robust_list(0x7f62204659a0, 24 [pid 1185] write(3, "1000", 4 [pid 1184] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 1182] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1179] <... close resumed>) = 0 [pid 1186] <... set_robust_list resumed>) = 0 [pid 1185] <... write resumed>) = 4 [pid 1184] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1183] <... clone3 resumed> => {parent_tid=[1187]}, 88) = 1187 [pid 1182] <... mmap resumed>) = 0x7f6220445000 [pid 1179] close(7 [pid 300] <... unlink resumed>) = 0 [pid 1186] rt_sigprocmask(SIG_SETMASK, [], [pid 1185] close(3 [pid 1184] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 1183] rt_sigprocmask(SIG_SETMASK, [], [pid 1182] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 1179] <... close resumed>) = 0 [pid 1183] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1179] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1183] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1179] <... futex resumed>) = 0 [pid 1183] <... futex resumed>) = 0 [pid 1179] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1183] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1187 attached [pid 1186] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1185] <... close resumed>) = 0 [pid 1184] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1182] <... mprotect resumed>) = 0 [pid 300] umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1187] set_robust_list(0x7f62204449a0, 24 [pid 1186] memfd_create("syzkaller", 0 [pid 1185] symlink("/dev/binderfs", "./binderfs" [pid 1184] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1182] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1175] exit_group(0 [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1187] <... set_robust_list resumed>) = 0 [pid 1186] <... memfd_create resumed>) = 3 [pid 1185] <... symlink resumed>) = 0 [pid 1184] <... mmap resumed>) = 0x7f6220445000 [pid 1187] rt_sigprocmask(SIG_SETMASK, [], [pid 1184] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 1182] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1175] <... exit_group resumed>) = ? [pid 1179] <... futex resumed>) = ? [pid 1177] <... futex resumed>) = ? [pid 300] newfstatat(AT_FDCWD, "./37/binderfs", [pid 1185] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1184] <... mprotect resumed>) = 0 [pid 1182] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 300] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1177] +++ exited with 0 +++ [pid 1187] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1187] creat("./bus", 000) = 4 [pid 1179] +++ exited with 0 +++ [pid 1175] +++ exited with 0 +++ [pid 1187] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1186] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1185] <... futex resumed>) = 0 [pid 1184] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1182] <... clone3 resumed> => {parent_tid=[1188]}, 88) = 1188 [pid 300] unlink("./37/binderfs" [pid 1186] <... mmap resumed>) = 0x7f6218024000 [pid 1185] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 1184] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1187] <... futex resumed>) = 1 [pid 1183] <... futex resumed>) = 0 [pid 1187] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1183] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1187] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1183] <... futex resumed>) = 0 [pid 1187] mount("/dev/loop1", "./bus", NULL, MS_BIND, NULL [pid 1183] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1187] <... mount resumed>) = 0 [pid 1187] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1183] <... futex resumed>) = 0 [pid 1187] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 1183] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1182] rt_sigprocmask(SIG_SETMASK, [], [pid 1187] <... open resumed>) = 5 [pid 1185] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1184] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 1183] <... futex resumed>) = 0 [pid 1182] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 300] <... unlink resumed>) = 0 [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1175, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 1187] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1185] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 1183] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1182] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1187] <... futex resumed>) = 0 [pid 1185] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1184] <... clone3 resumed> => {parent_tid=[1189]}, 88) = 1189 [pid 1183] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1182] <... futex resumed>) = 0 [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1187] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1185] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1184] rt_sigprocmask(SIG_SETMASK, [], [pid 1183] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1182] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] newfstatat(AT_FDCWD, "./37/file0", [pid 1187] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1186] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 265739 [pid 1185] <... mmap resumed>) = 0x7f6220445000 [pid 1184] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1183] <... futex resumed>) = 0 [pid 1182] <... futex resumed>) = 0 [pid 300] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1187] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 1185] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 1184] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1183] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1182] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 300] umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] umount2("./39", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1187] <... socket resumed>) = 6 [pid 1185] <... mprotect resumed>) = 0 [pid 1184] <... futex resumed>) = 0 [pid 1182] <... mmap resumed>) = 0x7f6220424000 [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1187] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1186] <... write resumed>) = 265739 [pid 1185] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1184] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1182] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 1187] <... futex resumed>) = 1 [pid 1186] munmap(0x7f6218024000, 265739 [pid 1185] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1184] <... futex resumed>) = 0 [pid 1183] <... futex resumed>) = 0 [pid 300] openat(AT_FDCWD, "./37/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1182] <... mprotect resumed>) = 0 [pid 298] openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1187] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1186] <... munmap resumed>) = 0 [pid 1185] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 1184] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1183] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1182] rt_sigprocmask(SIG_BLOCK, ~[], [pid 300] <... openat resumed>) = 4 [pid 298] <... openat resumed>) = 3 ./strace-static-x86_64: Process 1188 attached [pid 1187] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1186] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 1184] <... mmap resumed>) = 0x7f6220424000 [pid 1183] <... futex resumed>) = 0 [pid 1182] <... rt_sigprocmask resumed>[], 8) = 0 [pid 300] newfstatat(4, "", [pid 298] newfstatat(3, "", [pid 1188] set_robust_list(0x7f62204659a0, 24 [pid 1187] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 1186] <... openat resumed>) = 7 [pid 1185] <... clone3 resumed> => {parent_tid=[1190]}, 88) = 1190 [pid 1184] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 1183] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1182] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 300] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1187] <... mmap resumed>) = 0x20000000 [pid 1187] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1183] <... futex resumed>) = 0 [pid 1187] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1183] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1187] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1183] <... futex resumed>) = 0 [pid 1187] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000144} --- [pid 1185] rt_sigprocmask(SIG_SETMASK, [], [pid 1186] rt_sigprocmask(SIG_SETMASK, [], [pid 1184] <... mprotect resumed>) = 0 [pid 1183] read(0, [pid 1188] <... set_robust_list resumed>) = 0 [pid 300] getdents64(4, [pid 298] getdents64(3, ./strace-static-x86_64: Process 1189 attached [pid 1185] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1184] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1182] <... clone3 resumed> => {parent_tid=[1191]}, 88) = 1191 [pid 300] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 298] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 1185] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1182] rt_sigprocmask(SIG_SETMASK, [], [pid 1184] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1185] <... futex resumed>) = 0 [pid 1182] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 300] getdents64(4, [pid 1184] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 298] umount2("./39/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1185] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1182] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 1185] <... futex resumed>) = 0 [pid 1182] <... futex resumed>) = 0 [pid 300] close(4 [pid 298] <... umount2 resumed>) = 0 [pid 1185] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1184] <... clone3 resumed> => {parent_tid=[1192]}, 88) = 1192 [pid 1182] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 300] <... close resumed>) = 0 [pid 298] umount2("./39/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1185] <... mmap resumed>) = 0x7f6220424000 [pid 1184] rt_sigprocmask(SIG_SETMASK, [], [pid 300] rmdir("./37/file0" [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1185] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 1184] <... rt_sigprocmask resumed>NULL, 8) = 0 ./strace-static-x86_64: Process 1190 attached [pid 1185] <... mprotect resumed>) = 0 [pid 300] <... rmdir resumed>) = 0 [pid 1184] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] newfstatat(AT_FDCWD, "./39/bus", [pid 1189] set_robust_list(0x7f62204659a0, 24 [pid 1188] rt_sigprocmask(SIG_SETMASK, [], [pid 1185] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1184] <... futex resumed>) = 0 [pid 300] getdents64(3, [pid 298] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1189] <... set_robust_list resumed>) = 0 [pid 1188] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1185] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1184] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 300] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 298] unlink("./39/bus" [pid 1185] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 300] close(3 [pid 298] <... unlink resumed>) = 0 [pid 300] <... close resumed>) = 0 [pid 298] umount2("./39/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1185] <... clone3 resumed> => {parent_tid=[1193]}, 88) = 1193 [pid 300] rmdir("./37" [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1190] set_robust_list(0x7f62204659a0, 24 [pid 1185] rt_sigprocmask(SIG_SETMASK, [], [pid 1190] <... set_robust_list resumed>) = 0 [pid 1185] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 300] <... rmdir resumed>) = 0 [pid 298] newfstatat(AT_FDCWD, "./39/binderfs", [pid 1190] rt_sigprocmask(SIG_SETMASK, [], [pid 1185] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] mkdir("./38", 0777 [pid 1185] <... futex resumed>) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1190] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1190] memfd_create("syzkaller", 0 [pid 1185] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 300] <... mkdir resumed>) = 0 [pid 298] unlink("./39/binderfs" [pid 1190] <... memfd_create resumed>) = 3 [pid 1189] rt_sigprocmask(SIG_SETMASK, [], [pid 1188] memfd_create("syzkaller", 0 [pid 300] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 298] <... unlink resumed>) = 0 [pid 300] <... openat resumed>) = 3 [pid 298] umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] ioctl(3, LOOP_CLR_FD [pid 1189] <... rt_sigprocmask resumed>NULL, 8) = 0 [ 31.199659][ T1177] ext4 filesystem being mounted at /root/syzkaller.4RDDfu/39/file0 supports timestamps until 2038 (0x7fffffff) [pid 1188] <... memfd_create resumed>) = 3 [pid 1190] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 300] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 1190] <... mmap resumed>) = 0x7f6218024000 [pid 1190] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 1189] memfd_create("syzkaller", 0 [pid 1188] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 300] close(3./strace-static-x86_64: Process 1193 attached ./strace-static-x86_64: Process 1192 attached ./strace-static-x86_64: Process 1191 attached [pid 1190] <... write resumed>) = 262144 [pid 1189] <... memfd_create resumed>) = 3 [pid 1188] <... mmap resumed>) = 0x7f6218024000 [pid 1186] +++ killed by SIGBUS +++ [pid 300] <... close resumed>) = 0 [pid 1190] munmap(0x7f6218024000, 262144) = 0 [pid 1190] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1190] ioctl(4, LOOP_SET_FD, 3 [pid 1187] +++ killed by SIGBUS +++ [pid 1183] +++ killed by SIGBUS +++ [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1193] set_robust_list(0x7f62204449a0, 24 [pid 1192] set_robust_list(0x7f62204449a0, 24 [pid 1191] set_robust_list(0x7f62204449a0, 24 [pid 1189] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1188] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1183, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- ./strace-static-x86_64: Process 1194 attached [pid 1194] set_robust_list(0x555556cc76a0, 24) = 0 [pid 1194] chdir("./38" [pid 300] <... clone resumed>, child_tidptr=0x555556cc7690) = 1194 [pid 297] umount2("./43", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1189] <... mmap resumed>) = 0x7f6218024000 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1194] <... chdir resumed>) = 0 [pid 1194] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1194] setpgid(0, 0 [pid 1188] <... write resumed>) = 262144 [pid 297] openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1194] <... setpgid resumed>) = 0 [pid 1194] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1189] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 1188] munmap(0x7f6218024000, 262144 [pid 1191] <... set_robust_list resumed>) = 0 [pid 297] <... openat resumed>) = 3 [pid 1192] <... set_robust_list resumed>) = 0 [pid 1193] <... set_robust_list resumed>) = 0 [pid 1190] <... ioctl resumed>) = 0 [pid 1194] write(3, "1000", 4) = 4 [pid 1194] close(3) = 0 [pid 1194] symlink("/dev/binderfs", "./binderfs" [pid 1189] <... write resumed>) = 262144 [pid 1193] rt_sigprocmask(SIG_SETMASK, [], [pid 1192] rt_sigprocmask(SIG_SETMASK, [], [pid 1191] rt_sigprocmask(SIG_SETMASK, [], [pid 1190] close(3 [pid 1189] munmap(0x7f6218024000, 262144 [pid 1188] <... munmap resumed>) = 0 [pid 297] newfstatat(3, "", [pid 1194] <... symlink resumed>) = 0 [pid 1193] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1192] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1191] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1194] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1194] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, NULL, 8) = 0 [pid 1194] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 1193] creat("./bus", 000 [pid 1192] creat("./bus", 000 [pid 1191] creat("./bus", 000 [pid 1188] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1189] <... munmap resumed>) = 0 [pid 1193] <... creat resumed>) = 5 [pid 1194] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1191] <... creat resumed>) = 4 [pid 1192] <... creat resumed>) = 4 [pid 297] getdents64(3, [pid 1192] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1193] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1191] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1188] <... openat resumed>) = 5 [pid 1189] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 297] <... getdents64 resumed>0x555556cc8730 /* 4 entries */, 32768) = 104 [pid 1190] <... close resumed>) = 0 [pid 1194] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1193] <... futex resumed>) = 1 [pid 1192] <... futex resumed>) = 1 [pid 1191] <... futex resumed>) = 1 [pid 1189] <... openat resumed>) = 5 [pid 1188] ioctl(5, LOOP_SET_FD, 3 [pid 1185] <... futex resumed>) = 0 [pid 1184] <... futex resumed>) = 0 [pid 1182] <... futex resumed>) = 0 [pid 297] umount2("./43/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1193] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1192] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1191] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1190] mkdir("./file0", 0777 [pid 1189] ioctl(5, LOOP_SET_FD, 3 [pid 1190] <... mkdir resumed>) = 0 [pid 1190] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 1182] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1185] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1184] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1182] <... futex resumed>) = 0 [pid 1185] <... futex resumed>) = 0 [pid 1184] <... futex resumed>) = 0 [pid 1182] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] <... umount2 resumed>) = 0 [pid 1192] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1191] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1193] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1194] <... mmap resumed>) = 0x7f6220445000 [pid 298] <... umount2 resumed>) = 0 [pid 298] umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./39/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./39/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 298] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(4, 0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 298] getdents64(4, 0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 298] close(4) = 0 [pid 298] rmdir("./39/file0") = 0 [pid 298] getdents64(3, 0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 298] close(3) = 0 [pid 298] rmdir("./39") = 0 [pid 298] mkdir("./40", 0777) = 0 [pid 298] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 298] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 298] close(3) = 0 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cc7690) = 1195 [pid 1194] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1194] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 ./strace-static-x86_64: Process 1195 attached [pid 1194] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 1193] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 1192] mount("/dev/loop5", "./bus", NULL, MS_BIND, NULL [pid 1191] mount("/dev/loop3", "./bus", NULL, MS_BIND, NULL [pid 1189] <... ioctl resumed>) = 0 [pid 1188] <... ioctl resumed>) = 0 [pid 1185] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1184] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] umount2("./43/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1193] <... mount resumed>) = 0 [pid 1192] <... mount resumed>) = 0 [pid 1191] <... mount resumed>) = 0 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1193] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1192] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1191] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1188] close(3 [pid 297] newfstatat(AT_FDCWD, "./43/bus", [pid 1193] <... futex resumed>) = 1 [pid 1192] <... futex resumed>) = 1 [pid 1191] <... futex resumed>) = 1 [pid 1188] <... close resumed>) = 0 [pid 1185] <... futex resumed>) = 0 [pid 1184] <... futex resumed>) = 0 [pid 1182] <... futex resumed>) = 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1193] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1192] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1191] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1188] mkdir("./file0", 0777 [pid 1185] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1184] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1182] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] unlink("./43/bus" [pid 1193] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1192] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1191] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1188] <... mkdir resumed>) = 0 [pid 1185] <... futex resumed>) = 0 [pid 1184] <... futex resumed>) = 0 [pid 1182] <... futex resumed>) = 0 [pid 297] <... unlink resumed>) = 0 [pid 1193] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 1192] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 1191] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 1189] close(3 [pid 1188] mount("/dev/loop3", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 1185] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1184] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1182] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] umount2("./43/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1193] <... open resumed>) = 3 [pid 1192] <... open resumed>) = 6 [pid 1191] <... open resumed>) = 3 [pid 1189] <... close resumed>) = 0 [pid 1193] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1192] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1191] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1193] <... futex resumed>) = 1 [pid 1192] <... futex resumed>) = 1 [pid 1191] <... futex resumed>) = 1 [pid 1185] <... futex resumed>) = 0 [pid 1184] <... futex resumed>) = 0 [pid 1182] <... futex resumed>) = 0 [pid 297] newfstatat(AT_FDCWD, "./43/binderfs", [pid 1193] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1192] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1191] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1189] mkdir("./file0", 0777 [pid 1185] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1184] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1182] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1193] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1192] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1191] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1185] <... futex resumed>) = 0 [pid 1184] <... futex resumed>) = 0 [pid 1182] <... futex resumed>) = 0 [pid 297] unlink("./43/binderfs" [pid 1193] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 1192] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 1191] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 1185] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1184] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1182] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] <... unlink resumed>) = 0 ./strace-static-x86_64: Process 1196 attached [pid 1195] set_robust_list(0x555556cc76a0, 24 [pid 1193] <... socket resumed>) = 6 [pid 1192] <... socket resumed>) = 3 [pid 1191] <... socket resumed>) = 6 [pid 1189] <... mkdir resumed>) = 0 [pid 297] getdents64(3, [pid 1194] <... clone3 resumed> => {parent_tid=[1196]}, 88) = 1196 [pid 1193] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1192] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1191] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1189] mount("/dev/loop5", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 297] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 1194] rt_sigprocmask(SIG_SETMASK, [], [pid 1193] <... futex resumed>) = 1 [pid 1192] <... futex resumed>) = 1 [pid 1191] <... futex resumed>) = 1 [pid 1185] <... futex resumed>) = 0 [pid 1184] <... futex resumed>) = 0 [pid 1182] <... futex resumed>) = 0 [pid 297] close(3 [pid 1194] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1193] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1192] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1191] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1185] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1184] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1182] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... close resumed>) = 0 [pid 1194] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1193] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1192] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1191] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1185] <... futex resumed>) = 0 [pid 1184] <... futex resumed>) = 0 [pid 1182] <... futex resumed>) = 0 [pid 297] rmdir("./43" [pid 1196] set_robust_list(0x7f62204659a0, 24 [pid 1195] <... set_robust_list resumed>) = 0 [pid 1194] <... futex resumed>) = 0 [pid 1193] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 3, 0 [pid 1192] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 6, 0 [pid 1191] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 3, 0 [pid 1185] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1184] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1182] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] <... rmdir resumed>) = 0 [pid 1196] <... set_robust_list resumed>) = 0 [pid 1195] chdir("./40" [pid 1194] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1193] <... mmap resumed>) = 0x20000000 [pid 1192] <... mmap resumed>) = 0x20000000 [pid 1191] <... mmap resumed>) = 0x20000000 [pid 297] mkdir("./44", 0777 [pid 1196] rt_sigprocmask(SIG_SETMASK, [], [pid 1195] <... chdir resumed>) = 0 [pid 1194] <... futex resumed>) = 0 [pid 1193] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1192] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1191] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... mkdir resumed>) = 0 [pid 1196] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1195] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1194] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1193] <... futex resumed>) = 1 [pid 1192] <... futex resumed>) = 1 [pid 1191] <... futex resumed>) = 1 [pid 1185] <... futex resumed>) = 0 [pid 1184] <... futex resumed>) = 0 [pid 1182] <... futex resumed>) = 0 [pid 297] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 1196] memfd_create("syzkaller", 0 [pid 1195] <... prctl resumed>) = 0 [pid 1194] <... mmap resumed>) = 0x7f6220424000 [pid 1193] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1192] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1191] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1185] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1184] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1182] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... openat resumed>) = 3 [pid 1196] <... memfd_create resumed>) = 3 [pid 1195] setpgid(0, 0 [pid 1194] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 1193] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1192] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1191] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1185] <... futex resumed>) = 0 [pid 1184] <... futex resumed>) = 0 [pid 1182] <... futex resumed>) = 0 [pid 297] ioctl(3, LOOP_CLR_FD [pid 1196] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1195] <... setpgid resumed>) = 0 [pid 1194] <... mprotect resumed>) = 0 [pid 1193] memfd_create("syzkaller", 0 [pid 1192] memfd_create("syzkaller", 0 [pid 1191] memfd_create("syzkaller", 0 [pid 297] <... ioctl resumed>) = -1 ENXIO (No such device or address) [ 31.256505][ T1190] loop0: detected capacity change from 0 to 512 [ 31.270213][ T1188] loop3: detected capacity change from 0 to 512 [ 31.276823][ T1189] loop5: detected capacity change from 0 to 512 [pid 1196] <... mmap resumed>) = 0x7f6218024000 [pid 1195] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1194] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1193] <... memfd_create resumed>) = 7 [pid 1192] <... memfd_create resumed>) = 7 [pid 1191] <... memfd_create resumed>) = 7 [pid 297] close(3 [pid 1196] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 1195] <... openat resumed>) = 3 [pid 1194] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1193] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1192] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1191] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 