./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor567918821 <...> FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15128] <... futex resumed>) = 1 [pid 15128] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15124] <... open resumed>) = 4 [pid 15124] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15123] <... futex resumed>) = 0 [pid 15124] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 15123] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15124] <... mount resumed>) = 0 [pid 15123] <... futex resumed>) = 0 [pid 15123] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15124] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15123] <... futex resumed>) = 0 [pid 15123] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15124] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 15123] <... futex resumed>) = 0 [pid 15124] <... open resumed>) = 5 [pid 15123] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15124] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15123] <... futex resumed>) = 0 [pid 15123] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15124] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 15123] <... futex resumed>) = 0 [pid 15123] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15124] <... write resumed>) = 262144 [pid 15124] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15123] <... futex resumed>) = 0 [pid 15124] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15123] close(3) = 0 [pid 15123] close(4) = 0 [pid 15123] close(5) = 0 [pid 15123] close(6) = -1 EBADF (Bad file descriptor) [pid 15123] close(7) = -1 EBADF (Bad file descriptor) [pid 15123] close(8) = -1 EBADF (Bad file descriptor) [pid 15123] close(9) = -1 EBADF (Bad file descriptor) [pid 15123] close(10) = -1 EBADF (Bad file descriptor) [pid 15123] close(11) = -1 EBADF (Bad file descriptor) [pid 15123] close(12) = -1 EBADF (Bad file descriptor) [pid 15123] close(13) = -1 EBADF (Bad file descriptor) [pid 15123] close(14) = -1 EBADF (Bad file descriptor) [pid 15123] close(15) = -1 EBADF (Bad file descriptor) [pid 15123] close(16) = -1 EBADF (Bad file descriptor) [pid 15123] close(17) = -1 EBADF (Bad file descriptor) [pid 15123] close(18) = -1 EBADF (Bad file descriptor) [pid 15123] close(19) = -1 EBADF (Bad file descriptor) [pid 15123] close(20) = -1 EBADF (Bad file descriptor) [pid 15123] close(21) = -1 EBADF (Bad file descriptor) [pid 15123] close(22) = -1 EBADF (Bad file descriptor) [pid 15123] close(23) = -1 EBADF (Bad file descriptor) [pid 15123] close(24) = -1 EBADF (Bad file descriptor) [pid 15123] close(25) = -1 EBADF (Bad file descriptor) [pid 15123] close(26) = -1 EBADF (Bad file descriptor) [pid 15123] close(27) = -1 EBADF (Bad file descriptor) [pid 15123] close(28) = -1 EBADF (Bad file descriptor) [pid 15123] close(29) = -1 EBADF (Bad file descriptor) [pid 15123] exit_group(0) = ? [pid 15124] <... futex resumed>) = ? [pid 15124] +++ exited with 0 +++ [pid 15128] <... futex resumed>) = ? [pid 15127] <... futex resumed>) = ? [pid 15128] +++ exited with 0 +++ [pid 15127] +++ exited with 0 +++ [pid 15123] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9552, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2501", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2501", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2501/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2501/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2501/binderfs") = 0 [ 301.195756][T15124] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2501/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2501/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2501/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2501/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2501/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2501/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2501") = 0 [pid 289] mkdir("./2502", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9556 ./strace-static-x86_64: Process 15129 attached [pid 15129] set_robust_list(0x555556f746a0, 24) = 0 [pid 15129] chdir("./2502") = 0 [pid 15129] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15129] setpgid(0, 0) = 0 [pid 15129] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15129] write(3, "1000", 4) = 4 [pid 15129] close(3) = 0 [pid 15129] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15129] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15129] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15129] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15129] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15129] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15129] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15129] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[9557]}, 88) = 9557 [pid 15129] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15129] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15129] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15130 attached [pid 15130] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15130] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15130] memfd_create("syzkaller", 0) = 3 [pid 15130] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15130] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15130] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15130] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15130] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15130] close(3) = 0 [pid 15130] mkdir("./file1", 0777) = 0 [pid 15130] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15130] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15130] chdir("./file1") = 0 [pid 15130] ioctl(4, LOOP_CLR_FD) = 0 [pid 15130] close(4) = 0 [pid 15130] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15129] <... futex resumed>) = 0 [pid 15129] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15129] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15130] <... futex resumed>) = 1 [pid 15130] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15130] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15129] <... futex resumed>) = 0 [pid 15129] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15129] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15129] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15129] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15129] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15129] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[9558]}, 88) = 9558 [pid 15129] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15129] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15129] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15129] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 15129] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15129] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15129] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[9559]}, 88) = 9559 [pid 15129] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15129] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15129] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15130] <... futex resumed>) = 1 [pid 15130] memfd_create("syzkaller", 0) = 4 [pid 15130] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15130] close(4) = 0 [pid 15130] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15130] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 15134 attached ./strace-static-x86_64: Process 15133 attached [pid 15133] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 15133] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15133] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 15134] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 15133] <... setxattr resumed>) = 0 [pid 15133] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15133] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15134] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15134] memfd_create("syzkaller", 0) = 4 [pid 15134] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15134] close(4) = 0 [pid 15134] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15129] <... futex resumed>) = 0 [pid 15129] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15129] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15130] <... futex resumed>) = 0 [pid 15130] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 15130] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15129] <... futex resumed>) = 0 [pid 15129] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15129] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15130] <... futex resumed>) = 1 [pid 15130] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 15130] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15129] <... futex resumed>) = 0 [pid 15129] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15129] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15130] <... futex resumed>) = 1 [pid 15130] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 15130] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15129] <... futex resumed>) = 0 [pid 15129] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15129] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15130] <... futex resumed>) = 1 [pid 15130] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 15134] <... futex resumed>) = 1 [pid 15134] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15130] <... write resumed>) = 262144 [pid 15130] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15129] <... futex resumed>) = 0 [pid 15129] close(3) = 0 [pid 15129] close(4) = 0 [pid 15129] close(5 [pid 15130] <... futex resumed>) = 1 [pid 15129] <... close resumed>) = 0 [pid 15130] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15129] close(6) = -1 EBADF (Bad file descriptor) [pid 15129] close(7) = -1 EBADF (Bad file descriptor) [pid 15129] close(8) = -1 EBADF (Bad file descriptor) [pid 15129] close(9) = -1 EBADF (Bad file descriptor) [pid 15129] close(10) = -1 EBADF (Bad file descriptor) [pid 15129] close(11) = -1 EBADF (Bad file descriptor) [pid 15129] close(12) = -1 EBADF (Bad file descriptor) [pid 15129] close(13) = -1 EBADF (Bad file descriptor) [pid 15129] close(14) = -1 EBADF (Bad file descriptor) [pid 15129] close(15) = -1 EBADF (Bad file descriptor) [pid 15129] close(16) = -1 EBADF (Bad file descriptor) [pid 15129] close(17) = -1 EBADF (Bad file descriptor) [pid 15129] close(18) = -1 EBADF (Bad file descriptor) [pid 15129] close(19) = -1 EBADF (Bad file descriptor) [pid 15129] close(20) = -1 EBADF (Bad file descriptor) [pid 15129] close(21) = -1 EBADF (Bad file descriptor) [pid 15129] close(22) = -1 EBADF (Bad file descriptor) [pid 15129] close(23) = -1 EBADF (Bad file descriptor) [pid 15129] close(24) = -1 EBADF (Bad file descriptor) [pid 15129] close(25) = -1 EBADF (Bad file descriptor) [pid 15129] close(26) = -1 EBADF (Bad file descriptor) [pid 15129] close(27) = -1 EBADF (Bad file descriptor) [pid 15129] close(28) = -1 EBADF (Bad file descriptor) [pid 15129] close(29) = -1 EBADF (Bad file descriptor) [pid 15129] exit_group(0 [pid 15134] <... futex resumed>) = ? [pid 15133] <... futex resumed>) = ? [pid 15129] <... exit_group resumed>) = ? [pid 15134] +++ exited with 0 +++ [pid 15133] +++ exited with 0 +++ [pid 15130] <... futex resumed>) = ? [pid 15130] +++ exited with 0 +++ [pid 15129] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9556, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2502", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2502", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2502/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2502/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2502/binderfs") = 0 [ 301.378408][T15130] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2502/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2502/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2502/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2502/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2502/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2502/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2502") = 0 [pid 289] mkdir("./2503", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9560 ./strace-static-x86_64: Process 15136 attached [pid 15136] set_robust_list(0x555556f746a0, 24) = 0 [pid 15136] chdir("./2503") = 0 [pid 15136] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15136] setpgid(0, 0) = 0 [pid 15136] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15136] write(3, "1000", 4) = 4 [pid 15136] close(3) = 0 [pid 15136] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15136] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15136] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15136] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15136] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15136] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15136] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15136] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[9561]}, 88) = 9561 [pid 15136] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15136] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15136] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15137 attached [pid 15137] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15137] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15137] memfd_create("syzkaller", 0) = 3 [pid 15137] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15137] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15137] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15137] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15137] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15137] close(3) = 0 [pid 15137] mkdir("./file1", 0777) = 0 [pid 15137] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15137] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15137] chdir("./file1") = 0 [pid 15137] ioctl(4, LOOP_CLR_FD) = 0 [pid 15137] close(4) = 0 [pid 15137] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15136] <... futex resumed>) = 0 [pid 15136] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15136] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15137] <... futex resumed>) = 1 [pid 15137] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15137] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15136] <... futex resumed>) = 0 [pid 15136] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15136] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15136] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15136] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15136] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15136] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[9562]}, 88) = 9562 [pid 15136] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15136] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15136] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15136] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 15136] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15136] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15136] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[9563]}, 88) = 9563 ./strace-static-x86_64: Process 15140 attached [pid 15137] <... futex resumed>) = 1 [pid 15136] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15136] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15136] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15141 attached [pid 15141] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 15141] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15141] memfd_create("syzkaller", 0) = 4 [pid 15141] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15141] close(4) = 0 [pid 15141] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15136] <... futex resumed>) = 0 [pid 15136] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15136] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15141] <... futex resumed>) = 1 [pid 15141] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 15140] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 15141] <... open resumed>) = 4 [pid 15140] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15140] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 15141] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15137] memfd_create("syzkaller", 0 [pid 15136] <... futex resumed>) = 0 [pid 15140] <... setxattr resumed>) = 0 [pid 15137] <... memfd_create resumed>) = 5 [pid 15136] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15140] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15141] <... futex resumed>) = 1 [pid 15136] <... futex resumed>) = 0 [pid 15136] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15137] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15137] close(5) = 0 [pid 15137] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15137] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15140] <... futex resumed>) = 0 [pid 15140] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15141] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 15141] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15136] <... futex resumed>) = 0 [pid 15136] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15136] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15137] <... futex resumed>) = 0 [pid 15137] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 15137] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15136] <... futex resumed>) = 0 [pid 15136] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15136] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15137] <... futex resumed>) = 1 [pid 15137] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 15141] <... futex resumed>) = 1 [pid 15141] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15137] <... write resumed>) = 262144 [pid 15137] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15136] <... futex resumed>) = 0 [pid 15136] close(3) = 0 [pid 15136] close(4) = 0 [pid 15137] <... futex resumed>) = 1 [pid 15136] close(5 [pid 15137] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15136] <... close resumed>) = 0 [pid 15136] close(6) = -1 EBADF (Bad file descriptor) [pid 15136] close(7) = -1 EBADF (Bad file descriptor) [pid 15136] close(8) = -1 EBADF (Bad file descriptor) [pid 15136] close(9) = -1 EBADF (Bad file descriptor) [pid 15136] close(10) = -1 EBADF (Bad file descriptor) [pid 15136] close(11) = -1 EBADF (Bad file descriptor) [pid 15136] close(12) = -1 EBADF (Bad file descriptor) [pid 15136] close(13) = -1 EBADF (Bad file descriptor) [pid 15136] close(14) = -1 EBADF (Bad file descriptor) [pid 15136] close(15) = -1 EBADF (Bad file descriptor) [pid 15136] close(16) = -1 EBADF (Bad file descriptor) [pid 15136] close(17) = -1 EBADF (Bad file descriptor) [pid 15136] close(18) = -1 EBADF (Bad file descriptor) [pid 15136] close(19) = -1 EBADF (Bad file descriptor) [pid 15136] close(20) = -1 EBADF (Bad file descriptor) [pid 15136] close(21) = -1 EBADF (Bad file descriptor) [pid 15136] close(22) = -1 EBADF (Bad file descriptor) [pid 15136] close(23) = -1 EBADF (Bad file descriptor) [pid 15136] close(24) = -1 EBADF (Bad file descriptor) [pid 15136] close(25) = -1 EBADF (Bad file descriptor) [pid 15136] close(26) = -1 EBADF (Bad file descriptor) [pid 15136] close(27) = -1 EBADF (Bad file descriptor) [pid 15136] close(28) = -1 EBADF (Bad file descriptor) [pid 15136] close(29) = -1 EBADF (Bad file descriptor) [pid 15136] exit_group(0) = ? [pid 15140] <... futex resumed>) = ? [pid 15140] +++ exited with 0 +++ [pid 15137] <... futex resumed>) = ? [pid 15137] +++ exited with 0 +++ [pid 15141] <... futex resumed>) = ? [pid 15141] +++ exited with 0 +++ [pid 15136] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9560, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2503", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2503", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2503/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2503/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2503/binderfs") = 0 [ 301.468572][T15137] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2503/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2503/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2503/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2503/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2503/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2503/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2503") = 0 [pid 289] mkdir("./2504", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9564 ./strace-static-x86_64: Process 15142 attached [pid 15142] set_robust_list(0x555556f746a0, 24) = 0 [pid 15142] chdir("./2504") = 0 [pid 15142] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15142] setpgid(0, 0) = 0 [pid 15142] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15142] write(3, "1000", 4) = 4 [pid 15142] close(3) = 0 [pid 15142] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15142] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15142] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15142] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15142] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15142] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15142] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15142] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0}./strace-static-x86_64: Process 15143 attached => {parent_tid=[9565]}, 88) = 9565 [pid 15143] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15143] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15143] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15142] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15142] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15143] <... futex resumed>) = 0 [pid 15142] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15143] memfd_create("syzkaller", 0) = 3 [pid 15143] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15143] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15143] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15143] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15143] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15143] close(3) = 0 [pid 15143] mkdir("./file1", 0777) = 0 [pid 15143] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15143] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15143] chdir("./file1") = 0 [pid 15143] ioctl(4, LOOP_CLR_FD) = 0 [pid 15143] close(4) = 0 [pid 15143] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15142] <... futex resumed>) = 0 [pid 15142] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15142] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15143] <... futex resumed>) = 1 [pid 15143] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15143] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15142] <... futex resumed>) = 0 [pid 15142] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15142] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15142] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15142] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15142] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15142] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[9566]}, 88) = 9566 [pid 15142] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15142] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15142] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15142] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 15142] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15142] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15142] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[9567]}, 88) = 9567 [pid 15142] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15142] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15142] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15143] <... futex resumed>) = 1 [pid 15143] memfd_create("syzkaller", 0) = 4 [pid 15143] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15143] close(4) = 0 [pid 15143] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15143] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 15147 attached [pid 15147] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 15147] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15147] memfd_create("syzkaller", 0) = 4 [pid 15147] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15147] close(4) = 0 [pid 15147] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15142] <... futex resumed>) = 0 [pid 15142] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15142] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15143] <... futex resumed>) = 0 [pid 15143] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 15143] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15142] <... futex resumed>) = 0 [pid 15142] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15142] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15143] <... futex resumed>) = 1 [pid 15143] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 15143] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15142] <... futex resumed>) = 0 [pid 15142] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15142] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15143] <... futex resumed>) = 1 [pid 15143] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 15143] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15142] <... futex resumed>) = 0 [pid 15142] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15142] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15143] <... futex resumed>) = 1 [pid 15143] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 15147] <... futex resumed>) = 1 [pid 15147] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15143] <... write resumed>) = 262144 [pid 15143] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15142] <... futex resumed>) = 0 ./strace-static-x86_64: Process 15146 attached [pid 15143] <... futex resumed>) = 1 [pid 15146] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 15143] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15146] <... set_robust_list resumed>) = 0 [pid 15146] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15146] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 15146] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15146] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15142] close(3) = 0 [pid 15142] close(4) = 0 [pid 15142] close(5) = 0 [pid 15142] close(6) = -1 EBADF (Bad file descriptor) [pid 15142] close(7) = -1 EBADF (Bad file descriptor) [pid 15142] close(8) = -1 EBADF (Bad file descriptor) [pid 15142] close(9) = -1 EBADF (Bad file descriptor) [pid 15142] close(10) = -1 EBADF (Bad file descriptor) [pid 15142] close(11) = -1 EBADF (Bad file descriptor) [pid 15142] close(12) = -1 EBADF (Bad file descriptor) [pid 15142] close(13) = -1 EBADF (Bad file descriptor) [pid 15142] close(14) = -1 EBADF (Bad file descriptor) [pid 15142] close(15) = -1 EBADF (Bad file descriptor) [pid 15142] close(16) = -1 EBADF (Bad file descriptor) [pid 15142] close(17) = -1 EBADF (Bad file descriptor) [pid 15142] close(18) = -1 EBADF (Bad file descriptor) [pid 15142] close(19) = -1 EBADF (Bad file descriptor) [pid 15142] close(20) = -1 EBADF (Bad file descriptor) [pid 15142] close(21) = -1 EBADF (Bad file descriptor) [pid 15142] close(22) = -1 EBADF (Bad file descriptor) [pid 15142] close(23) = -1 EBADF (Bad file descriptor) [pid 15142] close(24) = -1 EBADF (Bad file descriptor) [pid 15142] close(25) = -1 EBADF (Bad file descriptor) [pid 15142] close(26) = -1 EBADF (Bad file descriptor) [pid 15142] close(27) = -1 EBADF (Bad file descriptor) [pid 15142] close(28) = -1 EBADF (Bad file descriptor) [pid 15142] close(29) = -1 EBADF (Bad file descriptor) [pid 15142] exit_group(0 [pid 15147] <... futex resumed>) = ? [pid 15143] <... futex resumed>) = ? [pid 15142] <... exit_group resumed>) = ? [pid 15147] +++ exited with 0 +++ [pid 15143] +++ exited with 0 +++ [pid 15146] <... futex resumed>) = ? [pid 15146] +++ exited with 0 +++ [pid 15142] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9564, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2504", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2504", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2504/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2504/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2504/binderfs") = 0 [ 301.555438][T15143] EXT4-fs (loop0): 1 truncate cleaned up [ 301.579537][T15146] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5886: Corrupt filesystem [pid 289] umount2("./2504/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2504/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2504/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2504/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2504/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2504/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2504") = 0 [pid 289] mkdir("./2505", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9568 ./strace-static-x86_64: Process 15148 attached [pid 15148] set_robust_list(0x555556f746a0, 24) = 0 [pid 15148] chdir("./2505") = 0 [pid 15148] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15148] setpgid(0, 0) = 0 [pid 15148] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15148] write(3, "1000", 4) = 4 [pid 15148] close(3) = 0 [pid 15148] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15148] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15148] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15148] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15148] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15148] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15148] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15148] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[9569]}, 88) = 9569 [pid 15148] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15148] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15148] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15149 attached [pid 15149] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15149] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15149] memfd_create("syzkaller", 0) = 3 [pid 15149] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15149] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15149] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15149] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15149] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15149] close(3) = 0 [pid 15149] mkdir("./file1", 0777) = 0 [pid 15149] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15149] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15149] chdir("./file1") = 0 [pid 15149] ioctl(4, LOOP_CLR_FD) = 0 [pid 15149] close(4) = 0 [pid 15149] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15148] <... futex resumed>) = 0 [pid 15148] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15149] <... futex resumed>) = 1 [pid 15148] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15149] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15149] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15148] <... futex resumed>) = 0 [pid 15149] memfd_create("syzkaller", 0 [pid 15148] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15149] <... memfd_create resumed>) = 4 [pid 15148] <... futex resumed>) = 0 [pid 15149] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 15148] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15149] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 15148] <... futex resumed>) = 0 [pid 15149] close(4 [pid 15148] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 15149] <... close resumed>) = 0 [pid 15148] <... mmap resumed>) = 0x7fbc5ef0c000 [pid 15149] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15148] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE [pid 15149] <... futex resumed>) = 0 [pid 15148] <... mprotect resumed>) = 0 [pid 15149] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15148] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15148] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[9570]}, 88) = 9570 [pid 15148] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15148] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15148] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15149] <... futex resumed>) = 0 [pid 15148] <... futex resumed>) = 1 [pid 15149] memfd_create("syzkaller", 0 [pid 15148] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15149] <... memfd_create resumed>) = 4 [pid 15149] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15149] close(4) = 0 [pid 15149] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15148] <... futex resumed>) = 0 [pid 15149] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 15148] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15149] <... open resumed>) = 4 [pid 15148] <... futex resumed>) = 0 [pid 15149] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15148] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15149] <... futex resumed>) = 0 [pid 15148] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15149] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 15148] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15149] <... mount