297] <... close resumed>) = 0 [pid 1196] <... write resumed>) = 262144 [pid 1195] write(3, "1000", 4 [pid 1194] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 1193] <... mmap resumed>) = 0x7f620fc64000 [pid 1192] <... mmap resumed>) = 0x7f620fc64000 [pid 1191] <... mmap resumed>) = 0x7f620fc64000 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1196] munmap(0x7f6218024000, 262144 [pid 1195] <... write resumed>) = 4 [pid 1193] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 1192] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 1191] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 1196] <... munmap resumed>) = 0 [pid 1195] close(3 [pid 1194] <... clone3 resumed> => {parent_tid=[1203]}, 88) = 1203 [pid 1193] <... write resumed>) = 65536 [pid 1192] <... write resumed>) = 65536 [pid 1191] <... write resumed>) = 65536 [pid 297] <... clone resumed>, child_tidptr=0x555556cc7690) = 1204 [pid 1196] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 1195] <... close resumed>) = 0 [pid 1194] rt_sigprocmask(SIG_SETMASK, [], [pid 1193] munmap(0x7f620fc64000, 65536 [pid 1192] munmap(0x7f620fc64000, 65536 [pid 1191] munmap(0x7f620fc64000, 65536 [pid 1196] <... openat resumed>) = 4 [pid 1195] symlink("/dev/binderfs", "./binderfs" [pid 1194] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1193] <... munmap resumed>) = 0 [pid 1192] <... munmap resumed>) = 0 [pid 1191] <... munmap resumed>) = 0 [pid 1196] ioctl(4, LOOP_SET_FD, 3 [pid 1195] <... symlink resumed>) = 0 [pid 1194] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1193] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1192] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 1191] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 1195] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1194] <... futex resumed>) = 0 [pid 1193] <... openat resumed>) = 8 [pid 1192] <... openat resumed>) = 8 [pid 1191] <... openat resumed>) = 8 [pid 1195] <... futex resumed>) = 0 [pid 1194] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1193] ioctl(8, LOOP_SET_FD, 7 [pid 1192] ioctl(8, LOOP_SET_FD, 7 [pid 1191] ioctl(8, LOOP_SET_FD, 7 [pid 1195] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 1193] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 1192] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 1191] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 1195] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1193] ioctl(8, LOOP_CLR_FD [pid 1192] ioctl(8, LOOP_CLR_FD [pid 1191] ioctl(8, LOOP_CLR_FD./strace-static-x86_64: Process 1203 attached [pid 1195] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 1193] <... ioctl resumed>) = 0 [pid 1192] <... ioctl resumed>) = 0 [pid 1191] <... ioctl resumed>) = 0 [pid 1203] set_robust_list(0x7f62204449a0, 24 [pid 1195] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1203] <... set_robust_list resumed>) = 0 [pid 1195] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1203] rt_sigprocmask(SIG_SETMASK, [], [pid 1195] <... mmap resumed>) = 0x7f6220445000 [pid 1203] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1195] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 1203] creat("./bus", 000 [pid 1195] <... mprotect resumed>) = 0 [pid 1203] <... creat resumed>) = 5 [pid 1195] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1203] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1195] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1193] ioctl(8, LOOP_SET_FD, 7 [pid 1192] ioctl(8, LOOP_SET_FD, 7 [pid 1191] ioctl(8, LOOP_SET_FD, 7 [pid 1203] <... futex resumed>) = 1 [pid 1195] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 1194] <... futex resumed>) = 0 [pid 1193] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 1192] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 1191] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 1203] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1194] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1193] close(8 [pid 1192] close(8 [pid 1191] close(8 [pid 1203] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1195] <... clone3 resumed> => {parent_tid=[1205]}, 88) = 1205 [pid 1194] <... futex resumed>) = 0 [pid 1193] <... close resumed>) = 0 [pid 1192] <... close resumed>) = 0 [pid 1191] <... close resumed>) = 0 [pid 1203] mount("/dev/loop4", "./bus", NULL, MS_BIND, NULL [pid 1195] rt_sigprocmask(SIG_SETMASK, [], [pid 1194] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1193] close(7 [pid 1192] close(7 [pid 1191] close(7 [pid 1203] <... mount resumed>) = 0 [pid 1195] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1193] <... close resumed>) = 0 [pid 1192] <... close resumed>) = 0 [pid 1191] <... close resumed>) = 0 [pid 1203] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1195] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1193] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1192] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1191] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1203] <... futex resumed>) = 1 [pid 1195] <... futex resumed>) = 0 [pid 1194] <... futex resumed>) = 0 [pid 1193] <... futex resumed>) = 0 [pid 1192] <... futex resumed>) = 0 [pid 1191] <... futex resumed>) = 0 [pid 1203] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1195] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1194] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1193] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1192] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1191] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1203] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1195] <... futex resumed>) = 0 [pid 1194] <... futex resumed>) = 0 [pid 1203] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 1195] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1194] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1195] <... mmap resumed>) = 0x7f6220424000 ./strace-static-x86_64: Process 1205 attached [pid 1195] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 1205] set_robust_list(0x7f62204659a0, 24 [pid 1203] <... open resumed>) = 6 [pid 1196] <... ioctl resumed>) = 0 [pid 1195] <... mprotect resumed>) = 0 [pid 1205] <... set_robust_list resumed>) = 0 [pid 1203] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1196] close(3 [pid 1195] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1205] rt_sigprocmask(SIG_SETMASK, [], [pid 1203] <... futex resumed>) = 1 [pid 1196] <... close resumed>) = 0 [pid 1195] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1194] <... futex resumed>) = 0 [pid 1205] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1203] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1196] mkdir("./file0", 0777 [pid 1195] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 1194] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1205] memfd_create("syzkaller", 0 [pid 1203] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1196] <... mkdir resumed>) = 0 [pid 1194] <... futex resumed>) = 0 [pid 1205] <... memfd_create resumed>) = 3 [pid 1203] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 1196] mount("/dev/loop4", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 1195] <... clone3 resumed> => {parent_tid=[1206]}, 88) = 1206 [pid 1194] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1205] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1203] <... socket resumed>) = 3 [pid 1195] rt_sigprocmask(SIG_SETMASK, [], [pid 1205] <... mmap resumed>) = 0x7f6218024000 [pid 1203] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1195] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1205] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 1203] <... futex resumed>) = 1 [pid 1195] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1194] <... futex resumed>) = 0 ./strace-static-x86_64: Process 1204 attached [pid 1205] <... write resumed>) = 262144 [pid 1203] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1195] <... futex resumed>) = 0 [pid 1194] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1205] munmap(0x7f6218024000, 262144 [pid 1203] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1195] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1194] <... futex resumed>) = 0 [pid 1205] <... munmap resumed>) = 0 [pid 1203] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 6, 0 [pid 1194] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1205] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 1203] <... mmap resumed>) = 0x20000000 [pid 1205] <... openat resumed>) = 4 [ 31.302285][ T1190] EXT4-fs (loop0): mounted filesystem without journal. Opts: nodiscard,barrier,nouid32,grpquota,,errors=continue. Quota mode: writeback. [ 31.321288][ T1189] EXT4-fs (loop5): revision level too high, forcing read-only mode [ 31.322592][ T1196] loop4: detected capacity change from 0 to 512 [ 31.330307][ T1189] EXT4-fs error (device loop5): ext4_init_orphan_info:586: comm syz-executor172: inode #0: comm syz-executor172: iget: illegal inode # [pid 1203] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1205] ioctl(4, LOOP_SET_FD, 3 [pid 1203] <... futex resumed>) = 1 [pid 1194] <... futex resumed>) = 0 [pid 1204] set_robust_list(0x555556cc76a0, 24 [pid 1203] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1194] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1203] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1194] <... futex resumed>) = 0 [pid 1203] memfd_create("syzkaller", 0) = 7 ./strace-static-x86_64: Process 1206 attached [pid 1203] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1206] set_robust_list(0x7f62204449a0, 24 [pid 1203] <... mmap resumed>) = 0x7f620fc64000 [pid 1206] <... set_robust_list resumed>) = 0 [pid 1203] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 1206] rt_sigprocmask(SIG_SETMASK, [], [pid 1203] <... write resumed>) = 65536 [pid 1206] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1203] munmap(0x7f620fc64000, 65536 [pid 1206] creat("./bus", 000 [pid 1203] <... munmap resumed>) = 0 [pid 1206] <... creat resumed>) = 5 [pid 1203] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 1206] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1203] <... openat resumed>) = 8 [pid 1206] <... futex resumed>) = 1 [pid 1203] ioctl(8, LOOP_SET_FD, 7 [pid 1195] <... futex resumed>) = 0 [pid 1206] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1205] <... ioctl resumed>) = 0 [pid 1203] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 1205] close(3) = 0 [pid 1205] mkdir("./file0", 0777) = 0 [pid 1205] mount("/dev/loop2", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 1204] <... set_robust_list resumed>) = 0 [pid 1204] chdir("./44") = 0 [pid 1204] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1204] setpgid(0, 0) = 0 [pid 1204] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1204] write(3, "1000", 4) = 4 [pid 1204] close(3) = 0 [pid 1204] symlink("/dev/binderfs", "./binderfs" [pid 1195] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1204] <... symlink resumed>) = 0 [pid 1195] <... futex resumed>) = 0 [pid 1204] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1195] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1203] ioctl(8, LOOP_CLR_FD) = 0 [pid 1204] <... futex resumed>) = 0 [pid 1204] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, NULL, 8) = 0 [pid 1204] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1204] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220445000 [pid 1204] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1204] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1204] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} => {parent_tid=[1209]}, 88) = 1209 [pid 1204] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1204] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1204] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1204] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220424000 [pid 1204] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1204] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1204] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} => {parent_tid=[1210]}, 88) = 1210 [pid 1204] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1204] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1204] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1209 attached [pid 1209] set_robust_list(0x7f62204659a0, 24) = 0 [pid 1209] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1209] memfd_create("syzkaller", 0) = 3 [pid 1209] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6218024000 [pid 1209] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 1209] munmap(0x7f6218024000, 262144) = 0 [pid 1209] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [ 31.355761][ T1188] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 31.357682][ T1205] loop2: detected capacity change from 0 to 512 [ 31.371307][ T1188] EXT4-fs error (device loop3): ext4_init_orphan_info:586: comm syz-executor172: inode #0: comm syz-executor172: iget: illegal inode # [ 31.376287][ T1207] EXT4-fs warning (device loop4): kmmpd:170: kmmpd being stopped since MMP feature has been disabled. [ 31.399004][ T1196] EXT4-fs (loop4): revision level too high, forcing read-only mode [pid 1209] ioctl(4, LOOP_SET_FD, 3 [pid 1206] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1203] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy) [pid 1203] close(8) = 0 [pid 1203] close(7) = 0 [pid 1203] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1203] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1206] mount("/dev/loop2", "./bus", NULL, MS_BIND, NULL) = 0 [pid 1206] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1195] <... futex resumed>) = 0 [pid 1195] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1195] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1206] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 3 [pid 1209] <... ioctl resumed>) = 0 [pid 1206] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1195] <... futex resumed>) = 0 [pid 1206] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 1195] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1206] <... socket resumed>) = 6 [pid 1195] <... futex resumed>) = 0 [pid 1195] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1206] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1195] <... futex resumed>) = 0 [pid 1206] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 3, 0 [pid 1195] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1206] <... mmap resumed>) = 0x20000000 [pid 1195] <... futex resumed>) = 0 [pid 1206] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1195] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1206] <... futex resumed>) = 0 [pid 1195] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1206] memfd_create("syzkaller", 0 [pid 1195] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1206] <... memfd_create resumed>) = 7 [pid 1195] <... futex resumed>) = 0 [pid 1206] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f620fc64000 [pid 1206] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536) = 65536 [pid 1206] munmap(0x7f620fc64000, 65536) = 0 [pid 1206] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 8 [pid 1206] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy) [pid 1206] ioctl(8, LOOP_CLR_FD) = 0 ./strace-static-x86_64: Process 1210 attached [pid 1210] set_robust_list(0x7f62204449a0, 24) = 0 [pid 1206] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy) [pid 1206] close(8) = 0 [pid 1206] close(7) = 0 [pid 1209] close(3 [pid 1206] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1210] rt_sigprocmask(SIG_SETMASK, [], [pid 1206] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1210] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1210] creat("./bus", 000) = 5 [pid 1210] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1204] <... futex resumed>) = 0 [pid 1210] mount("/dev/loop1", "./bus", NULL, MS_BIND, NULL [pid 1204] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1210] <... mount resumed>) = 0 [pid 1204] <... futex resumed>) = 0 [pid 1210] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1204] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1210] <... futex resumed>) = 0 [pid 1204] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1210] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 1204] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1210] <... open resumed>) = 6 [pid 1204] <... futex resumed>) = 0 [ 31.403310][ T1209] loop1: detected capacity change from 0 to 512 [ 31.413650][ T1190] ext4 filesystem being mounted at /root/syzkaller.sY6u5M/36/file0 supports timestamps until 2038 (0x7fffffff) [ 31.425239][ T1188] EXT4-fs (loop3): get orphan inode failed [ 31.431609][ T1189] EXT4-fs (loop5): get orphan inode failed [ 31.437136][ T1196] EXT4-fs error (device loop4): ext4_init_orphan_info:586: comm syz-executor172: inode #0: comm syz-executor172: iget: illegal inode # [ 31.438089][ T1188] EXT4-fs (loop3): mount failed [pid 1210] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1209] <... close resumed>) = 0 [pid 1204] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1190] <... mount resumed>) = 0 [pid 1209] mkdir("./file0", 0777) = 0 [pid 1190] openat(AT_FDCWD, 0x20000000, O_RDONLY|O_DIRECTORY [pid 1209] mount("/dev/loop1", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 1190] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 1190] ioctl(4, LOOP_CLR_FD) = 0 [pid 1190] close(4) = 0 [pid 1190] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1190] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1210] <... futex resumed>) = 0 [pid 1204] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1188] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 1185] exit_group(0 [pid 1210] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 1204] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1193] <... futex resumed>) = ? [pid 1190] <... futex resumed>) = ? [pid 1188] ioctl(5, LOOP_CLR_FD [pid 1185] <... exit_group resumed>) = ? [pid 1204] <... futex resumed>) = 0 [pid 1196] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 1193] +++ exited with 0 +++ [pid 1190] +++ exited with 0 +++ [pid 1188] <... ioctl resumed>) = 0 [pid 1196] ioctl(4, LOOP_CLR_FD) = 0 [pid 1196] close(4 [pid 1210] <... socket resumed>) = 3 [pid 1204] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1196] <... close resumed>) = 0 [pid 1188] close(5 [pid 1185] +++ exited with 0 +++ [pid 1196] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1196] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1210] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1204] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1194] exit_group(0 [pid 1188] <... close resumed>) = 0 [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1185, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 1210] <... futex resumed>) = 0 [pid 1204] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1203] <... futex resumed>) = ? [pid 1194] <... exit_group resumed>) = ? [pid 1188] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1196] <... futex resumed>) = ? [pid 1196] +++ exited with 0 +++ [pid 1210] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 6, 0) = 0x20000000 [pid 1210] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1210] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL) = 0 [pid 1204] <... futex resumed>) = 1 [pid 1210] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1204] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 1204] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1210] <... futex resumed>) = 0 [pid 1204] <... futex resumed>) = 1 [pid 1210] memfd_create("syzkaller", 0) = 7 [pid 1210] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f620fc64000 [pid 1210] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536) = 65536 [pid 1210] munmap(0x7f620fc64000, 65536) = 0 [pid 1210] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 8 [pid 1210] ioctl(8, LOOP_SET_FD, 7) = -1 EBUSY (Device or resource busy) [pid 1210] ioctl(8, LOOP_CLR_FD) = 0 [pid 1203] +++ exited with 0 +++ [ 31.451978][ T1189] EXT4-fs (loop5): mount failed [ 31.460508][ T1196] EXT4-fs (loop4): get orphan inode failed [ 31.461131][ T1205] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 31.466418][ T1196] EXT4-fs (loop4): mount failed [ 31.484036][ T1205] EXT4-fs error (device loop2): ext4_init_orphan_info:586: comm syz-executor172: inode #0: comm syz-executor172: iget: illegal inode # [pid 1189] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 1188] <... futex resumed>) = 0 [pid 1210] ioctl(8, LOOP_SET_FD, 7 [pid 1189] ioctl(5, LOOP_CLR_FD [pid 1210] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 1210] close(8 [pid 1189] <... ioctl resumed>) = 0 [pid 1210] <... close resumed>) = 0 [pid 1210] close(7 [pid 1189] close(5 [pid 1210] <... close resumed>) = 0 [pid 1210] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1189] <... close resumed>) = 0 [pid 1210] <... futex resumed>) = 0 [pid 1210] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1189] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1189] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1188] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1184] exit_group(0 [pid 1182] exit_group(0 [pid 296] umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1192] <... futex resumed>) = ? [pid 1189] <... futex resumed>) = ? [pid 1184] <... exit_group resumed>) = ? [pid 1189] +++ exited with 0 +++ [pid 1209] <... mount resumed>) = -1 EBADMSG (Bad message) [pid 1209] ioctl(4, LOOP_CLR_FD) = 0 [pid 1209] close(4) = 0 [pid 1209] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1209] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1194] +++ exited with 0 +++ [pid 1192] +++ exited with 0 +++ [pid 1191] <... futex resumed>) = ? [pid 1188] <... futex resumed>) = ? [pid 1182] <... exit_group resumed>) = ? [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1204] exit_group(0 [pid 1191] +++ exited with 0 +++ [pid 1188] +++ exited with 0 +++ [pid 300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1194, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- [pid 296] openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1210] <... futex resumed>) = ? [pid 1204] <... exit_group resumed>) = ? [pid 296] <... openat resumed>) = 3 [pid 1210] +++ exited with 0 +++ [pid 296] newfstatat(3, "", [pid 300] umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] getdents64(3, [pid 300] openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 296] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 300] <... openat resumed>) = 3 [pid 296] umount2("./36/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] newfstatat(3, "", [pid 296] <... umount2 resumed>) = 0 [pid 300] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] umount2("./36/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] getdents64(3, [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 300] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 296] newfstatat(AT_FDCWD, "./36/bus", [pid 300] umount2("./38/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 300] <... umount2 resumed>) = 0 [pid 296] unlink("./36/bus" [pid 300] umount2("./38/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... unlink resumed>) = 0 [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] newfstatat(AT_FDCWD, "./38/bus", [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 300] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] newfstatat(AT_FDCWD, "./36/binderfs", [pid 300] unlink("./38/bus" [pid 296] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 300] <... unlink resumed>) = 0 [pid 296] unlink("./36/binderfs" [pid 300] umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... unlink resumed>) = 0 [pid 1209] <... futex resumed>) = ? [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 300] unlink("./38/binderfs") = 0 [pid 300] umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 300] newfstatat(AT_FDCWD, "./38/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 300] umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 300] openat(AT_FDCWD, "./38/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 300] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 300] getdents64(4, 0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 300] getdents64(4, 0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 300] close(4) = 0 [pid 300] rmdir("./38/file0") = 0 [pid 300] getdents64(3, 0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 300] close(3) = 0 [pid 300] rmdir("./38") = 0 [pid 300] mkdir("./39", 0777) = 0 [pid 300] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 300] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 300] close(3) = 0 [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cc7690) = 1214 ./strace-static-x86_64: Process 1214 attached [pid 1205] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 1205] ioctl(4, LOOP_CLR_FD [pid 1214] set_robust_list(0x555556cc76a0, 24) = 0 [pid 1214] chdir("./39") = 0 [pid 1214] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1205] <... ioctl resumed>) = 0 [pid 1214] <... prctl resumed>) = 0 [pid 1214] setpgid(0, 0) = 0 [pid 1214] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1205] close(4 [pid 1214] <... openat resumed>) = 3 [pid 1205] <... close resumed>) = 0 [pid 1214] write(3, "1000", 4) = 4 [pid 1214] close(3) = 0 [pid 1214] symlink("/dev/binderfs", "./binderfs" [pid 1205] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1214] <... symlink resumed>) = 0 [pid 1214] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1205] <... futex resumed>) = 0 [pid 1214] <... futex resumed>) = 0 [pid 1214] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, NULL, 8) = 0 [pid 1214] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1214] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1195] exit_group(0 [pid 1214] <... mmap resumed>) = 0x7f6220445000 [pid 1206] <... futex resumed>) = ? [pid 1195] <... exit_group resumed>) = ? [pid 1214] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 1206] +++ exited with 0 +++ [pid 1214] <... mprotect resumed>) = 0 [pid 1214] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1214] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} => {parent_tid=[1215]}, 88) = 1215 [pid 1214] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1214] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1214] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1214] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220424000 [pid 1214] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1214] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1214] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0}./strace-static-x86_64: Process 1215 attached ./strace-static-x86_64: Process 1216 attached [pid 1215] set_robust_list(0x7f62204659a0, 24 [pid 1214] <... clone3 resumed> => {parent_tid=[1216]}, 88) = 1216 [pid 1214] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1216] set_robust_list(0x7f62204449a0, 24 [pid 1215] <... set_robust_list resumed>) = 0 [pid 1214] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1184] +++ exited with 0 +++ [pid 1214] <... futex resumed>) = 0 [pid 301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1184, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- [pid 1214] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 301] umount2("./41", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 301] openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 301] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 301] getdents64(3, 0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 301] umount2("./41/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 301] umount2("./41/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1215] rt_sigprocmask(SIG_SETMASK, [], [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 301] newfstatat(AT_FDCWD, "./41/bus", [pid 1216] <... set_robust_list resumed>) = 0 [pid 1215] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 301] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 301] unlink("./41/bus" [pid 1216] rt_sigprocmask(SIG_SETMASK, [], [pid 1215] memfd_create("syzkaller", 0 [pid 301] <... unlink resumed>) = 0 [pid 301] umount2("./41/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1216] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1215] <... memfd_create resumed>) = 3 [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 301] newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 301] unlink("./41/binderfs" [pid 1215] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 301] <... unlink resumed>) = 0 [pid 301] umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 301] newfstatat(AT_FDCWD, "./41/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 301] umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 301] openat(AT_FDCWD, "./41/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 1216] creat("./bus", 000 [pid 1215] <... mmap resumed>) = 0x7f6218024000 [pid 301] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 301] getdents64(4, 0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 301] getdents64(4, 0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 301] close(4) = 0 [pid 301] rmdir("./41/file0") = 0 [pid 301] getdents64(3, 0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 301] close(3) = 0 [pid 301] rmdir("./41" [pid 1215] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 301] <... rmdir resumed>) = 0 [pid 301] mkdir("./42", 0777) = 0 [pid 301] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 301] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 301] close(3) = 0 [pid 301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1215] <... write resumed>) = 262144 [pid 301] <... clone resumed>, child_tidptr=0x555556cc7690) = 1217 [pid 1215] munmap(0x7f6218024000, 262144 [pid 1216] <... creat resumed>) = 4 ./strace-static-x86_64: Process 1217 attached [pid 1217] set_robust_list(0x555556cc76a0, 24) = 0 [pid 1217] chdir("./42" [pid 1216] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1215] <... munmap resumed>) = 0 [pid 1217] <... chdir resumed>) = 0 [pid 1217] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1217] setpgid(0, 0) = 0 [pid 1217] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1215] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 5 [pid 1215] ioctl(5, LOOP_SET_FD, 3 [pid 1217] <... openat resumed>) = 3 [pid 1217] write(3, "1000", 4) = 4 [pid 1217] close(3) = 0 [pid 1217] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1217] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1217] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, NULL, 8) = 0 [pid 1217] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1217] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220445000 [pid 1217] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1217] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1217] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} => {parent_tid=[1218]}, 88) = 1218 [pid 1217] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1217] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1217] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1217] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220424000 [pid 1217] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1217] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1217] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} => {parent_tid=[1219]}, 88) = 1219 [pid 1217] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1217] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1217] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1219 attached [pid 1219] set_robust_list(0x7f62204449a0, 24) = 0 [pid 1219] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1219] creat("./bus", 000) = 3 [pid 1219] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1217] <... futex resumed>) = 0 [pid 1217] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1217] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1219] <... futex resumed>) = 1 [pid 1219] mount("/dev/loop5", "./bus", NULL, MS_BIND, NULL) = 0 [pid 1219] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1217] <... futex resumed>) = 0 [pid 1217] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1217] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1219] <... futex resumed>) = 1 [pid 1219] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c) = 4 [pid 1219] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1217] <... futex resumed>) = 0 [pid 1217] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1217] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1219] <... futex resumed>) = 1 [pid 1219] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE) = 5 [pid 1219] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1217] <... futex resumed>) = 0 [pid 1217] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1217] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1219] <... futex resumed>) = 1 [pid 1219] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 4, 0) = 0x20000000 [pid 1219] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1217] <... futex resumed>) = 0 [pid 1217] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1219] <... futex resumed>) = 1 [pid 1219] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000144} --- ./strace-static-x86_64: Process 1218 attached [pid 1219] +++ killed by SIGBUS +++ [pid 1216] <... futex resumed>) = 1 [pid 1214] <... futex resumed>) = 0 [pid 1215] <... ioctl resumed>) = 0 [pid 1214] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1214] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1216] mount("/dev/loop4", "./bus", NULL, MS_BIND, NULL [pid 1215] close(3 [pid 1218] +++ killed by SIGBUS +++ [pid 1217] +++ killed by SIGBUS +++ [pid 301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1217, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 301] umount2("./42", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 301] openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 301] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 301] getdents64(3, 0x555556cc8730 /* 4 entries */, 32768) = 104 [pid 301] umount2("./42/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 301] umount2("./42/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 301] newfstatat(AT_FDCWD, "./42/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 301] unlink("./42/bus") = 0 [pid 301] umount2("./42/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 301] newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 301] unlink("./42/binderfs") = 0 [pid 1216] <... mount resumed>) = 0 [pid 301] getdents64(3, 0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 301] close(3) = 0 [pid 301] rmdir("./42" [pid 1216] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1215] <... close resumed>) = 0 [pid 301] <... rmdir resumed>) = 0 [pid 301] mkdir("./43", 0777 [pid 1216] <... futex resumed>) = 1 [pid 1215] mkdir("./file0", 0777 [pid 1214] <... futex resumed>) = 0 [pid 301] <... mkdir resumed>) = 0 [pid 1214] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 1214] <... futex resumed>) = 0 [pid 1214] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] <... openat resumed>) = 3 [pid 301] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 301] close(3) = 0 [pid 1216] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1216] <... open resumed>) = 3 [pid 301] <... clone resumed>, child_tidptr=0x555556cc7690) = 1220 [pid 1216] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 1220 attached [pid 1220] set_robust_list(0x555556cc76a0, 24 [pid 1216] <... futex resumed>) = 1 [pid 1214] <... futex resumed>) = 0 [pid 1214] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1214] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1220] <... set_robust_list resumed>) = 0 [pid 1220] chdir("./43") = 0 [pid 1220] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1220] setpgid(0, 0) = 0 [pid 1216] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE) = 6 [pid 1216] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1216] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1214] <... futex resumed>) = 0 [pid 1214] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1214] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1220] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1220] write(3, "1000", 4) = 4 [pid 1220] close(3) = 0 [pid 1220] symlink("/dev/binderfs", "./binderfs" [pid 1216] <... futex resumed>) = 0 [pid 1216] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 3, 0) = 0x20000000 [pid 1220] <... symlink resumed>) = 0 [pid 1220] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1220] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, NULL, 8) = 0 [pid 1220] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1220] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220445000 [pid 1220] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1220] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1216] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1214] <... futex resumed>) = 0 [pid 1214] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1220] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1220] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} => {parent_tid=[1221]}, 88) = 1221 [pid 1220] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1220] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1220] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1220] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220424000 [pid 1216] memfd_create("syzkaller", 0 [pid 1220] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1220] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1220] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 1216] <... memfd_create resumed>) = 7 [pid 1216] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f620fc64000 [pid 1220] <... clone3 resumed> => {parent_tid=[1222]}, 88) = 1222 [pid 1220] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1220] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1220] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1222 attached [pid 1222] set_robust_list(0x7f62204449a0, 24) = 0 [pid 1222] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1216] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 1222] creat("./bus", 000 [pid 1216] <... write resumed>) = 65536 [pid 1215] <... mkdir resumed>) = 0 [pid 1222] <... creat resumed>) = 3 [pid 1216] munmap(0x7f620fc64000, 65536 [pid 1215] mount("/dev/loop4", 0x20000000, 0x200005c0, MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"... [pid 1222] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1220] <... futex resumed>) = 0 [pid 1220] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1220] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1222] <... futex resumed>) = 1 [pid 1222] mount("/dev/loop5", "./bus", NULL, MS_BIND, NULL) = 0 [pid 1222] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1220] <... futex resumed>) = 0 [pid 1220] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1220] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1216] <... munmap resumed>) = 0 [pid 1216] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 1215] <... mount resumed>) = -1 ENOENT (No such file or directory) ./strace-static-x86_64: Process 1221 attached [pid 1222] <... futex resumed>) = 1 [pid 1216] <... openat resumed>) = 8 [pid 1222] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 1221] set_robust_list(0x7f62204659a0, 24 [pid 1222] <... open resumed>) = 4 [pid 1221] <... set_robust_list resumed>) = 0 [pid 1216] ioctl(8, LOOP_SET_FD, 7 [pid 1222] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1220] <... futex resumed>) = 0 [pid 1216] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 1221] rt_sigprocmask(SIG_SETMASK, [], [pid 1222] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1220] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1222] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1220] <... futex resumed>) = 0 [pid 1222] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 1221] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1220] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1222] <... socket resumed>) = 5 [pid 1221] memfd_create("syzkaller", 0 [pid 1222] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1220] <... futex resumed>) = 0 [pid 1222] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1221] <... memfd_create resumed>) = 6 [pid 1220] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1222] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1220] <... futex resumed>) = 0 [pid 1222] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 4, 0 [pid 1221] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1220] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1222] <... mmap resumed>) = 0x20000000 [pid 1216] ioctl(8, LOOP_CLR_FD [pid 1215] ioctl(5, LOOP_CLR_FD [pid 1222] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1220] <... futex resumed>) = 0 [pid 1220] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1222] <... futex resumed>) = 1 [pid 1222] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000144} --- [pid 1221] <... mmap resumed>) = ? [pid 296] <... umount2 resumed>) = 0 [pid 1222] +++ killed by SIGBUS +++ [pid 1209] +++ exited with 0 +++ [pid 1204] +++ exited with 0 +++ [pid 1205] +++ exited with 0 +++ [pid 1195] +++ exited with 0 +++ [pid 1221] +++ killed by SIGBUS +++ [pid 1220] +++ killed by SIGBUS +++ [pid 301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1220, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 301] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 301] umount2("./43", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 301] openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 301] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 301] getdents64(3, 0x555556cc8730 /* 4 entries */, 32768) = 104 [pid 301] umount2("./43/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 301] umount2("./43/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 301] newfstatat(AT_FDCWD, "./43/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 301] unlink("./43/bus") = 0 [pid 301] umount2("./43/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 301] newfstatat(AT_FDCWD, "./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 301] unlink("./43/binderfs") = 0 [pid 301] getdents64(3, 0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 301] close(3) = 0 [pid 301] rmdir("./43") = 0 [pid 301] mkdir("./44", 0777) = 0 [pid 301] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 301] ioctl(3, LOOP_CLR_FD [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1195, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1204, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 296] umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1216] <... ioctl resumed>) = 0 [pid 1215] <... ioctl resumed>) = 0 [pid 301] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 298] umount2("./40", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] umount2("./44", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1215] close(5 [pid 301] close(3 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 301] <... close resumed>) = 0 [pid 298] openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./36/file0", [pid 1215] <... close resumed>) = 0 [pid 301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 298] <... openat resumed>) = 3 [pid 297] openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1215] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1215] <... futex resumed>) = 0 [pid 301] <... clone resumed>, child_tidptr=0x555556cc7690) = 1223 [pid 298] newfstatat(3, "", [pid 297] <... openat resumed>) = 3 [pid 296] umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] newfstatat(3, "", [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] getdents64(3, [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] openat(AT_FDCWD, "./36/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 298] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 297] getdents64(3, [pid 298] umount2("./40/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... openat resumed>) = 4 [pid 297] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 1216] ioctl(8, LOOP_SET_FD, 7 [pid 1215] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1182] +++ exited with 0 +++ [pid 298] <... umount2 resumed>) = 0 [pid 297] umount2("./44/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] newfstatat(4, "", [pid 1216] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1182, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- [pid 298] umount2("./40/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1216] close(8 [pid 297] <... umount2 resumed>) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1216] <... close resumed>) = 0 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] umount2("./44/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1216] close(7 [pid 299] umount2("./39", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] newfstatat(AT_FDCWD, "./40/bus", [pid 296] getdents64(4, [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 298] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 299] <... openat resumed>) = 3 [pid 297] newfstatat(AT_FDCWD, "./44/bus", [pid 299] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] unlink("./40/bus" [pid 297] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] getdents64(4, [pid 1216] <... close resumed>) = 0 [pid 299] getdents64(3, 0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 298] <... unlink resumed>) = 0 [pid 297] unlink("./44/bus" [pid 1216] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] umount2("./39/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] umount2("./40/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 1216] <... futex resumed>) = 0 [pid 299] <... umount2 resumed>) = 0 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] <... unlink resumed>) = 0 [pid 296] close(4 [pid 1216] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 299] umount2("./39/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] newfstatat(AT_FDCWD, "./40/binderfs", [pid 297] umount2("./44/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] <... close resumed>) = 0 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./39/bus", [pid 298] unlink("./40/binderfs" [pid 297] newfstatat(AT_FDCWD, "./44/binderfs", [pid 296] rmdir("./36/file0" [pid 1214] exit_group(0 [pid 299] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1214] <... exit_group resumed>) = ? [pid 299] unlink("./39/bus") = 0 [pid 298] <... unlink resumed>) = 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] umount2("./39/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] unlink("./44/binderfs" [pid 296] <... rmdir resumed>) = 0 [pid 1216] <... futex resumed>) = ? [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] newfstatat(AT_FDCWD, "./40/file0", [pid 297] <... unlink resumed>) = 0 [pid 296] getdents64(3, [pid 1216] +++ exited with 0 +++ [pid 299] unlink("./39/binderfs" [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] <... unlink resumed>) = 0 [pid 298] umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [ 31.498184][ T1209] EXT4-fs warning (device loop1): read_mmp_block:115: Error -74 while reading MMP block 12 [ 31.498406][ T1205] EXT4-fs (loop2): get orphan inode failed [ 31.514776][ T1205] EXT4-fs (loop2): mount failed [ 31.546518][ T1215] loop4: detected capacity change from 0 to 512 [pid 299] umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] close(3 [pid 1215] <... futex resumed>) = ? [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./39/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./39/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 299] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(4, 0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 299] getdents64(4, 0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 299] close(4) = 0 [pid 299] rmdir("./39/file0") = 0 [pid 299] getdents64(3, 0x555556cc8730 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 1223 attached [pid 299] close(3 [pid 1223] set_robust_list(0x555556cc76a0, 24 [pid 299] <... close resumed>) = 0 [pid 1223] <... set_robust_list resumed>) = 0 [pid 299] rmdir("./39" [pid 1223] chdir("./44" [pid 299] <... rmdir resumed>) = 0 [pid 298] openat(AT_FDCWD, "./40/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 297] newfstatat(AT_FDCWD, "./44/file0", [pid 296] <... close resumed>) = 0 [pid 1223] <... chdir resumed>) = 0 [pid 299] mkdir("./40", 0777 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1223] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 299] <... mkdir resumed>) = 0 [pid 298] <... openat resumed>) = 4 [pid 297] umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] rmdir("./36" [pid 1223] <... prctl resumed>) = 0 [pid 299] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 298] newfstatat(4, "", [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1223] setpgid(0, 0 [pid 299] <... openat resumed>) = 3 [pid 1223] <... setpgid resumed>) = 0 [pid 299] ioctl(3, LOOP_CLR_FD [pid 297] openat(AT_FDCWD, "./44/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 296] <... rmdir resumed>) = 0 [pid 1223] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 299] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] <... openat resumed>) = 4 [pid 1223] <... openat resumed>) = 3 [pid 299] close(3 [pid 298] getdents64(4, [pid 297] newfstatat(4, "", [pid 296] mkdir("./37", 0777 [pid 1223] write(3, "1000", 4 [pid 299] <... close resumed>) = 0 [pid 298] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 1223] <... write resumed>) = 4 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1223] close(3 [pid 298] getdents64(4, [pid 297] getdents64(4, [pid 296] <... mkdir resumed>) = 0 [pid 1223] <... close resumed>) = 0 [pid 299] <... clone resumed>, child_tidptr=0x555556cc7690) = 1224 [pid 298] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 1223] symlink("/dev/binderfs", "./binderfs" [pid 297] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 296] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1223] <... symlink resumed>) = 0 [pid 298] close(4 [pid 297] getdents64(4, [pid 1223] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... close resumed>) = 0 [pid 296] <... openat resumed>) = 3 [pid 297] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 1223] <... futex resumed>) = 0 [pid 298] rmdir("./40/file0" [pid 297] close(4 [pid 296] ioctl(3, LOOP_CLR_FD [pid 1223] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, NULL, 8) = 0 [pid 1223] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1223] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 298] <... rmdir resumed>) = 0 [pid 297] <... close resumed>) = 0 [pid 298] getdents64(3, [pid 296] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 297] rmdir("./44/file0" [pid 1223] <... mmap resumed>) = 0x7f6220445000 [pid 1223] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1223] rt_sigprocmask(SIG_BLOCK, ~[], [pid 298] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 1223] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1223] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 297] <... rmdir resumed>) = 0 [pid 298] close(3 [pid 297] getdents64(3, [pid 296] close(3 [pid 1223] <... clone3 resumed> => {parent_tid=[1225]}, 88) = 1225 [pid 298] <... close resumed>) = 0 [pid 1223] rt_sigprocmask(SIG_SETMASK, [], [pid 298] rmdir("./40" [pid 297] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 296] <... close resumed>) = 0 [pid 1223] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1223] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1223] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1223] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220424000 [pid 1223] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 298] <... rmdir resumed>) = 0 [pid 297] close(3 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1223] <... mprotect resumed>) = 0 [pid 298] mkdir("./41", 0777 [pid 297] <... close resumed>) = 0 [pid 1223] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1223] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 297] rmdir("./44" [pid 1223] <... clone3 resumed> => {parent_tid=[1227]}, 88) = 1227 ./strace-static-x86_64: Process 1224 attached [pid 1223] rt_sigprocmask(SIG_SETMASK, [], [pid 1224] set_robust_list(0x555556cc76a0, 24 [pid 1223] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 298] <... mkdir resumed>) = 0 [pid 1224] <... set_robust_list resumed>) = 0 [pid 1223] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1224] chdir("./40" [pid 1223] <... futex resumed>) = 0 [pid 298] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 297] <... rmdir resumed>) = 0 [pid 296] <... clone resumed>, child_tidptr=0x555556cc7690) = 1226 [pid 1224] <... chdir resumed>) = 0 [pid 1223] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1224] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 298] <... openat resumed>) = 3 [pid 297] mkdir("./45", 0777 [pid 298] ioctl(3, LOOP_CLR_FD [pid 1224] <... prctl resumed>) = 0 [pid 1224] setpgid(0, 0) = 0 [pid 1224] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 297] <... mkdir resumed>) = 0 [pid 298] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 297] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 298] close(3 [pid 1224] <... openat resumed>) = 3 [pid 298] <... close resumed>) = 0 [pid 297] <... openat resumed>) = 3 [pid 1224] write(3, "1000", 4) = 4 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 297] ioctl(3, LOOP_CLR_FD [pid 1224] close(3) = 0 [pid 1224] symlink("/dev/binderfs", "./binderfs") = 0 [pid 297] <... ioctl resumed>) = -1 ENXIO (No such device or address) ./strace-static-x86_64: Process 1226 attached [pid 1224] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... clone resumed>, child_tidptr=0x555556cc7690) = 1228 [pid 1224] <... futex resumed>) = 0 [pid 297] close(3 [pid 1224] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, NULL, 8) = 0 [pid 297] <... close resumed>) = 0 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1224] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1224] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220445000 [pid 1224] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1224] rt_sigprocmask(SIG_BLOCK, ~[], [pid 297] <... clone resumed>, child_tidptr=0x555556cc7690) = 1229 [pid 1224] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1224] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0}./strace-static-x86_64: Process 1225 attached [pid 1226] set_robust_list(0x555556cc76a0, 24 [pid 1225] set_robust_list(0x7f62204659a0, 24 [pid 1224] <... clone3 resumed> => {parent_tid=[1230]}, 88) = 1230 ./strace-static-x86_64: Process 1227 attached [pid 1225] <... set_robust_list resumed>) = 0 [pid 1224] rt_sigprocmask(SIG_SETMASK, [], [pid 1227] set_robust_list(0x7f62204449a0, 24 [pid 1225] rt_sigprocmask(SIG_SETMASK, [], [pid 1224] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1227] <... set_robust_list resumed>) = 0 [pid 1225] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1224] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1227] rt_sigprocmask(SIG_SETMASK, [], [pid 1225] memfd_create("syzkaller", 0 [pid 1224] <... futex resumed>) = 0 [pid 1227] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1226] <... set_robust_list resumed>) = 0 [pid 1225] <... memfd_create resumed>) = 3 [pid 1224] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1227] creat("./bus", 000 [pid 1225] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1224] <... futex resumed>) = 0 [pid 1227] <... creat resumed>) = 4 [pid 1226] chdir("./37" [pid 1225] <... mmap resumed>) = 0x7f6218024000 [pid 1224] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1227] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1226] <... chdir resumed>) = 0 [pid 1225] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 1224] <... mmap resumed>) = 0x7f6220424000 [pid 1227] <... futex resumed>) = 1 [pid 1225] <... write resumed>) = 262144 [pid 1224] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 1223] <... futex resumed>) = 0 [pid 1227] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1224] <... mprotect resumed>) = 0 [pid 1223] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1227] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1226] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1224] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1223] <... futex resumed>) = 0 [pid 1227] mount("/dev/loop5", "./bus", NULL, MS_BIND, NULL [pid 1226] <... prctl resumed>) = 0 [pid 1224] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1223] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1227] <... mount resumed>) = 0 [pid 1226] setpgid(0, 0 [pid 1224] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 1227] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1226] <... setpgid resumed>) = 0 [pid 1225] munmap(0x7f6218024000, 262144 [pid 1227] <... futex resumed>) = 1 [pid 1225] <... munmap resumed>) = 0 [pid 1224] <... clone3 resumed> => {parent_tid=[1231]}, 88) = 1231 [pid 1223] <... futex resumed>) = 0 [pid 1227] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1225] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 1224] rt_sigprocmask(SIG_SETMASK, [], [pid 1223] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1226] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1227] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1225] <... openat resumed>) = 5 [pid 1224] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1223] <... futex resumed>) = 0 ./strace-static-x86_64: Process 1230 attached [pid 1227] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 1225] ioctl(5, LOOP_SET_FD, 3 [pid 1224] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1223] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1231 attached ./strace-static-x86_64: Process 1229 attached ./strace-static-x86_64: Process 1228 attached [pid 1227] <... open resumed>) = 6 [pid 1226] <... openat resumed>) = 3 [pid 1224] <... futex resumed>) = 0 [pid 1231] set_robust_list(0x7f62204449a0, 24 [pid 1229] set_robust_list(0x555556cc76a0, 24 [pid 1228] set_robust_list(0x555556cc76a0, 24 [pid 1226] write(3, "1000", 4 [pid 1231] <... set_robust_list resumed>) = 0 [pid 1229] <... set_robust_list resumed>) = 0 [pid 1228] <... set_robust_list resumed>) = 0 [pid 1226] <... write resumed>) = 4 [pid 1231] rt_sigprocmask(SIG_SETMASK, [], [pid 1229] chdir("./45" [pid 1228] chdir("./41" [pid 1226] close(3 [pid 1231] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1229] <... chdir resumed>) = 0 [pid 1228] <... chdir resumed>) = 0 [pid 1226] <... close resumed>) = 0 [pid 1231] creat("./bus", 000 [pid 1229] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1228] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1226] symlink("/dev/binderfs", "./binderfs" [pid 1231] <... creat resumed>) = 3 [pid 1229] <... prctl resumed>) = 0 [pid 1228] <... prctl resumed>) = 0 [pid 1226] <... symlink resumed>) = 0 [pid 1230] set_robust_list(0x7f62204659a0, 24 [pid 1229] setpgid(0, 0 [pid 1227] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1225] <... ioctl resumed>) = 0 [pid 1224] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1226] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1230] <... set_robust_list resumed>) = 0 [pid 1229] <... setpgid resumed>) = 0 [pid 1228] setpgid(0, 0 [pid 1227] <... futex resumed>) = 1 [pid 1226] <... futex resumed>) = 0 [pid 1225] close(3 [pid 1223] <... futex resumed>) = 0 [pid 1230] rt_sigprocmask(SIG_SETMASK, [], [pid 1227] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1226] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 1225] <... close resumed>) = 0 [pid 1223] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1230] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1229] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1228] <... setpgid resumed>) = 0 [pid 1227] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1226] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1225] mkdir("./file0", 0777 [pid 1223] <... futex resumed>) = 0 [pid 1231] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1230] memfd_create("syzkaller", 0 [pid 1229] <... openat resumed>) = 3 [pid 1227] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 1226] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 1225] <... mkdir resumed>) = 0 [pid 1223] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1230] <... memfd_create resumed>) = 4 [pid 1229] write(3, "1000", 4 [pid 1228] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1227] <... socket resumed>) = 3 [pid 1226] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1225] mount("/dev/loop5", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 1231] <... futex resumed>) = 1 [pid 1230] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1229] <... write resumed>) = 4 [pid 1228] <... openat resumed>) = 3 [pid 1227] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1226] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1224] <... futex resumed>) = 0 [pid 1231] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1230] <... mmap resumed>) = 0x7f6218024000 [pid 1229] close(3 [pid 1228] write(3, "1000", 4 [pid 1227] <... futex resumed>) = 1 [pid 1226] <... mmap resumed>) = 0x7f6220445000 [pid 1224] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1223] <... futex resumed>) = 0 [pid 1231] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1230] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 1229] <... close resumed>) = 0 [pid 1228] <... write resumed>) = 4 [pid 1227] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1226] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 1224] <... futex resumed>) = 0 [pid 1223] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1231] mount("/dev/loop3", "./bus", NULL, MS_BIND, NULL [pid 1230] <... write resumed>) = 262144 [pid 1229] symlink("/dev/binderfs", "./binderfs" [pid 1228] close(3 [pid 1227] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1226] <... mprotect resumed>) = 0 [pid 1224] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1223] <... futex resumed>) = 0 [pid 1230] munmap(0x7f6218024000, 262144 [pid 1227] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 6, 0 [pid 1223] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1231] <... mount resumed>) = 0 [pid 1230] <... munmap resumed>) = 0 [pid 1229] <... symlink resumed>) = 0 [pid 1228] <... close resumed>) = 0 [pid 1227] <... mmap resumed>) = 0x20000000 [pid 1226] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1231] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1230] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 1229] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1228] symlink("/dev/binderfs", "./binderfs" [pid 1227] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1226] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1231] <... futex resumed>) = 1 [pid 1230] <... openat resumed>) = 5 [pid 1229] <... futex resumed>) = 0 [pid 1227] <... futex resumed>) = 1 [pid 1224] <... futex resumed>) = 0 [pid 1223] <... futex resumed>) = 0 [pid 1230] ioctl(5, LOOP_SET_FD, 4 [pid 1231] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 1229] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 1228] <... symlink resumed>) = 0 [pid 1227] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1226] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 1224] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1223] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1229] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1228] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1227] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1224] <... futex resumed>) = 0 [pid 1223] <... futex resumed>) = 0 ./strace-static-x86_64: Process 1232 attached [pid 1231] <... open resumed>) = 6 [pid 1230] <... ioctl resumed>) = 0 [pid 1229] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 1228] <... futex resumed>) = 0 [pid 1227] memfd_create("syzkaller", 0 [pid 1226] <... clone3 resumed> => {parent_tid=[1232]}, 88) = 1232 [pid 1224] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1232] set_robust_list(0x7f62204659a0, 24 [pid 1231] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1230] close(4 [pid 1229] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1228] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 1226] rt_sigprocmask(SIG_SETMASK, [], [pid 1229] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1228] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1226] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1229] <... mmap resumed>) = 0x7f6220445000 [pid 1228] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 1226] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1229] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 1228] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1226] <... futex resumed>) = 0 [pid 1229] <... mprotect resumed>) = 0 [pid 1228] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1226] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1229] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1228] <... mmap resumed>) = 0x7f6220445000 [pid 1226] <... futex resumed>) = 0 [pid 1229] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1228] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 1226] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1229] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 1228] <... mprotect resumed>) = 0 [pid 1226] <... mmap resumed>) = 0x7f6220424000 [pid 1228] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1226] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 1229] <... clone3 resumed> => {parent_tid=[1235]}, 88) = 1235 [pid 1228] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1226] <... mprotect resumed>) = 0 [pid 1229] rt_sigprocmask(SIG_SETMASK, [], [pid 1228] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 1226] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1229] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1226] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1229] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1228] <... clone3 resumed> => {parent_tid=[1236]}, 88) = 1236 [pid 1226] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 1229] <... futex resumed>) = 0 [pid 1228] rt_sigprocmask(SIG_SETMASK, [], [pid 1229] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1228] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1226] <... clone3 resumed> => {parent_tid=[1237]}, 88) = 1237 [pid 1229] <... futex resumed>) = 0 [pid 1228] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1226] rt_sigprocmask(SIG_SETMASK, [], [pid 1229] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1228] <... futex resumed>) = 0 [pid 1226] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1229] <... mmap resumed>) = 0x7f6220424000 [pid 1228] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1226] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1229] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 1228] <... futex resumed>) = 0 [pid 1226] <... futex resumed>) = 0 [pid 1229] <... mprotect resumed>) = 0 [pid 1228] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1226] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1229] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1228] <... mmap resumed>) = 0x7f6220424000 [pid 1229] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1228] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 1229] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 1228] <... mprotect resumed>) = 0 ./strace-static-x86_64: Process 1236 attached [pid 1232] <... set_robust_list resumed>) = 0 [pid 1231] <... futex resumed>) = 0 [pid 1230] <... close resumed>) = 0 [pid 1228] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1227] <... memfd_create resumed>) = 7 [pid 1224] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1215] +++ exited with 0 +++ [pid 1214] +++ exited with 0 +++ [pid 1229] <... clone3 resumed> => {parent_tid=[1238]}, 88) = 1238 [pid 1228] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1229] rt_sigprocmask(SIG_SETMASK, [], [pid 1228] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 1229] <... rt_sigprocmask resumed>NULL, 8) = 0 ./strace-static-x86_64: Process 1235 attached [pid 1229] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1228] <... clone3 resumed> => {parent_tid=[1239]}, 88) = 1239 [pid 1235] set_robust_list(0x7f62204659a0, 24 [pid 1229] <... futex resumed>) = 0 [pid 1228] rt_sigprocmask(SIG_SETMASK, [], [pid 1235] <... set_robust_list resumed>) = 0 [pid 1229] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1228] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1235] rt_sigprocmask(SIG_SETMASK, [], [pid 1228] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 1237 attached [pid 1235] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1228] <... futex resumed>) = 0 [pid 1237] set_robust_list(0x7f62204449a0, 24 [pid 1235] memfd_create("syzkaller", 0 [pid 1228] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1237] <... set_robust_list resumed>) = 0 [pid 1235] <... memfd_create resumed>) = 3 [pid 1237] rt_sigprocmask(SIG_SETMASK, [], [pid 1235] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0./strace-static-x86_64: Process 1238 attached [pid 1237] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1235] <... mmap resumed>) = 0x7f6218024000 [pid 1238] set_robust_list(0x7f62204449a0, 24 [pid 1237] creat("./bus", 000 [pid 1235] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 1238] <... set_robust_list resumed>) = 0 [pid 1237] <... creat resumed>) = 3 [pid 1238] rt_sigprocmask(SIG_SETMASK, [], [pid 1237] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1238] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1237] <... futex resumed>) = 1 [pid 1226] <... futex resumed>) = 0 [pid 1238] creat("./bus", 000 [pid 1237] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [ 31.609250][ T1225] loop5: detected capacity change from 0 to 512 [ 31.622037][ T1230] loop3: detected capacity change from 0 to 512 [ 31.629452][ T1233] EXT4-fs warning (device loop5): kmmpd:170: kmmpd being stopped since MMP feature has been disabled. [ 31.640951][ T1225] EXT4-fs (loop5): revision level too high, forcing read-only mode [pid 1226] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1238] <... creat resumed>) = 4 [pid 1237] <... mount resumed>) = 0 [pid 1235] <... write resumed>) = 262144 [pid 1226] <... futex resumed>) = 0 [pid 1238] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1237] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1226] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1238] <... futex resumed>) = 1 [pid 1237] <... futex resumed>) = 0 [pid 1229] <... futex resumed>) = 0 [pid 1226] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1238] mount("/dev/loop1", "./bus", NULL, MS_BIND, NULL [pid 1237] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1236] set_robust_list(0x7f62204659a0, 24 [pid 1232] rt_sigprocmask(SIG_SETMASK, [], [pid 1231] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1230] mkdir("./file0", 0777 [pid 1229] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1227] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1226] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1224] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1214, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 1236] <... set_robust_list resumed>) = 0 [pid 1235] munmap(0x7f6218024000, 262144 [pid 1232] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1231] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1230] <... mkdir resumed>) = 0 [pid 1229] <... futex resumed>) = 0 [pid 1227] <... mmap resumed>) = 0x7f620fc64000 [pid 1226] <... futex resumed>) = 0 [pid 1224] <... futex resumed>) = 0 [pid 1238] <... mount resumed>) = 0 [pid 1237] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1236] rt_sigprocmask(SIG_SETMASK, [], [pid 1235] <... munmap resumed>) = 0 [pid 1232] memfd_create("syzkaller", 0 [pid 1231] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 1230] mount("/dev/loop3", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 1229] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1227] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 68515 [pid 1226] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1224] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1238] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1237] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 1236] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1235] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 1232] <... memfd_create resumed>) = 4 [pid 1231] <... socket resumed>) = 4 [pid 1227] <... write resumed>) = 68515 [pid 300] umount2("./39", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1238] <... futex resumed>) = 1 [pid 1237] <... open resumed>) = 5 [pid 1236] memfd_create("syzkaller", 0 [pid 1235] <... openat resumed>) = 5 [pid 1232] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1231] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1229] <... futex resumed>) = 0 [pid 1227] munmap(0x7f620fc64000, 68515 [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 1239 attached [pid 1238] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1237] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1236] <... memfd_create resumed>) = 3 [pid 1235] ioctl(5, LOOP_SET_FD, 3 [pid 1232] <... mmap resumed>) = 0x7f6218024000 [pid 1231] <... futex resumed>) = 1 [pid 1227] <... munmap resumed>) = 0 [pid 1224] <... futex resumed>) = 0 [pid 300] openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1239] set_robust_list(0x7f62204449a0, 24 [pid 1238] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1237] <... futex resumed>) = 1 [pid 1236] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1232] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 1231] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1229] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1227] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 1226] <... futex resumed>) = 0 [pid 1224] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] <... openat resumed>) = 3 [pid 1239] <... set_robust_list resumed>) = 0 [pid 1238] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 1237] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1236] <... mmap resumed>) = 0x7f6218024000 [pid 1232] <... write resumed>) = 262144 [pid 1231] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1229] <... futex resumed>) = 0 [pid 1227] <... openat resumed>) = 8 [pid 1226] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1224] <... futex resumed>) = 0 [pid 300] newfstatat(3, "", [pid 1238] <... open resumed>) = 6 [pid 1237] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1236] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 1235] <... ioctl resumed>) = 0 [pid 1232] munmap(0x7f6218024000, 262144 [pid 1231] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 6, 0 [pid 1229] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1227] ioctl(8, LOOP_SET_FD, 7 [pid 1226] <... futex resumed>) = 0 [pid 1224] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 300] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1238] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1237] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 1235] close(3 [pid 1229] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1226] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1237] <... socket resumed>) = 6 [pid 1235] <... close resumed>) = 0 [pid 1229] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1237] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1235] mkdir("./file0", 0777 [pid 1229] <... futex resumed>) = 0 [pid 1237] <... futex resumed>) = 1 [pid 1235] <... mkdir resumed>) = 0 [pid 1229] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1226] <... futex resumed>) = 0 [pid 1237] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1235] mount("/dev/loop1", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 1226] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1238] <... futex resumed>) = 1 [pid 1237] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1231] <... mmap resumed>) = 0x20000000 [pid 1229] <... futex resumed>) = 0 [pid 1228] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 1227] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 1226] <... futex resumed>) = 0 [pid 300] getdents64(3, [pid 1238] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 1237] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 1232] <... munmap resumed>) = 0 [pid 1229] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=39000000} [pid 1228] futex(0x7f62205316ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 1227] ioctl(8, LOOP_CLR_FD [pid 1226] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 300] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 1231] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1238] <... socket resumed>) = 3 [pid 1237] <... mmap resumed>) = 0x20000000 [pid 1232] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1228] <... futex resumed>) = 0 [pid 1237] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1228] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1237] <... futex resumed>) = 1 [pid 1228] <... mmap resumed>) = 0x7f6218003000 [pid 1226] <... futex resumed>) = 0 [ 31.649551][ T1225] EXT4-fs error (device loop5): ext4_init_orphan_info:586: comm syz-executor172: inode #0: comm syz-executor172: iget: illegal inode # [ 31.669823][ T1235] loop1: detected capacity change from 0 to 512 [ 31.689984][ T1230] EXT4-fs (loop3): mounted filesystem without journal. Opts: nodiscard,barrier,nouid32,grpquota,,errors=continue. Quota mode: writeback. [pid 1237] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1228] mprotect(0x7f6218004000, 131072, PROT_READ|PROT_WRITE [pid 1226] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1237] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1228] <... mprotect resumed>) = 0 [pid 1226] <... futex resumed>) = 0 [pid 1237] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000144} --- [pid 1228] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1226] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1228] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1228] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6218023990, parent_tid=0x7f6218023990, exit_signal=0, stack=0x7f6218003000, stack_size=0x20300, tls=0x7f62180236c0} => {parent_tid=[1242]}, 88) = 1242 [pid 1228] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1227] <... ioctl resumed>) = 0 [pid 1238] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1232] <... openat resumed>) = ? [pid 1231] <... futex resumed>) = 1 [pid 1228] futex(0x7f62205316e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1224] <... futex resumed>) = 0 [pid 1229] <... futex resumed>) = 0 [pid 300] umount2("./39/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1238] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1232] +++ killed by SIGBUS +++ [pid 1239] rt_sigprocmask(SIG_SETMASK, [], [pid 1236] <... write resumed>) = 262144 [pid 1231] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1229] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1228] <... futex resumed>) = 0 [pid 1224] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] <... umount2 resumed>) = 0 [pid 1238] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1228] futex(0x7f62205316ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1237] +++ killed by SIGBUS +++ [pid 1226] +++ killed by SIGBUS +++ [pid 1238] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 6, 0 [pid 1231] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1229] <... futex resumed>) = 0 [pid 1227] ioctl(8, LOOP_SET_FD, 7 [pid 1224] <... futex resumed>) = 0 [pid 300] umount2("./39/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1238] <... mmap resumed>) = 0x20000000 [pid 1231] memfd_create("syzkaller", 0 [pid 1229] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1227] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1226, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 1238] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1231] <... memfd_create resumed>) = 7 [pid 1229] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1227] close(8 [pid 300] newfstatat(AT_FDCWD, "./39/bus", [pid 296] restart_syscall(<... resuming interrupted clone ...