resumed>) = 0 [pid 15148] <... futex resumed>) = 0 [pid 15149] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15148] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15149] <... futex resumed>) = 0 [pid 15148] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15149] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 15148] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15149] <... open resumed>) = 5 [pid 15148] <... futex resumed>) = 0 ./strace-static-x86_64: Process 15152 attached [pid 15149] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15148] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15152] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 15149] <... futex resumed>) = 0 [pid 15148] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15152] <... set_robust_list resumed>) = 0 [pid 15149] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 15148] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15152] rt_sigprocmask(SIG_SETMASK, [], [pid 15148] <... futex resumed>) = 0 [pid 15152] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15148] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15152] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 15152] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15152] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15149] <... write resumed>) = 262144 [pid 15149] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15148] <... futex resumed>) = 0 [pid 15149] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15148] close(3) = 0 [pid 15148] close(4) = 0 [pid 15148] close(5) = 0 [pid 15148] close(6) = -1 EBADF (Bad file descriptor) [pid 15148] close(7) = -1 EBADF (Bad file descriptor) [pid 15148] close(8) = -1 EBADF (Bad file descriptor) [pid 15148] close(9) = -1 EBADF (Bad file descriptor) [pid 15148] close(10) = -1 EBADF (Bad file descriptor) [pid 15148] close(11) = -1 EBADF (Bad file descriptor) [pid 15148] close(12) = -1 EBADF (Bad file descriptor) [pid 15148] close(13) = -1 EBADF (Bad file descriptor) [pid 15148] close(14) = -1 EBADF (Bad file descriptor) [pid 15148] close(15) = -1 EBADF (Bad file descriptor) [pid 15148] close(16) = -1 EBADF (Bad file descriptor) [pid 15148] close(17) = -1 EBADF (Bad file descriptor) [pid 15148] close(18) = -1 EBADF (Bad file descriptor) [pid 15148] close(19) = -1 EBADF (Bad file descriptor) [pid 15148] close(20) = -1 EBADF (Bad file descriptor) [pid 15148] close(21) = -1 EBADF (Bad file descriptor) [pid 15148] close(22) = -1 EBADF (Bad file descriptor) [pid 15148] close(23) = -1 EBADF (Bad file descriptor) [pid 15148] close(24) = -1 EBADF (Bad file descriptor) [pid 15148] close(25) = -1 EBADF (Bad file descriptor) [pid 15148] close(26) = -1 EBADF (Bad file descriptor) [pid 15148] close(27) = -1 EBADF (Bad file descriptor) [pid 15148] close(28) = -1 EBADF (Bad file descriptor) [pid 15148] close(29) = -1 EBADF (Bad file descriptor) [pid 15148] exit_group(0) = ? [pid 15149] <... futex resumed>) = ? [pid 15152] <... futex resumed>) = 230 [pid 15149] +++ exited with 0 +++ [pid 15152] +++ exited with 0 +++ [pid 15148] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9568, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2505", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2505", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2505/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2505/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2505/binderfs") = 0 [ 301.658956][T15149] EXT4-fs (loop0): 1 truncate cleaned up [ 301.673409][T15152] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5886: Corrupt filesystem [pid 289] umount2("./2505/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2505/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2505/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2505/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2505/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2505/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2505") = 0 [pid 289] mkdir("./2506", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9571 ./strace-static-x86_64: Process 15153 attached [pid 15153] set_robust_list(0x555556f746a0, 24) = 0 [pid 15153] chdir("./2506") = 0 [pid 15153] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15153] setpgid(0, 0) = 0 [pid 15153] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15153] write(3, "1000", 4) = 4 [pid 15153] close(3) = 0 [pid 15153] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15153] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15153] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15153] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15153] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15153] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15153] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15153] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0}./strace-static-x86_64: Process 15154 attached => {parent_tid=[9572]}, 88) = 9572 [pid 15154] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15154] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15154] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15153] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15153] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15154] <... futex resumed>) = 0 [pid 15154] memfd_create("syzkaller", 0) = 3 [pid 15154] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15153] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15154] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15154] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15154] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15154] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15154] close(3) = 0 [pid 15154] mkdir("./file1", 0777) = 0 [pid 15154] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15154] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15154] chdir("./file1") = 0 [pid 15154] ioctl(4, LOOP_CLR_FD) = 0 [pid 15154] close(4) = 0 [pid 15154] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15153] <... futex resumed>) = 0 [pid 15153] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15153] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15154] <... futex resumed>) = 1 [pid 15154] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15154] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15153] <... futex resumed>) = 0 [pid 15153] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15153] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15153] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15153] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15153] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15153] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[9573]}, 88) = 9573 [pid 15153] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15153] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15153] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15153] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 15153] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15153] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15153] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[9574]}, 88) = 9574 [pid 15153] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15153] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15153] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15154] <... futex resumed>) = 1 [pid 15154] memfd_create("syzkaller", 0) = 4 [pid 15154] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15154] close(4) = 0 [pid 15154] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15154] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 15158 attached [pid 15158] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 15158] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15158] memfd_create("syzkaller", 0) = 4 [pid 15158] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15158] close(4) = 0 [pid 15158] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15153] <... futex resumed>) = 0 [pid 15153] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15153] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15154] <... futex resumed>) = 0 [pid 15154] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 15158] <... futex resumed>) = 1 [pid 15158] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 15157 attached [pid 15157] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 15157] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15157] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0) = 0 [pid 15157] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15157] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15154] <... open resumed>) = 4 [pid 15154] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15153] <... futex resumed>) = 0 [pid 15153] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15153] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15154] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 15154] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15153] <... futex resumed>) = 0 [pid 15153] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15153] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15154] <... futex resumed>) = 1 [pid 15154] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 15154] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15153] <... futex resumed>) = 0 [pid 15153] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15153] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15154] <... futex resumed>) = 1 [pid 15154] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 15154] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15153] <... futex resumed>) = 0 [pid 15153] close(3) = 0 [pid 15153] close(4) = 0 [pid 15153] close(5 [pid 15154] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15153] <... close resumed>) = 0 [pid 15153] close(6) = -1 EBADF (Bad file descriptor) [pid 15153] close(7) = -1 EBADF (Bad file descriptor) [pid 15153] close(8) = -1 EBADF (Bad file descriptor) [pid 15153] close(9) = -1 EBADF (Bad file descriptor) [pid 15153] close(10) = -1 EBADF (Bad file descriptor) [pid 15153] close(11) = -1 EBADF (Bad file descriptor) [pid 15153] close(12) = -1 EBADF (Bad file descriptor) [pid 15153] close(13) = -1 EBADF (Bad file descriptor) [pid 15153] close(14) = -1 EBADF (Bad file descriptor) [pid 15153] close(15) = -1 EBADF (Bad file descriptor) [pid 15153] close(16) = -1 EBADF (Bad file descriptor) [pid 15153] close(17) = -1 EBADF (Bad file descriptor) [pid 15153] close(18) = -1 EBADF (Bad file descriptor) [pid 15153] close(19) = -1 EBADF (Bad file descriptor) [pid 15153] close(20) = -1 EBADF (Bad file descriptor) [pid 15153] close(21) = -1 EBADF (Bad file descriptor) [pid 15153] close(22) = -1 EBADF (Bad file descriptor) [pid 15153] close(23) = -1 EBADF (Bad file descriptor) [pid 15153] close(24) = -1 EBADF (Bad file descriptor) [pid 15153] close(25) = -1 EBADF (Bad file descriptor) [pid 15153] close(26) = -1 EBADF (Bad file descriptor) [pid 15153] close(27) = -1 EBADF (Bad file descriptor) [pid 15153] close(28) = -1 EBADF (Bad file descriptor) [pid 15153] close(29) = -1 EBADF (Bad file descriptor) [pid 15153] exit_group(0) = ? [pid 15158] <... futex resumed>) = ? [pid 15157] <... futex resumed>) = 231 [pid 15158] +++ exited with 0 +++ [pid 15157] +++ exited with 0 +++ [pid 15154] <... futex resumed>) = ? [pid 15154] +++ exited with 0 +++ [pid 15153] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9571, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2506", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2506", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2506/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2506/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2506/binderfs") = 0 [ 301.792765][T15154] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2506/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2506/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2506/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2506/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2506/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2506/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2506") = 0 [pid 289] mkdir("./2507", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9575 ./strace-static-x86_64: Process 15159 attached [pid 15159] set_robust_list(0x555556f746a0, 24) = 0 [pid 15159] chdir("./2507") = 0 [pid 15159] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15159] setpgid(0, 0) = 0 [pid 15159] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15159] write(3, "1000", 4) = 4 [pid 15159] close(3) = 0 [pid 15159] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15159] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15159] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15159] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15159] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15159] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15159] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15159] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[9576]}, 88) = 9576 [pid 15159] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15159] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15159] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15160 attached [pid 15160] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15160] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15160] memfd_create("syzkaller", 0) = 3 [pid 15160] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15160] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15160] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15160] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15160] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15160] close(3) = 0 [pid 15160] mkdir("./file1", 0777) = 0 [pid 15160] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15160] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15160] chdir("./file1") = 0 [pid 15160] ioctl(4, LOOP_CLR_FD) = 0 [pid 15160] close(4) = 0 [pid 15160] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15159] <... futex resumed>) = 0 [pid 15159] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15159] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15160] <... futex resumed>) = 1 [pid 15160] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15160] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15159] <... futex resumed>) = 0 [pid 15159] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15159] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15159] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15159] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15159] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15159] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[9577]}, 88) = 9577 [pid 15159] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15159] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15159] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15159] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 15159] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15159] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15159] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0}./strace-static-x86_64: Process 15164 attached ./strace-static-x86_64: Process 15163 attached [pid 15160] <... futex resumed>) = 1 [pid 15159] <... clone3 resumed> => {parent_tid=[9578]}, 88) = 9578 [pid 15159] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15159] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15164] set_robust_list(0x7fbc5ef0b9a0, 24 [pid 15163] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 15160] memfd_create("syzkaller", 0 [pid 15159] <... futex resumed>) = 0 [pid 15163] <... set_robust_list resumed>) = 0 [pid 15159] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15163] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15163] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 15164] <... set_robust_list resumed>) = 0 [pid 15163] <... setxattr resumed>) = 0 [pid 15160] <... memfd_create resumed>) = 4 [pid 15163] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15163] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15164] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15164] memfd_create("syzkaller", 0) = 5 [pid 15160] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 15164] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15164] close(5) = 0 [pid 15164] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15159] <... futex resumed>) = 0 [pid 15159] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15159] futex(0x7fbc673d96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15163] <... futex resumed>) = 0 [pid 15163] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 15164] <... futex resumed>) = 1 [pid 15164] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15163] <... open resumed>) = 5 [pid 15163] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15159] <... futex resumed>) = 0 [pid 15159] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15159] futex(0x7fbc673d96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15163] <... futex resumed>) = 1 [pid 15163] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 15163] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15159] <... futex resumed>) = 0 [pid 15159] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15159] futex(0x7fbc673d96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15163] <... futex resumed>) = 1 [pid 15163] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 15163] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15159] <... futex resumed>) = 0 [pid 15159] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15159] futex(0x7fbc673d96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15163] <... futex resumed>) = 1 [pid 15163] write(6, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 15160] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 15160] close(4) = 0 [pid 15160] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15160] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15163] <... write resumed>) = 262144 [pid 15163] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15163] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15159] <... futex resumed>) = 0 [pid 15159] close(3) = 0 [pid 15159] close(4) = -1 EBADF (Bad file descriptor) [pid 15159] close(5) = 0 [pid 15159] close(6) = 0 [pid 15159] close(7) = -1 EBADF (Bad file descriptor) [pid 15159] close(8) = -1 EBADF (Bad file descriptor) [pid 15159] close(9) = -1 EBADF (Bad file descriptor) [pid 15159] close(10) = -1 EBADF (Bad file descriptor) [pid 15159] close(11) = -1 EBADF (Bad file descriptor) [pid 15159] close(12) = -1 EBADF (Bad file descriptor) [pid 15159] close(13) = -1 EBADF (Bad file descriptor) [pid 15159] close(14) = -1 EBADF (Bad file descriptor) [pid 15159] close(15) = -1 EBADF (Bad file descriptor) [pid 15159] close(16) = -1 EBADF (Bad file descriptor) [pid 15159] close(17) = -1 EBADF (Bad file descriptor) [pid 15159] close(18) = -1 EBADF (Bad file descriptor) [pid 15159] close(19) = -1 EBADF (Bad file descriptor) [pid 15159] close(20) = -1 EBADF (Bad file descriptor) [pid 15159] close(21) = -1 EBADF (Bad file descriptor) [pid 15159] close(22) = -1 EBADF (Bad file descriptor) [pid 15159] close(23) = -1 EBADF (Bad file descriptor) [pid 15159] close(24) = -1 EBADF (Bad file descriptor) [pid 15159] close(25) = -1 EBADF (Bad file descriptor) [pid 15159] close(26) = -1 EBADF (Bad file descriptor) [pid 15159] close(27) = -1 EBADF (Bad file descriptor) [pid 15159] close(28) = -1 EBADF (Bad file descriptor) [pid 15159] close(29) = -1 EBADF (Bad file descriptor) [pid 15159] exit_group(0) = ? [pid 15160] <... futex resumed>) = ? [pid 15160] +++ exited with 0 +++ [pid 15163] <... futex resumed>) = ? [pid 15164] <... futex resumed>) = ? [pid 15163] +++ exited with 0 +++ [pid 15164] +++ exited with 0 +++ [pid 15159] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9575, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2507", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2507", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2507/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2507/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2507/binderfs") = 0 [ 301.901029][T15160] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2507/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2507/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2507/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2507/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2507/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2507/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2507") = 0 [pid 289] mkdir("./2508", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9579 ./strace-static-x86_64: Process 15165 attached [pid 15165] set_robust_list(0x555556f746a0, 24) = 0 [pid 15165] chdir("./2508") = 0 [pid 15165] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15165] setpgid(0, 0) = 0 [pid 15165] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15165] write(3, "1000", 4) = 4 [pid 15165] close(3) = 0 [pid 15165] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15165] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15165] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15165] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15165] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15165] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15165] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15165] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[9580]}, 88) = 9580 [pid 15165] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15165] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15165] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15166 attached [pid 15166] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15166] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15166] memfd_create("syzkaller", 0) = 3 [pid 15166] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15166] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15166] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15166] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15166] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15166] close(3) = 0 [pid 15166] mkdir("./file1", 0777) = 0 [pid 15166] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15166] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15166] chdir("./file1") = 0 [pid 15166] ioctl(4, LOOP_CLR_FD) = 0 [pid 15166] close(4) = 0 [pid 15166] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15165] <... futex resumed>) = 0 [pid 15165] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15166] setxattr("./file1", NULL, NULL, 0, 0 [pid 15165] <... futex resumed>) = 0 [pid 15165] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15166] <... setxattr resumed>) = -1 EFAULT (Bad address) [pid 15166] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15165] <... futex resumed>) = 0 [pid 15165] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15165] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15165] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15165] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15165] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15165] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} [pid 15166] memfd_create("syzkaller", 0./strace-static-x86_64: Process 15169 attached [pid 15165] <... clone3 resumed> => {parent_tid=[9581]}, 88) = 9581 [pid 15165] rt_sigprocmask(SIG_SETMASK, [], [pid 15166] <... memfd_create resumed>) = 4 [pid 15165] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15165] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15165] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15165] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 15165] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15165] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15165] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} [pid 15166] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 15165] <... clone3 resumed> => {parent_tid=[9582]}, 88) = 9582 [pid 15166] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 15165] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15165] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15165] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15170 attached [pid 15169] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 15166] close(4 [pid 15169] <... set_robust_list resumed>) = 0 [pid 15166] <... close resumed>) = 0 [pid 15170] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 15169] rt_sigprocmask(SIG_SETMASK, [], [pid 15166] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15170] rt_sigprocmask(SIG_SETMASK, [], [pid 15169] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15166] <... futex resumed>) = 0 [pid 15170] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15169] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 15166] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15169] <... setxattr resumed>) = 0 [pid 15169] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15170] memfd_create("syzkaller", 0 [pid 15169] <... futex resumed>) = 0 [pid 15170] <... memfd_create resumed>) = 4 [pid 15170] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 15169] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15170] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 15170] close(4) = 0 [pid 15170] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15165] <... futex resumed>) = 0 [pid 15170] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15165] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15166] <... futex resumed>) = 0 [pid 15165] <... futex resumed>) = 1 [pid 15166] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 15165] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15166] <... open resumed>) = 4 [pid 15166] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15165] <... futex resumed>) = 0 [pid 15166] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15165] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15166] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15165] <... futex resumed>) = 0 [pid 15166] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 15165] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15166] <... mount resumed>) = 0 [pid 15166] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15165] <... futex resumed>) = 0 [pid 15166] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15165] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15166] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15165] <... futex resumed>) = 0 [pid 15166] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 15165] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15166] <... open resumed>) = 5 [pid 15166] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15165] <... futex resumed>) = 0 [pid 15166] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15165] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15166] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15166] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 15165] <... futex resumed>) = 0 [pid 15165] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15166] <... write resumed>) = 262144 [pid 15166] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15165] <... futex resumed>) = 0 [pid 15165] close(3) = 0 [pid 15165] close(4) = 0 [pid 15165] close(5 [pid 15166] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15165] <... close resumed>) = 0 [pid 15165] close(6) = -1 EBADF (Bad file descriptor) [pid 15165] close(7) = -1 EBADF (Bad file descriptor) [pid 15165] close(8) = -1 EBADF (Bad file descriptor) [pid 15165] close(9) = -1 EBADF (Bad file descriptor) [pid 15165] close(10) = -1 EBADF (Bad file descriptor) [pid 15165] close(11) = -1 EBADF (Bad file descriptor) [pid 15165] close(12) = -1 EBADF (Bad file descriptor) [pid 15165] close(13) = -1 EBADF (Bad file descriptor) [pid 15165] close(14) = -1 EBADF (Bad file descriptor) [pid 15165] close(15) = -1 EBADF (Bad file descriptor) [pid 15165] close(16) = -1 EBADF (Bad file descriptor) [pid 15165] close(17) = -1 EBADF (Bad file descriptor) [pid 15165] close(18) = -1 EBADF (Bad file descriptor) [pid 15165] close(19) = -1 EBADF (Bad file descriptor) [pid 15165] close(20) = -1 EBADF (Bad file descriptor) [pid 15165] close(21) = -1 EBADF (Bad file descriptor) [pid 15165] close(22) = -1 EBADF (Bad file descriptor) [pid 15165] close(23) = -1 EBADF (Bad file descriptor) [pid 15165] close(24) = -1 EBADF (Bad file descriptor) [pid 15165] close(25) = -1 EBADF (Bad file descriptor) [pid 15165] close(26) = -1 EBADF (Bad file descriptor) [pid 15165] close(27) = -1 EBADF (Bad file descriptor) [pid 15165] close(28) = -1 EBADF (Bad file descriptor) [pid 15165] close(29) = -1 EBADF (Bad file descriptor) [pid 15165] exit_group(0 [pid 15166] <... futex resumed>) = ? [pid 15169] <... futex resumed>) = ? [pid 15165] <... exit_group resumed>) = ? [pid 15169] +++ exited with 0 +++ [pid 15166] +++ exited with 0 +++ [pid 15170] <... futex resumed>) = ? [pid 15170] +++ exited with 0 +++ [pid 15165] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9579, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2508", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2508", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2508/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2508/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2508/binderfs") = 0 [ 302.023455][T15166] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2508/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2508/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2508/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2508/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2508/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2508/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2508") = 0 [pid 289] mkdir("./2509", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9583 ./strace-static-x86_64: Process 15171 attached [pid 15171] set_robust_list(0x555556f746a0, 24) = 0 [pid 15171] chdir("./2509") = 0 [pid 15171] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15171] setpgid(0, 0) = 0 [pid 15171] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15171] write(3, "1000", 4) = 4 [pid 15171] close(3) = 0 [pid 15171] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15171] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15171] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15171] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15171] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15171] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15171] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15171] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0}./strace-static-x86_64: Process 15172 attached => {parent_tid=[9584]}, 88) = 9584 [pid 15171] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15171] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15172] set_robust_list(0x7fbc6730d9a0, 24 [pid 15171] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15172] <... set_robust_list resumed>) = 0 [pid 15172] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15172] memfd_create("syzkaller", 0) = 3 [pid 15172] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15172] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15172] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15172] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15172] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15172] close(3) = 0 [pid 15172] mkdir("./file1", 0777) = 0 [pid 15172] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15172] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15172] chdir("./file1") = 0 [pid 15172] ioctl(4, LOOP_CLR_FD) = 0 [pid 15172] close(4) = 0 [pid 15172] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15171] <... futex resumed>) = 0 [pid 15171] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15171] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15172] <... futex resumed>) = 1 [pid 15172] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15172] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15171] <... futex resumed>) = 0 [pid 15171] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15171] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15171] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15171] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15171] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15171] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[9585]}, 88) = 9585 [pid 15171] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15171] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 15175 attached [pid 15172] <... futex resumed>) = 1 [pid 15171] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15175] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 15172] memfd_create("syzkaller", 0 [pid 15175] <... set_robust_list resumed>) = 0 [pid 15172] <... memfd_create resumed>) = 4 [pid 15175] rt_sigprocmask(SIG_SETMASK, [], [pid 15171] <... futex resumed>) = 0 [pid 15172] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15172] close(4) = 