> [pid 1238] <... futex resumed>) = 0 [pid 1231] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1229] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1227] <... close resumed>) = 0 [pid 300] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1238] memfd_create("syzkaller", 0 [pid 1227] close(7 [pid 1231] <... mmap resumed>) = 0x7f620fc64000 [pid 296] <... restart_syscall resumed>) = 0 [pid 300] unlink("./39/bus" [pid 1229] <... futex resumed>) = 0 [pid 1239] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1238] <... memfd_create resumed>) = 7 [pid 1236] munmap(0x7f6218024000, 262144 [pid 1231] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 1227] <... close resumed>) = 0 [pid 300] <... unlink resumed>) = 0 [pid 1239] creat("./bus", 000 [pid 1238] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1236] <... munmap resumed>) = 0 [pid 1231] <... write resumed>) = 65536 [pid 1227] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] umount2("./39/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1239] <... creat resumed>) = 4 [pid 1238] <... mmap resumed>) = 0x7f620fc64000 [pid 1236] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 1231] munmap(0x7f620fc64000, 65536 [pid 1227] <... futex resumed>) = 0 [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1239] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1238] munmap(0x7f620fc64000, 138412032 [pid 1236] <... openat resumed>) = 5 [pid 1231] <... munmap resumed>) = 0 [pid 1227] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 300] newfstatat(AT_FDCWD, "./39/binderfs", [pid 1239] <... futex resumed>) = 0 [pid 1238] <... munmap resumed>) = 0 [pid 1236] ioctl(5, LOOP_SET_FD, 3 [pid 1231] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 300] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1239] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1238] close(7 [pid 1231] <... openat resumed>) = 8 [pid 1230] <... mount resumed>) = 0 [pid 300] unlink("./39/binderfs" [pid 1238] <... close resumed>) = 0 [pid 1231] ioctl(8, LOOP_SET_FD, 7 [pid 300] <... unlink resumed>) = 0 [pid 1238] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1231] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 300] umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1238] <... futex resumed>) = 0 [pid 1231] ioctl(8, LOOP_CLR_FD [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1238] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1231] <... ioctl resumed>) = 0 [pid 300] newfstatat(AT_FDCWD, "./39/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 300] umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 300] openat(AT_FDCWD, "./39/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 300] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 300] getdents64(4, ./strace-static-x86_64: Process 1242 attached 0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 1242] set_robust_list(0x7f62180239a0, 24 [pid 300] getdents64(4, [pid 1242] <... set_robust_list resumed>) = 0 [pid 300] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 1242] rt_sigprocmask(SIG_SETMASK, [], [pid 300] close(4 [pid 1242] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1231] ioctl(8, LOOP_SET_FD, 7 [pid 300] <... close resumed>) = 0 [pid 1242] mount("/dev/loop2", "./bus", NULL, MS_BIND, NULL [pid 1231] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 300] rmdir("./39/file0" [pid 1242] <... mount resumed>) = 0 [pid 1231] close(8 [pid 300] <... rmdir resumed>) = 0 [pid 1242] futex(0x7f62205316ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 1231] <... close resumed>) = 0 [pid 300] getdents64(3, [pid 1242] <... futex resumed>) = 1 [pid 1231] close(7 [pid 1230] openat(AT_FDCWD, 0x20000000, O_RDONLY|O_DIRECTORY [pid 1228] <... futex resumed>) = 0 [pid 300] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 296] umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1242] futex(0x7f62205316e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1231] <... close resumed>) = 0 [pid 1228] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] close(3 [pid 1239] <... futex resumed>) = 0 [pid 1231] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1228] <... futex resumed>) = 1 [pid 300] <... close resumed>) = 0 [pid 1239] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 1231] <... futex resumed>) = 0 [pid 1228] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 300] rmdir("./39" [pid 1231] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1230] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 300] <... rmdir resumed>) = 0 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 300] mkdir("./40", 0777 [pid 1230] ioctl(5, LOOP_CLR_FD [pid 300] <... mkdir resumed>) = 0 [pid 296] openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1230] <... ioctl resumed>) = 0 [pid 300] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 1239] <... open resumed>) = 6 [pid 1236] <... ioctl resumed>) = 0 [pid 1230] close(5 [pid 300] <... openat resumed>) = 3 [pid 296] <... openat resumed>) = 3 [pid 1239] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1230] <... close resumed>) = 0 [pid 300] ioctl(3, LOOP_CLR_FD [pid 296] newfstatat(3, "", [pid 1239] <... futex resumed>) = 1 [pid 1230] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1228] <... futex resumed>) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1230] <... futex resumed>) = 0 [pid 296] getdents64(3, [pid 1230] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 296] <... getdents64 resumed>0x555556cc8730 /* 4 entries */, 32768) = 104 [pid 296] umount2("./37/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1225] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 1225] ioctl(5, LOOP_CLR_FD) = 0 [pid 1225] close(5) = 0 [pid 1225] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1225] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1236] close(3) = 0 [ 31.707553][ T1225] EXT4-fs (loop5): get orphan inode failed [ 31.720004][ T1230] ext4 filesystem being mounted at /root/syzkaller.4NT5vc/40/file0 supports timestamps until 2038 (0x7fffffff) [ 31.733104][ T1236] loop2: detected capacity change from 0 to 512 [ 31.733734][ T1225] EXT4-fs (loop5): mount failed [pid 1236] mkdir("./file0", 0777) = 0 [pid 1236] mount("/dev/loop2", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 300] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 300] close(3) = 0 [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cc7690) = 1245 [pid 296] <... umount2 resumed>) = 0 [pid 1228] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] umount2("./37/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1228] <... futex resumed>) = 0 [pid 1224] exit_group(0 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./37/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] unlink("./37/bus" [pid 1230] <... futex resumed>) = ? [pid 1239] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 1228] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1224] <... exit_group resumed>) = ? [pid 1231] <... futex resumed>) = ? [pid 296] <... unlink resumed>) = 0 ./strace-static-x86_64: Process 1245 attached [pid 1239] <... socket resumed>) = 3 [pid 1230] +++ exited with 0 +++ [pid 296] umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] unlink("./37/binderfs") = 0 [pid 296] getdents64(3, 0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 296] close(3) = 0 [pid 296] rmdir("./37") = 0 [pid 296] mkdir("./38", 0777) = 0 [pid 296] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 296] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 296] close(3) = 0 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cc7690) = 1247 [pid 1245] set_robust_list(0x555556cc76a0, 24 [pid 1239] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1231] +++ exited with 0 +++ [pid 1224] +++ exited with 0 +++ [pid 1223] exit_group(0./strace-static-x86_64: Process 1247 attached [pid 1245] <... set_robust_list resumed>) = 0 [pid 1239] <... futex resumed>) = 1 [pid 1228] <... futex resumed>) = 0 [pid 1245] chdir("./40" [pid 1239] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1227] <... futex resumed>) = ? [pid 1225] <... futex resumed>) = ? [pid 1223] <... exit_group resumed>) = ? [pid 1235] <... mount resumed>) = 0 [pid 1235] openat(AT_FDCWD, 0x20000000, O_RDONLY|O_DIRECTORY) = -1 ENOENT (No such file or directory) [pid 1235] ioctl(5, LOOP_CLR_FD) = 0 [pid 1235] close(5) = 0 [pid 1228] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1227] +++ exited with 0 +++ [pid 1225] +++ exited with 0 +++ [pid 1235] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1235] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1247] set_robust_list(0x555556cc76a0, 24 [pid 1245] <... chdir resumed>) = 0 [pid 1239] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1228] <... futex resumed>) = 0 [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1224, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 1247] <... set_robust_list resumed>) = 0 [pid 1247] chdir("./38") = 0 [pid 1247] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1247] setpgid(0, 0) = 0 [pid 1247] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1247] write(3, "1000", 4) = 4 [pid 1247] close(3) = 0 [pid 1247] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1247] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1247] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, NULL, 8) = 0 [pid 1247] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1247] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220445000 [pid 1247] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1247] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1247] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} => {parent_tid=[1249]}, 88) = 1249 [pid 1247] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1247] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1247] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1247] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220424000 [pid 1247] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1247] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1247] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} => {parent_tid=[1250]}, 88) = 1250 [pid 1247] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1247] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 31.750546][ T1235] EXT4-fs (loop1): mounted filesystem without journal. Opts: nodiscard,barrier,nouid32,grpquota,,errors=continue. Quota mode: writeback. [ 31.768018][ T1235] ext4 filesystem being mounted at /root/syzkaller.9gSDIa/45/file0 supports timestamps until 2038 (0x7fffffff) [ 31.782503][ T1236] EXT4-fs (loop2): mounted filesystem without journal. Opts: nodiscard,barrier,nouid32,grpquota,,errors=continue. Quota mode: writeback. [pid 1247] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1250 attached [pid 1250] set_robust_list(0x7f62204449a0, 24) = 0 [pid 1250] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1250] creat("./bus", 000 [pid 1245] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1239] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 6, 0 [pid 1228] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] umount2("./40", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1245] <... prctl resumed>) = 0 [pid 1239] <... mmap resumed>) = 0x20000000 [pid 1229] exit_group(0 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 1249 attached [pid 1250] <... creat resumed>) = 3 [pid 1245] setpgid(0, 0 [pid 1239] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1238] <... futex resumed>) = ? [pid 1236] <... mount resumed>) = 0 [pid 1229] <... exit_group resumed>) = ? [pid 299] openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1245] <... setpgid resumed>) = 0 [pid 1239] <... futex resumed>) = 1 [pid 1238] +++ exited with 0 +++ [pid 1228] <... futex resumed>) = 0 [pid 299] <... openat resumed>) = 3 [pid 1245] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1239] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1228] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] newfstatat(3, "", [pid 1245] <... openat resumed>) = 3 [pid 1239] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1228] <... futex resumed>) = 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1245] write(3, "1000", 4 [pid 1239] memfd_create("syzkaller", 0 [pid 299] getdents64(3, [pid 1245] <... write resumed>) = 4 [pid 1239] <... memfd_create resumed>) = 7 [pid 1236] openat(AT_FDCWD, 0x20000000, O_RDONLY|O_DIRECTORY [pid 299] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 1245] close(3 [pid 1239] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1236] <... openat resumed>) = -1 ENOENT (No such file or directory) [pid 299] umount2("./40/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1245] <... close resumed>) = 0 [pid 1239] <... mmap resumed>) = 0x7f620fc03000 [pid 1236] ioctl(5, LOOP_CLR_FD [pid 299] <... umount2 resumed>) = 0 [pid 1250] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1249] set_robust_list(0x7f62204659a0, 24 [pid 1245] symlink("/dev/binderfs", "./binderfs" [pid 1239] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 1236] <... ioctl resumed>) = 0 [pid 1235] <... futex resumed>) = ? [pid 299] umount2("./40/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1250] <... futex resumed>) = 1 [pid 1249] <... set_robust_list resumed>) = 0 [pid 1247] <... futex resumed>) = 0 [pid 1245] <... symlink resumed>) = 0 [pid 1239] <... write resumed>) = 65536 [pid 1236] close(5 [pid 1247] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1245] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1239] munmap(0x7f620fc03000, 65536 [pid 1236] <... close resumed>) = 0 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1247] <... futex resumed>) = 0 [pid 1245] <... futex resumed>) = 0 [pid 1239] <... munmap resumed>) = 0 [pid 299] newfstatat(AT_FDCWD, "./40/bus", [pid 1247] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1245] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 1239] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 1236] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1245] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1239] <... openat resumed>) = 5 [pid 299] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1245] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 1239] ioctl(5, LOOP_SET_FD, 7 [pid 1236] <... futex resumed>) = 0 [pid 1245] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1239] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 1245] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1239] ioctl(5, LOOP_CLR_FD [pid 1236] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1245] <... mmap resumed>) = 0x7f6220445000 [pid 1239] <... ioctl resumed>) = 0 [pid 299] unlink("./40/bus" [pid 1245] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1245] rt_sigprocmask(SIG_BLOCK, ~[], [pid 299] <... unlink resumed>) = 0 [pid 1245] <... rt_sigprocmask resumed>[], 8) = 0 [pid 299] umount2("./40/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1245] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1245] <... clone3 resumed> => {parent_tid=[1251]}, 88) = 1251 [pid 299] newfstatat(AT_FDCWD, "./40/binderfs", [pid 1245] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1245] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 299] unlink("./40/binderfs" [pid 1245] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1245] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220424000 [pid 1245] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 299] <... unlink resumed>) = 0 [pid 1245] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1239] ioctl(5, LOOP_SET_FD, 7 [pid 299] umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1245] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1239] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 1245] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 1239] close(5) = 0 [pid 1245] <... clone3 resumed> => {parent_tid=[1252]}, 88) = 1252 [pid 1239] close(7 [pid 1245] rt_sigprocmask(SIG_SETMASK, [], [pid 1239] <... close resumed>) = 0 [pid 1245] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1239] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1245] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1239] <... futex resumed>) = 0 [pid 1245] <... futex resumed>) = 0 [pid 1239] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1228] exit_group(0 [pid 1245] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1242] <... futex resumed>) = ? [pid 1239] <... futex resumed>) = ? [pid 1236] <... futex resumed>) = ? [pid 1228] <... exit_group resumed>) = ? [pid 1242] +++ exited with 0 +++ [pid 1239] +++ exited with 0 +++ [pid 1236] +++ exited with 0 +++ [pid 1228] +++ exited with 0 +++ [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1228, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 1250] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 1250] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1247] <... futex resumed>) = 0 [pid 1250] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 1247] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1250] <... open resumed>) = 4 [pid 1247] <... futex resumed>) = 0 [pid 1235] +++ exited with 0 +++ [pid 1229] +++ exited with 0 +++ [pid 1247] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1250] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1229, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- [pid 1250] <... futex resumed>) = 1 [pid 1247] <... futex resumed>) = 0 [pid 297] restart_syscall(<... resuming interrupted clone ...> [pid 1250] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1247] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1250] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1247] <... futex resumed>) = 0 [pid 1250] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 1247] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1250] <... socket resumed>) = 5 [pid 297] <... restart_syscall resumed>) = 0 [pid 1250] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1250] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1247] <... futex resumed>) = 0 [pid 1247] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] umount2("./45", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1247] <... futex resumed>) = 0 [pid 1250] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1247] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] umount2("./41", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1250] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 4, 0 [pid 1249] rt_sigprocmask(SIG_SETMASK, [], [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] <... openat resumed>) = 3 [pid 298] openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 297] newfstatat(3, "", [pid 1250] <... mmap resumed>) = 0x20000000 [pid 1249] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 298] <... openat resumed>) = 3 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1250] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1249] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200005c4} --- [pid 298] newfstatat(3, "", [pid 297] getdents64(3, [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1250] <... futex resumed>) = ? [pid 1247] <... futex resumed>) = 0 [pid 297] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 298] getdents64(3, [pid 297] umount2("./45/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1250] +++ killed by SIGBUS +++ [pid 298] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 298] umount2("./41/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] <... umount2 resumed>) = 0 ./strace-static-x86_64: Process 1252 attached ./strace-static-x86_64: Process 1251 attached [pid 1249] +++ killed by SIGBUS +++ [pid 1247] +++ killed by SIGBUS +++ [pid 298] <... umount2 resumed>) = 0 [pid 297] umount2("./45/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1252] set_robust_list(0x7f62204449a0, 24 [pid 1251] set_robust_list(0x7f62204659a0, 24 [pid 1223] +++ exited with 0 +++ [pid 1252] <... set_robust_list resumed>) = 0 [pid 1252] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1252] creat("./bus", 000) = 3 [pid 1252] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1245] <... futex resumed>) = 0 [pid 1252] mount("/dev/loop4", "./bus", NULL, MS_BIND, NULL [pid 1245] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1252] <... mount resumed>) = 0 [pid 1245] <... futex resumed>) = 0 [pid 1252] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1245] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1252] <... futex resumed>) = 0 [pid 1245] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1252] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 1245] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1252] <... open resumed>) = 4 [pid 1245] <... futex resumed>) = 0 [pid 1252] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1245] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1252] <... futex resumed>) = 0 [pid 1245] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1252] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 1245] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1252] <... socket resumed>) = 5 [pid 1245] <... futex resumed>) = 0 [pid 1252] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1245] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1252] <... futex resumed>) = 0 [pid 1245] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1252] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 4, 0 [pid 1245] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1252] <... mmap resumed>) = 0x20000000 [pid 1245] <... futex resumed>) = 0 [pid 1252] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1245] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1252] <... futex resumed>) = 0 [pid 1245] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1252] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000144} --- [pid 1245] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = ? [pid 298] umount2("./41/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./41/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] unlink("./41/bus") = 0 [pid 298] umount2("./41/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] unlink("./41/binderfs") = 0 [pid 298] umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1247, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 297] newfstatat(AT_FDCWD, "./45/bus", [pid 301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1223, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- [pid 301] restart_syscall(<... resuming interrupted clone ...> [pid 297] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1251] <... set_robust_list resumed>) = ? [pid 297] unlink("./45/bus" [pid 1251] +++ killed by SIGBUS +++ [pid 301] <... restart_syscall resumed>) = 0 [pid 1252] +++ killed by SIGBUS +++ [pid 1245] +++ killed by SIGBUS +++ [pid 297] <... unlink resumed>) = 0 [pid 300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1245, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 297] umount2("./45/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 301] umount2("./44", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] umount2("./40", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./45/binderfs", [pid 296] umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW [pid 301] openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 300] openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 297] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 301] <... openat resumed>) = 3 [pid 300] <... openat resumed>) = 3 [pid 297] unlink("./45/binderfs" [pid 296] openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 301] newfstatat(3, "", [pid 300] newfstatat(3, "", [pid 297] <... unlink resumed>) = 0 [pid 296] <... openat resumed>) = 3 [pid 301] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 300] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] newfstatat(3, "", [pid 301] getdents64(3, [pid 300] getdents64(3, [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 301] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 300] <... getdents64 resumed>0x555556cc8730 /* 4 entries */, 32768) = 104 [pid 296] getdents64(3, [pid 301] umount2("./44/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] umount2("./40/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... getdents64 resumed>0x555556cc8730 /* 4 entries */, 32768) = 104 [pid 301] <... umount2 resumed>) = 0 [pid 300] <... umount2 resumed>) = 0 [pid 296] umount2("./38/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 301] umount2("./44/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] umount2("./40/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... umount2 resumed>) = 0 [pid 301] newfstatat(AT_FDCWD, "./44/bus", [pid 300] newfstatat(AT_FDCWD, "./40/bus", [pid 301] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 300] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] umount2("./38/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 301] unlink("./44/bus" [pid 300] unlink("./40/bus" [pid 301] <... unlink resumed>) = 0 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 301] umount2("./44/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] <... unlink resumed>) = 0 [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 300] umount2("./40/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] newfstatat(AT_FDCWD, "./38/bus", [pid 301] newfstatat(AT_FDCWD, "./44/binderfs", [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 301] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 300] newfstatat(AT_FDCWD, "./40/binderfs", [pid 296] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 301] unlink("./44/binderfs" [pid 300] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] unlink("./38/bus" [pid 301] <... unlink resumed>) = 0 [pid 300] unlink("./40/binderfs" [pid 301] umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] <... unlink resumed>) = 0 [pid 296] <... unlink resumed>) = 0 [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 300] getdents64(3, [pid 301] newfstatat(AT_FDCWD, "./44/file0", [pid 300] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 296] umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 301] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 300] close(3 [pid 301] umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 300] <... close resumed>) = 0 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 31.800457][ T1236] ext4 filesystem being mounted at /root/syzkaller.4RDDfu/41/file0 supports timestamps until 2038 (0x7fffffff) [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 300] rmdir("./40" [pid 296] newfstatat(AT_FDCWD, "./38/binderfs", [pid 301] openat(AT_FDCWD, "./44/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 300] <... rmdir resumed>) = 0 [pid 301] <... openat resumed>) = 4 [pid 300] mkdir("./41", 0777 [pid 296] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 301] newfstatat(4, "", [pid 300] <... mkdir resumed>) = 0 [pid 296] unlink("./38/binderfs" [pid 301] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 300] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 301] getdents64(4, [pid 300] <... openat resumed>) = 3 [pid 296] <... unlink resumed>) = 0 [pid 301] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 300] ioctl(3, LOOP_CLR_FD [pid 296] getdents64(3, [pid 301] getdents64(4, [pid 300] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 301] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 300] close(3 [pid 296] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 301] close(4 [pid 300] <... close resumed>) = 0 [pid 296] close(3 [pid 301] <... close resumed>) = 0 [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 301] rmdir("./44/file0" [pid 296] <... close resumed>) = 0 [pid 301] <... rmdir resumed>) = 0 [pid 300] <... clone resumed>, child_tidptr=0x555556cc7690) = 1253 [pid 296] rmdir("./38" [pid 301] getdents64(3, 0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 301] close(3) = 0 [pid 296] <... rmdir resumed>) = 0 [pid 301] rmdir("./44") = 0 [pid 296] mkdir("./39", 0777 [pid 301] mkdir("./45", 0777) = 0 [pid 296] <... mkdir resumed>) = 0 [pid 301] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 296] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 301] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 296] <... openat resumed>) = 3 [pid 301] close(3 [pid 296] ioctl(3, LOOP_CLR_FD [pid 301] <... close resumed>) = 0 [pid 301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 296] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 301] <... clone resumed>, child_tidptr=0x555556cc7690) = 1254 [pid 296] close(3) = 0 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 1253 attached [pid 1253] set_robust_list(0x555556cc76a0, 24) = 0 [pid 296] <... clone resumed>, child_tidptr=0x555556cc7690) = 1255 [pid 1253] chdir("./41") = 0 [pid 1253] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1253] setpgid(0, 0) = 0 [pid 1253] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC./strace-static-x86_64: Process 1255 attached ./strace-static-x86_64: Process 1254 attached ) = 3 [pid 299] <... umount2 resumed>) = 0 [pid 1253] write(3, "1000", 4 [pid 1255] set_robust_list(0x555556cc76a0, 24 [pid 299] umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1255] <... set_robust_list resumed>) = 0 [pid 1254] set_robust_list(0x555556cc76a0, 24 [pid 1253] <... write resumed>) = 4 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1253] close(3 [pid 299] newfstatat(AT_FDCWD, "./40/file0", [pid 1255] chdir("./39" [pid 1254] <... set_robust_list resumed>) = 0 [pid 1253] <... close resumed>) = 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1255] <... chdir resumed>) = 0 [pid 1253] symlink("/dev/binderfs", "./binderfs" [pid 299] umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1255] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1253] <... symlink resumed>) = 0 [pid 1255] <... prctl resumed>) = 0 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1253] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1255] setpgid(0, 0 [pid 299] openat(AT_FDCWD, "./40/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1255] <... setpgid resumed>) = 0 [pid 1254] chdir("./45" [pid 1253] <... futex resumed>) = 0 [pid 299] <... openat resumed>) = 4 [pid 1255] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1253] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 299] newfstatat(4, "", [pid 1254] <... chdir resumed>) = 0 [pid 1253] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1253] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1253] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1255] <... openat resumed>) = 3 [pid 1253] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 299] getdents64(4, [pid 1254] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1255] write(3, "1000", 4 [pid 1253] <... mmap resumed>) = 0x7f6220445000 [pid 1255] <... write resumed>) = 4 [pid 1254] <... prctl resumed>) = 0 [pid 1253] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 299] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 1255] close(3 [pid 1253] <... mprotect resumed>) = 0 [pid 1254] setpgid(0, 0 [pid 299] getdents64(4, [pid 1255] <... close resumed>) = 0 [pid 1253] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1255] symlink("/dev/binderfs", "./binderfs" [pid 1254] <... setpgid resumed>) = 0 [pid 299] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 1253] <... rt_sigprocmask resumed>[], 8) = 0 [pid 299] close(4 [pid 1253] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 299] <... close resumed>) = 0 [pid 299] rmdir("./40/file0"./strace-static-x86_64: Process 1256 attached [pid 1256] set_robust_list(0x7f62204659a0, 24) = 0 [pid 1253] <... clone3 resumed> => {parent_tid=[1256]}, 88) = 1256 [pid 299] <... rmdir resumed>) = 0 [pid 1255] <... symlink resumed>) = 0 [pid 1253] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 299] getdents64(3, [pid 1255] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1253] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1255] <... futex resumed>) = 0 [pid 1253] <... futex resumed>) = 0 [pid 299] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 1255] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 1254] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1253] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] close(3 [pid 1255] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1253] <... futex resumed>) = 0 [pid 1255] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 299] <... close resumed>) = 0 [pid 1253] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1255] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 299] rmdir("./40" [pid 1255] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1253] <... mmap resumed>) = 0x7f6220424000 [pid 1256] rt_sigprocmask(SIG_SETMASK, [], [pid 1255] <... mmap resumed>) = 0x7f6220445000 [pid 1254] <... openat resumed>) = 3 [pid 1253] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 299] <... rmdir resumed>) = 0 [pid 1255] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 1253] <... mprotect resumed>) = 0 [pid 299] mkdir("./41", 0777 [pid 1253] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1256] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1255] <... mprotect resumed>) = 0 [pid 1254] write(3, "1000", 4 [pid 1253] <... rt_sigprocmask resumed>[], 8) = 0 [pid 299] <... mkdir resumed>) = 0 [pid 1253] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 299] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 1253] <... clone3 resumed> => {parent_tid=[1257]}, 88) = 1257 [pid 299] <... openat resumed>) = 3 [pid 1255] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1254] <... write resumed>) = 4 [pid 1253] rt_sigprocmask(SIG_SETMASK, [], [pid 299] ioctl(3, LOOP_CLR_FD [pid 1255] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1254] close(3 [pid 1253] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 299] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 1255] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 1253] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] close(3 [pid 1254] <... close resumed>) = 0 [pid 1254] symlink("/dev/binderfs", "./binderfs" [pid 1253] <... futex resumed>) = 0 [pid 299] <... close resumed>) = 0 [pid 1255] <... clone3 resumed> => {parent_tid=[1258]}, 88) = 1258 [pid 1253] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1254] <... symlink resumed>) = 0 [pid 1255] rt_sigprocmask(SIG_SETMASK, [], [pid 1256] memfd_create("syzkaller", 0 [pid 1255] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1255] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... clone resumed>, child_tidptr=0x555556cc7690) = 1259 [pid 1254] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1255] <... futex resumed>) = 0 [pid 1255] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1254] <... futex resumed>) = 0 [pid 1255] <... futex resumed>) = 0 [pid 1255] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1254] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 1255] <... mmap resumed>) = 0x7f6220424000 [pid 1255] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 1254] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1256] <... memfd_create resumed>) = 3 [pid 1255] <... mprotect resumed>) = 0 [pid 1254] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 1255] rt_sigprocmask(SIG_BLOCK, ~[], ./strace-static-x86_64: Process 1259 attached ./strace-static-x86_64: Process 1257 attached [pid 1256] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1255] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1254] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 298] <... umount2 resumed>) = 0 [pid 297] <... umount2 resumed>) = 0 [pid 1259] set_robust_list(0x555556cc76a0, 24 [pid 1256] <... mmap resumed>) = 0x7f6218024000 [pid 1255] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 1254] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 298] umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1259] <... set_robust_list resumed>) = 0 [pid 1257] set_robust_list(0x7f62204449a0, 24 [pid 1256] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 1254] <... mmap resumed>) = 0x7f6220445000 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./41/file0", [pid 297] newfstatat(AT_FDCWD, "./45/file0", ./strace-static-x86_64: Process 1258 attached [pid 1259] chdir("./41" [pid 1257] <... set_robust_list resumed>) = 0 [pid 1256] <... write resumed>) = 262144 [pid 1255] <... clone3 resumed> => {parent_tid=[1260]}, 88) = 1260 [pid 1254] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1259] <... chdir resumed>) = 0 [pid 1257] rt_sigprocmask(SIG_SETMASK, [], [pid 1255] rt_sigprocmask(SIG_SETMASK, [], [pid 1254] <... mprotect resumed>) = 0 [pid 298] umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 297] umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1259] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1257] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1255] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1254] rt_sigprocmask(SIG_BLOCK, ~[], [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 1260 attached [pid 1259] <... prctl resumed>) = 0 [pid 1258] set_robust_list(0x7f62204659a0, 24 [pid 1257] creat("./bus", 000 [pid 1256] munmap(0x7f6218024000, 262144 [pid 1255] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1254] <... rt_sigprocmask resumed>[], 8) = 0 [pid 298] openat(AT_FDCWD, "./41/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 297] openat(AT_FDCWD, "./45/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1259] setpgid(0, 0 [pid 1258] <... set_robust_list resumed>) = 0 [pid 1257] <... creat resumed>) = 4 [pid 1255] <... futex resumed>) = 0 [pid 1254] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 298] <... openat resumed>) = 4 [pid 297] <... openat resumed>) = 4 [pid 1259] <... setpgid resumed>) = 0 [pid 1258] rt_sigprocmask(SIG_SETMASK, [], [pid 1257] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1255] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] newfstatat(4, "", [pid 297] newfstatat(4, "", [pid 1260] set_robust_list(0x7f62204449a0, 24 [pid 1259] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1258] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1257] <... futex resumed>) = 1 [pid 1256] <... munmap resumed>) = 0 [pid 1254] <... clone3 resumed> => {parent_tid=[1261]}, 88) = 1261 [pid 1253] <... futex resumed>) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1260] <... set_robust_list resumed>) = 0 [pid 1259] <... openat resumed>) = 3 [pid 1258] memfd_create("syzkaller", 0 [pid 1257] mount("/dev/loop4", "./bus", NULL, MS_BIND, NULL [pid 1256] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 1254] rt_sigprocmask(SIG_SETMASK, [], [pid 1253] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] getdents64(4, [pid 297] getdents64(4, [pid 1259] write(3, "1000", 4 [pid 1257] <... mount resumed>) = 0 [pid 1254] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1253] <... futex resumed>) = 0 [pid 298] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 297] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 1260] rt_sigprocmask(SIG_SETMASK, [], [pid 1259] <... write resumed>) = 4 [pid 1258] <... memfd_create resumed>) = 3 [pid 1257] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1256] <... openat resumed>) = 5 [pid 1254] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1253] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] getdents64(4, [pid 297] getdents64(4, [pid 1260] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1259] close(3 [pid 1258] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1257] <... futex resumed>) = 0 [pid 1256] ioctl(5, LOOP_SET_FD, 3 [pid 1254] <... futex resumed>) = 0 [pid 1253] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 298] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 297] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 1261 attached [pid 1260] creat("./bus", 000 [pid 1259] <... close resumed>) = 0 [pid 1258] <... mmap resumed>) = 0x7f6218024000 [pid 1257] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1254] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1253] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] close(4 [pid 297] close(4 [pid 1261] set_robust_list(0x7f62204659a0, 24 [pid 298] <... close resumed>) = 0 [pid 297] <... close resumed>) = 0 [pid 1261] <... set_robust_list resumed>) = 0 [pid 298] rmdir("./41/file0" [pid 297] rmdir("./45/file0" [pid 1261] rt_sigprocmask(SIG_SETMASK, [], [pid 298] <... rmdir resumed>) = 0 [pid 297] <... rmdir resumed>) = 0 [pid 1261] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 298] getdents64(3, [pid 297] getdents64(3, [pid 1261] memfd_create("syzkaller", 0 [pid 298] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 297] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 1261] <... memfd_create resumed>) = 3 [pid 298] close(3 [pid 297] close(3 [pid 1261] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1260] <... creat resumed>) = 4 [pid 1259] symlink("/dev/binderfs", "./binderfs" [pid 1254] <... futex resumed>) = 0 [pid 298] <... close resumed>) = 0 [pid 297] <... close resumed>) = 0 [pid 1261] <... mmap resumed>) = 0x7f6218045000 [pid 1260] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1259] <... symlink resumed>) = 0 [pid 1254] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 298] rmdir("./41" [pid 297] rmdir("./45" [pid 1261] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 1260] <... futex resumed>) = 1 [pid 1259] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1257] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1255] <... futex resumed>) = 0 [pid 1254] <... mmap resumed>) = 0x7f6218024000 [pid 1253] <... futex resumed>) = 0 [pid 298] <... rmdir resumed>) = 0 [pid 297] <... rmdir resumed>) = 0 [pid 1260] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1259] <... futex resumed>) = 0 [pid 1258] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 1257] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 1256] <... ioctl resumed>) = 0 [pid 1255] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1254] mprotect(0x7f6218025000, 131072, PROT_READ|PROT_WRITE [pid 1253] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] mkdir("./42", 0777 [pid 297] mkdir("./46", 0777 [pid 1261] <... write resumed>) = 262144 [pid 1260] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1259] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 1258] <... write resumed>) = 262144 [pid 1257] <... open resumed>) = 6 [pid 1256] close(3 [pid 1255] <... futex resumed>) = 0 [pid 1254] <... mprotect resumed>) = 0 [pid 1258] munmap(0x7f6218024000, 262144 [pid 1256] <... close resumed>) = 0 [pid 1255] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1258] <... munmap resumed>) = 0 [pid 1256] mkdir("./file0", 0777 [pid 298] <... mkdir resumed>) = 0 [pid 1258] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1261] munmap(0x7f6218045000, 262144 [pid 1260] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 1259] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1258] <... openat resumed>) = 5 [pid 1257] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1256] <... mkdir resumed>) = 0 [pid 1254] rt_sigprocmask(SIG_BLOCK, ~[], [pid 298] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 297] <... mkdir resumed>) = 0 [pid 1261] <... munmap resumed>) = 0 [pid 1260] <... mount resumed>) = 0 [pid 1259] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 1258] ioctl(5, LOOP_SET_FD, 3 [pid 1257] <... futex resumed>) = 1 [pid 1254] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1253] <... futex resumed>) = 0 [pid 298] <... openat resumed>) = 3 [pid 297] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 1261] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 1260] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1259] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1258] <... ioctl resumed>) = 0 [pid 1257] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1256] mount("/dev/loop4", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 1254] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6218044990, parent_tid=0x7f6218044990, exit_signal=0, stack=0x7f6218024000, stack_size=0x20300, tls=0x7f62180446c0} [pid 1253] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] ioctl(3, LOOP_CLR_FD./strace-static-x86_64: Process 1262 attached [pid 1261] <... openat resumed>) = 4 [pid 1260] <... futex resumed>) = 1 [pid 1259] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1257] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1255] <... futex resumed>) = 0 [pid 1253] <... futex resumed>) = 0 [pid 298] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 297] <... openat resumed>) = 3 [pid 1262] set_robust_list(0x7f62180449a0, 24 [pid 1260] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 1259] <... mmap resumed>) = 0x7f6220445000 [pid 1258] close(3 [pid 1257] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 1255] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1254] <... clone3 resumed> => {parent_tid=[1262]}, 88) = 1262 [pid 1253] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] close(3 [pid 297] ioctl(3, LOOP_CLR_FD [pid 1262] <... set_robust_list resumed>) = 0 [pid 1261] ioctl(4, LOOP_SET_FD, 3 [pid 1260] <... open resumed>) = 6 [pid 1259] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 1258] <... close resumed>) = 0 [pid 1257] <... socket resumed>) = 3 [pid 1255] <... futex resumed>) = 0 [pid 1254] rt_sigprocmask(SIG_SETMASK, [], [pid 298] <... close resumed>) = 0 [pid 297] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 1262] rt_sigprocmask(SIG_SETMASK, [], [pid 1258] mkdir("./file0", 0777) = 0 [pid 1258] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 1260] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1260] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1259] <... mprotect resumed>) = 0 [pid 1257] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1262] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1261] <... ioctl resumed>) = 0 [pid 1259] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1257] <... futex resumed>) = 1 [pid 1255] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1254] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1253] <... futex resumed>) = 0 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 297] close(3./strace-static-x86_64: Process 1263 attached [pid 1262] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1261] close(3 [pid 1259] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1257] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1255] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1254] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1253] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... close resumed>) = 0 [pid 1263] set_robust_list(0x555556cc76a0, 24 [pid 1262] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1261] <... close resumed>) = 0 [pid 1259] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 1257] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1255] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1254] <... futex resumed>) = 0 [pid 1253] <... futex resumed>) = 0 [pid 298] <... clone resumed>, child_tidptr=0x555556cc7690) = 1263 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1263] <... set_robust_list resumed>) = 0 [pid 1262] creat("./bus", 000 [pid 1261] mkdir("./file0", 0777 [pid 1260] <... futex resumed>) = 0 [pid 1257] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 6, 0 [pid 1255] <... futex resumed>) = 1 [pid 1254] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1253] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1263] chdir("./42" [pid 1262] <... creat resumed>) = 3 [pid 1261] <... mkdir resumed>) = 0 [pid 1260] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 1259] <... clone3 resumed> => {parent_tid=[1264]}, 88) = 1264 [pid 1257] <... mmap resumed>) = 0x20000000 [pid 1255] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] <... clone resumed>, child_tidptr=0x555556cc7690) = 1265 [pid 1263] <... chdir resumed>) = 0 [pid 1262] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1261] mount("/dev/loop5", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 1260] <... socket resumed>) = 3 [pid 1259] rt_sigprocmask(SIG_SETMASK, [], [pid 1257] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1263] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1262] <... futex resumed>) = 1 [pid 1260] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1259] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1257] <... futex resumed>) = 1 [pid 1254] <... futex resumed>) = 0 [pid 1253] <... futex resumed>) = 0 [pid 1263] <... prctl resumed>) = 0 [pid 1262] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1260] <... futex resumed>) = 1 [pid 1259] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1257] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1255] <... futex resumed>) = 0 [pid 1254] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1253] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1263] setpgid(0, 0 [pid 1262] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1260] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1259] <... futex resumed>) = 0 [pid 1257] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1255] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1254] <... futex resumed>) = 0 [pid 1253] <... futex resumed>) = 0 [pid 1263] <... setpgid resumed>) = 0 [pid 1262] mount("/dev/loop5", "./bus", NULL, MS_BIND, NULL [pid 1260] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1259] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1257] memfd_create("syzkaller", 0 [pid 1255] <... futex resumed>) = 0 [pid 1254] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1263] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1262] <... mount resumed>) = 0 [pid 1260] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 6, 0 [pid 1259] <... futex resumed>) = 0 [pid 1257] <... memfd_create resumed>) = 7 [pid 1255] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1263] <... openat resumed>) = 3 [pid 1262] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1259] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1257] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1263] write(3, "1000", 4 [pid 1262] <... futex resumed>) = 1 [pid 1260] <... mmap resumed>) = 0x20000000 [pid 1259] <... mmap resumed>) = 0x7f6220424000 [pid 1257] <... mmap resumed>) = 0x7f620fc64000 [pid 1254] <... futex resumed>) = 0 [pid 1263] <... write resumed>) = 4 [pid 1262] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1260] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1259] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 1254] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1263] close(3 [pid 1262] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1260] <... futex resumed>) = 1 [pid 1259] <... mprotect resumed>) = 0 [pid 1255] <... futex resumed>) = 0 [pid 1254] <... futex resumed>) = 0 [pid 1263] <... close resumed>) = 0 [pid 1262] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 1260] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1259] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1255] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1254] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1263] symlink("/dev/binderfs", "./binderfs" [pid 1262] <... open resumed>) = 5 [pid 1260] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1259] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1255] <... futex resumed>) = 0 [pid 1263] <... symlink resumed>) = 0 [pid 1262] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1259] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 1263] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1262] <... futex resumed>) = 1 [pid 1260] memfd_create("syzkaller", 0 [pid 1254] <... futex resumed>) = 0 [pid 1263] <... futex resumed>) = 0 [pid 1262] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1260] <... memfd_create resumed>) = 7 [pid 1259] <... clone3 resumed> => {parent_tid=[1267]}, 88) = 1267 [pid 1254] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1263] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 1262] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1260] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1259] rt_sigprocmask(SIG_SETMASK, [], [pid 1254] <... futex resumed>) = 0 ./strace-static-x86_64: Process 1264 attached [pid 1263] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1262] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 1260] <... mmap resumed>) = 0x7f620fc64000 [pid 1259] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1254] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1264] set_robust_list(0x7f62204659a0, 24 [pid 1263] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 1262] <... socket resumed>) = 6 [pid 1259] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1264] <... set_robust_list resumed>) = 0 [pid 1263] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1262] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1259] <... futex resumed>) = 0 [pid 1264] rt_sigprocmask(SIG_SETMASK, [], [ 31.885239][ T1256] loop4: detected capacity change from 0 to 512 [ 31.895700][ T1258] loop0: detected capacity change from 0 to 512 [ 31.904978][ T1261] loop5: detected capacity change from 0 to 512 [ 31.918693][ T1256] EXT4-fs warning (device loop4): read_mmp_block:115: Error -74 while reading MMP block 12 [pid 1263] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1262] <... futex resumed>) = 1 [pid 1260] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 1259] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1254] <... futex resumed>) = 0 [pid 1264] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1263] <... mmap resumed>) = 0x7f6220445000 [pid 1262] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1254] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1264] memfd_create("syzkaller", 0 [pid 1263] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 1262] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1260] <... write resumed>) = 65536 [pid 1254] <... futex resumed>) = 0 [pid 1264] <... memfd_create resumed>) = 3 [pid 1263] <... mprotect resumed>) = 0 [pid 1262] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 1254] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1264] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1263] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1262] <... mmap resumed>) = 0x20000000 ./strace-static-x86_64: Process 1267 attached [pid 1264] <... mmap resumed>) = 0x7f6218024000 [pid 1263] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1262] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1267] set_robust_list(0x7f62204449a0, 24 [pid 1264] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 1263] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 1262] <... futex resumed>) = 1 [pid 1254] <... futex resumed>) = 0 [pid 1267] <... set_robust_list resumed>) = 0 [pid 1264] <... write resumed>) = 262144 [pid 1262] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1254] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1267] rt_sigprocmask(SIG_SETMASK, [], [pid 1263] <... clone3 resumed> => {parent_tid=[1269]}, 88) = 1269 [pid 1262] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1254] <... futex resumed>) = 0 [pid 1267] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1263] rt_sigprocmask(SIG_SETMASK, [], [pid 1262] memfd_create("syzkaller", 0 [pid 1267] creat("./bus", 000 [pid 1264] munmap(0x7f6218024000, 262144 [pid 1263] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1262] <... memfd_create resumed>) = 7 [pid 1267] <... creat resumed>) = 4 [pid 1264] <... munmap resumed>) = 0 [pid 1263] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1262] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1267] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1264] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 1263] <... futex resumed>) = 0 [pid 1262] <... mmap resumed>) = 0x7f620fc24000 [pid 1257] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 1267] <... futex resumed>) = 1 [pid 1264] <... openat resumed>) = 5 [pid 1263] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1262] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 1259] <... futex resumed>) = 0 [pid 1257] <... write resumed>) = 65536 [pid 1267] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1264] ioctl(5, LOOP_SET_FD, 3 [pid 1263] <... futex resumed>) = 0 [pid 1262] <... write resumed>) = 65536 [pid 1259] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1257] munmap(0x7f620fc64000, 65536./strace-static-x86_64: Process 1265 attached [pid 1267] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1263] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1262] munmap(0x7f620fc24000, 65536 [pid 1260] munmap(0x7f620fc64000, 65536 [pid 1259] <... futex resumed>) = 0 [pid 1257] <... munmap resumed>) = 0 [pid 1256] <... mount resumed>) = -1 EBADMSG (Bad message) [pid 1267] mount("/dev/loop3", "./bus", NULL, MS_BIND, NULL [pid 1263] <... mmap resumed>) = 0x7f6220424000 [pid 1262] <... munmap resumed>) = 0 [pid 1259] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1257] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 1256] ioctl(5, LOOP_CLR_FD./strace-static-x86_64: Process 1269 attached [pid 1267] <... mount resumed>) = 0 [pid 1265] set_robust_list(0x555556cc76a0, 24 [pid 1264] <... ioctl resumed>) = 0 [pid 1263] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 1262] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 1260] <... munmap resumed>) = 0 [pid 1258] <... mount resumed>) = -1 EBADMSG (Bad message) [pid 1257] <... openat resumed>) = 8 [pid 1256] <... ioctl resumed>) = 0 [pid 1269] set_robust_list(0x7f62204659a0, 24 [pid 1267] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1265] <... set_robust_list resumed>) = 0 [pid 1263] <... mprotect resumed>) = 0 [pid 1262] <... openat resumed>) = 8 [pid 1258] ioctl(5, LOOP_CLR_FD [pid 1257] ioctl(8, LOOP_SET_FD, 7 [pid 1256] close(5 [pid 1269] <... set_robust_list resumed>) = 0 [pid 1267] <... futex resumed>) = 1 [pid 1263] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1262] ioctl(8, LOOP_SET_FD, 7 [pid 1259] <... futex resumed>) = 0 [pid 1258] <... ioctl resumed>) = 0 [pid 1257] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 1256] <... close resumed>) = 0 [pid 1269] rt_sigprocmask(SIG_SETMASK, [], [pid 1267] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1263] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1262] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 1259] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1258] close(5 [pid 1257] ioctl(8, LOOP_CLR_FD [pid 1256] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1269] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1267] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1263] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 1262] ioctl(8, LOOP_CLR_FD [pid 1260] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1259] <... futex resumed>) = 0 [pid 1258] <... close resumed>) = 0 [pid 1257] <... ioctl resumed>) = 0 [pid 1256] <... futex resumed>) = 0 [pid 1269] memfd_create("syzkaller", 0 [pid 1267] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 1262] <... ioctl resumed>) = 0 [pid 1259] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1258] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1256] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1269] <... memfd_create resumed>) = 3 [pid 1267] <... open resumed>) = 6 [pid 1263] <... clone3 resumed> => {parent_tid=[1270]}, 