0 [pid 15172] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15172] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15175] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15175] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 15171] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 15175] <... setxattr resumed>) = 0 [pid 15171] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE [pid 15175] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15175] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15171] <... mprotect resumed>) = 0 [pid 15171] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15171] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[9586]}, 88) = 9586 ./strace-static-x86_64: Process 15176 attached [pid 15171] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15171] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15171] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15176] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 15176] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15176] memfd_create("syzkaller", 0) = 4 [pid 15176] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15176] close(4) = 0 [pid 15176] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15171] <... futex resumed>) = 0 [pid 15171] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15171] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15172] <... futex resumed>) = 0 [pid 15172] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 15176] <... futex resumed>) = 1 [pid 15176] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15172] <... open resumed>) = 4 [pid 15172] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15171] <... futex resumed>) = 0 [pid 15171] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15171] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15172] <... futex resumed>) = 1 [pid 15172] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 15172] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15171] <... futex resumed>) = 0 [pid 15171] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15171] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15172] <... futex resumed>) = 1 [pid 15172] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 15172] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15171] <... futex resumed>) = 0 [pid 15171] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15171] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15172] <... futex resumed>) = 1 [pid 15172] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 15172] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15171] <... futex resumed>) = 0 [pid 15171] close(3) = 0 [pid 15171] close(4) = 0 [pid 15171] close(5) = 0 [pid 15171] close(6) = -1 EBADF (Bad file descriptor) [pid 15171] close(7) = -1 EBADF (Bad file descriptor) [pid 15171] close(8) = -1 EBADF (Bad file descriptor) [pid 15171] close(9) = -1 EBADF (Bad file descriptor) [pid 15171] close(10) = -1 EBADF (Bad file descriptor) [pid 15171] close(11) = -1 EBADF (Bad file descriptor) [pid 15171] close(12) = -1 EBADF (Bad file descriptor) [pid 15171] close(13) = -1 EBADF (Bad file descriptor) [pid 15171] close(14) = -1 EBADF (Bad file descriptor) [pid 15171] close(15) = -1 EBADF (Bad file descriptor) [pid 15171] close(16) = -1 EBADF (Bad file descriptor) [pid 15171] close(17) = -1 EBADF (Bad file descriptor) [pid 15171] close(18) = -1 EBADF (Bad file descriptor) [pid 15171] close(19) = -1 EBADF (Bad file descriptor) [pid 15171] close(20) = -1 EBADF (Bad file descriptor) [pid 15171] close(21) = -1 EBADF (Bad file descriptor) [pid 15171] close(22) = -1 EBADF (Bad file descriptor) [pid 15171] close(23) = -1 EBADF (Bad file descriptor) [pid 15171] close(24) = -1 EBADF (Bad file descriptor) [pid 15171] close(25) = -1 EBADF (Bad file descriptor) [pid 15171] close(26) = -1 EBADF (Bad file descriptor) [pid 15172] <... futex resumed>) = 1 [pid 15171] close(27) = -1 EBADF (Bad file descriptor) [pid 15171] close(28) = -1 EBADF (Bad file descriptor) [pid 15171] close(29) = -1 EBADF (Bad file descriptor) [pid 15171] exit_group(0) = ? [pid 15175] <... futex resumed>) = ? [pid 15175] +++ exited with 0 +++ [pid 15172] +++ exited with 0 +++ [pid 15176] <... futex resumed>) = ? [pid 15176] +++ exited with 0 +++ [pid 15171] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9583, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 289] umount2("./2509", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2509", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2509/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2509/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2509/binderfs") = 0 [pid 289] umount2("./2509/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2509/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2509/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2509/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2509/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2509/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2509") = 0 [pid 289] mkdir("./2510", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9587 ./strace-static-x86_64: Process 15177 attached [pid 15177] set_robust_list(0x555556f746a0, 24) = 0 [pid 15177] chdir("./2510") = 0 [pid 15177] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15177] setpgid(0, 0) = 0 [pid 15177] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15177] write(3, "1000", 4) = 4 [pid 15177] close(3) = 0 [pid 15177] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15177] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15177] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15177] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15177] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15177] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15177] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15177] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[9588]}, 88) = 9588 [pid 15177] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15177] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15177] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15178 attached [pid 15178] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15178] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15178] memfd_create("syzkaller", 0) = 3 [pid 15178] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15178] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15178] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15178] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15178] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15178] close(3) = 0 [pid 15178] mkdir("./file1", 0777) = 0 [ 302.105526][T15172] EXT4-fs (loop0): 1 truncate cleaned up [pid 15178] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15178] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15178] chdir("./file1") = 0 [pid 15178] ioctl(4, LOOP_CLR_FD) = 0 [pid 15178] close(4) = 0 [pid 15178] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15177] <... futex resumed>) = 0 [pid 15177] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15177] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15178] <... futex resumed>) = 1 [pid 15178] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15178] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15177] <... futex resumed>) = 0 [pid 15177] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15177] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15177] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15177] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15177] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15177] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[9589]}, 88) = 9589 ./strace-static-x86_64: Process 15181 attached [pid 15177] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15177] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15177] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15177] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 15177] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15177] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15177] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[9590]}, 88) = 9590 [pid 15177] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15177] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15177] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15178] <... futex resumed>) = 1 [pid 15178] memfd_create("syzkaller", 0) = 4 [pid 15178] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15178] close(4) = 0 [pid 15178] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15178] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 15182 attached [pid 15181] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 15182] set_robust_list(0x7fbc5ef0b9a0, 24 [pid 15181] rt_sigprocmask(SIG_SETMASK, [], [pid 15182] <... set_robust_list resumed>) = 0 [pid 15181] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15181] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 15182] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15182] memfd_create("syzkaller", 0) = 4 [pid 15182] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 15181] <... setxattr resumed>) = 0 [pid 15182] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 15182] close(4) = 0 [pid 15182] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15177] <... futex resumed>) = 0 [pid 15177] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15177] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15178] <... futex resumed>) = 0 [pid 15178] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 15181] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15178] <... open resumed>) = 4 [pid 15178] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15177] <... futex resumed>) = 0 [pid 15177] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15177] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15178] <... futex resumed>) = 1 [pid 15178] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 15181] <... futex resumed>) = 0 [pid 15178] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15177] <... futex resumed>) = 0 [pid 15177] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15177] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15178] <... futex resumed>) = 1 [pid 15178] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 15178] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15177] <... futex resumed>) = 0 [pid 15177] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15177] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15178] <... futex resumed>) = 1 [pid 15178] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 15181] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15182] <... futex resumed>) = 1 [pid 15182] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15178] <... write resumed>) = 262144 [pid 15178] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15177] <... futex resumed>) = 0 [pid 15177] close(3) = 0 [pid 15177] close(4) = 0 [pid 15177] close(5) = 0 [pid 15177] close(6) = -1 EBADF (Bad file descriptor) [pid 15177] close(7) = -1 EBADF (Bad file descriptor) [pid 15177] close(8) = -1 EBADF (Bad file descriptor) [pid 15177] close(9) = -1 EBADF (Bad file descriptor) [pid 15177] close(10) = -1 EBADF (Bad file descriptor) [pid 15177] close(11) = -1 EBADF (Bad file descriptor) [pid 15177] close(12) = -1 EBADF (Bad file descriptor) [pid 15177] close(13) = -1 EBADF (Bad file descriptor) [pid 15177] close(14) = -1 EBADF (Bad file descriptor) [pid 15177] close(15) = -1 EBADF (Bad file descriptor) [pid 15177] close(16) = -1 EBADF (Bad file descriptor) [pid 15177] close(17) = -1 EBADF (Bad file descriptor) [pid 15177] close(18) = -1 EBADF (Bad file descriptor) [pid 15177] close(19) = -1 EBADF (Bad file descriptor) [pid 15177] close(20) = -1 EBADF (Bad file descriptor) [pid 15177] close(21) = -1 EBADF (Bad file descriptor) [pid 15177] close(22) = -1 EBADF (Bad file descriptor) [pid 15177] close(23) = -1 EBADF (Bad file descriptor) [pid 15177] close(24) = -1 EBADF (Bad file descriptor) [pid 15177] close(25) = -1 EBADF (Bad file descriptor) [pid 15177] close(26) = -1 EBADF (Bad file descriptor) [pid 15177] close(27) = -1 EBADF (Bad file descriptor) [pid 15177] close(28) = -1 EBADF (Bad file descriptor) [pid 15177] close(29) = -1 EBADF (Bad file descriptor) [pid 15177] exit_group(0) = ? [pid 15181] <... futex resumed>) = ? [pid 15181] +++ exited with 0 +++ [pid 15182] <... futex resumed>) = 231 [pid 15182] +++ exited with 0 +++ [pid 15178] <... futex resumed>) = ? [pid 15178] +++ exited with 0 +++ [pid 15177] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9587, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2510", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2510", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2510/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2510/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2510/binderfs") = 0 [ 302.158519][T15178] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2510/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2510/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2510/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2510/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2510/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2510/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2510") = 0 [pid 289] mkdir("./2511", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9591 ./strace-static-x86_64: Process 15183 attached [pid 15183] set_robust_list(0x555556f746a0, 24) = 0 [pid 15183] chdir("./2511") = 0 [pid 15183] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15183] setpgid(0, 0) = 0 [pid 15183] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15183] write(3, "1000", 4) = 4 [pid 15183] close(3) = 0 [pid 15183] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15183] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15183] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15183] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15183] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15183] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15183] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15183] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[9592]}, 88) = 9592 [pid 15183] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15183] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15183] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15184 attached [pid 15184] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15184] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15184] memfd_create("syzkaller", 0) = 3 [pid 15184] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15184] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15184] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15184] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15184] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15184] close(3) = 0 [pid 15184] mkdir("./file1", 0777) = 0 [pid 15184] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15184] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15184] chdir("./file1") = 0 [pid 15184] ioctl(4, LOOP_CLR_FD) = 0 [pid 15184] close(4) = 0 [pid 15184] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15184] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15183] <... futex resumed>) = 0 [pid 15183] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15184] <... futex resumed>) = 0 [pid 15183] <... futex resumed>) = 1 [pid 15183] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15184] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15184] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15183] <... futex resumed>) = 0 [pid 15184] <... futex resumed>) = 1 [pid 15183] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15184] memfd_create("syzkaller", 0 [pid 15183] <... futex resumed>) = 0 [pid 15184] <... memfd_create resumed>) = 4 [pid 15183] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15183] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15183] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15183] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15183] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[9593]}, 88) = 9593 [pid 15183] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15183] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15183] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15183] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 ./strace-static-x86_64: Process 15187 attached [pid 15183] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15183] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15183] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[9594]}, 88) = 9594 [pid 15183] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15183] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15183] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15184] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15184] close(4) = 0 [pid 15184] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15184] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 15188 attached [pid 15188] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 15188] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15188] memfd_create("syzkaller", 0) = 4 [pid 15187] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 15188] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15188] close(4) = 0 [pid 15188] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15183] <... futex resumed>) = 0 [pid 15183] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15183] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15184] <... futex resumed>) = 0 [pid 15184] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 15188] <... futex resumed>) = 1 [pid 15187] <... set_robust_list resumed>) = 0 [pid 15188] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15187] rt_sigprocmask(SIG_SETMASK, [], [pid 15184] <... open resumed>) = 4 [pid 15187] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15187] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 15184] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15187] <... setxattr resumed>) = 0 [pid 15184] <... futex resumed>) = 1 [pid 15183] <... futex resumed>) = 0 [pid 15183] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15183] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15184] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 15187] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15184] <... mount resumed>) = 0 [pid 15187] <... futex resumed>) = 0 [pid 15187] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15184] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15183] <... futex resumed>) = 0 [pid 15184] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 15183] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15184] <... open resumed>) = 5 [pid 15183] <... futex resumed>) = 0 [pid 15184] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15183] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15184] <... futex resumed>) = 0 [pid 15183] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15184] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 15183] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15183] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15184] <... write resumed>) = 262144 [pid 15184] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15183] <... futex resumed>) = 0 [pid 15184] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15183] close(3) = 0 [pid 15183] close(4) = 0 [pid 15183] close(5) = 0 [pid 15183] close(6) = -1 EBADF (Bad file descriptor) [pid 15183] close(7) = -1 EBADF (Bad file descriptor) [pid 15183] close(8) = -1 EBADF (Bad file descriptor) [pid 15183] close(9) = -1 EBADF (Bad file descriptor) [pid 15183] close(10) = -1 EBADF (Bad file descriptor) [pid 15183] close(11) = -1 EBADF (Bad file descriptor) [pid 15183] close(12) = -1 EBADF (Bad file descriptor) [pid 15183] close(13) = -1 EBADF (Bad file descriptor) [pid 15183] close(14) = -1 EBADF (Bad file descriptor) [pid 15183] close(15) = -1 EBADF (Bad file descriptor) [pid 15183] close(16) = -1 EBADF (Bad file descriptor) [pid 15183] close(17) = -1 EBADF (Bad file descriptor) [pid 15183] close(18) = -1 EBADF (Bad file descriptor) [pid 15183] close(19) = -1 EBADF (Bad file descriptor) [pid 15183] close(20) = -1 EBADF (Bad file descriptor) [pid 15183] close(21) = -1 EBADF (Bad file descriptor) [pid 15183] close(22) = -1 EBADF (Bad file descriptor) [pid 15183] close(23) = -1 EBADF (Bad file descriptor) [pid 15183] close(24) = -1 EBADF (Bad file descriptor) [pid 15183] close(25) = -1 EBADF (Bad file descriptor) [pid 15183] close(26) = -1 EBADF (Bad file descriptor) [pid 15183] close(27) = -1 EBADF (Bad file descriptor) [pid 15183] close(28) = -1 EBADF (Bad file descriptor) [pid 15183] close(29) = -1 EBADF (Bad file descriptor) [pid 15183] exit_group(0) = ? [pid 15184] <... futex resumed>) = ? [pid 15188] <... futex resumed>) = ? [pid 15188] +++ exited with 0 +++ [pid 15184] +++ exited with 0 +++ [pid 15187] <... futex resumed>) = ? [pid 15187] +++ exited with 0 +++ [pid 15183] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9591, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2511", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2511", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2511/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2511/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2511/binderfs") = 0 [pid 289] umount2("./2511/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2511/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2511/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2511/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2511/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2511/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2511") = 0 [pid 289] mkdir("./2512", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9595 ./strace-static-x86_64: Process 15189 attached [pid 15189] set_robust_list(0x555556f746a0, 24) = 0 [pid 15189] chdir("./2512") = 0 [pid 15189] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15189] setpgid(0, 0) = 0 [pid 15189] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15189] write(3, "1000", 4) = 4 [pid 15189] close(3) = 0 [pid 15189] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15189] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15189] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15189] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15189] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15189] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15189] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15189] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0}./strace-static-x86_64: Process 15190 attached => {parent_tid=[9596]}, 88) = 9596 [pid 15190] set_robust_list(0x7fbc6730d9a0, 24 [pid 15189] rt_sigprocmask(SIG_SETMASK, [], [pid 15190] <... set_robust_list resumed>) = 0 [pid 15189] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15190] rt_sigprocmask(SIG_SETMASK, [], [pid 15189] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15190] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15189] <... futex resumed>) = 0 [pid 15190] memfd_create("syzkaller", 0 [pid 15189] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15190] <... memfd_create resumed>) = 3 [pid 15190] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15190] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15190] munmap(0x7fbc5eeed000, 262144) = 0 [ 302.228204][T15184] EXT4-fs (loop0): 1 truncate cleaned up [pid 15190] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15190] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15190] close(3) = 0 [pid 15190] mkdir("./file1", 0777) = 0 [pid 15190] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15190] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15190] chdir("./file1") = 0 [pid 15190] ioctl(4, LOOP_CLR_FD) = 0 [pid 15190] close(4) = 0 [pid 15190] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15189] <... futex resumed>) = 0 [pid 15189] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15189] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15190] <... futex resumed>) = 1 [pid 15190] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15190] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15189] <... futex resumed>) = 0 [pid 15189] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15189] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15189] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15189] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15189] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15189] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[9597]}, 88) = 9597 [pid 15189] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15189] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15189] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15189] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 15189] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15189] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15189] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[9598]}, 88) = 9598 [pid 15189] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15189] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15189] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15190] <... futex resumed>) = 1 [pid 15190] memfd_create("syzkaller", 0) = 4 [pid 15190] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15190] close(4) = 0 [pid 15190] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 15193 attached [pid 15193] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 15193] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15193] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 15190] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 15194 attached [pid 15194] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 15194] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15194] memfd_create("syzkaller", 0) = 4 [pid 15194] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15194] close(4) = 0 [pid 15194] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15189] <... futex resumed>) = 0 [pid 15189] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15189] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15190] <... futex resumed>) = 0 [pid 15190] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 15190] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15189] <... futex resumed>) = 0 [pid 15189] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15189] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15190] <... futex resumed>) = 1 [pid 15190] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 15193] <... setxattr resumed>) = 0 [pid 15190] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15189] <... futex resumed>) = 0 [pid 15189] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15189] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15190] <... futex resumed>) = 1 [pid 15190] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 15190] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15189] <... futex resumed>) = 0 [pid 15189] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15189] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15190] <... futex resumed>) = 1 [pid 15190] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 15193] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15193] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15194] <... futex resumed>) = 1 [pid 15194] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15190] <... write resumed>) = 262144 [pid 15190] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15189] <... futex resumed>) = 0 [pid 15189] close(3) = 0 [pid 15189] close(4) = 0 [pid 15189] close(5) = 0 [pid 15190] <... futex resumed>) = 1 [pid 15190] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15189] close(6) = -1 EBADF (Bad file descriptor) [pid 15189] close(7) = -1 EBADF (Bad file descriptor) [pid 15189] close(8) = -1 EBADF (Bad file descriptor) [pid 15189] close(9) = -1 EBADF (Bad file descriptor) [pid 15189] close(10) = -1 EBADF (Bad file descriptor) [pid 15189] close(11) = -1 EBADF (Bad file descriptor) [pid 15189] close(12) = -1 EBADF (Bad file descriptor) [pid 15189] close(13) = -1 EBADF (Bad file descriptor) [pid 15189] close(14) = -1 EBADF (Bad file descriptor) [pid 15189] close(15) = -1 EBADF (Bad file descriptor) [pid 15189] close(16) = -1 EBADF (Bad file descriptor) [pid 15189] close(17) = -1 EBADF (Bad file descriptor) [pid 15189] close(18) = -1 EBADF (Bad file descriptor) [pid 15189] close(19) = -1 EBADF (Bad file descriptor) [pid 15189] close(20) = -1 EBADF (Bad file descriptor) [pid 15189] close(21) = -1 EBADF (Bad file descriptor) [pid 15189] close(22) = -1 EBADF (Bad file descriptor) [pid 15189] close(23) = -1 EBADF (Bad file descriptor) [pid 15189] close(24) = -1 EBADF (Bad file descriptor) [pid 15189] close(25) = -1 EBADF (Bad file descriptor) [pid 15189] close(26) = -1 EBADF (Bad file descriptor) [pid 15189] close(27) = -1 EBADF (Bad file descriptor) [pid 15189] close(28) = -1 EBADF (Bad file descriptor) [pid 15189] close(29) = -1 EBADF (Bad file descriptor) [pid 15189] exit_group(0) = ? [pid 15190] <... futex resumed>) = ? [pid 15190] +++ exited with 0 +++ [pid 15193] <... futex resumed>) = ? [pid 15194] <... futex resumed>) = ? [pid 15193] +++ exited with 0 +++ [pid 15194] +++ exited with 0 +++ [pid 15189] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9595, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2512", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2512", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2512/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2512/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2512/binderfs") = 0 [ 302.292730][T15190] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2512/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2512/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2512/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2512/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2512/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2512/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2512") = 0 [pid 289] mkdir("./2513", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9599 ./strace-static-x86_64: Process 15196 attached [pid 15196] set_robust_list(0x555556f746a0, 24) = 0 [pid 15196] chdir("./2513") = 0 [pid 15196] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15196] setpgid(0, 0) = 0 [pid 15196] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15196] write(3, "1000", 4) = 4 [pid 15196] close(3) = 0 [pid 15196] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15196] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15196] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15196] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15196] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15196] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15196] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15196] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[9600]}, 88) = 9600 [pid 15196] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15196] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15196] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15197 attached [pid 15197] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15197] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15197] memfd_create("syzkaller", 0) = 3 [pid 15197] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15197] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15197] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15197] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15197] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15197] close(3) = 0 [pid 15197] mkdir("./file1", 0777) = 0 [pid 15197] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15197] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15197] chdir("./file1") = 0 [pid 15197] ioctl(4, LOOP_CLR_FD) = 0 [pid 15197] close(4) = 0 [pid 15197] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15197] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15196] <... futex resumed>) = 0 [pid 15196] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15197] <... futex resumed>) = 0 [pid 15196] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15197] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15197] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15196] <... futex resumed>) = 0 [pid 15196] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15196] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15196] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15196] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15196] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15196] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[9601]}, 88) = 9601 [pid 15196] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15196] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15196] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15196] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 