88) = 1270 [pid 1258] <... futex resumed>) = 0 [pid 1269] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1267] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1263] rt_sigprocmask(SIG_SETMASK, [], [pid 1258] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1269] <... mmap resumed>) = 0x7f6218024000 [pid 1267] <... futex resumed>) = 1 [pid 1263] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1259] <... futex resumed>) = 0 [pid 1269] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 1267] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1263] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1259] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1269] <... write resumed>) = 262144 [pid 1267] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1265] chdir("./46" [pid 1263] <... futex resumed>) = 0 [pid 1262] ioctl(8, LOOP_SET_FD, 7 [pid 1260] <... openat resumed>) = 5 [pid 1259] <... futex resumed>) = 0 [pid 1257] ioctl(8, LOOP_SET_FD, 7 [pid 1269] munmap(0x7f6218024000, 262144 [pid 1267] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 1265] <... chdir resumed>) = 0 [pid 1263] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1262] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 1259] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1257] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 1269] <... munmap resumed>) = 0 [pid 1267] <... socket resumed>) = 7 [pid 1262] close(8 [pid 1257] close(8 [pid 1269] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 1267] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1262] <... close resumed>) = 0 [pid 1257] <... close resumed>) = 0 [pid 1269] <... openat resumed>) = 4 [pid 1267] <... futex resumed>) = 1 [pid 1262] close(7 [pid 1259] <... futex resumed>) = 0 [pid 1257] close(7 [pid 1269] ioctl(4, LOOP_SET_FD, 3 [pid 1267] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1265] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1262] <... close resumed>) = 0 [pid 1260] ioctl(5, LOOP_SET_FD, 7 [pid 1259] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1257] <... close resumed>) = 0 [pid 1267] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1262] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1259] <... futex resumed>) = 0 [pid 1257] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1267] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 6, 0 [pid 1265] <... prctl resumed>) = 0 [pid 1262] <... futex resumed>) = 0 [pid 1260] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 1259] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1257] <... futex resumed>) = 0 [pid 1267] <... mmap resumed>) = 0x20000000 [pid 1265] setpgid(0, 0 [pid 1262] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1260] ioctl(5, LOOP_CLR_FD [pid 1257] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1267] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1265] <... setpgid resumed>) = 0 [pid 1267] <... futex resumed>) = 1 [pid 1259] <... futex resumed>) = 0 [pid 1267] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1259] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1267] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1259] <... futex resumed>) = 0 [pid 1267] memfd_create("syzkaller", 0 [pid 1265] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1260] <... ioctl resumed>) = 0 [pid 1267] <... memfd_create resumed>) = 8 [pid 1265] <... openat resumed>) = 3 [pid 1267] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1265] write(3, "1000", 4 [ 31.932350][ T1258] EXT4-fs warning (device loop0): read_mmp_block:115: Error -74 while reading MMP block 12 [ 31.939573][ T1264] loop3: detected capacity change from 0 to 512 [ 31.948730][ T1261] EXT4-fs (loop5): revision level too high, forcing read-only mode [ 31.968851][ T1269] loop2: detected capacity change from 0 to 512 [pid 1253] exit_group(0 [pid 1267] <... mmap resumed>) = 0x7f620fc64000 [pid 1265] <... write resumed>) = 4 [pid 1257] <... futex resumed>) = ? [pid 1256] <... futex resumed>) = ? [pid 1253] <... exit_group resumed>) = ? [pid 1264] close(3 [pid 1267] write(8, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 1257] +++ exited with 0 +++ [pid 1256] +++ exited with 0 +++ [pid 1267] <... write resumed>) = 65536 ./strace-static-x86_64: Process 1270 attached [pid 1267] munmap(0x7f620fc64000, 65536 [pid 1270] set_robust_list(0x7f62204449a0, 24 [pid 1267] <... munmap resumed>) = 0 [pid 1270] <... set_robust_list resumed>) = 0 [pid 1267] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 1270] rt_sigprocmask(SIG_SETMASK, [], [pid 1267] <... openat resumed>) = 9 [pid 1270] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1267] ioctl(9, LOOP_SET_FD, 8 [pid 1270] creat("./bus", 000 [pid 1267] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 1270] <... creat resumed>) = 5 [pid 1267] ioctl(9, LOOP_CLR_FD [pid 1270] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1267] <... ioctl resumed>) = 0 [pid 1270] <... futex resumed>) = 1 [pid 1263] <... futex resumed>) = 0 [pid 1270] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1263] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1270] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1263] <... futex resumed>) = 0 [pid 1270] mount("/dev/loop2", "./bus", NULL, MS_BIND, NULL [pid 1263] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1270] <... mount resumed>) = 0 [pid 1270] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1263] <... futex resumed>) = 0 [pid 1270] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 1263] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1263] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1270] <... open resumed>) = 6 [pid 1270] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1267] ioctl(9, LOOP_SET_FD, 8 [pid 1263] <... futex resumed>) = 0 [pid 1270] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1267] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 1263] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1270] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1267] close(9 [pid 1263] <... futex resumed>) = 0 [pid 1270] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 1267] <... close resumed>) = 0 [pid 1263] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1270] <... socket resumed>) = 7 [pid 1267] close(8 [pid 1270] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1267] <... close resumed>) = 0 [pid 1270] <... futex resumed>) = 1 [pid 1267] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1263] <... futex resumed>) = 0 [pid 1270] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1267] <... futex resumed>) = 0 [pid 1263] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1270] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1267] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1263] <... futex resumed>) = 0 [pid 1270] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 6, 0 [pid 1263] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1270] <... mmap resumed>) = 0x20000000 [pid 1270] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1263] <... futex resumed>) = 0 [pid 1270] memfd_create("syzkaller", 0 [pid 1263] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1270] <... memfd_create resumed>) = 8 [pid 1263] <... futex resumed>) = 0 [pid 1270] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f620fc64000 [pid 1270] write(8, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536) = 65536 [pid 1270] munmap(0x7f620fc64000, 65536) = 0 [pid 1270] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 9 [pid 1270] ioctl(9, LOOP_SET_FD, 8) = -1 EBUSY (Device or resource busy) [pid 1269] <... ioctl resumed>) = 0 [pid 1270] ioctl(9, LOOP_CLR_FD) = 0 [pid 1269] close(3) = 0 [pid 1269] mkdir(0x20000000, 0777) = 0 [pid 1270] ioctl(9, LOOP_SET_FD, 8) = -1 EBUSY (Device or resource busy) [pid 1270] close(9) = 0 [pid 1270] close(8) = 0 [pid 1270] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1270] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1269] mount("/dev/loop2", 0x20000000, 0x200005c0, MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"... [pid 1265] close(3 [pid 1264] <... close resumed>) = 0 [pid 1260] ioctl(5, LOOP_SET_FD, 7 [pid 1269] <... mount resumed>) = -1 ENODEV (No such device) [pid 1265] <... close resumed>) = 0 [pid 1264] mkdir(0x20000000, 0777 [pid 1260] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 1260] close(5) = 0 [pid 1260] close(7) = 0 [pid 1260] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1260] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1253] +++ exited with 0 +++ [pid 1255] exit_group(0 [pid 1260] <... futex resumed>) = ? [pid 1258] <... futex resumed>) = ? [pid 1255] <... exit_group resumed>) = ? [pid 1269] ioctl(4, LOOP_CLR_FD [pid 1265] symlink("/dev/binderfs", "./binderfs" [pid 1264] <... mkdir resumed>) = 0 [pid 1260] +++ exited with 0 +++ [pid 1258] +++ exited with 0 +++ [pid 300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1253, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 1269] <... ioctl resumed>) = 0 [pid 1265] <... symlink resumed>) = 0 [pid 300] umount2("./41", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 1269] close(4 [pid 1264] mount("/dev/loop3", 0x20000000, 0x200005c0, MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"... [pid 1269] <... close resumed>) = 0 [pid 300] openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1269] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1265] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1264] <... mount resumed>) = -1 ENODEV (No such device) [pid 300] <... openat resumed>) = 3 [pid 1269] <... futex resumed>) = 0 [pid 1265] <... futex resumed>) = 0 [pid 1264] ioctl(5, LOOP_CLR_FD [pid 300] newfstatat(3, "", [pid 1269] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1265] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 1264] <... ioctl resumed>) = 0 [pid 300] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1264] close(5 [pid 1265] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1263] exit_group(0 [pid 300] getdents64(3, [pid 1270] <... futex resumed>) = ? [pid 1269] <... futex resumed>) = ? [pid 1263] <... exit_group resumed>) = ? [pid 1270] +++ exited with 0 +++ [pid 1265] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 1264] <... close resumed>) = 0 [pid 300] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 1265] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1264] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1259] exit_group(0 [pid 300] umount2("./41/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1265] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1264] <... futex resumed>) = 0 [pid 1261] <... mount resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 1264] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1267] <... futex resumed>) = ? [pid 1265] <... mmap resumed>) = 0x7f6220445000 [pid 1264] <... futex resumed>) = ? [pid 1259] <... exit_group resumed>) = ? [pid 300] <... umount2 resumed>) = 0 [pid 300] umount2("./41/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 300] newfstatat(AT_FDCWD, "./41/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 300] unlink("./41/bus" [pid 1267] +++ exited with 0 +++ [pid 1265] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 1264] +++ exited with 0 +++ [pid 300] <... unlink resumed>) = 0 [pid 300] umount2("./41/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 300] newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 300] unlink("./41/binderfs") = 0 [pid 300] umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 300] newfstatat(AT_FDCWD, "./41/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 300] umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1265] <... mprotect resumed>) = 0 [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 300] openat(AT_FDCWD, "./41/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 300] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 300] getdents64(4, [pid 1265] rt_sigprocmask(SIG_BLOCK, ~[], [pid 300] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 300] getdents64(4, 0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 300] close(4) = 0 [pid 300] rmdir("./41/file0" [pid 1265] <... rt_sigprocmask resumed>[], 8) = 0 [pid 300] <... rmdir resumed>) = 0 [pid 1265] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 300] getdents64(3, 0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 300] close(3) = 0 [pid 300] rmdir("./41"./strace-static-x86_64: Process 1271 attached [pid 1265] <... clone3 resumed> => {parent_tid=[1271]}, 88) = 1271 [pid 1261] ioctl(4, LOOP_CLR_FD [pid 300] <... rmdir resumed>) = 0 [pid 1265] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1265] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1265] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1265] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220424000 [pid 1265] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1265] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1265] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 300] mkdir("./42", 0777 [pid 1265] <... clone3 resumed> => {parent_tid=[1272]}, 88) = 1272 [pid 1265] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1265] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1265] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1261] <... ioctl resumed>) = 0 [pid 1271] set_robust_list(0x7f62204659a0, 24 [pid 300] <... mkdir resumed>) = 0 [pid 1261] close(4 [pid 1271] <... set_robust_list resumed>) = 0 [pid 1261] <... close resumed>) = 0 ./strace-static-x86_64: Process 1272 attached [pid 300] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 1271] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1271] memfd_create("syzkaller", 0 [pid 1261] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1261] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1271] <... memfd_create resumed>) = 3 [pid 1271] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6218024000 [pid 300] <... openat resumed>) = 3 [pid 1272] set_robust_list(0x7f62204449a0, 24) = 0 [pid 300] ioctl(3, LOOP_CLR_FD [pid 1254] exit_group(0 [pid 1262] <... futex resumed>) = ? [pid 1254] <... exit_group resumed>) = ? [pid 300] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 1272] rt_sigprocmask(SIG_SETMASK, [], [pid 1262] +++ exited with 0 +++ [pid 1261] <... futex resumed>) = ? [pid 1272] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 300] close(3) = 0 [pid 1272] creat("./bus", 000 [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1271] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 300] <... clone resumed>, child_tidptr=0x555556cc7690) = 1273 [pid 1272] <... creat resumed>) = 4 ./strace-static-x86_64: Process 1273 attached [pid 1272] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1265] <... futex resumed>) = 0 [pid 1265] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1265] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1273] set_robust_list(0x555556cc76a0, 24 [pid 1272] mount("/dev/loop1", "./bus", NULL, MS_BIND, NULL [pid 1271] <... write resumed>) = 262144 [pid 1271] munmap(0x7f6218024000, 262144 [pid 1273] <... set_robust_list resumed>) = 0 [pid 1272] <... mount resumed>) = 0 [pid 1271] <... munmap resumed>) = 0 [pid 1271] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 5 [pid 1271] ioctl(5, LOOP_SET_FD, 3 [pid 1273] chdir("./42" [pid 1272] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1269] +++ exited with 0 +++ [pid 1263] +++ exited with 0 +++ [pid 1255] +++ exited with 0 +++ [pid 1273] <... chdir resumed>) = 0 [pid 1272] <... futex resumed>) = 1 [pid 1273] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1272] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1273] <... prctl resumed>) = 0 [pid 1273] setpgid(0, 0) = 0 [pid 1273] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1273] write(3, "1000", 4) = 4 [pid 1273] close(3) = 0 [pid 1273] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1273] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1273] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, NULL, 8) = 0 [pid 1273] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1265] <... futex resumed>) = 0 [pid 1273] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1255, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 1273] <... mmap resumed>) = 0x7f6220445000 [pid 1273] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 1259] +++ exited with 0 +++ [pid 1273] <... mprotect resumed>) = 0 [pid 1265] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1273] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1272] <... futex resumed>) = 0 [pid 1265] <... futex resumed>) = 1 [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1263, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 1273] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1272] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 1265] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1261] +++ exited with 0 +++ [pid 1254] +++ exited with 0 +++ [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1259, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 1273] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 299] umount2("./41", MNT_DETACH|UMOUNT_NOFOLLOW [pid 301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1254, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 301] restart_syscall(<... resuming interrupted clone ...> [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1273] <... clone3 resumed> => {parent_tid=[1274]}, 88) = 1274 [pid 301] <... restart_syscall resumed>) = 0 [pid 299] openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1273] rt_sigprocmask(SIG_SETMASK, [], [pid 298] umount2("./42", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1273] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 299] <... openat resumed>) = 3 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1273] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] umount2("./45", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] newfstatat(3, "", [pid 298] openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 296] umount2("./39", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 1274 attached [pid 1273] <... futex resumed>) = 0 [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] <... openat resumed>) = 3 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1274] set_robust_list(0x7f62204659a0, 24 [pid 1273] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 299] getdents64(3, [pid 298] newfstatat(3, "", [pid 1274] <... set_robust_list resumed>) = 0 [pid 1273] <... futex resumed>) = 0 [pid 1272] <... open resumed>) = 6 [pid 1271] <... ioctl resumed>) = 0 [pid 301] <... openat resumed>) = 3 [pid 296] openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1274] rt_sigprocmask(SIG_SETMASK, [], [pid 1273] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1272] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1271] close(3 [pid 301] newfstatat(3, "", [pid 299] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 128 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1274] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1273] <... mmap resumed>) = 0x7f6220424000 [pid 1272] <... futex resumed>) = 1 [pid 1271] <... close resumed>) = 0 [pid 1265] <... futex resumed>) = 0 [pid 301] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] umount2("./41/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] getdents64(3, [pid 296] <... openat resumed>) = 3 [pid 1274] memfd_create("syzkaller", 0 [pid 1273] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 1272] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1271] mkdir("./file0", 0777 [pid 1265] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] getdents64(3, [pid 299] <... umount2 resumed>) = 0 [pid 298] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 128 [pid 296] newfstatat(3, "", [pid 1274] <... memfd_create resumed>) = 3 [pid 1273] <... mprotect resumed>) = 0 [pid 1272] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1274] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1273] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1272] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 1271] <... mkdir resumed>) = 0 [pid 1265] <... futex resumed>) = 0 [pid 301] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 299] umount2("./41/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] umount2("./42/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1274] <... mmap resumed>) = 0x7f6218024000 [pid 1273] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1272] <... socket resumed>) = 3 [pid 1271] mount("/dev/loop1", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 1265] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] umount2("./45/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] <... umount2 resumed>) = 0 [pid 296] getdents64(3, [pid 1273] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 1272] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1274] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 1272] <... futex resumed>) = 0 [pid 1265] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1273] <... clone3 resumed> => {parent_tid=[1275]}, 88) = 1275 [pid 1272] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 301] <... umount2 resumed>) = 0 [pid 299] newfstatat(AT_FDCWD, "./41/bus", [pid 298] umount2("./42/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... getdents64 resumed>0x555556cc8730 /* 5 entries */, 32768) = 136 [pid 1273] rt_sigprocmask(SIG_SETMASK, [], [pid 1272] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1265] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] umount2("./45/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] umount2("./39/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1273] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1272] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 6, 0 [pid 1265] <... futex resumed>) = 0 [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1274] <... write resumed>) = 262144 [pid 1273] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1272] <... mmap resumed>) = 0x20000000 [pid 1265] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] unlink("./41/bus" [pid 298] newfstatat(AT_FDCWD, "./42/bus", [pid 1274] munmap(0x7f6218024000, 262144 [pid 1273] <... futex resumed>) = 0 [pid 1272] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1265] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 301] newfstatat(AT_FDCWD, "./45/bus", [pid 296] <... umount2 resumed>) = 0 ./strace-static-x86_64: Process 1275 attached [pid 1274] <... munmap resumed>) = 0 [pid 1273] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1272] <... futex resumed>) = 0 [pid 1265] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] <... unlink resumed>) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1274] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 1272] memfd_create("syzkaller", 0 [pid 296] umount2("./39/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1272] <... memfd_create resumed>) = 7 [ 31.974759][ T1261] EXT4-fs error (device loop5): ext4_init_orphan_info:586: comm syz-executor172: inode #0: comm syz-executor172: iget: illegal inode # [ 31.990405][ T1261] EXT4-fs (loop5): get orphan inode failed [ 31.996247][ T1261] EXT4-fs (loop5): mount failed [ 32.021594][ T1271] loop1: detected capacity change from 0 to 512 [pid 1272] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f620fc64000 [pid 1274] <... openat resumed>) = 4 [pid 1265] <... futex resumed>) = 0 [pid 301] unlink("./45/bus" [pid 299] umount2("./41/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] unlink("./42/bus" [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1272] write(7, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] <... unlink resumed>) = 0 [pid 296] newfstatat(AT_FDCWD, "./39/bus", [pid 1275] set_robust_list(0x7f62204449a0, 24 [pid 1274] ioctl(4, LOOP_SET_FD, 3 [pid 301] <... unlink resumed>) = 0 [pid 1272] <... write resumed>) = 65536 [ 32.060341][ T1271] ------------[ cut here ]------------ [ 32.065631][ T1271] kernel BUG at fs/ext4/super.c:6355! [ 32.072491][ T1271] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 32.078384][ T1271] CPU: 1 PID: 1271 Comm: syz-executor172 Not tainted 5.15.131-syzkaller-00653-gea586874d2f9 #0 [ 32.088624][ T1271] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023 [ 32.098819][ T1271] RIP: 0010:ext4_enable_quotas+0x96a/0x980 [ 32.104419][ T1271] Code: ff ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c 4f f9 ff ff 49 89 d7 48 89 df e8 93 8c bd ff 4c 89 fa e9 3c f9 ff ff e8 06 a1 7b ff <0f> 0b e8 ff a0 7b ff 0f 0b e8 18 50 cc 02 0f 1f 84 00 00 00 00 00 [ 32.124033][ T1271] RSP: 0018:ffffc90002a677a0 EFLAGS: 00010293 [ 32.130053][ T1271] RAX: ffffffff81f4547a RBX: 0000000000000000 RCX: ffff888112a5a780 [ 32.137949][ T1271] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 32.145777][ T1271] RBP: ffffc90002a67910 R08: ffffffff81f44f77 R09: ffffed10237c0401 [ 32.153567][ T1271] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000001 [ 32.161530][ T1271] R13: 0000000000000004 R14: dffffc0000000000 R15: ffff88810dd32464 [ 32.169420][ T1271] FS: 00007f62204656c0(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 32.178271][ T1271] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 32.184877][ T1271] CR2: 00007ffc77f2fdf8 CR3: 000000010cd12000 CR4: 00000000003506a0 [ 32.192684][ T1271] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 32.200490][ T1271] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 32.208565][ T1271] Call Trace: [ 32.211878][ T1271] [ 32.214640][ T1271] ? __die_body+0x62/0xb0 [ 32.218847][ T1271] ? die+0x88/0xb0 [ 32.222370][ T1271] ? do_trap+0x103/0x330 [ 32.226592][ T1271] ? ext4_enable_quotas+0x96a/0x980 [ 32.231622][ T1271] ? handle_invalid_op+0x95/0xc0 [ 32.236384][ T1271] ? ext4_enable_quotas+0x96a/0x980 [ 32.241425][ T1271] ? exc_invalid_op+0x32/0x50 [ 32.245940][ T1271] ? asm_exc_invalid_op+0x1b/0x20 [ 32.250808][ T1271] ? ext4_enable_quotas+0x467/0x980 [ 32.255831][ T1271] ? ext4_enable_quotas+0x96a/0x980 [ 32.260867][ T1271] ? ext4_enable_quotas+0x96a/0x980 [ 32.265902][ T1271] ? ext4_force_commit+0xc0/0xc0 [ 32.270831][ T1271] ? proc_create+0x2b0/0x2b0 [ 32.275344][ T1271] ? ext4_register_sysfs+0x281/0x2c0 [ 32.280456][ T1271] ext4_fill_super+0x8b95/0x96e0 [ 32.285233][ T1271] ? ext4_mount+0x40/0x40 [ 32.289396][ T1271] ? vscnprintf+0x80/0x80 [ 32.293595][ T1271] ? set_blocksize+0x1f0/0x380 [ 32.298159][ T1271] ? sb_set_blocksize+0xa8/0xf0 [ 32.302852][ T1271] mount_bdev+0x282/0x3b0 [ 32.307011][ T1271] ? ext4_mount+0x40/0x40 [ 32.311179][ T1271] ext4_mount+0x34/0x40 [ 32.315170][ T1271] legacy_get_tree+0xf1/0x190 [ 32.319693][ T1271] ? ext4_errno_to_code+0x140/0x140 [ 32.324727][ T1271] vfs_get_tree+0x88/0x290 [ 32.328970][ T1271] do_new_mount+0x28b/0xad0 [ 32.333312][ T1271] ? do_move_mount_old+0x160/0x160 [ 32.338255][ T1271] ? security_capable+0x87/0xb0 [ 32.342944][ T1271] ? ns_capable+0x89/0xe0 [ 32.347209][ T1271] path_mount+0x671/0x1070 [ 32.351450][ T1271] __se_sys_mount+0x2c4/0x3b0 [ 32.355972][ T1271] ? __x64_sys_mount+0xd0/0xd0 [ 32.360566][ T1271] ? __kasan_check_read+0x11/0x20 [ 32.365425][ T1271] __x64_sys_mount+0xbf/0xd0 [ 32.369851][ T1271] do_syscall_64+0x3d/0xb0 [ 32.374101][ T1271] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 32.379888][ T1271] RIP: 0033:0x7f62204aa29a [ 32.384781][ T1271] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 32.404231][ T1271] RSP: 002b:00007f6220465038 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 32.412465][ T1271] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00007f62204aa29a [ 32.420284][ T1271] RDX: 00000000200005c0 RSI: 0000000020000000 RDI: 00007f6220465090 [ 32.428200][ T1271] RBP: 00000000200005c0 R08: 00007f62204650d0 R09: 00000000000004d4 [ 32.437054][ T1271] R10: 0000000000200810 R11: 0000000000000206 R12: 00007f6220465090 [ 32.444874][ T1271] R13: 0000000020000000 R14: 00000000000004da R15: 00007f62204650d0 [ 32.452681][ T1271] [ 32.455543][ T1271] Modules linked in: [pid 