15196] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15196] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15196] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[9602]}, 88) = 9602 [pid 15196] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15196] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15196] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15197] memfd_create("syzkaller", 0) = 4 [pid 15197] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15197] close(4) = 0 [pid 15197] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15197] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 15200 attached [pid 15200] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 15200] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15200] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0) = 0 [pid 15200] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15200] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 15201 attached [pid 15201] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 15201] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15201] memfd_create("syzkaller", 0) = 4 [pid 15201] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15201] close(4) = 0 [pid 15201] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15196] <... futex resumed>) = 0 [pid 15196] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15197] <... futex resumed>) = 0 [pid 15196] <... futex resumed>) = 1 [pid 15197] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 15196] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15201] <... futex resumed>) = 1 [pid 15201] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15197] <... open resumed>) = 4 [pid 15197] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15196] <... futex resumed>) = 0 [pid 15197] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 15196] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15197] <... mount resumed>) = 0 [pid 15196] <... futex resumed>) = 0 [pid 15197] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15196] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15197] <... futex resumed>) = 0 [pid 15196] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15197] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 15196] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15197] <... open resumed>) = 5 [pid 15196] <... futex resumed>) = 0 [pid 15197] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15196] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15197] <... futex resumed>) = 0 [pid 15196] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15197] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 15196] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15196] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15197] <... write resumed>) = 262144 [pid 15197] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15196] <... futex resumed>) = 0 [pid 15196] close(3) = 0 [pid 15196] close(4) = 0 [pid 15196] close(5) = 0 [pid 15196] close(6) = -1 EBADF (Bad file descriptor) [pid 15196] close(7) = -1 EBADF (Bad file descriptor) [pid 15196] close(8) = -1 EBADF (Bad file descriptor) [pid 15196] close(9) = -1 EBADF (Bad file descriptor) [pid 15196] close(10) = -1 EBADF (Bad file descriptor) [pid 15196] close(11) = -1 EBADF (Bad file descriptor) [pid 15196] close(12) = -1 EBADF (Bad file descriptor) [pid 15196] close(13) = -1 EBADF (Bad file descriptor) [pid 15196] close(14) = -1 EBADF (Bad file descriptor) [pid 15196] close(15) = -1 EBADF (Bad file descriptor) [pid 15196] close(16) = -1 EBADF (Bad file descriptor) [pid 15196] close(17) = -1 EBADF (Bad file descriptor) [pid 15196] close(18) = -1 EBADF (Bad file descriptor) [pid 15196] close(19) = -1 EBADF (Bad file descriptor) [pid 15196] close(20) = -1 EBADF (Bad file descriptor) [pid 15196] close(21) = -1 EBADF (Bad file descriptor) [pid 15196] close(22) = -1 EBADF (Bad file descriptor) [pid 15196] close(23) = -1 EBADF (Bad file descriptor) [pid 15196] close(24) = -1 EBADF (Bad file descriptor) [pid 15196] close(25) = -1 EBADF (Bad file descriptor) [pid 15196] close(26) = -1 EBADF (Bad file descriptor) [pid 15196] close(27) = -1 EBADF (Bad file descriptor) [pid 15196] close(28) = -1 EBADF (Bad file descriptor) [pid 15196] close(29) = -1 EBADF (Bad file descriptor) [pid 15196] exit_group(0 [pid 15200] <... futex resumed>) = ? [pid 15196] <... exit_group resumed>) = ? [pid 15200] +++ exited with 0 +++ [pid 15197] <... futex resumed>) = ? [pid 15197] +++ exited with 0 +++ [pid 15201] <... futex resumed>) = ? [pid 15201] +++ exited with 0 +++ [pid 15196] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9599, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2513", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2513", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2513/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2513/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2513/binderfs") = 0 [pid 289] umount2("./2513/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2513/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2513/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2513/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2513/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2513/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2513") = 0 [pid 289] mkdir("./2514", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9603 ./strace-static-x86_64: Process 15202 attached [pid 15202] set_robust_list(0x555556f746a0, 24) = 0 [pid 15202] chdir("./2514") = 0 [pid 15202] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15202] setpgid(0, 0) = 0 [pid 15202] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15202] write(3, "1000", 4) = 4 [pid 15202] close(3) = 0 [pid 15202] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15202] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15202] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15202] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15202] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15202] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15202] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15202] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0}./strace-static-x86_64: Process 15203 attached => {parent_tid=[9604]}, 88) = 9604 [pid 15202] rt_sigprocmask(SIG_SETMASK, [], [pid 15203] set_robust_list(0x7fbc6730d9a0, 24 [pid 15202] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15202] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15202] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15203] <... set_robust_list resumed>) = 0 [pid 15203] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15203] memfd_create("syzkaller", 0) = 3 [pid 15203] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15203] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15203] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15203] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15203] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15203] close(3) = 0 [pid 15203] mkdir("./file1", 0777) = 0 [ 302.449203][T15197] EXT4-fs (loop0): 1 truncate cleaned up [pid 15203] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15203] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15203] chdir("./file1") = 0 [pid 15203] ioctl(4, LOOP_CLR_FD) = 0 [pid 15203] close(4) = 0 [pid 15203] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15202] <... futex resumed>) = 0 [pid 15202] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15202] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15203] <... futex resumed>) = 1 [pid 15203] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15203] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15202] <... futex resumed>) = 0 [pid 15202] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15202] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15202] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15202] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15202] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15202] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[9605]}, 88) = 9605 [pid 15202] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15202] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15202] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15202] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 15202] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15202] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15202] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[9606]}, 88) = 9606 [pid 15202] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15202] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15202] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15203] <... futex resumed>) = 1 [pid 15203] memfd_create("syzkaller", 0) = 4 ./strace-static-x86_64: Process 15207 attached ./strace-static-x86_64: Process 15206 attached [pid 15203] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 15207] set_robust_list(0x7fbc5ef0b9a0, 24 [pid 15206] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 15203] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 15206] <... set_robust_list resumed>) = 0 [pid 15206] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15206] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 15207] <... set_robust_list resumed>) = 0 [pid 15206] <... setxattr resumed>) = 0 [pid 15203] close(4 [pid 15206] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15206] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15207] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15207] memfd_create("syzkaller", 0) = 5 [pid 15207] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15207] close(5) = 0 [pid 15207] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15202] <... futex resumed>) = 0 [pid 15202] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15202] futex(0x7fbc673d96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15206] <... futex resumed>) = 0 [pid 15206] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 15206] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15202] <... futex resumed>) = 0 [pid 15202] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15202] futex(0x7fbc673d96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15206] <... futex resumed>) = 1 [pid 15206] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 15206] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15202] <... futex resumed>) = 0 [pid 15202] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15202] futex(0x7fbc673d96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15206] <... futex resumed>) = 1 [pid 15206] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 15206] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15202] <... futex resumed>) = 0 [pid 15202] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15202] futex(0x7fbc673d96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15206] <... futex resumed>) = 1 [pid 15206] write(6, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 15203] <... close resumed>) = 0 [pid 15207] <... futex resumed>) = 1 [pid 15207] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15203] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15203] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15206] <... write resumed>) = 262144 [pid 15206] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15202] <... futex resumed>) = 0 [pid 15206] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15202] close(3) = 0 [pid 15202] close(4) = -1 EBADF (Bad file descriptor) [pid 15202] close(5) = 0 [pid 15202] close(6) = 0 [pid 15202] close(7) = -1 EBADF (Bad file descriptor) [pid 15202] close(8) = -1 EBADF (Bad file descriptor) [pid 15202] close(9) = -1 EBADF (Bad file descriptor) [pid 15202] close(10) = -1 EBADF (Bad file descriptor) [pid 15202] close(11) = -1 EBADF (Bad file descriptor) [pid 15202] close(12) = -1 EBADF (Bad file descriptor) [pid 15202] close(13) = -1 EBADF (Bad file descriptor) [pid 15202] close(14) = -1 EBADF (Bad file descriptor) [pid 15202] close(15) = -1 EBADF (Bad file descriptor) [pid 15202] close(16) = -1 EBADF (Bad file descriptor) [pid 15202] close(17) = -1 EBADF (Bad file descriptor) [pid 15202] close(18) = -1 EBADF (Bad file descriptor) [pid 15202] close(19) = -1 EBADF (Bad file descriptor) [pid 15202] close(20) = -1 EBADF (Bad file descriptor) [pid 15202] close(21) = -1 EBADF (Bad file descriptor) [pid 15202] close(22) = -1 EBADF (Bad file descriptor) [pid 15202] close(23) = -1 EBADF (Bad file descriptor) [pid 15202] close(24) = -1 EBADF (Bad file descriptor) [pid 15202] close(25) = -1 EBADF (Bad file descriptor) [pid 15202] close(26) = -1 EBADF (Bad file descriptor) [pid 15202] close(27) = -1 EBADF (Bad file descriptor) [pid 15202] close(28) = -1 EBADF (Bad file descriptor) [pid 15202] close(29) = -1 EBADF (Bad file descriptor) [pid 15202] exit_group(0) = ? [pid 15207] <... futex resumed>) = ? [pid 15203] <... futex resumed>) = ? [pid 15207] +++ exited with 0 +++ [pid 15203] +++ exited with 0 +++ [pid 15206] <... futex resumed>) = ? [pid 15206] +++ exited with 0 +++ [pid 15202] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9603, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2514", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2514", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2514/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2514/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2514/binderfs") = 0 [ 302.507708][T15203] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2514/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2514/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2514/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2514/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2514/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2514/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2514") = 0 [pid 289] mkdir("./2515", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9607 ./strace-static-x86_64: Process 15208 attached [pid 15208] set_robust_list(0x555556f746a0, 24) = 0 [pid 15208] chdir("./2515") = 0 [pid 15208] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15208] setpgid(0, 0) = 0 [pid 15208] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15208] write(3, "1000", 4) = 4 [pid 15208] close(3) = 0 [pid 15208] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15208] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15208] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15208] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15208] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15208] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15208] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15208] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0}./strace-static-x86_64: Process 15209 attached [pid 15209] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15209] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15209] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15208] <... clone3 resumed> => {parent_tid=[9608]}, 88) = 9608 [pid 15208] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15208] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15209] <... futex resumed>) = 0 [pid 15209] memfd_create("syzkaller", 0 [pid 15208] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15209] <... memfd_create resumed>) = 3 [pid 15209] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15209] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15209] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15209] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15209] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15209] close(3) = 0 [pid 15209] mkdir("./file1", 0777) = 0 [pid 15209] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15209] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15209] chdir("./file1") = 0 [pid 15209] ioctl(4, LOOP_CLR_FD) = 0 [pid 15209] close(4) = 0 [pid 15209] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15208] <... futex resumed>) = 0 [pid 15209] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15208] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15209] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15209] setxattr("./file1", NULL, NULL, 0, 0 [pid 15208] <... futex resumed>) = 0 [pid 15208] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15209] <... setxattr resumed>) = -1 EFAULT (Bad address) [pid 15209] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15209] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15208] <... futex resumed>) = 0 [pid 15208] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15208] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15208] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15208] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15208] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15208] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[9609]}, 88) = 9609 ./strace-static-x86_64: Process 15212 attached [pid 15208] rt_sigprocmask(SIG_SETMASK, [], [pid 15212] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 15208] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15212] <... set_robust_list resumed>) = 0 [pid 15208] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15212] rt_sigprocmask(SIG_SETMASK, [], [pid 15208] <... futex resumed>) = 0 [pid 15212] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15208] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15212] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 15208] <... futex resumed>) = 0 [pid 15208] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 15212] <... setxattr resumed>) = 0 [pid 15208] <... mmap resumed>) = 0x7fbc5eeeb000 [pid 15212] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15208] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE [pid 15212] <... futex resumed>) = 0 [pid 15208] <... mprotect resumed>) = 0 [pid 15212] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15208] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15208] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0}./strace-static-x86_64: Process 15213 attached [pid 15213] set_robust_list(0x7fbc5ef0b9a0, 24 [pid 15208] <... clone3 resumed> => {parent_tid=[9610]}, 88) = 9610 [pid 15213] <... set_robust_list resumed>) = 0 [pid 15208] rt_sigprocmask(SIG_SETMASK, [], [pid 15213] rt_sigprocmask(SIG_SETMASK, [], [pid 15208] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15213] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15208] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15213] memfd_create("syzkaller", 0 [pid 15208] <... futex resumed>) = 0 [pid 15213] <... memfd_create resumed>) = 4 [pid 15208] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15209] <... futex resumed>) = 0 [pid 15209] memfd_create("syzkaller", 0) = 5 [pid 15213] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 15209] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15209] close(5) = 0 [pid 15209] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15209] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15213] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 15213] close(4) = 0 [pid 15213] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15208] <... futex resumed>) = 0 [pid 15213] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15208] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15208] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15209] <... futex resumed>) = 0 [pid 15209] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 15209] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15208] <... futex resumed>) = 0 [pid 15208] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15208] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15209] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 15209] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15208] <... futex resumed>) = 0 [pid 15208] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15208] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15209] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 15209] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15208] <... futex resumed>) = 0 [pid 15208] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15208] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15209] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 15209] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15208] <... futex resumed>) = 0 [pid 15208] close(3) = 0 [pid 15208] close(4) = 0 [pid 15208] close(5 [pid 15209] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15208] <... close resumed>) = 0 [pid 15208] close(6) = -1 EBADF (Bad file descriptor) [pid 15208] close(7) = -1 EBADF (Bad file descriptor) [pid 15208] close(8) = -1 EBADF (Bad file descriptor) [pid 15208] close(9) = -1 EBADF (Bad file descriptor) [pid 15208] close(10) = -1 EBADF (Bad file descriptor) [pid 15208] close(11) = -1 EBADF (Bad file descriptor) [pid 15208] close(12) = -1 EBADF (Bad file descriptor) [pid 15208] close(13) = -1 EBADF (Bad file descriptor) [pid 15208] close(14) = -1 EBADF (Bad file descriptor) [pid 15208] close(15) = -1 EBADF (Bad file descriptor) [pid 15208] close(16) = -1 EBADF (Bad file descriptor) [pid 15208] close(17) = -1 EBADF (Bad file descriptor) [pid 15208] close(18) = -1 EBADF (Bad file descriptor) [pid 15208] close(19) = -1 EBADF (Bad file descriptor) [pid 15208] close(20) = -1 EBADF (Bad file descriptor) [pid 15208] close(21) = -1 EBADF (Bad file descriptor) [pid 15208] close(22) = -1 EBADF (Bad file descriptor) [pid 15208] close(23) = -1 EBADF (Bad file descriptor) [pid 15208] close(24) = -1 EBADF (Bad file descriptor) [pid 15208] close(25) = -1 EBADF (Bad file descriptor) [pid 15208] close(26) = -1 EBADF (Bad file descriptor) [pid 15208] close(27) = -1 EBADF (Bad file descriptor) [pid 15208] close(28) = -1 EBADF (Bad file descriptor) [pid 15208] close(29) = -1 EBADF (Bad file descriptor) [pid 15208] exit_group(0 [pid 15212] <... futex resumed>) = ? [pid 15208] <... exit_group resumed>) = ? [pid 15212] +++ exited with 0 +++ [pid 15213] <... futex resumed>) = ? [pid 15209] <... futex resumed>) = ? [pid 15213] +++ exited with 0 +++ [pid 15209] +++ exited with 0 +++ [pid 15208] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9607, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2515", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2515", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2515/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2515/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2515/binderfs") = 0 [ 302.595779][T15209] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2515/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2515/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2515/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2515/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2515/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2515/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2515") = 0 [pid 289] mkdir("./2516", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9611 ./strace-static-x86_64: Process 15214 attached [pid 15214] set_robust_list(0x555556f746a0, 24) = 0 [pid 15214] chdir("./2516") = 0 [pid 15214] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15214] setpgid(0, 0) = 0 [pid 15214] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15214] write(3, "1000", 4) = 4 [pid 15214] close(3) = 0 [pid 15214] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15214] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15214] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15214] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15214] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15214] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15214] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15214] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0}./strace-static-x86_64: Process 15215 attached => {parent_tid=[9612]}, 88) = 9612 [pid 15214] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15214] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15214] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15215] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15215] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15215] memfd_create("syzkaller", 0) = 3 [pid 15215] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15215] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15215] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15215] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15215] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15215] close(3) = 0 [pid 15215] mkdir("./file1", 0777) = 0 [pid 15215] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15215] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15215] chdir("./file1") = 0 [pid 15215] ioctl(4, LOOP_CLR_FD) = 0 [pid 15215] close(4) = 0 [pid 15215] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15214] <... futex resumed>) = 0 [pid 15214] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15214] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15215] <... futex resumed>) = 1 [pid 15215] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15215] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15214] <... futex resumed>) = 0 [pid 15214] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15214] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15214] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15214] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15214] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15214] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[9613]}, 88) = 9613 [pid 15214] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15214] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15214] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15214] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 15214] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15214] rt_sigprocmask(SIG_BLOCK, ~[], ./strace-static-x86_64: Process 15218 attached [pid 15215] <... futex resumed>) = 1 [pid 15218] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 15214] <... rt_sigprocmask resumed>[], 8) = 0 [pid 15214] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} [pid 15218] <... set_robust_list resumed>) = 0 [pid 15215] memfd_create("syzkaller", 0 [pid 15214] <... clone3 resumed> => {parent_tid=[9614]}, 88) = 9614 [pid 15214] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15214] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15214] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15219 attached [pid 15219] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 15219] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15219] memfd_create("syzkaller", 0) = 4 [pid 15219] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15219] close(4) = 0 [pid 15219] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15214] <... futex resumed>) = 0 [pid 15214] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15214] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15219] <... futex resumed>) = 1 [pid 15219] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 15219] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15214] <... futex resumed>) = 0 [pid 15214] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15214] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15219] <... futex resumed>) = 1 [pid 15219] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 15215] <... memfd_create resumed>) = 5 [pid 15218] rt_sigprocmask(SIG_SETMASK, [], [pid 15219] <... mount resumed>) = 0 [pid 15218] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15215] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 15218] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 15219] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15215] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 15218] <... setxattr resumed>) = 0 [pid 15215] close(5 [pid 15219] <... futex resumed>) = 1 [pid 15214] <... futex resumed>) = 0 [pid 15214] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15214] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15215] <... close resumed>) = 0 [pid 15219] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 15218] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15215] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15215] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15219] <... open resumed>) = 5 [pid 15219] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15214] <... futex resumed>) = 0 [pid 15214] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15214] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15219] <... futex resumed>) = 1 [pid 15215] <... futex resumed>) = 0 [pid 15215] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 15219] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15218] <... futex resumed>) = 0 [pid 15218] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15215] <... write resumed>) = 262144 [pid 15215] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15214] <... futex resumed>) = 0 [pid 15214] close(3) = 0 [pid 15214] close(4) = 0 [pid 15214] close(5) = 0 [pid 15214] close(6) = -1 EBADF (Bad file descriptor) [pid 15214] close(7) = -1 EBADF (Bad file descriptor) [pid 15214] close(8) = -1 EBADF (Bad file descriptor) [pid 15214] close(9) = -1 EBADF (Bad file descriptor) [pid 15214] close(10) = -1 EBADF (Bad file descriptor) [pid 15214] close(11) = -1 EBADF (Bad file descriptor) [pid 15214] close(12) = -1 EBADF (Bad file descriptor) [pid 15214] close(13) = -1 EBADF (Bad file descriptor) [pid 15214] close(14) = -1 EBADF (Bad file descriptor) [pid 15214] close(15) = -1 EBADF (Bad file descriptor) [pid 15214] close(16) = -1 EBADF (Bad file descriptor) [pid 15214] close(17) = -1 EBADF (Bad file descriptor) [pid 15214] close(18) = -1 EBADF (Bad file descriptor) [pid 15214] close(19) = -1 EBADF (Bad file descriptor) [pid 15214] close(20) = -1 EBADF (Bad file descriptor) [pid 15214] close(21) = -1 EBADF (Bad file descriptor) [pid 15214] close(22) = -1 EBADF (Bad file descriptor) [pid 15214] close(23) = -1 EBADF (Bad file descriptor) [pid 15214] close(24) = -1 EBADF (Bad file descriptor) [pid 15214] close(25) = -1 EBADF (Bad file descriptor) [pid 15214] close(26) = -1 EBADF (Bad file descriptor) [pid 15214] close(27) = -1 EBADF (Bad file descriptor) [pid 15214] close(28) = -1 EBADF (Bad file descriptor) [pid 15214] close(29) = -1 EBADF (Bad file descriptor) [pid 15214] exit_group(0) = ? [pid 15219] <... futex resumed>) = ? [pid 15219] +++ exited with 0 +++ [pid 15218] <... futex resumed>) = ? [pid 15218] +++ exited with 0 +++ [pid 15215] <... futex resumed>) = ? [pid 15215] +++ exited with 0 +++ [pid 15214] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9611, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2516", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2516", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2516/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2516/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2516/binderfs") = 0 [pid 289] umount2("./2516/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2516/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2516/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2516/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2516/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2516/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2516") = 0 [pid 289] mkdir("./2517", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9615 ./strace-static-x86_64: Process 15220 attached [pid 15220] set_robust_list(0x555556f746a0, 24) = 0 [pid 15220] chdir("./2517") = 0 [pid 15220] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15220] setpgid(0, 0) = 0 [pid 15220] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15220] write(3, "1000", 4) = 4 [pid 15220] close(3) = 0 [pid 15220] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15220] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15220] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15220] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15220] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15220] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15220] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15220] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[9616]}, 88) = 9616 [pid 15220] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15220] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15220] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15221 attached [pid 15221] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15221] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15221] memfd_create("syzkaller", 0) = 3 [pid 15221] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15221] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15221] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15221] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15221] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15221] close(3) = 0 [pid 15221] mkdir("./file1", 0777) = 0 [ 302.714154][T15215] EXT4-fs (loop0): 1 truncate cleaned up [pid 15221] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15221] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15221] chdir("./file1") = 0 [pid 15221] ioctl(4, LOOP_CLR_FD) = 0 [pid 15221] close(4) = 0 [pid 15221] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15220] <... futex resumed>) = 0 [pid 15220] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15220] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15221] <... futex resumed>) = 1 [pid 15221] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15221] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15220] <... futex resumed>) = 0 [pid 15220] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15220] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15220] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15220] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15220] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15220] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[9617]}, 88) = 9617 [pid 15220] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15220] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15220] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15220] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 15220] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15220] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15220] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[9618]}, 88) = 9618 [pid 15220] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15220] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15220] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15221] <... futex resumed>) = 1 [pid 15221] memfd_create("syzkaller", 0) = 4 [pid 15221] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15221] close(4) = 0 [pid 15221] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15221] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 15224 attached [pid 15224] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 15224] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15224] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0./strace-static-x86_64: Process 15225 attached [pid 15225] set_robust_list(0x7fbc5ef0b9a0, 24 [pid 15224] <... setxattr resumed>) = 0 [pid 15225] <... set_robust_list resumed>) = 0 [pid 15225] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15225] memfd_create("syzkaller", 0 [pid 15224] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15225] <... memfd_create resumed>) = 4 [pid 15224] <... futex resumed>) = 0 [pid 15225] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15225] close(4) = 0 [pid 15225] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15225] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15224] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15220] <... futex resumed>) = 0 [pid 15220] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15220] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15221] <... futex resumed>) = 0 [pid 15221] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 15221] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15220] <... futex resumed>) = 0 [pid 15220] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15220] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15221] <... futex resumed>) = 1 [pid 15221] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 15221] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15220] <... futex resumed>) = 0 [pid 15220] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15220] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15221] <... futex resumed>) = 1 [pid 15221] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 15221] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15220] <... futex resumed>) = 0 [pid 15220] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15220] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15221] <... futex resumed>) = 1 [pid 15221] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 15221] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15220] <... futex resumed>) = 0 [pid 15220] close(3) = 0 [pid 15220] close(4) = 0 [pid 15220] close(5) = 0 [pid 15220] close(6) = -1 EBADF (Bad file descriptor) [pid 15220] close(7) = -1 EBADF (Bad file descriptor) [pid 15220] close(8) = -1 EBADF (Bad file descriptor) [pid 15220] close(9) = -1 EBADF (Bad file descriptor) [pid 15220] close(10) = -1 EBADF (Bad file descriptor) [pid 15220] close(11) = -1 EBADF (Bad file descriptor) [pid 15220] close(12) = -1 EBADF (Bad file descriptor) [pid 15220] close(13) = -1 EBADF (Bad file descriptor) [pid 15220] close(14) = -1 EBADF (Bad file descriptor) [pid 15220] close(15) = -1 EBADF (Bad file descriptor) [pid 15220] close(16) = -1 EBADF (Bad file descriptor) [pid 15220] close(17) = -1 EBADF (Bad file descriptor) [pid 15220] close(18) = -1 EBADF (Bad file descriptor) [pid 15220] close(19) = -1 EBADF (Bad file descriptor) [pid 15220] close(20) = -1 EBADF (Bad file descriptor) [pid 15220] close(21) = -1 EBADF (Bad file descriptor) [pid 15220] close(22) = -1 EBADF (Bad file descriptor) [pid 15220] close(23) = -1 EBADF (Bad file descriptor) [pid 15220] close(24) = -1 EBADF (Bad file descriptor) [pid 15220] close(25) = -1 EBADF (Bad file descriptor) [pid 15220] close(26) = -1 EBADF (Bad file descriptor) [pid 15220] close(27) = -1 EBADF (Bad file descriptor) [pid 15220] close(28) = -1 EBADF (Bad file descriptor) [pid 15220] close(29) = -1 EBADF (Bad file descriptor) [pid 15220] exit_group(0) = ? [pid 15221] <... futex resumed>) = ? [pid 15221] +++ exited with 0 +++ [pid 15224] <... futex resumed>) = ? [pid 15224] +++ exited with 0 +++ [pid 15225] <... futex resumed>) = ? [pid 15225] +++ exited with 0 +++ [pid 15220] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9615, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2517", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2517", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2517/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2517/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2517/binderfs") = 0 [ 302.766449][T15221] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2517/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2517/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2517/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2517/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2517/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2517/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2517") = 0 [pid 289] mkdir("./2518", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9619 ./strace-static-x86_64: Process 15226 attached [pid 15226] set_robust_list(0x555556f746a0, 24) = 0 [pid 15226] chdir("./2518") = 0 [pid 15226] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15226] setpgid(0, 0) = 0 [pid 15226] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15226] write(3, "1000", 4) = 4 [pid 15226] close(3) = 0 [pid 15226] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15226] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15226] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15226] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15226] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15226] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15226] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15226] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[9620]}, 88) = 9620 [pid 15226] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15226] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15226] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15227 attached [pid 15227] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15227] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15227] memfd_create("syzkaller", 0) = 3 [pid 15227] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15227] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15227] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15227] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15227] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15227] close(3) = 0 [pid 15227] mkdir("./file1", 0777) = 0 [pid 15227] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15227] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15227] chdir("./file1") = 0 [pid 15227] ioctl(4, LOOP_CLR_FD) = 0 [pid 15227] close(4) = 0 [pid 15227] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15227] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15226] <... futex resumed>) = 0 [pid 15226] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15226] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15227] <... futex resumed>) = 0 [pid 15227] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15227] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15226] <... futex resumed>) = 0 [pid 15226] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15226] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15226] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15226] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15226] rt_sigprocmask(SIG_BLOCK, ~[], [pid 15227] <... futex resumed>) = 1 [pid 15226] <... rt_sigprocmask resumed>[], 8) = 0 [pid 15226] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} [pid 15227] memfd_create("syzkaller", 0) = 4 [pid 15227] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15226] <... clone3 resumed> => {parent_tid=[9621]}, 88) = 9621 [pid 15227] close(4 [pid 15226] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15226] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15227] <... close resumed>) = 0 [pid 15227] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15226] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15227] <... futex resumed>) = 0 [pid 15226] <... futex resumed>) = 0 [pid 15227] memfd_create("syzkaller", 0 [pid 15226] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15227] <... memfd_create resumed>) = 4 [pid 15227] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15227] close(4) = 0 [pid 15227] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15226] <... futex resumed>) = 0 [pid 15226] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15226] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15227] <... futex resumed>) = 1 [pid 15227] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000./strace-static-x86_64: Process 15230 attached [pid 15230] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 15227] <... open resumed>) = 4 [pid 15227] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15226] <... futex resumed>) = 0 [pid 15226] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15226] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15227] <... futex resumed>) = 1 [pid 15227] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 15227] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15226] <... futex resumed>) = 0 [pid 15226] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15226] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15227] <... futex resumed>) = 1 [pid 15227] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 15227] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15226] <... futex resumed>) = 0 [pid 15226] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15226] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15227] <... futex resumed>) = 1 [pid 15227] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 15230] <... set_robust_list resumed>) = 0 [pid 15230] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15230] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 15227] <... write resumed>) = 262144 [pid 15227] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15227] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15226] <... futex resumed>) = 0 [pid 15230] <... setxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 15230] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15230] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15226] close(3) = 0 [pid 15226] close(4) = 0 [pid 15226] close(5) = 0 [pid 15226] close(6) = -1 EBADF (Bad file descriptor) [pid 15226] close(7) = -1 EBADF (Bad file descriptor) [pid 15226] close(8) = -1 EBADF (Bad file descriptor) [pid 15226] close(9) = -1 EBADF (Bad file descriptor) [pid 15226] close(10) = -1 EBADF (Bad file descriptor) [pid 15226] close(11) = -1 EBADF (Bad file descriptor) [pid 15226] close(12) = -1 EBADF (Bad file descriptor) [pid 15226] close(13) = -1 EBADF (Bad file descriptor) [pid 15226] close(14) = -1 EBADF (Bad file descriptor) [pid 15226] close(15) = -1 EBADF (Bad file descriptor) [pid 15226] close(16) = -1 EBADF (Bad file descriptor) [pid 15226] close(17) = -1 EBADF (Bad file descriptor) [pid 15226] close(18) = -1 EBADF (Bad file descriptor) [pid 15226] close(19) = -1 EBADF (Bad file descriptor) [pid 15226] close(20) = -1 EBADF (Bad file descriptor) [pid 15226] close(21) = -1 EBADF (Bad file descriptor) [pid 15226] close(22) = -1 EBADF (Bad file descriptor) [pid 15226] close(23) = -1 EBADF (Bad file descriptor) [pid 15226] close(24) = -1 EBADF (Bad file descriptor) [pid 15226] close(25) = -1 EBADF (Bad file descriptor) [pid 15226] close(26) = -1 EBADF (Bad file descriptor) [pid 15226] close(27) = -1 EBADF (Bad file descriptor) [pid 15226] close(28) = -1 EBADF (Bad file descriptor) [pid 15226] close(29) = -1 EBADF (Bad file descriptor) [pid 15226] exit_group(0) = ? [pid 15230] <... futex resumed>) = ? [pid 15230] +++ exited with 0 +++ [pid 15227] <... futex resumed>) = ? [pid 15227] +++ exited with 0 +++ [pid 15226] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9619, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 289] umount2("./2518", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2518", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2518/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2518/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2518/binderfs") = 0 [ 302.839823][T15227] EXT4-fs (loop0): 1 truncate cleaned up [ 302.845279][T15227] EXT4-fs mount: 199 callbacks suppressed [ 302.845288][T15227] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue [ 302.874931][T15230] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5886: Corrupt filesystem [pid 289] umount2("./2518/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2518/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2518/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2518/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2518/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2518/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2518") = 0 [pid 289] mkdir("./2519", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9622 ./strace-static-x86_64: Process 15231 attached [pid 15231] set_robust_list(0x555556f746a0, 24) = 0 [pid 15231] chdir("./2519") = 0 [pid 15231] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15231] setpgid(0, 0) = 0 [pid 15231] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15231] write(3, "1000", 4) = 4 [pid 15231] close(3) = 0 [pid 15231] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15231] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15231] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15231] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15231] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15231] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15231] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15231] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[9623]}, 88) = 9623 [pid 15231] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15231] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15231] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15232 attached [pid 15232] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15232] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15232] memfd_create("syzkaller", 0) = 3 [pid 15232] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15232] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15232] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15232] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15232] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15232] close(3) = 0 [pid 15232] mkdir("./file1", 0777) = 0 [pid 15232] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15232] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15232] chdir("./file1") = 0 [pid 15232] ioctl(4, LOOP_CLR_FD) = 0 [pid 15232] close(4) = 0 [pid 15232] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15231] <... futex resumed>) = 0 [pid 15231] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15231] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15232] <... futex resumed>) = 1 [pid 15232] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15232] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15231] <... futex resumed>) = 0 [pid 15231] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15231] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15231] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15231] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15231] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15231] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[9624]}, 88) = 9624 [pid 15231] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15231] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15231] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 15235 attached [pid 15232] <... futex resumed>) = 1 [pid 15231] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 15231] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15231] rt_sigprocmask(SIG_BLOCK, ~[], [pid 15235] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 15232] memfd_create("syzkaller", 0 [pid 15231] <... rt_sigprocmask resumed>[], 8) = 0 [pid 15231] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0}./strace-static-x86_64: Process 15236 attached [pid 15235] <... set_robust_list resumed>) = 0 [pid 15232] <... memfd_create resumed>) = 4 [pid 15235] rt_sigprocmask(SIG_SETMASK, [], [pid 15231] <... clone3 resumed> => {parent_tid=[9625]}, 88) = 9625 [pid 15235] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15231] rt_sigprocmask(SIG_SETMASK, [], [pid 15235] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 15231] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15231] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15231] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15236] set_robust_list(0x7fbc5ef0b9a0, 24 [pid 15232] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 15235] <... setxattr resumed>) = 0 [pid 15235] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15235] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15236] <... set_robust_list resumed>) = 0 [pid 15236] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15236] memfd_create("syzkaller", 0) = 5 [pid 15236] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15236] close(5) = 0 [pid 15236] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15231] <... futex resumed>) = 0 [pid 15236] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15231] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15231] futex(0x7fbc673d96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15232] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 15232] close(4) = 0 [pid 15232] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15232] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15235] <... futex resumed>) = 0 [pid 15235] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 15235] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15231] <... futex resumed>) = 0 [pid 15231] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15231] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15232] <... futex resumed>) = 0 [pid 15232] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 15235] <... futex resumed>) = 1 [pid 15232] <... mount resumed>) = 0 [pid 15235] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15232] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15231] <... futex resumed>) = 0 [pid 15231] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15231] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15232] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 15232] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15231] <... futex resumed>) = 0 [pid 15231] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15231] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15232] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 15232] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15231] <... futex resumed>) = 0 [pid 15231] close(3) = 0 [pid 15231] close(4) = 0 [pid 15231] close(5 [pid 15232] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15231] <... close resumed>) = 0 [pid 15231] close(6) = -1 EBADF (Bad file descriptor) [pid 15231] close(7) = -1 EBADF (Bad file descriptor) [pid 15231] close(8) = -1 EBADF (Bad file descriptor) [pid 15231] close(9) = -1 EBADF (Bad file descriptor) [pid 15231] close(10) = -1 EBADF (Bad file descriptor) [pid 15231] close(11) = -1 EBADF (Bad file descriptor) [pid 15231] close(12) = -1 EBADF (Bad file descriptor) [pid 15231] close(13) = -1 EBADF (Bad file descriptor) [pid 15231] close(14) = -1 EBADF (Bad file descriptor) [pid 15231] close(15) = -1 EBADF (Bad file descriptor) [pid 15231] close(16) = -1 EBADF (Bad file descriptor) [pid 15231] close(17) = -1 EBADF (Bad file descriptor) [pid 15231] close(18) = -1 EBADF (Bad file descriptor) [pid 15231] close(19) = -1 EBADF (Bad file descriptor) [pid 15231] close(20) = -1 EBADF (Bad file descriptor) [pid 15231] close(21) = -1 EBADF (Bad file descriptor) [pid 15231] close(22) = -1 EBADF (Bad file descriptor) [pid 15231] close(23) = -1 EBADF (Bad file descriptor) [pid 15231] close(24) = -1 EBADF (Bad file descriptor) [pid 15231] close(25) = -1 EBADF (Bad file descriptor) [pid 15231] close(26) = -1 EBADF (Bad file descriptor) [pid 15231] close(27) = -1 EBADF (Bad file descriptor) [pid 15231] close(28) = -1 EBADF (Bad file descriptor) [pid 15231] close(29) = -1 EBADF (Bad file descriptor) [pid 15231] exit_group(0 [pid 15236] <... futex resumed>) = ? [pid 15235] <... futex resumed>) = ? [pid 15231] <... exit_group resumed>) = ? [pid 15236] +++ exited with 0 +++ [pid 15235] +++ exited with 0 +++ [pid 15232] <... futex resumed>) = ? [pid 15232] +++ exited with 0 +++ [pid 15231] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9622, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2519", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2519", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2519/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2519/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2519/binderfs") = 0 [ 302.978720][T15232] EXT4-fs (loop0): 1 truncate cleaned up [ 302.991029][T15232] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue [pid 289] umount2("./2519/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2519/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2519/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2519/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2519/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2519/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2519") = 0 [pid 289] mkdir("./2520", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9626 ./strace-static-x86_64: Process 15237 attached [pid 15237] set_robust_list(0x555556f746a0, 24) = 0 [pid 15237] chdir("./2520") = 0 [pid 15237] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15237] setpgid(0, 0) = 0 [pid 15237] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15237] write(3, "1000", 4) = 4 [pid 15237] close(3) = 0 [pid 15237] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15237] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15237] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15237] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15237] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15237] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15237] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15237] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[9627]}, 88) = 9627 [pid 15237] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15237] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15237] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15238 attached [pid 15238] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15238] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15238] memfd_create("syzkaller", 0) = 3 [pid 15238] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15238] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15238] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15238] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15238] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15238] close(3) = 0 [pid 15238] mkdir("./file1", 0777) = 0 [pid 15238] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15238] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15238] chdir("./file1") = 0 [pid 15238] ioctl(4, LOOP_CLR_FD) = 0 [pid 15238] close(4) = 0 [pid 15238] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15237] <... futex resumed>) = 0 [pid 15238] setxattr("./file1", NULL, NULL, 0, 0 [pid 15237] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15238] <... setxattr resumed>) = -1 EFAULT (Bad address) [pid 15237] <... futex resumed>) = 0 [pid 15238] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15237] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15238] <... futex resumed>) = 0 [pid 15237] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15238] memfd_create("syzkaller", 0 [pid 15237] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15238] <... memfd_create resumed>) = 4 [pid 15237] <... futex resumed>) = 0 [pid 15238] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 15237] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15238] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 15237] <... futex resumed>) = 0 [pid 15238] close(4 [pid 15237] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 15238] <... close resumed>) = 0 [pid 15237] <... mmap resumed>) = 0x7fbc5ef0c000 [pid 15238] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15237] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE [pid 15238] <... futex resumed>) = 0 [pid 15237] <... mprotect resumed>) = 0 [pid 15238] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15237] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15237] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[9628]}, 88) = 9628 [pid 15237] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15237] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15237] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15238] <... futex resumed>) = 0 [pid 15237] <... futex resumed>) = 1 [pid 15238] memfd_create("syzkaller", 0 [pid 15237] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15238] <... memfd_create resumed>) = 4 [pid 15238] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15238] close(4) = 0 [pid 15238] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15237] <... futex resumed>) = 0 [pid 15238] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 15237] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15238] <... open resumed>) = 4 [pid 15237] <... futex resumed>) = 0 [pid 15238] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15237] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15238] <... futex resumed>) = 0 [pid 15237] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15238] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 15237] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15238] <... mount resumed>) = 0 [pid 15237] <... futex resumed>) = 0 [pid 15238] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15237] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15238] <... futex resumed>) = 0 [pid 15237] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15238] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 15237] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15238] <... open resumed>) = 5 [pid 15237] <... futex resumed>) = 0 [pid 15238] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15237] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15238] <... futex resumed>) = 0 [pid 15237] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15238] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 15237] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 15241 attached ) = 0 [pid 15241] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 15237] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15241] <... set_robust_list resumed>) = 0 [pid 15241] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15241] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 15238] <... write resumed>) = 262144 [pid 15238] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15237] <... futex resumed>) = 0 [pid 15238] <... futex resumed>) = 1 [pid 15238] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15241] <... setxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 15241] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15241] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15237] close(3) = 0 [pid 15237] close(4) = 0 [pid 15237] close(5) = 0 [pid 15237] close(6) = -1 EBADF (Bad file descriptor) [pid 15237] close(7) = -1 EBADF (Bad file descriptor) [pid 15237] close(8) = -1 EBADF (Bad file descriptor) [pid 15237] close(9) = -1 EBADF (Bad file descriptor) [pid 15237] close(10) = -1 EBADF (Bad file descriptor) [pid 15237] close(11) = -1 EBADF (Bad file descriptor) [pid 15237] close(12) = -1 EBADF (Bad file descriptor) [pid 15237] close(13) = -1 EBADF (Bad file descriptor) [pid 15237] close(14) = -1 EBADF (Bad file descriptor) [pid 15237] close(15) = -1 EBADF (Bad file descriptor) [pid 15237] close(16) = -1 EBADF (Bad file descriptor) [pid 15237] close(17) = -1 EBADF (Bad file descriptor) [pid 15237] close(18) = -1 EBADF (Bad file descriptor) [pid 15237] close(19) = -1 EBADF (Bad file descriptor) [pid 15237] close(20) = -1 EBADF (Bad file descriptor) [pid 15237] close(21) = -1 EBADF (Bad file descriptor) [pid 15237] close(22) = -1 EBADF (Bad file descriptor) [pid 15237] close(23) = -1 EBADF (Bad file descriptor) [pid 15237] close(24) = -1 EBADF (Bad file descriptor) [pid 15237] close(25) = -1 EBADF (Bad file descriptor) [pid 15237] close(26) = -1 EBADF (Bad file descriptor) [pid 15237] close(27) = -1 EBADF (Bad file descriptor) [pid 15237] close(28) = -1 EBADF (Bad file descriptor) [pid 15237] close(29) = -1 EBADF (Bad file descriptor) [pid 15237] exit_group(0 [pid 15238] <... futex resumed>) = ? [pid 15237] <... exit_group resumed>) = ? [pid 15238] +++ exited with 0 +++ [pid 15241] <... futex resumed>) = ? [pid 15241] +++ exited with 0 +++ [pid 15237] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9626, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2520", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2520", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2520/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2520/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2520/binderfs") = 0 [ 303.141110][T15238] EXT4-fs (loop0): 1 truncate cleaned up [ 303.146799][T15238] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue [ 303.171439][T15241] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5886: Corrupt filesystem [pid 289] umount2("./2520/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2520/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2520/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2520/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2520/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2520/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2520") = 0 [pid 289] mkdir("./2521", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9629 ./strace-static-x86_64: Process 15242 attached [pid 15242] set_robust_list(0x555556f746a0, 24) = 0 [pid 15242] chdir("./2521") = 0 [pid 15242] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15242] setpgid(0, 0) = 0 [pid 15242] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15242] write(3, "1000", 4) = 4 [pid 15242] close(3) = 0 [pid 15242] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15242] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15242] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15242] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15242] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15242] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15242] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15242] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[9630]}, 88) = 9630 [pid 15242] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15242] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15242] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15243 attached [pid 15243] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15243] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15243] memfd_create("syzkaller", 0) = 3 [pid 15243] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15243] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15243] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15243] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15243] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15243] close(3) = 