1272] munmap(0x7f620fc64000, 65536 [pid 1275] <... set_robust_list resumed>) = 0 [pid 1274] <... ioctl resumed>) = 0 [pid 1273] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 301] umount2("./45/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] newfstatat(AT_FDCWD, "./41/binderfs", [pid 298] umount2("./42/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1275] rt_sigprocmask(SIG_SETMASK, [], [pid 1273] futex(0x7f62205316ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] unlink("./39/bus" [pid 1275] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1273] <... futex resumed>) = 0 [pid 299] unlink("./41/binderfs" [pid 298] newfstatat(AT_FDCWD, "./42/binderfs", [pid 296] <... unlink resumed>) = 0 [pid 1275] creat("./bus", 000 [pid 1273] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 299] <... unlink resumed>) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] umount2("./39/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1275] <... creat resumed>) = 5 [pid 1273] <... mmap resumed>) = 0x7f6218043000 [pid 299] umount2("./41/ext4", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] unlink("./42/binderfs" [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1275] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1273] mprotect(0x7f6218044000, 131072, PROT_READ|PROT_WRITE [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] <... unlink resumed>) = 0 [pid 296] newfstatat(AT_FDCWD, "./39/binderfs", [pid 1275] <... futex resumed>) = 0 [pid 1273] <... mprotect resumed>) = 0 [pid 299] newfstatat(AT_FDCWD, "./41/ext4", [pid 298] umount2("./42/ext4", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1275] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1273] rt_sigprocmask(SIG_BLOCK, ~[], [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] unlink("./39/binderfs" [pid 1273] <... rt_sigprocmask resumed>[], 8) = 0 [pid 299] umount2("./41/ext4", MNT_DETACH|UMOUNT_NOFOLLOW [pid 298] newfstatat(AT_FDCWD, "./42/ext4", [pid 296] <... unlink resumed>) = 0 [pid 1273] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6218063990, parent_tid=0x7f6218063990, exit_signal=0, stack=0x7f6218043000, stack_size=0x20300, tls=0x7f62180636c0} [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 299] openat(AT_FDCWD, "./41/ext4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 298] umount2("./42/ext4", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1273] <... clone3 resumed> => {parent_tid=[1279]}, 88) = 1279 [pid 299] <... openat resumed>) = 4 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./39/file0", [pid 1273] rt_sigprocmask(SIG_SETMASK, [], [pid 299] newfstatat(4, "", [pid 298] openat(AT_FDCWD, "./42/ext4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1273] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] <... openat resumed>) = 4 [pid 296] umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1273] futex(0x7f62205316e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] getdents64(4, [pid 298] newfstatat(4, "", [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1273] <... futex resumed>) = 0 [pid 299] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] openat(AT_FDCWD, "./39/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1273] futex(0x7f62205316ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] getdents64(4, [pid 298] getdents64(4, [pid 296] <... openat resumed>) = 4 [pid 299] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 298] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 296] newfstatat(4, "", [pid 299] close(4 [pid 298] getdents64(4, [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] <... close resumed>) = 0 [pid 298] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 296] getdents64(4, [pid 299] rmdir("./41/ext4" [pid 298] close(4 [pid 296] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 299] <... rmdir resumed>) = 0 [pid 298] <... close resumed>) = 0 [pid 296] getdents64(4, [pid 299] getdents64(3, [pid 298] rmdir("./42/ext4" [pid 296] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 1274] close(3 [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 298] <... rmdir resumed>) = 0 [pid 296] close(4./strace-static-x86_64: Process 1279 attached [pid 1274] <... close resumed>) = 0 [pid 299] close(3 [pid 298] getdents64(3, [pid 296] <... close resumed>) = 0 [pid 299] <... close resumed>) = 0 [pid 298] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 296] rmdir("./39/file0" [pid 1279] set_robust_list(0x7f62180639a0, 24 [pid 1274] mkdir("./file0", 0777 [pid 301] newfstatat(AT_FDCWD, "./45/binderfs", [pid 299] rmdir("./41" [pid 298] close(3 [pid 296] <... rmdir resumed>) = 0 [pid 299] <... rmdir resumed>) = 0 [pid 298] <... close resumed>) = 0 [pid 296] getdents64(3, [pid 299] mkdir("./42", 0777 [pid 298] rmdir("./42" [pid 296] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 299] <... mkdir resumed>) = 0 [pid 298] <... rmdir resumed>) = 0 [pid 296] close(3 [pid 299] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 298] mkdir("./43", 0777 [pid 296] <... close resumed>) = 0 [pid 299] <... openat resumed>) = 3 [pid 298] <... mkdir resumed>) = 0 [pid 296] rmdir("./39" [pid 299] ioctl(3, LOOP_CLR_FD [pid 298] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 296] <... rmdir resumed>) = 0 [pid 299] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 298] <... openat resumed>) = 3 [pid 296] mkdir("./40", 0777 [pid 299] close(3 [pid 298] ioctl(3, LOOP_CLR_FD [pid 296] <... mkdir resumed>) = 0 [pid 299] <... close resumed>) = 0 [pid 298] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 296] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 298] close(3 [pid 296] <... openat resumed>) = 3 [pid 298] <... close resumed>) = 0 [pid 296] ioctl(3, LOOP_CLR_FD [pid 299] <... clone resumed>, child_tidptr=0x555556cc7690) = 1280 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 296] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 296] close(3 [pid 298] <... clone resumed>, child_tidptr=0x555556cc7690) = 1281 [pid 296] <... close resumed>) = 0 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cc7690) = 1282 ./strace-static-x86_64: Process 1282 attached [pid 1282] set_robust_list(0x555556cc76a0, 24) = 0 [pid 1282] chdir("./40") = 0 [pid 1282] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1282] setpgid(0, 0) = 0 [pid 1282] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1282] write(3, "1000", 4) = 4 ./strace-static-x86_64: Process 1280 attached [pid 1282] close(3) = 0 [pid 1282] symlink("/dev/binderfs", "./binderfs" [pid 1280] set_robust_list(0x555556cc76a0, 24 [pid 1282] <... symlink resumed>) = 0 [pid 1280] <... set_robust_list resumed>) = 0 [pid 1280] chdir("./42") = 0 [pid 1280] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1282] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1280] setpgid(0, 0 [pid 1282] <... futex resumed>) = 0 [pid 1280] <... setpgid resumed>) = 0 [pid 1280] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1282] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, NULL, 8) = 0 [pid 1282] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1282] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6220445000 [pid 1282] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1280] <... openat resumed>) = 3 [pid 1282] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1274] <... mkdir resumed>) = 0 [pid 301] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1282] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1282] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 1280] write(3, "1000", 4) = 4 [pid 1280] close(3) = 0 [pid 1280] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1282] <... clone3 resumed> => {parent_tid=[1283]}, 88) = 1283 [pid 1282] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 301] unlink("./45/binderfs" [pid 1282] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1282] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1282] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1280] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] <... unlink resumed>) = 0 [pid 1274] mount("/dev/loop4", "./file0", "ext4", MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "nodiscard,barrier,nouid32,grpquota,,errors=continue" [pid 1282] <... mmap resumed>) = 0x7f6220424000 [pid 1282] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 301] umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1280] <... futex resumed>) = 0 [pid 1282] <... mprotect resumed>) = 0 [pid 1280] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, NULL, 8) = 0 [pid 1282] rt_sigprocmask(SIG_BLOCK, ~[], [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1282] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1280] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 1282] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 1280] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 301] newfstatat(AT_FDCWD, "./45/file0", [pid 1280] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 301] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1282] <... clone3 resumed> => {parent_tid=[1284]}, 88) = 1284 [pid 1280] <... mmap resumed>) = 0x7f6220445000 [pid 301] umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1282] rt_sigprocmask(SIG_SETMASK, [], [pid 1280] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 1282] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1280] <... mprotect resumed>) = 0 [pid 1282] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1280] rt_sigprocmask(SIG_BLOCK, ~[], [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1282] <... futex resumed>) = 0 [pid 1280] <... rt_sigprocmask resumed>[], 8) = 0 [pid 301] openat(AT_FDCWD, "./45/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1282] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1280] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} => {parent_tid=[1285]}, 88) = 1285 [pid 301] <... openat resumed>) = 4 [pid 1280] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 301] newfstatat(4, "", [pid 1280] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 32.459471][ T1274] loop4: detected capacity change from 0 to 512 [ 32.465891][ T1271] ---[ end trace c665d5f99d995c4f ]--- [ 32.471909][ T1271] RIP: 0010:ext4_enable_quotas+0x96a/0x980 [ 32.479610][ T1271] Code: ff ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c 4f f9 ff ff 49 89 d7 48 89 df e8 93 8c bd ff 4c 89 fa e9 3c f9 ff ff e8 06 a1 7b ff <0f> 0b e8 ff a0 7b ff 0f 0b e8 18 50 cc 02 0f 1f 84 00 00 00 00 00 [ 32.505213][ T1271] RSP: 0018:ffffc90002a677a0 EFLAGS: 00010293 [pid 1279] <... set_robust_list resumed>) = 0 [pid 301] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 ./strace-static-x86_64: Process 1285 attached ./strace-static-x86_64: Process 1284 attached ./strace-static-x86_64: Process 1283 attached ./strace-static-x86_64: Process 1281 attached [pid 1280] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1272] <... munmap resumed>) = 0 [pid 1284] set_robust_list(0x7f62204449a0, 24 [pid 1283] set_robust_list(0x7f62204659a0, 24 [pid 1280] <... futex resumed>) = 0 [pid 1272] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 1284] <... set_robust_list resumed>) = 0 [pid 1283] <... set_robust_list resumed>) = 0 [pid 1280] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1272] <... openat resumed>) = 8 [pid 1284] rt_sigprocmask(SIG_SETMASK, [], [pid 1283] rt_sigprocmask(SIG_SETMASK, [], [pid 1280] <... mmap resumed>) = 0x7f6220424000 [pid 1272] ioctl(8, LOOP_SET_FD, 7 [pid 1284] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1283] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1280] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 1272] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 1284] creat("./bus", 000 [pid 1283] memfd_create("syzkaller", 0 [pid 1280] <... mprotect resumed>) = 0 [pid 1272] ioctl(8, LOOP_CLR_FD [pid 1284] <... creat resumed>) = 4 [pid 1283] <... memfd_create resumed>) = 3 [pid 1280] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1272] <... ioctl resumed>) = 0 [pid 1284] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1283] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1280] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1284] <... futex resumed>) = 1 [pid 1283] <... mmap resumed>) = 0x7f6218024000 [pid 1282] <... futex resumed>) = 0 [pid 1280] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 1284] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 1283] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 1282] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 1286 attached [pid 1285] set_robust_list(0x7f62204659a0, 24 [pid 1284] <... mount resumed>) = 0 [pid 1283] <... write resumed>) = 262144 [pid 1282] <... futex resumed>) = 0 [pid 1281] set_robust_list(0x555556cc76a0, 24 [pid 1280] <... clone3 resumed> => {parent_tid=[1286]}, 88) = 1286 [pid 1279] rt_sigprocmask(SIG_SETMASK, [], [pid 1272] ioctl(8, LOOP_SET_FD, 7 [pid 301] getdents64(4, [pid 1284] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1282] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1280] rt_sigprocmask(SIG_SETMASK, [], [pid 1272] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 1284] <... futex resumed>) = 0 [pid 1282] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1280] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1272] close(8 [pid 1284] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 1283] munmap(0x7f6218024000, 262144 [pid 1282] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1280] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1272] <... close resumed>) = 0 [pid 1284] <... open resumed>) = 5 [pid 1283] <... munmap resumed>) = 0 [pid 1282] <... futex resumed>) = 0 [pid 1280] <... futex resumed>) = 0 [pid 1272] close(7 [pid 1284] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1283] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1282] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1280] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1272] <... close resumed>) = 0 [pid 1284] <... futex resumed>) = 0 [pid 1283] <... openat resumed>) = 6 [pid 1282] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1272] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1284] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 1283] ioctl(6, LOOP_SET_FD, 3 [pid 1282] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1272] <... futex resumed>) = 0 [pid 1286] set_robust_list(0x7f62204449a0, 24 [pid 1285] <... set_robust_list resumed>) = 0 [pid 1284] <... socket resumed>) = 7 [pid 1282] <... futex resumed>) = 0 [pid 1281] <... set_robust_list resumed>) = 0 [pid 1279] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1273] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 1272] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 301] <... getdents64 resumed>0x555556cd0770 /* 2 entries */, 32768) = 48 [pid 1284] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1282] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1273] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1284] <... futex resumed>) = 0 [pid 1282] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1275] <... futex resumed>) = 0 [pid 1273] <... futex resumed>) = 1 [pid 1284] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1282] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1275] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 1273] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1284] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1282] <... futex resumed>) = 0 [pid 1275] <... open resumed>) = 3 [pid 1284] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 5, 0 [pid 1282] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1275] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1284] <... mmap resumed>) = 0x20000000 [pid 1275] <... futex resumed>) = 1 [pid 1273] <... futex resumed>) = 0 [pid 1284] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1275] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1273] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1284] <... futex resumed>) = 1 [pid 1282] <... futex resumed>) = 0 [pid 1275] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1273] <... futex resumed>) = 0 [pid 1284] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1282] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1275] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 1273] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1284] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1282] <... futex resumed>) = 0 [pid 1275] <... socket resumed>) = 6 [pid 1286] <... set_robust_list resumed>) = 0 [pid 1285] rt_sigprocmask(SIG_SETMASK, [], [pid 1281] chdir("./43" [pid 1279] mount("/dev/loop4", "./bus", NULL, MS_BIND, NULL [pid 1275] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] getdents64(4, [pid 1275] <... futex resumed>) = 1 [pid 1273] <... futex resumed>) = 0 [pid 1275] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1273] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1275] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1273] <... futex resumed>) = 0 [pid 1275] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 3, 0 [pid 1273] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1275] <... mmap resumed>) = 0x20000000 [pid 1275] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1273] <... futex resumed>) = 0 [pid 1275] futex(0x7f62205316d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1273] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1275] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1273] <... futex resumed>) = 0 [pid 1275] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000144} --- [pid 1283] <... ioctl resumed>) = 0 [pid 1283] close(3) = 0 [pid 1283] mkdir(0x20000000, 0777) = -1 ENOENT (No such file or directory) [pid 1283] mount("/dev/loop0", 0x20000000, 0x200005c0, MS_SYNCHRONOUS|MS_NODIRATIME|MS_RELATIME, "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"...) = -1 ENOENT (No such file or directory) [pid 1283] ioctl(6, LOOP_CLR_FD) = 0 [pid 1283] close(6) = 0 [pid 1283] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1283] futex(0x7f62205316c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1284] memfd_create("syzkaller", 0) = 3 [pid 1284] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f620fc64000 [pid 1284] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65536) = 65536 [pid 1284] munmap(0x7f620fc64000, 65536) = 0 [pid 1284] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1286] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1286] creat("./bus", 000) = 3 [pid 1285] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1281] <... chdir resumed>) = 0 [pid 1279] <... mount resumed>) = ? [pid 301] <... getdents64 resumed>0x555556cd0770 /* 0 entries */, 32768) = 0 [pid 1286] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1280] <... futex resumed>) = 0 [pid 1286] mount("/dev/loop3", "./bus", NULL, MS_BIND, NULL [pid 1280] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1286] <... mount resumed>) = 0 [pid 1280] <... futex resumed>) = 0 [pid 1286] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1280] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1286] <... futex resumed>) = 0 [pid 1280] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1286] open("./bus", O_RDWR|O_SYNC|O_NOATIME|0x3c [pid 1280] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] close(4 [pid 1286] <... open resumed>) = 4 [pid 1280] <... futex resumed>) = 0 [pid 301] <... close resumed>) = 0 [pid 1285] memfd_create("syzkaller", 0 [pid 1281] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 301] rmdir("./45/file0" [pid 1286] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1280] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1281] <... prctl resumed>) = 0 [pid 1286] <... futex resumed>) = 0 [pid 1280] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1286] socket(AF_INET, SOCK_DGRAM, IPPROTO_UDPLITE [pid 1280] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1286] <... socket resumed>) = 5 [pid 1280] <... futex resumed>) = 0 [pid 301] <... rmdir resumed>) = 0 [pid 1281] setpgid(0, 0 [pid 1286] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1285] <... memfd_create resumed>) = 6 [pid 1281] <... setpgid resumed>) = 0 [pid 1280] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1286] <... futex resumed>) = 0 [pid 1280] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1286] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSDOWN|PROT_GROWSUP, MAP_SHARED|MAP_FIXED, 4, 0 [pid 1280] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1286] <... mmap resumed>) = 0x20000000 [pid 1281] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1280] <... futex resumed>) = 0 [pid 1285] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1286] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1280] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1286] <... futex resumed>) = 0 [pid 1280] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1286] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000144} --- [pid 1280] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000) = ? [ 32.511254][ T1271] RAX: ffffffff81f4547a RBX: 0000000000000000 RCX: ffff888112a5a780 [ 32.519585][ T1271] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 32.522150][ T1283] loop0: detected capacity change from 0 to 512 [ 32.532700][ T1271] RBP: ffffc90002a67910 R08: ffffffff81f44f77 R09: ffffed10237c0401 [ 32.536510][ T1284] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 21 prio class 0 [ 32.542236][ T1271] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000001 [pid 1285] <... mmap resumed>) = ? [pid 1281] <... openat resumed>) = 3 [pid 301] getdents64(3, [pid 1285] +++ killed by SIGBUS +++ [pid 1284] <... openat resumed>) = 6 [pid 1281] write(3, "1000", 4 [pid 301] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 1286] +++ killed by SIGBUS +++ [pid 1284] ioctl(6, LOOP_SET_FD, 3 [pid 1281] <... write resumed>) = 4 [pid 1280] +++ killed by SIGBUS +++ [pid 301] close(3 [pid 1284] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 1281] close(3 [pid 301] <... close resumed>) = 0 [pid 1284] ioctl(6, LOOP_CLR_FD [pid 1281] <... close resumed>) = 0 [pid 301] rmdir("./45" [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=1280, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 1284] <... ioctl resumed>) = 0 [pid 1281] symlink("/dev/binderfs", "./binderfs" [pid 301] <... rmdir resumed>) = 0 [pid 1281] <... symlink resumed>) = 0 [pid 301] mkdir("./46", 0777 [pid 1281] futex(0x7f62205316cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] <... mkdir resumed>) = 0 [pid 299] umount2("./42", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1281] <... futex resumed>) = 0 [pid 301] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 32.563964][ T1271] R13: 0000000000000004 R14: dffffc0000000000 R15: ffff88810dd32464 [ 32.564360][ T1274] EXT4-fs (loop4): mounted filesystem without journal. Opts: nodiscard,barrier,nouid32,grpquota,,errors=continue. Quota mode: writeback. [ 32.572726][ T1271] FS: 00007f62204656c0(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 32.591032][ T1274] ext4 filesystem being mounted at /root/syzkaller.Zpv55J/42/file0 supports timestamps until 2038 (0x7fffffff) [ 32.595391][ T1271] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [pid 1281] rt_sigaction(SIGRT_1, {sa_handler=0x7f62204cf260, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f62204c0410}, [pid 301] <... openat resumed>) = 3 [pid 299] openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1284] ioctl(6, LOOP_SET_FD, 3 [pid 1281] <... rt_sigaction resumed>NULL, 8) = 0 [pid 301] ioctl(3, LOOP_CLR_FD [pid 299] <... openat resumed>) = 3 [pid 1284] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 1281] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 301] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 299] newfstatat(3, "", [pid 1284] close(6 [pid 1281] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 301] close(3 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1284] <... close resumed>) = 0 [pid 1281] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 301] <... close resumed>) = 0 [pid 299] getdents64(3, [pid 1284] close(3 [pid 1281] <... mmap resumed>) = 0x7f6220445000 [pid 301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 299] <... getdents64 resumed>0x555556cc8730 /* 4 entries */, 32768) = 104 [pid 1284] <... close resumed>) = 0 [pid 1281] mprotect(0x7f6220446000, 131072, PROT_READ|PROT_WRITE [pid 299] umount2("./42/bus", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 1290 attached [pid 1284] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1281] <... mprotect resumed>) = 0 [pid 301] <... clone resumed>, child_tidptr=0x555556cc7690) = 1290 [pid 299] <... umount2 resumed>) = 0 [pid 1284] <... futex resumed>) = 0 [pid 1282] exit_group(0 [pid 1281] rt_sigprocmask(SIG_BLOCK, ~[], [pid 299] umount2("./42/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1283] <... futex resumed>) = ? [pid 1282] <... exit_group resumed>) = ? [pid 1281] <... rt_sigprocmask resumed>[], 8) = 0 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1290] set_robust_list(0x555556cc76a0, 24 [pid 1284] +++ exited with 0 +++ [pid 1283] +++ exited with 0 +++ [pid 1281] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220465990, parent_tid=0x7f6220465990, exit_signal=0, stack=0x7f6220445000, stack_size=0x20300, tls=0x7f62204656c0} [pid 299] newfstatat(AT_FDCWD, "./42/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1281] <... clone3 resumed> => {parent_tid=[1291]}, 88) = 1291 [pid 299] unlink("./42/bus" [pid 1281] rt_sigprocmask(SIG_SETMASK, [], [pid 299] <... unlink resumed>) = 0 [pid 1281] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 299] umount2("./42/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 1281] futex(0x7f62205316c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1281] <... futex resumed>) = 0 [pid 299] newfstatat(AT_FDCWD, "./42/binderfs", [pid 1281] futex(0x7f62205316dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1281] <... futex resumed>) = 0 [pid 299] unlink("./42/binderfs" [pid 1281] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 299] <... unlink resumed>) = 0 [pid 1281] <... mmap resumed>) = 0x7f6220424000 [pid 299] getdents64(3, [pid 1281] mprotect(0x7f6220425000, 131072, PROT_READ|PROT_WRITE [pid 299] <... getdents64 resumed>0x555556cc8730 /* 0 entries */, 32768) = 0 [pid 1281] <... mprotect resumed>) = 0 [pid 299] close(3 [pid 1281] rt_sigprocmask(SIG_BLOCK, ~[], [pid 299] <... close resumed>) = 0 [pid 1281] <... rt_sigprocmask resumed>[], 8) = 0 [pid 299] rmdir("./42" [pid 1281] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f6220444990, parent_tid=0x7f6220444990, exit_signal=0, stack=0x7f6220424000, stack_size=0x20300, tls=0x7f62204446c0} [pid 299] <... rmdir resumed>) = 0 [pid 299] mkdir("./43", 0777 [pid 1290] <... set_robust_list resumed>) = 0 [pid 1281] <... clone3 resumed> => {parent_tid=[1292]}, 88) = 1292 [pid 299] <... mkdir resumed>) = 0 [pid 1281] rt_sigprocmask(SIG_SETMASK, [], [pid 299] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 1281] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 299] <... openat resumed>) = 3 [pid 1281] futex(0x7f62205316d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] ioctl(3, LOOP_CLR_FD [pid 1281] <... futex resumed>) = 0 [pid 299] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 1281] futex(0x7f62205316dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] close(3) = 0 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cc7690) = 1293 [pid 1290] chdir("./46") = 0 [pid 1290] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 32.612357][ T1271] CR2: 0000000020000144 CR3: 000000010cd12000 CR4: 00000000003506a0 [ 32.620225][ T1271] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 32.628028][ T1271] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 32.635767][ T1271] Kernel panic - not syncing: Fatal exception [ 32.641881][ T1271] Kernel Offset: disabled [ 32.646011][ T1271] Rebooting in 86400 seconds..