0 [pid 15243] mkdir("./file1", 0777) = 0 [pid 15243] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15243] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15243] chdir("./file1") = 0 [pid 15243] ioctl(4, LOOP_CLR_FD) = 0 [pid 15243] close(4) = 0 [pid 15243] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15242] <... futex resumed>) = 0 [pid 15242] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15242] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15243] <... futex resumed>) = 1 [pid 15243] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15243] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15242] <... futex resumed>) = 0 [pid 15242] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15242] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15242] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15242] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15242] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15242] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[9631]}, 88) = 9631 [pid 15242] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15242] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15242] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 15246 attached [pid 15243] memfd_create("syzkaller", 0 [pid 15242] <... futex resumed>) = 0 [pid 15242] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 15246] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 15243] <... memfd_create resumed>) = 4 [pid 15242] <... mmap resumed>) = 0x7fbc5eeeb000 [pid 15246] <... set_robust_list resumed>) = 0 [pid 15246] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15246] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 15243] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 15242] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE [pid 15243] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 15242] <... mprotect resumed>) = 0 [pid 15242] rt_sigprocmask(SIG_BLOCK, ~[], [pid 15243] close(4 [pid 15246] <... setxattr resumed>) = 0 [pid 15242] <... rt_sigprocmask resumed>[], 8) = 0 [pid 15242] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} [pid 15246] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15243] <... close resumed>) = 0 ./strace-static-x86_64: Process 15247 attached [pid 15246] <... futex resumed>) = 0 [pid 15243] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15242] <... clone3 resumed> => {parent_tid=[9632]}, 88) = 9632 [pid 15242] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15242] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15242] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15247] set_robust_list(0x7fbc5ef0b9a0, 24 [pid 15246] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15243] <... futex resumed>) = 0 [pid 15247] <... set_robust_list resumed>) = 0 [pid 15247] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15247] memfd_create("syzkaller", 0) = 4 [pid 15243] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15247] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15247] close(4) = 0 [pid 15247] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15242] <... futex resumed>) = 0 [pid 15242] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15243] <... futex resumed>) = 0 [pid 15242] <... futex resumed>) = 1 [pid 15242] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15247] <... futex resumed>) = 1 [pid 15247] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15243] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 15243] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15242] <... futex resumed>) = 0 [pid 15243] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15242] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15243] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15242] <... futex resumed>) = 0 [pid 15243] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 15242] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15243] <... mount resumed>) = 0 [pid 15243] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15242] <... futex resumed>) = 0 [pid 15243] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15242] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15243] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15242] <... futex resumed>) = 0 [pid 15243] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 15242] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15243] <... open resumed>) = 5 [pid 15243] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15242] <... futex resumed>) = 0 [pid 15243] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15242] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15243] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15242] <... futex resumed>) = 0 [pid 15243] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 15242] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15243] <... write resumed>) = 262144 [pid 15243] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15242] <... futex resumed>) = 0 [pid 15242] close(3) = 0 [pid 15242] close(4) = 0 [pid 15242] close(5) = 0 [pid 15242] close(6) = -1 EBADF (Bad file descriptor) [pid 15242] close(7) = -1 EBADF (Bad file descriptor) [pid 15242] close(8) = -1 EBADF (Bad file descriptor) [pid 15242] close(9) = -1 EBADF (Bad file descriptor) [pid 15242] close(10) = -1 EBADF (Bad file descriptor) [pid 15242] close(11) = -1 EBADF (Bad file descriptor) [pid 15242] close(12) = -1 EBADF (Bad file descriptor) [pid 15242] close(13) = -1 EBADF (Bad file descriptor) [pid 15242] close(14) = -1 EBADF (Bad file descriptor) [pid 15242] close(15) = -1 EBADF (Bad file descriptor) [pid 15242] close(16) = -1 EBADF (Bad file descriptor) [pid 15242] close(17) = -1 EBADF (Bad file descriptor) [pid 15242] close(18) = -1 EBADF (Bad file descriptor) [pid 15242] close(19) = -1 EBADF (Bad file descriptor) [pid 15242] close(20) = -1 EBADF (Bad file descriptor) [pid 15242] close(21) = -1 EBADF (Bad file descriptor) [pid 15242] close(22) = -1 EBADF (Bad file descriptor) [pid 15242] close(23) = -1 EBADF (Bad file descriptor) [pid 15242] close(24) = -1 EBADF (Bad file descriptor) [pid 15242] close(25) = -1 EBADF (Bad file descriptor) [pid 15242] close(26) = -1 EBADF (Bad file descriptor) [pid 15242] close(27) = -1 EBADF (Bad file descriptor) [pid 15242] close(28) = -1 EBADF (Bad file descriptor) [pid 15242] close(29) = -1 EBADF (Bad file descriptor) [pid 15242] exit_group(0 [pid 15246] <... futex resumed>) = ? [pid 15242] <... exit_group resumed>) = ? [pid 15246] +++ exited with 0 +++ [pid 15247] <... futex resumed>) = ? [pid 15247] +++ exited with 0 +++ [pid 15243] +++ exited with 0 +++ [pid 15242] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9629, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2521", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2521", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2521/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2521/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2521/binderfs") = 0 [ 303.241289][T15243] EXT4-fs (loop0): 1 truncate cleaned up [ 303.247018][T15243] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue [pid 289] umount2("./2521/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2521/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2521/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2521/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2521/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2521/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2521") = 0 [pid 289] mkdir("./2522", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9633 ./strace-static-x86_64: Process 15248 attached [pid 15248] set_robust_list(0x555556f746a0, 24) = 0 [pid 15248] chdir("./2522") = 0 [pid 15248] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15248] setpgid(0, 0) = 0 [pid 15248] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15248] write(3, "1000", 4) = 4 [pid 15248] close(3) = 0 [pid 15248] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15248] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15248] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15248] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15248] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15248] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15248] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15248] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[9634]}, 88) = 9634 ./strace-static-x86_64: Process 15249 attached [pid 15248] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15248] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15248] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15249] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15249] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15249] memfd_create("syzkaller", 0) = 3 [pid 15249] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15249] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15249] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15249] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15249] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15249] close(3) = 0 [pid 15249] mkdir("./file1", 0777) = 0 [pid 15249] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15249] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15249] chdir("./file1") = 0 [pid 15249] ioctl(4, LOOP_CLR_FD) = 0 [pid 15249] close(4) = 0 [pid 15249] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15248] <... futex resumed>) = 0 [pid 15248] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15248] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15249] <... futex resumed>) = 1 [pid 15249] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15249] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15248] <... futex resumed>) = 0 [pid 15248] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15248] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15248] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15248] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15248] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15248] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[9635]}, 88) = 9635 [pid 15248] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15248] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 15252 attached [pid 15249] <... futex resumed>) = 1 [pid 15252] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 15249] memfd_create("syzkaller", 0 [pid 15252] <... set_robust_list resumed>) = 0 [pid 15249] <... memfd_create resumed>) = 4 [pid 15252] rt_sigprocmask(SIG_SETMASK, [], [pid 15249] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 15252] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15249] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 15252] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 15249] close(4 [pid 15252] <... setxattr resumed>) = 0 [pid 15249] <... close resumed>) = 0 [pid 15252] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15249] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15252] <... futex resumed>) = 0 [pid 15249] <... futex resumed>) = 0 [pid 15252] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15249] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15252] <... futex resumed>) = 0 [pid 15248] <... futex resumed>) = 1 [pid 15248] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15252] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15249] <... futex resumed>) = 0 [pid 15248] <... futex resumed>) = 1 [pid 15249] memfd_create("syzkaller", 0 [pid 15248] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15249] <... memfd_create resumed>) = 4 [pid 15249] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15249] close(4) = 0 [pid 15249] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15248] <... futex resumed>) = 0 [pid 15249] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 15248] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15248] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15249] <... open resumed>) = 4 [pid 15249] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15248] <... futex resumed>) = 0 [pid 15249] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 15248] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15249] <... mount resumed>) = 0 [pid 15248] <... futex resumed>) = 0 [pid 15249] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15248] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15249] <... futex resumed>) = 0 [pid 15248] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15249] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 15248] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15249] <... open resumed>) = 5 [pid 15248] <... futex resumed>) = 0 [pid 15249] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15248] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15249] <... futex resumed>) = 0 [pid 15248] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15249] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 15248] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15248] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15249] <... write resumed>) = 262144 [pid 15249] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15248] <... futex resumed>) = 0 [pid 15249] <... futex resumed>) = 1 [pid 15248] close(3 [pid 15249] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15248] <... close resumed>) = 0 [pid 15248] close(4) = 0 [pid 15248] close(5) = 0 [pid 15248] close(6) = -1 EBADF (Bad file descriptor) [pid 15248] close(7) = -1 EBADF (Bad file descriptor) [pid 15248] close(8) = -1 EBADF (Bad file descriptor) [pid 15248] close(9) = -1 EBADF (Bad file descriptor) [pid 15248] close(10) = -1 EBADF (Bad file descriptor) [pid 15248] close(11) = -1 EBADF (Bad file descriptor) [pid 15248] close(12) = -1 EBADF (Bad file descriptor) [pid 15248] close(13) = -1 EBADF (Bad file descriptor) [pid 15248] close(14) = -1 EBADF (Bad file descriptor) [pid 15248] close(15) = -1 EBADF (Bad file descriptor) [pid 15248] close(16) = -1 EBADF (Bad file descriptor) [pid 15248] close(17) = -1 EBADF (Bad file descriptor) [pid 15248] close(18) = -1 EBADF (Bad file descriptor) [pid 15248] close(19) = -1 EBADF (Bad file descriptor) [pid 15248] close(20) = -1 EBADF (Bad file descriptor) [pid 15248] close(21) = -1 EBADF (Bad file descriptor) [pid 15248] close(22) = -1 EBADF (Bad file descriptor) [pid 15248] close(23) = -1 EBADF (Bad file descriptor) [pid 15248] close(24) = -1 EBADF (Bad file descriptor) [pid 15248] close(25) = -1 EBADF (Bad file descriptor) [pid 15248] close(26) = -1 EBADF (Bad file descriptor) [pid 15248] close(27) = -1 EBADF (Bad file descriptor) [pid 15248] close(28) = -1 EBADF (Bad file descriptor) [pid 15248] close(29) = -1 EBADF (Bad file descriptor) [pid 15248] exit_group(0) = ? [pid 15252] <... futex resumed>) = 231 [pid 15249] <... futex resumed>) = ? [pid 15252] +++ exited with 0 +++ [pid 15249] +++ exited with 0 +++ [pid 15248] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9633, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2522", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2522", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2522/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2522/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2522/binderfs") = 0 [ 303.380935][T15249] EXT4-fs (loop0): 1 truncate cleaned up [ 303.386530][T15249] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue [pid 289] umount2("./2522/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2522/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2522/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2522/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2522/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2522/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2522") = 0 [pid 289] mkdir("./2523", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9636 ./strace-static-x86_64: Process 15254 attached [pid 15254] set_robust_list(0x555556f746a0, 24) = 0 [pid 15254] chdir("./2523") = 0 [pid 15254] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15254] setpgid(0, 0) = 0 [pid 15254] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15254] write(3, "1000", 4) = 4 [pid 15254] close(3) = 0 [pid 15254] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15254] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15254] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15254] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15254] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15254] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15254] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15254] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[9637]}, 88) = 9637 [pid 15254] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15254] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 15255 attached ) = 0 [pid 15255] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15255] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15255] memfd_create("syzkaller", 0) = 3 [pid 15254] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15255] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15255] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15255] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15255] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15255] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15255] close(3) = 0 [pid 15255] mkdir("./file1", 0777) = 0 [pid 15255] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15255] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15255] chdir("./file1") = 0 [pid 15255] ioctl(4, LOOP_CLR_FD) = 0 [pid 15255] close(4) = 0 [pid 15255] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15254] <... futex resumed>) = 0 [pid 15254] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15254] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15255] <... futex resumed>) = 1 [pid 15255] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15255] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15254] <... futex resumed>) = 0 [pid 15254] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15254] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15254] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15254] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15254] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15254] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[9638]}, 88) = 9638 [pid 15254] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15254] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15254] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15254] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 15254] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15254] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15254] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[9639]}, 88) = 9639 [pid 15254] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15254] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15254] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15255] <... futex resumed>) = 1 [pid 15255] memfd_create("syzkaller", 0) = 4 [pid 15255] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15255] close(4) = 0 [pid 15255] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15255] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 15258 attached [pid 15258] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 15258] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15258] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0./strace-static-x86_64: Process 15259 attached ) = 0 [pid 15258] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15258] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15259] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 15259] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15259] memfd_create("syzkaller", 0) = 4 [pid 15259] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15259] close(4) = 0 [pid 15259] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15254] <... futex resumed>) = 0 [pid 15254] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15254] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15255] <... futex resumed>) = 0 [pid 15255] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 15259] <... futex resumed>) = 1 [pid 15255] <... open resumed>) = 4 [pid 15255] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15254] <... futex resumed>) = 0 [pid 15254] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15254] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15255] <... futex resumed>) = 1 [pid 15255] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 15255] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15254] <... futex resumed>) = 0 [pid 15254] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15254] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15255] <... futex resumed>) = 1 [pid 15255] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 15255] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15254] <... futex resumed>) = 0 [pid 15254] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15254] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15255] <... futex resumed>) = 1 [pid 15255] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 15259] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15255] <... write resumed>) = 262144 [pid 15255] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15254] <... futex resumed>) = 0 [pid 15254] close(3) = 0 [pid 15254] close(4) = 0 [pid 15254] close(5) = 0 [pid 15254] close(6) = -1 EBADF (Bad file descriptor) [pid 15254] close(7) = -1 EBADF (Bad file descriptor) [pid 15254] close(8) = -1 EBADF (Bad file descriptor) [pid 15254] close(9) = -1 EBADF (Bad file descriptor) [pid 15254] close(10) = -1 EBADF (Bad file descriptor) [pid 15254] close(11) = -1 EBADF (Bad file descriptor) [pid 15254] close(12) = -1 EBADF (Bad file descriptor) [pid 15254] close(13) = -1 EBADF (Bad file descriptor) [pid 15254] close(14) = -1 EBADF (Bad file descriptor) [pid 15254] close(15) = -1 EBADF (Bad file descriptor) [pid 15254] close(16) = -1 EBADF (Bad file descriptor) [pid 15254] close(17) = -1 EBADF (Bad file descriptor) [pid 15254] close(18) = -1 EBADF (Bad file descriptor) [pid 15254] close(19) = -1 EBADF (Bad file descriptor) [pid 15254] close(20) = -1 EBADF (Bad file descriptor) [pid 15254] close(21) = -1 EBADF (Bad file descriptor) [pid 15254] close(22) = -1 EBADF (Bad file descriptor) [pid 15254] close(23) = -1 EBADF (Bad file descriptor) [pid 15254] close(24) = -1 EBADF (Bad file descriptor) [pid 15254] close(25) = -1 EBADF (Bad file descriptor) [pid 15254] close(26) = -1 EBADF (Bad file descriptor) [pid 15254] close(27) = -1 EBADF (Bad file descriptor) [pid 15254] close(28) = -1 EBADF (Bad file descriptor) [pid 15254] close(29) = -1 EBADF (Bad file descriptor) [pid 15254] exit_group(0) = ? [pid 15258] <... futex resumed>) = ? [pid 15258] +++ exited with 0 +++ [pid 15259] <... futex resumed>) = ? [pid 15255] <... futex resumed>) = ? [pid 15259] +++ exited with 0 +++ [pid 15255] +++ exited with 0 +++ [pid 15254] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9636, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] umount2("./2523", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2523", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2523/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2523/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2523/binderfs") = 0 [ 303.472425][T15255] EXT4-fs (loop0): 1 truncate cleaned up [ 303.477941][T15255] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue [pid 289] umount2("./2523/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2523/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2523/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2523/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2523/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2523/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2523") = 0 [pid 289] mkdir("./2524", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9640 ./strace-static-x86_64: Process 15260 attached [pid 15260] set_robust_list(0x555556f746a0, 24) = 0 [pid 15260] chdir("./2524") = 0 [pid 15260] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15260] setpgid(0, 0) = 0 [pid 15260] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15260] write(3, "1000", 4) = 4 [pid 15260] close(3) = 0 [pid 15260] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15260] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15260] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15260] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15260] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15260] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15260] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15260] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[9641]}, 88) = 9641 [pid 15260] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15260] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15260] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15261 attached [pid 15261] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15261] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15261] memfd_create("syzkaller", 0) = 3 [pid 15261] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15261] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15261] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15261] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15261] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15261] close(3) = 0 [pid 15261] mkdir("./file1", 0777) = 0 [pid 15261] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15261] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15261] chdir("./file1") = 0 [pid 15261] ioctl(4, LOOP_CLR_FD) = 0 [pid 15261] close(4) = 0 [pid 15261] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15260] <... futex resumed>) = 0 [pid 15260] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15261] setxattr("./file1", NULL, NULL, 0, 0 [pid 15260] <... futex resumed>) = 0 [pid 15260] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15261] <... setxattr resumed>) = -1 EFAULT (Bad address) [pid 15261] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15260] <... futex resumed>) = 0 [pid 15261] <... futex resumed>) = 1 [pid 15260] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15261] memfd_create("syzkaller", 0 [pid 15260] <... futex resumed>) = 0 [pid 15260] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15261] <... memfd_create resumed>) = 4 [pid 15261] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15261] close(4) = 0 [pid 15261] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15261] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15260] <... futex resumed>) = 0 [pid 15260] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15260] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15260] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15260] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[9642]}, 88) = 9642 ./strace-static-x86_64: Process 15264 attached [pid 15260] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15260] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15260] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15260] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15261] <... futex resumed>) = 0 [pid 15264] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 15261] memfd_create("syzkaller", 0 [pid 15264] <... set_robust_list resumed>) = 0 [pid 15261] <... memfd_create resumed>) = 4 [pid 15264] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15261] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 15264] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 15261] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 15261] close(4 [pid 15264] <... setxattr resumed>) = 0 [pid 15261] <... close resumed>) = 0 [pid 15264] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15264] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15261] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15261] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15260] <... futex resumed>) = 0 [pid 15260] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15260] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15261] <... futex resumed>) = 0 [pid 15261] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 15261] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15260] <... futex resumed>) = 0 [pid 15260] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15260] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15261] <... futex resumed>) = 1 [pid 15261] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 15261] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15260] <... futex resumed>) = 0 [pid 15260] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15260] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15261] <... futex resumed>) = 1 [pid 15261] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 15261] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15260] <... futex resumed>) = 0 [pid 15260] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15260] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15261] <... futex resumed>) = 1 [pid 15261] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 15261] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15260] <... futex resumed>) = 0 [pid 15260] close(3) = 0 [pid 15260] close(4) = 0 [pid 15260] close(5) = 0 [pid 15260] close(6) = -1 EBADF (Bad file descriptor) [pid 15260] close(7) = -1 EBADF (Bad file descriptor) [pid 15260] close(8) = -1 EBADF (Bad file descriptor) [pid 15260] close(9) = -1 EBADF (Bad file descriptor) [pid 15260] close(10) = -1 EBADF (Bad file descriptor) [pid 15260] close(11) = -1 EBADF (Bad file descriptor) [pid 15260] close(12) = -1 EBADF (Bad file descriptor) [pid 15260] close(13) = -1 EBADF (Bad file descriptor) [pid 15260] close(14) = -1 EBADF (Bad file descriptor) [pid 15260] close(15) = -1 EBADF (Bad file descriptor) [pid 15260] close(16) = -1 EBADF (Bad file descriptor) [pid 15260] close(17) = -1 EBADF (Bad file descriptor) [pid 15260] close(18) = -1 EBADF (Bad file descriptor) [pid 15260] close(19) = -1 EBADF (Bad file descriptor) [pid 15260] close(20) = -1 EBADF (Bad file descriptor) [pid 15260] close(21) = -1 EBADF (Bad file descriptor) [pid 15260] close(22) = -1 EBADF (Bad file descriptor) [pid 15260] close(23) = -1 EBADF (Bad file descriptor) [pid 15260] close(24) = -1 EBADF (Bad file descriptor) [pid 15260] close(25) = -1 EBADF (Bad file descriptor) [pid 15260] close(26) = -1 EBADF (Bad file descriptor) [pid 15260] close(27) = -1 EBADF (Bad file descriptor) [pid 15260] close(28) = -1 EBADF (Bad file descriptor) [pid 15260] close(29) = -1 EBADF (Bad file descriptor) [pid 15260] exit_group(0) = ? [pid 15264] <... futex resumed>) = ? [pid 15264] +++ exited with 0 +++ [pid 15261] <... futex resumed>) = ? [pid 15261] +++ exited with 0 +++ [pid 15260] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9640, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 289] umount2("./2524", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2524", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2524/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2524/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2524/binderfs") = 0 [pid 289] umount2("./2524/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2524/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2524/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2524/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2524/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2524/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2524") = 0 [pid 289] mkdir("./2525", 0777) = 0 [ 303.558620][T15261] EXT4-fs (loop0): 1 truncate cleaned up [ 303.564065][T15261] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9643 ./strace-static-x86_64: Process 15265 attached [pid 15265] set_robust_list(0x555556f746a0, 24) = 0 [pid 15265] chdir("./2525") = 0 [pid 15265] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15265] setpgid(0, 0) = 0 [pid 15265] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15265] write(3, "1000", 4) = 4 [pid 15265] close(3) = 0 [pid 15265] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15265] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15265] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15265] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15265] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15265] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15265] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15265] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[9644]}, 88) = 9644 [pid 15265] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15265] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15265] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15266 attached [pid 15266] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15266] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15266] memfd_create("syzkaller", 0) = 3 [pid 15266] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15266] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15266] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15266] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15266] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15266] close(3) = 0 [pid 15266] mkdir("./file1", 0777) = 0 [pid 15266] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15266] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15266] chdir("./file1") = 0 [pid 15266] ioctl(4, LOOP_CLR_FD) = 0 [pid 15266] close(4) = 0 [pid 15266] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15265] <... futex resumed>) = 0 [pid 15265] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15265] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15266] <... futex resumed>) = 1 [pid 15266] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15266] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15265] <... futex resumed>) = 0 [pid 15265] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15265] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15265] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15265] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15265] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15265] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[9645]}, 88) = 9645 [pid 15265] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15265] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15265] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15265] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 15265] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15265] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15265] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[9646]}, 88) = 9646 [pid 15265] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15265] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15265] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15266] <... futex resumed>) = 1 [pid 15266] memfd_create("syzkaller", 0) = 4 [pid 15266] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15266] close(4) = 0 [pid 15266] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15266] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 15269 attached [pid 15269] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 15269] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15269] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0) = 0 [pid 15269] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15269] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 15270 attached [pid 15270] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 15270] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15270] memfd_create("syzkaller", 0) = 4 [pid 15270] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15270] close(4) = 0 [pid 15270] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15265] <... futex resumed>) = 0 [pid 15265] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15266] <... futex resumed>) = 0 [pid 15265] <... futex resumed>) = 1 [pid 15266] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 15265] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15270] <... futex resumed>) = 1 [pid 15270] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15266] <... open resumed>) = 4 [pid 15266] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15265] <... futex resumed>) = 0 [pid 15266] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 15265] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15266] <... mount resumed>) = 0 [pid 15265] <... futex resumed>) = 0 [pid 15266] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15265] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15266] <... futex resumed>) = 0 [pid 15265] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15266] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 15265] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15266] <... open resumed>) = 5 [pid 15265] <... futex resumed>) = 0 [pid 15266] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15265] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15266] <... futex resumed>) = 0 [pid 15265] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15266] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 15265] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15265] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15266] <... write resumed>) = 262144 [pid 15266] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15265] <... futex resumed>) = 0 [pid 15265] close(3) = 0 [pid 15265] close(4) = 0 [pid 15265] close(5) = 0 [pid 15265] close(6) = -1 EBADF (Bad file descriptor) [pid 15265] close(7) = -1 EBADF (Bad file descriptor) [pid 15265] close(8) = -1 EBADF (Bad file descriptor) [pid 15265] close(9) = -1 EBADF (Bad file descriptor) [pid 15265] close(10) = -1 EBADF (Bad file descriptor) [pid 15265] close(11) = -1 EBADF (Bad file descriptor) [pid 15265] close(12) = -1 EBADF (Bad file descriptor) [pid 15265] close(13) = -1 EBADF (Bad file descriptor) [pid 15265] close(14) = -1 EBADF (Bad file descriptor) [pid 15265] close(15) = -1 EBADF (Bad file descriptor) [pid 15265] close(16) = -1 EBADF (Bad file descriptor) [pid 15265] close(17) = -1 EBADF (Bad file descriptor) [pid 15265] close(18) = -1 EBADF (Bad file descriptor) [pid 15265] close(19) = -1 EBADF (Bad file descriptor) [pid 15265] close(20) = -1 EBADF (Bad file descriptor) [pid 15265] close(21) = -1 EBADF (Bad file descriptor) [pid 15265] close(22) = -1 EBADF (Bad file descriptor) [pid 15265] close(23) = -1 EBADF (Bad file descriptor) [pid 15265] close(24) = -1 EBADF (Bad file descriptor) [pid 15265] close(25) = -1 EBADF (Bad file descriptor) [pid 15265] close(26) = -1 EBADF (Bad file descriptor) [pid 15265] close(27) = -1 EBADF (Bad file descriptor) [pid 15265] close(28) = -1 EBADF (Bad file descriptor) [pid 15265] close(29) = -1 EBADF (Bad file descriptor) [pid 15265] exit_group(0 [pid 15269] <... futex resumed>) = ? [pid 15265] <... exit_group resumed>) = ? [pid 15269] +++ exited with 0 +++ [pid 15266] <... futex resumed>) = ? [pid 15266] +++ exited with 0 +++ [pid 15270] <... futex resumed>) = ? [pid 15270] +++ exited with 0 +++ [pid 15265] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9643, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2525", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2525", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2525/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2525/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2525/binderfs") = 0 [ 303.697481][T15266] EXT4-fs (loop0): 1 truncate cleaned up [ 303.703241][T15266] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue [pid 289] umount2("./2525/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2525/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2525/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2525/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2525/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2525/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2525") = 0 [pid 289] mkdir("./2526", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9647 ./strace-static-x86_64: Process 15271 attached [pid 15271] set_robust_list(0x555556f746a0, 24) = 0 [pid 15271] chdir("./2526") = 0 [pid 15271] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15271] setpgid(0, 0) = 0 [pid 15271] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15271] write(3, "1000", 4) = 4 [pid 15271] close(3) = 0 [pid 15271] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15271] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15271] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15271] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15271] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15271] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15271] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15271] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0}./strace-static-x86_64: Process 15272 attached => {parent_tid=[9648]}, 88) = 9648 [pid 15272] set_robust_list(0x7fbc6730d9a0, 24 [pid 15271] rt_sigprocmask(SIG_SETMASK, [], [pid 15272] <... set_robust_list resumed>) = 0 [pid 15271] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15271] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15272] rt_sigprocmask(SIG_SETMASK, [], [pid 15271] <... futex resumed>) = 0 [pid 15272] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15271] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15272] memfd_create("syzkaller", 0) = 3 [pid 15272] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15272] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15272] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15272] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15272] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15272] close(3) = 0 [pid 15272] mkdir("./file1", 0777) = 0 [pid 15272] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15272] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15272] chdir("./file1") = 0 [pid 15272] ioctl(4, LOOP_CLR_FD) = 0 [pid 15272] close(4) = 0 [pid 15272] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15272] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15271] <... futex resumed>) = 0 [pid 15271] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15271] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15272] <... futex resumed>) = 0 [pid 15272] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15272] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15271] <... futex resumed>) = 0 [pid 15271] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15271] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15271] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15271] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15271] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15271] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[9649]}, 88) = 9649 [pid 15271] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15271] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15271] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15271] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 15271] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15271] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15271] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[9650]}, 88) = 9650 [pid 15271] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15271] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15271] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15272] <... futex resumed>) = 1 [pid 15272] memfd_create("syzkaller", 0) = 4 ./strace-static-x86_64: Process 15276 attached ./strace-static-x86_64: Process 15275 attached [pid 15272] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 15276] set_robust_list(0x7fbc5ef0b9a0, 24 [pid 15275] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 15272] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 15276] <... set_robust_list resumed>) = 0 [pid 15276] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15276] memfd_create("syzkaller", 0 [pid 15275] <... set_robust_list resumed>) = 0 [pid 15275] rt_sigprocmask(SIG_SETMASK, [], [pid 15272] close(4 [pid 15276] <... memfd_create resumed>) = 5 [pid 15275] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15276] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 15275] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 15272] <... close resumed>) = 0 [pid 15276] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 15276] close(5) = 0 [pid 15276] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15271] <... futex resumed>) = 0 [pid 15271] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15271] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15276] <... futex resumed>) = 1 [pid 15276] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 15276] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15271] <... futex resumed>) = 0 [pid 15271] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15271] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15276] <... futex resumed>) = 1 [pid 15276] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 15276] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15271] <... futex resumed>) = 0 [pid 15271] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15271] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15276] <... futex resumed>) = 1 [pid 15276] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 15276] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15271] <... futex resumed>) = 0 [pid 15275] <... setxattr resumed>) = 0 [pid 15271] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15271] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15276] <... futex resumed>) = 1 [pid 15275] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15272] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15275] <... futex resumed>) = 0 [pid 15272] <... futex resumed>) = 0 [pid 15275] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15272] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15276] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 15276] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15271] <... futex resumed>) = 0 [pid 15271] close(3) = 0 [pid 15271] close(4) = 0 [pid 15271] close(5) = 0 [pid 15271] close(6) = -1 EBADF (Bad file descriptor) [pid 15271] close(7) = -1 EBADF (Bad file descriptor) [pid 15271] close(8) = -1 EBADF (Bad file descriptor) [pid 15271] close(9) = -1 EBADF (Bad file descriptor) [pid 15271] close(10) = -1 EBADF (Bad file descriptor) [pid 15271] close(11) = -1 EBADF (Bad file descriptor) [pid 15271] close(12) = -1 EBADF (Bad file descriptor) [pid 15271] close(13) = -1 EBADF (Bad file descriptor) [pid 15271] close(14) = -1 EBADF (Bad file descriptor) [pid 15271] close(15) = -1 EBADF (Bad file descriptor) [pid 15271] close(16) = -1 EBADF (Bad file descriptor) [pid 15271] close(17) = -1 EBADF (Bad file descriptor) [pid 15271] close(18) = -1 EBADF (Bad file descriptor) [pid 15271] close(19) = -1 EBADF (Bad file descriptor) [pid 15271] close(20) = -1 EBADF (Bad file descriptor) [pid 15271] close(21) = -1 EBADF (Bad file descriptor) [pid 15271] close(22) = -1 EBADF (Bad file descriptor) [pid 15271] close(23) = -1 EBADF (Bad file descriptor) [pid 15271] close(24) = -1 EBADF (Bad file descriptor) [pid 15271] close(25) = -1 EBADF (Bad file descriptor) [pid 15271] close(26) = -1 EBADF (Bad file descriptor) [pid 15271] close(27) = -1 EBADF (Bad file descriptor) [pid 15271] close(28) = -1 EBADF (Bad file descriptor) [pid 15271] close(29) = -1 EBADF (Bad file descriptor) [pid 15271] exit_group(0) = ? [pid 15272] <... futex resumed>) = ? [pid 15275] <... futex resumed>) = ? [pid 15272] +++ exited with 0 +++ [pid 15275] +++ exited with 0 +++ [pid 15276] <... futex resumed>) = ? [pid 15276] +++ exited with 0 +++ [pid 15271] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9647, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2526", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2526", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2526/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2526/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2526/binderfs") = 0 [ 303.772678][T15272] EXT4-fs (loop0): 1 truncate cleaned up [ 303.778258][T15272] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue [pid 289] umount2("./2526/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2526/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2526/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2526/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2526/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2526/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2526") = 0 [pid 289] mkdir("./2527", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9651 ./strace-static-x86_64: Process 15277 attached [pid 15277] set_robust_list(0x555556f746a0, 24) = 0 [pid 15277] chdir("./2527") = 0 [pid 15277] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15277] setpgid(0, 0) = 0 [pid 15277] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15277] write(3, "1000", 4) = 4 [pid 15277] close(3) = 0 [pid 15277] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15277] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15277] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15277] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15277] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15277] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15277] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15277] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0}./strace-static-x86_64: Process 15278 attached => {parent_tid=[9652]}, 88) = 9652 [pid 15278] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15278] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15278] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15277] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15277] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15278] <... futex resumed>) = 0 [pid 15278] memfd_create("syzkaller", 0 [pid 15277] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15278] <... memfd_create resumed>) = 3 [pid 15278] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15278] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15278] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15278] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15278] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15278] close(3) = 0 [pid 15278] mkdir("./file1", 0777) = 0 [pid 15278] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15278] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15278] chdir("./file1") = 0 [pid 15278] ioctl(4, LOOP_CLR_FD) = 0 [pid 15278] close(4) = 0 [pid 15278] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15277] <... futex resumed>) = 0 [pid 15277] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15277] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15278] <... futex resumed>) = 1 [pid 15278] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15278] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15277] <... futex resumed>) = 0 [pid 15277] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15277] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15277] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15277] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15277] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15277] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[9653]}, 88) = 9653 [pid 15277] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15277] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15277] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15277] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 15277] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15277] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15277] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[9654]}, 88) = 9654 [pid 15277] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15277] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15277] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15278] <... futex resumed>) = 1 [pid 15278] memfd_create("syzkaller", 0) = 4 [pid 15278] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) ./strace-static-x86_64: Process 15282 attached ./strace-static-x86_64: Process 15281 attached [pid 15282] set_robust_list(0x7fbc5ef0b9a0, 24 [pid 15278] close(4 [pid 15282] <... set_robust_list resumed>) = 0 [pid 15281] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 15282] rt_sigprocmask(SIG_SETMASK, [], [pid 15281] <... set_robust_list resumed>) = 0 [pid 15278] <... close resumed>) = 0 [pid 15278] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15278] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15282] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15282] memfd_create("syzkaller", 0) = 4 [pid 15282] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15282] close(4) = 0 [pid 15282] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15282] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15277] <... futex resumed>) = 0 [pid 15281] rt_sigprocmask(SIG_SETMASK, [], [pid 15277] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15277] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15278] <... futex resumed>) = 0 [pid 15278] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 15281] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15281] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 15278] <... open resumed>) = 4 [pid 15278] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15277] <... futex resumed>) = 0 [pid 15277] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15277] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15278] <... futex resumed>) = 1 [pid 15278] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 15278] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15277] <... futex resumed>) = 0 [pid 15277] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15277] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15278] <... futex resumed>) = 1 [pid 15278] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 15278] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15277] <... futex resumed>) = 0 [pid 15277] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15277] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15278] <... futex resumed>) = 1 [pid 15278] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 15278] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15277] <... futex resumed>) = 0 [pid 15278] <... futex resumed>) = 1 [pid 15278] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15281] <... setxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 15281] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15281] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15277] close(3) = 0 [pid 15277] close(4) = 0 [pid 15277] close(5) = 0 [pid 15277] close(6) = -1 EBADF (Bad file descriptor) [pid 15277] close(7) = -1 EBADF (Bad file descriptor) [pid 15277] close(8) = -1 EBADF (Bad file descriptor) [pid 15277] close(9) = -1 EBADF (Bad file descriptor) [pid 15277] close(10) = -1 EBADF (Bad file descriptor) [pid 15277] close(11) = -1 EBADF (Bad file descriptor) [pid 15277] close(12) = -1 EBADF (Bad file descriptor) [pid 15277] close(13) = -1 EBADF (Bad file descriptor) [pid 15277] close(14) = -1 EBADF (Bad file descriptor) [pid 15277] close(15) = -1 EBADF (Bad file descriptor) [pid 15277] close(16) = -1 EBADF (Bad file descriptor) [pid 15277] close(17) = -1 EBADF (Bad file descriptor) [pid 15277] close(18) = -1 EBADF (Bad file descriptor) [pid 15277] close(19) = -1 EBADF (Bad file descriptor) [pid 15277] close(20) = -1 EBADF (Bad file descriptor) [pid 15277] close(21) = -1 EBADF (Bad file descriptor) [pid 15277] close(22) = -1 EBADF (Bad file descriptor) [pid 15277] close(23) = -1 EBADF (Bad file descriptor) [pid 15277] close(24) = -1 EBADF (Bad file descriptor) [pid 15277] close(25) = -1 EBADF (Bad file descriptor) [pid 15277] close(26) = -1 EBADF (Bad file descriptor) [pid 15277] close(27) = -1 EBADF (Bad file descriptor) [pid 15277] close(28) = -1 EBADF (Bad file descriptor) [pid 15277] close(29) = -1 EBADF (Bad file descriptor) [pid 15277] exit_group(0 [pid 15282] <... futex resumed>) = ? [pid 15278] <... futex resumed>) = ? [pid 15277] <... exit_group resumed>) = ? [pid 15282] +++ exited with 0 +++ [pid 15278] +++ exited with 0 +++ [pid 15281] <... futex resumed>) = ? [pid 15281] +++ exited with 0 +++ [pid 15277] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9651, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2527", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2527", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2527/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2527/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2527/binderfs") = 0 [ 303.864354][T15278] EXT4-fs (loop0): 1 truncate cleaned up [ 303.870170][T15278] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue [ 303.895165][T15281] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5886: Corrupt filesystem [pid 289] umount2("./2527/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2527/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2527/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2527/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2527/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2527/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2527") = 0 [pid 289] mkdir("./2528", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9655 ./strace-static-x86_64: Process 15283 attached [pid 15283] set_robust_list(0x555556f746a0, 24) = 0 [pid 15283] chdir("./2528") = 0 [pid 15283] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15283] setpgid(0, 0) = 0 [pid 15283] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15283] write(3, "1000", 4) = 4 [pid 15283] close(3) = 0 [pid 15283] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15283] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15283] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15283] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15283] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15283] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15283] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15283] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0}./strace-static-x86_64: Process 15284 attached => {parent_tid=[9656]}, 88) = 9656 [pid 15284] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15284] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15284] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15283] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15283] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15284] <... futex resumed>) = 0 [pid 15284] memfd_create("syzkaller", 0 [pid 15283] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15284] <... memfd_create resumed>) = 3 [pid 15284] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15284] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15284] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15284] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15284] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15284] close(3) = 0 [pid 15284] mkdir("./file1", 0777) = 0 [pid 15284] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15284] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15284] chdir("./file1") = 0 [pid 15284] ioctl(4, LOOP_CLR_FD) = 0 [pid 15284] close(4) = 0 [pid 15284] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15283] <... futex resumed>) = 0 [pid 15283] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15283] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15284] <... futex resumed>) = 1 [pid 15284] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15284] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15283] <... futex resumed>) = 0 [pid 15283] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15283] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15283] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15283] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15283] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15283] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[9657]}, 88) = 9657 [pid 15283] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15283] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 15287 attached [pid 15283] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15283] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 15283] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15283] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15283] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[9658]}, 88) = 9658 [pid 15283] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15283] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15283] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15284] <... futex resumed>) = 1 [pid 15284] memfd_create("syzkaller", 0) = 4 [pid 15284] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15284] close(4) = 0 [pid 15284] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15284] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15287] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 15287] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15287] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0) = 0 [pid 15287] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15287] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 15288 attached [pid 15288] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 15288] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15288] memfd_create("syzkaller", 0) = 4 [pid 15288] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15288] close(4) = 0 [pid 15288] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15283] <... futex resumed>) = 0 [pid 15283] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15283] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15284] <... futex resumed>) = 0 [pid 15284] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 15288] <... futex resumed>) = 1 [pid 15284] <... open resumed>) = 4 [pid 15288] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15284] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15283] <... futex resumed>) = 0 [pid 15284] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 15283] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15284] <... mount resumed>) = 0 [pid 15283] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15284] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15283] <... futex resumed>) = 0 [pid 15283] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15284] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 15283] <... futex resumed>) = 0 [pid 15283] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15284] <... open resumed>) = 5 [pid 15284] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15283] <... futex resumed>) = 0 [pid 15284] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15283] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15283] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15284] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15284] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 15284] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15283] <... futex resumed>) = 0 [pid 15283] close(3) = 0 [pid 15283] close(4) = 0 [pid 15283] close(5 [pid 15284] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15283] <... close resumed>) = 0 [pid 15283] close(6) = -1 EBADF (Bad file descriptor) [pid 15283] close(7) = -1 EBADF (Bad file descriptor) [pid 15283] close(8) = -1 EBADF (Bad file descriptor) [pid 15283] close(9) = -1 EBADF (Bad file descriptor) [pid 15283] close(10) = -1 EBADF (Bad file descriptor) [pid 15283] close(11) = -1 EBADF (Bad file descriptor) [pid 15283] close(12) = -1 EBADF (Bad file descriptor) [pid 15283] close(13) = -1 EBADF (Bad file descriptor) [pid 15283] close(14) = -1 EBADF (Bad file descriptor) [pid 15283] close(15) = -1 EBADF (Bad file descriptor) [pid 15283] close(16) = -1 EBADF (Bad file descriptor) [pid 15283] close(17) = -1 EBADF (Bad file descriptor) [pid 15283] close(18) = -1 EBADF (Bad file descriptor) [pid 15283] close(19) = -1 EBADF (Bad file descriptor) [pid 15283] close(20) = -1 EBADF (Bad file descriptor) [pid 15283] close(21) = -1 EBADF (Bad file descriptor) [pid 15283] close(22) = -1 EBADF (Bad file descriptor) [pid 15283] close(23) = -1 EBADF (Bad file descriptor) [pid 15283] close(24) = -1 EBADF (Bad file descriptor) [pid 15283] close(25) = -1 EBADF (Bad file descriptor) [pid 15283] close(26) = -1 EBADF (Bad file descriptor) [pid 15283] close(27) = -1 EBADF (Bad file descriptor) [pid 15283] close(28) = -1 EBADF (Bad file descriptor) [pid 15283] close(29) = -1 EBADF (Bad file descriptor) [pid 15283] exit_group(0 [pid 15287] <... futex resumed>) = ? [pid 15283] <... exit_group resumed>) = ? [pid 15287] +++ exited with 0 +++ [pid 15288] <... futex resumed>) = ? [pid 15288] +++ exited with 0 +++ [pid 15284] <... futex resumed>) = ? [pid 15284] +++ exited with 0 +++ [pid 15283] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9655, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2528", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2528", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2528/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2528/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2528/binderfs") = 0 [ 304.020289][T15284] EXT4-fs (loop0): 1 truncate cleaned up [ 304.025757][T15284] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue [pid 289] umount2("./2528/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2528/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2528/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2528/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2528/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2528/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2528") = 0 [pid 289] mkdir("./2529", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9659 ./strace-static-x86_64: Process 15289 attached [pid 15289] set_robust_list(0x555556f746a0, 24) = 0 [pid 15289] chdir("./2529") = 0 [pid 15289] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15289] setpgid(0, 0) = 0 [pid 15289] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15289] write(3, "1000", 4) = 4 [pid 15289] close(3) = 0 [pid 15289] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15289] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15289] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15289] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15289] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15289] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15289] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15289] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[9660]}, 88) = 9660 [pid 15289] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15289] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15289] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15290 attached [pid 15290] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15290] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15290] memfd_create("syzkaller", 0) = 3 [pid 15290] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15290] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15290] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15290] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15290] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15290] close(3) = 0 [pid 15290] mkdir("./file1", 0777) = 0 [pid 15290] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15290] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15290] chdir("./file1") = 0 [pid 15290] ioctl(4, LOOP_CLR_FD) = 0 [pid 15290] close(4) = 0 [pid 15290] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15289] <... futex resumed>) = 0 [pid 15290] setxattr("./file1", NULL, NULL, 0, 0 [pid 15289] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15290] <... setxattr resumed>) = -1 EFAULT (Bad address) [pid 15289] <... futex resumed>) = 0 [pid 15290] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15289] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15290] <... futex resumed>) = 0 [pid 15289] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15290] memfd_create("syzkaller", 0 [pid 15289] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15290] <... memfd_create resumed>) = 4 [pid 15289] <... futex resumed>) = 0 [pid 15290] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 15289] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15290] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 15289] <... futex resumed>) = 0 [pid 15290] close(4 [pid 15289] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 15290] <... close resumed>) = 0 [pid 15289] <... mmap resumed>) = 0x7fbc5ef0c000 [pid 15290] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15289] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE [pid 15290] <... futex resumed>) = 0 [pid 15289] <... mprotect resumed>) = 0 [pid 15290] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15289] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15289] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0}./strace-static-x86_64: Process 15293 attached => {parent_tid=[9661]}, 88) = 9661 [pid 15289] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15289] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15289] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15290] <... futex resumed>) = 0 [pid 15289] <... futex resumed>) = 1 [pid 15290] memfd_create("syzkaller", 0 [pid 15289] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15290] <... memfd_create resumed>) = 4 [pid 15290] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15290] close(4) = 0 [pid 15290] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15289] <... futex resumed>) = 0 [pid 15290] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 15289] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15293] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 15290] <... open resumed>) = 4 [pid 15289] <... futex resumed>) = 0 [pid 15290] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15289] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15290] <... futex resumed>) = 0 [pid 15289] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15290] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 15289] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15293] <... set_robust_list resumed>) = 0 [pid 15290] <... mount resumed>) = 0 [pid 15289] <... futex resumed>) = 0 [pid 15290] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15289] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15290] <... futex resumed>) = 0 [pid 15289] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15290] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 15289] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15290] <... open resumed>) = 5 [pid 15289] <... futex resumed>) = 0 [pid 15290] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15289] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15290] <... futex resumed>) = 0 [pid 15289] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15290] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 15289] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15293] rt_sigprocmask(SIG_SETMASK, [], [pid 15289] <... futex resumed>) = 0 [pid 15289] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15293] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15293] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 15290] <... write resumed>) = 262144 [pid 15290] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15290] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15289] <... futex resumed>) = 0 [pid 15293] <... setxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 15293] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15289] close(3) = 0 [pid 15293] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15289] close(4) = 0 [pid 15289] close(5) = 0 [pid 15289] close(6) = -1 EBADF (Bad file descriptor) [pid 15289] close(7) = -1 EBADF (Bad file descriptor) [pid 15289] close(8) = -1 EBADF (Bad file descriptor) [pid 15289] close(9) = -1 EBADF (Bad file descriptor) [pid 15289] close(10) = -1 EBADF (Bad file descriptor) [pid 15289] close(11) = -1 EBADF (Bad file descriptor) [pid 15289] close(12) = -1 EBADF (Bad file descriptor) [pid 15289] close(13) = -1 EBADF (Bad file descriptor) [pid 15289] close(14) = -1 EBADF (Bad file descriptor) [pid 15289] close(15) = -1 EBADF (Bad file descriptor) [pid 15289] close(16) = -1 EBADF (Bad file descriptor) [pid 15289] close(17) = -1 EBADF (Bad file descriptor) [pid 15289] close(18) = -1 EBADF (Bad file descriptor) [pid 15289] close(19) = -1 EBADF (Bad file descriptor) [pid 15289] close(20) = -1 EBADF (Bad file descriptor) [pid 15289] close(21) = -1 EBADF (Bad file descriptor) [pid 15289] close(22) = -1 EBADF (Bad file descriptor) [pid 15289] close(23) = -1 EBADF (Bad file descriptor) [pid 15289] close(24) = -1 EBADF (Bad file descriptor) [pid 15289] close(25) = -1 EBADF (Bad file descriptor) [pid 15289] close(26) = -1 EBADF (Bad file descriptor) [pid 15289] close(27) = -1 EBADF (Bad file descriptor) [pid 15289] close(28) = -1 EBADF (Bad file descriptor) [pid 15289] close(29) = -1 EBADF (Bad file descriptor) [pid 15289] exit_group(0 [pid 15293] <... futex resumed>) = ? [pid 15289] <... exit_group resumed>) = ? [pid 15293] +++ exited with 0 +++ [pid 15290] <... futex resumed>) = ? [pid 15290] +++ exited with 0 +++ [pid 15289] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9659, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2529", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2529", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2529/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2529/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2529/binderfs") = 0 [ 304.179888][T15290] EXT4-fs (loop0): 1 truncate cleaned up [ 304.185401][T15290] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue [ 304.214454][T15293] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5886: Corrupt filesystem [pid 289] umount2("./2529/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2529/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2529/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2529/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2529/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2529/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2529") = 0 [pid 289] mkdir("./2530", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9662 ./strace-static-x86_64: Process 15294 attached [pid 15294] set_robust_list(0x555556f746a0, 24) = 0 [pid 15294] chdir("./2530") = 0 [pid 15294] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15294] setpgid(0, 0) = 0 [pid 15294] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15294] write(3, "1000", 4) = 4 [pid 15294] close(3) = 0 [pid 15294] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15294] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15294] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15294] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15294] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15294] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15294] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15294] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0}./strace-static-x86_64: Process 15295 attached => {parent_tid=[9663]}, 88) = 9663 [pid 15295] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15295] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15295] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15294] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15294] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15295] <... futex resumed>) = 0 [pid 15295] memfd_create("syzkaller", 0) = 3 [pid 15295] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15294] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15295] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15295] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15295] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15295] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15295] close(3) = 0 [pid 15295] mkdir("./file1", 0777) = 0 [pid 15295] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15295] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15295] chdir("./file1") = 0 [pid 15295] ioctl(4, LOOP_CLR_FD) = 0 [pid 15295] close(4) = 0 [pid 15295] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15294] <... futex resumed>) = 0 [pid 15294] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15294] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15295] <... futex resumed>) = 1 [pid 15295] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15295] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15294] <... futex resumed>) = 0 [pid 15294] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15294] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15294] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15294] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15294] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15294] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[9664]}, 88) = 9664 [pid 15294] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15294] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15294] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15294] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 15294] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15294] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15294] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[9665]}, 88) = 9665 [pid 15294] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15294] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15294] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15295] <... futex resumed>) = 1 [pid 15295] memfd_create("syzkaller", 0) = 4 [pid 15295] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15295] close(4) = 0 [pid 15295] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15295] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 15299 attached [pid 15299] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 15299] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15299] memfd_create("syzkaller", 0) = 4 [pid 15299] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15299] close(4) = 0 [pid 15299] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15294] <... futex resumed>) = 0 [pid 15294] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15294] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15295] <... futex resumed>) = 0 [pid 15295] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 15299] <... futex resumed>) = 1 [pid 15299] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 15298 attached [pid 15298] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 15298] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15298] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0) = 0 [pid 15298] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15298] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15295] <... open resumed>) = 4 [pid 15295] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15294] <... futex resumed>) = 0 [pid 15295] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 15294] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15295] <... mount resumed>) = 0 [pid 15294] <... futex resumed>) = 0 [pid 15294] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15295] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15294] <... futex resumed>) = 0 [pid 15294] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15295] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 15294] <... futex resumed>) = 0 [pid 15295] <... open resumed>) = 5 [pid 15294] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15295] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15294] <... futex resumed>) = 0 [pid 15295] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 15294] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15294] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15295] <... write resumed>) = 262144 [pid 15295] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15295] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15294] <... futex resumed>) = 0 [pid 15294] close(3) = 0 [pid 15294] close(4) = 0 [pid 15294] close(5) = 0 [pid 15294] close(6) = -1 EBADF (Bad file descriptor) [pid 15294] close(7) = -1 EBADF (Bad file descriptor) [pid 15294] close(8) = -1 EBADF (Bad file descriptor) [pid 15294] close(9) = -1 EBADF (Bad file descriptor) [pid 15294] close(10) = -1 EBADF (Bad file descriptor) [pid 15294] close(11) = -1 EBADF (Bad file descriptor) [pid 15294] close(12) = -1 EBADF (Bad file descriptor) [pid 15294] close(13) = -1 EBADF (Bad file descriptor) [pid 15294] close(14) = -1 EBADF (Bad file descriptor) [pid 15294] close(15) = -1 EBADF (Bad file descriptor) [pid 15294] close(16) = -1 EBADF (Bad file descriptor) [pid 15294] close(17) = -1 EBADF (Bad file descriptor) [pid 15294] close(18) = -1 EBADF (Bad file descriptor) [pid 15294] close(19) = -1 EBADF (Bad file descriptor) [pid 15294] close(20) = -1 EBADF (Bad file descriptor) [pid 15294] close(21) = -1 EBADF (Bad file descriptor) [pid 15294] close(22) = -1 EBADF (Bad file descriptor) [pid 15294] close(23) = -1 EBADF (Bad file descriptor) [pid 15294] close(24) = -1 EBADF (Bad file descriptor) [pid 15294] close(25) = -1 EBADF (Bad file descriptor) [pid 15294] close(26) = -1 EBADF (Bad file descriptor) [pid 15294] close(27) = -1 EBADF (Bad file descriptor) [pid 15294] close(28) = -1 EBADF (Bad file descriptor) [pid 15294] close(29) = -1 EBADF (Bad file descriptor) [pid 15294] exit_group(0) = ? [pid 15299] <... futex resumed>) = 231 [pid 15298] <... futex resumed>) = ? [pid 15299] +++ exited with 0 +++ [pid 15298] +++ exited with 0 +++ [pid 15295] <... futex resumed>) = ? [pid 15295] +++ exited with 0 +++ [pid 15294] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9662, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 289] umount2("./2530", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2530", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2530/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2530/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2530/binderfs") = 0 [ 304.346582][T15295] EXT4-fs (loop0): 1 truncate cleaned up [ 304.352397][T15295] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue [pid 289] umount2("./2530/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2530/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2530/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2530/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2530/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2530/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2530") = 0 [pid 289] mkdir("./2531", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9666 ./strace-static-x86_64: Process 15300 attached [pid 15300] set_robust_list(0x555556f746a0, 24) = 0 [pid 15300] chdir("./2531") = 0 [pid 15300] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15300] setpgid(0, 0) = 0 [pid 15300] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15300] write(3, "1000", 4) = 4 [pid 15300] close(3) = 0 [pid 15300] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15300] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15300] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15300] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15300] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15300] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15300] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15300] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[9667]}, 88) = 9667 [pid 15300] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15300] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15300] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15302 attached [pid 15302] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15302] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15302] memfd_create("syzkaller", 0) = 3 [pid 15302] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15302] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15302] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15302] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15302] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15302] close(3) = 0 [pid 15302] mkdir("./file1", 0777) = 0 [pid 15302] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15302] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15302] chdir("./file1") = 0 [pid 15302] ioctl(4, LOOP_CLR_FD) = 0 [pid 15302] close(4) = 0 [pid 15302] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15300] <... futex resumed>) = 0 [pid 15300] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15300] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15302] <... futex resumed>) = 1 [pid 15302] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15302] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15300] <... futex resumed>) = 0 [pid 15300] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15300] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15300] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15300] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15300] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15300] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[9668]}, 88) = 9668 [pid 15300] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15300] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15300] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15300] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 15300] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15300] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15300] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0}./strace-static-x86_64: Process 15306 attached ./strace-static-x86_64: Process 15305 attached => {parent_tid=[9669]}, 88) = 9669 [pid 15300] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15300] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15300] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15306] set_robust_list(0x7fbc5ef0b9a0, 24 [pid 15305] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 15302] <... futex resumed>) = 1 [pid 15302] memfd_create("syzkaller", 0) = 4 [pid 15302] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15302] close(4) = 0 [pid 15302] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15302] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15306] <... set_robust_list resumed>) = 0 [pid 15306] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15306] memfd_create("syzkaller", 0) = 4 [pid 15306] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15306] close(4) = 0 [pid 15306] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15300] <... futex resumed>) = 0 [pid 15300] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15300] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15305] <... set_robust_list resumed>) = 0 [pid 15302] <... futex resumed>) = 0 [pid 15302] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 15305] rt_sigprocmask(SIG_SETMASK, [], [pid 15306] <... futex resumed>) = 1 [pid 15302] <... open resumed>) = 4 [pid 15306] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15302] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15300] <... futex resumed>) = 0 [pid 15300] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15300] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15302] <... futex resumed>) = 1 [pid 15302] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 15302] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15300] <... futex resumed>) = 0 [pid 15300] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15300] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15302] <... futex resumed>) = 1 [pid 15302] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 15302] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15300] <... futex resumed>) = 0 [pid 15300] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15300] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15302] <... futex resumed>) = 1 [pid 15302] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 15305] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15305] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 15302] <... write resumed>) = 262144 [pid 15302] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15300] <... futex resumed>) = 0 [pid 15302] <... futex resumed>) = 1 [pid 15302] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15305] <... setxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 15305] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15305] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15300] close(3) = 0 [pid 15300] close(4) = 0 [pid 15300] close(5) = 0 [pid 15300] close(6) = -1 EBADF (Bad file descriptor) [pid 15300] close(7) = -1 EBADF (Bad file descriptor) [pid 15300] close(8) = -1 EBADF (Bad file descriptor) [pid 15300] close(9) = -1 EBADF (Bad file descriptor) [pid 15300] close(10) = -1 EBADF (Bad file descriptor) [pid 15300] close(11) = -1 EBADF (Bad file descriptor) [pid 15300] close(12) = -1 EBADF (Bad file descriptor) [pid 15300] close(13) = -1 EBADF (Bad file descriptor) [pid 15300] close(14) = -1 EBADF (Bad file descriptor) [pid 15300] close(15) = -1 EBADF (Bad file descriptor) [pid 15300] close(16) = -1 EBADF (Bad file descriptor) [pid 15300] close(17) = -1 EBADF (Bad file descriptor) [pid 15300] close(18) = -1 EBADF (Bad file descriptor) [pid 15300] close(19) = -1 EBADF (Bad file descriptor) [pid 15300] close(20) = -1 EBADF (Bad file descriptor) [pid 15300] close(21) = -1 EBADF (Bad file descriptor) [pid 15300] close(22) = -1 EBADF (Bad file descriptor) [pid 15300] close(23) = -1 EBADF (Bad file descriptor) [pid 15300] close(24) = -1 EBADF (Bad file descriptor) [pid 15300] close(25) = -1 EBADF (Bad file descriptor) [pid 15300] close(26) = -1 EBADF (Bad file descriptor) [pid 15300] close(27) = -1 EBADF (Bad file descriptor) [pid 15300] close(28) = -1 EBADF (Bad file descriptor) [pid 15300] close(29) = -1 EBADF (Bad file descriptor) [pid 15300] exit_group(0) = ? [pid 15306] <... futex resumed>) = 231 [pid 15302] <... futex resumed>) = ? [pid 15306] +++ exited with 0 +++ [pid 15302] +++ exited with 0 +++ [pid 15305] <... futex resumed>) = ? [pid 15305] +++ exited with 0 +++ [pid 15300] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9666, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2531", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2531", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2531/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2531/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2531/binderfs") = 0 [pid 289] umount2("./2531/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2531/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2531/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2531/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2531/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2531/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2531") = 0 [pid 289] mkdir("./2532", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9670 ./strace-static-x86_64: Process 15307 attached [pid 15307] set_robust_list(0x555556f746a0, 24) = 0 [pid 15307] chdir("./2532") = 0 [pid 15307] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15307] setpgid(0, 0) = 0 [pid 15307] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15307] write(3, "1000", 4) = 4 [pid 15307] close(3) = 0 [pid 15307] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15307] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15307] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15307] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15307] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15307] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15307] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15307] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[9671]}, 88) = 9671 ./strace-static-x86_64: Process 15308 attached [pid 15307] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15307] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15307] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15308] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15308] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15308] memfd_create("syzkaller", 0) = 3 [pid 15308] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15308] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15308] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15308] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15308] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15308] close(3) = 0 [pid 15308] mkdir("./file1", 0777) = 0 [pid 15308] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15308] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15308] chdir("./file1") = 0 [pid 15308] ioctl(4, LOOP_CLR_FD) = 0 [pid 15308] close(4) = 0 [pid 15308] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15307] <... futex resumed>) = 0 [pid 15307] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15307] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15308] <... futex resumed>) = 1 [pid 15308] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15308] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15307] <... futex resumed>) = 0 [pid 15307] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15307] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15307] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15307] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15307] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15307] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[9672]}, 88) = 9672 [pid 15307] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15307] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15307] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15307] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 15307] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15307] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15307] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[9673]}, 88) = 9673 [pid 15307] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15307] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15307] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15308] <... futex resumed>) = 1 [pid 15308] memfd_create("syzkaller", 0) = 4 [pid 15308] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15308] close(4) = 0 [pid 15308] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15308] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 15311 attached [pid 15311] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 15311] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15311] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0) = 0 [pid 15311] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15311] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 15312 attached [pid 15312] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 15312] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15312] memfd_create("syzkaller", 0) = 4 [pid 15312] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15312] close(4) = 0 [pid 15312] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15307] <... futex resumed>) = 0 [pid 15307] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15308] <... futex resumed>) = 0 [pid 15307] <... futex resumed>) = 1 [pid 15308] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 15307] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15312] <... futex resumed>) = 1 [pid 15312] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15308] <... open resumed>) = 4 [pid 15308] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15307] <... futex resumed>) = 0 [pid 15308] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 15307] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15308] <... mount resumed>) = 0 [pid 15307] <... futex resumed>) = 0 [pid 15308] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15307] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15308] <... futex resumed>) = 0 [pid 15307] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15308] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 15307] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15308] <... open resumed>) = 5 [pid 15307] <... futex resumed>) = 0 [pid 15308] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15307] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15308] <... futex resumed>) = 0 [pid 15307] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15308] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 15307] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15307] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15308] <... write resumed>) = 262144 [pid 15308] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15307] <... futex resumed>) = 0 [pid 15307] close(3) = 0 [pid 15307] close(4) = 0 [pid 15307] close(5) = 0 [pid 15307] close(6) = -1 EBADF (Bad file descriptor) [pid 15307] close(7) = -1 EBADF (Bad file descriptor) [pid 15307] close(8) = -1 EBADF (Bad file descriptor) [pid 15307] close(9) = -1 EBADF (Bad file descriptor) [pid 15307] close(10) = -1 EBADF (Bad file descriptor) [pid 15307] close(11) = -1 EBADF (Bad file descriptor) [pid 15307] close(12) = -1 EBADF (Bad file descriptor) [pid 15307] close(13) = -1 EBADF (Bad file descriptor) [pid 15307] close(14) = -1 EBADF (Bad file descriptor) [pid 15307] close(15) = -1 EBADF (Bad file descriptor) [pid 15307] close(16) = -1 EBADF (Bad file descriptor) [pid 15307] close(17) = -1 EBADF (Bad file descriptor) [pid 15307] close(18) = -1 EBADF (Bad file descriptor) [pid 15307] close(19) = -1 EBADF (Bad file descriptor) [pid 15307] close(20) = -1 EBADF (Bad file descriptor) [pid 15307] close(21) = -1 EBADF (Bad file descriptor) [pid 15307] close(22) = -1 EBADF (Bad file descriptor) [pid 15307] close(23) = -1 EBADF (Bad file descriptor) [pid 15307] close(24) = -1 EBADF (Bad file descriptor) [pid 15307] close(25) = -1 EBADF (Bad file descriptor) [pid 15307] close(26) = -1 EBADF (Bad file descriptor) [pid 15307] close(27) = -1 EBADF (Bad file descriptor) [pid 15307] close(28) = -1 EBADF (Bad file descriptor) [pid 15307] close(29) = -1 EBADF (Bad file descriptor) [pid 15307] exit_group(0 [pid 15311] <... futex resumed>) = ? [pid 15307] <... exit_group resumed>) = ? [pid 15311] +++ exited with 0 +++ [pid 15312] <... futex resumed>) = ? [pid 15312] +++ exited with 0 +++ [pid 15308] +++ exited with 0 +++ [pid 15307] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9670, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 289] umount2("./2532", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2532", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2532/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2532/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2532/binderfs") = 0 [pid 289] umount2("./2532/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2532/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2532/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2532/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2532/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2532/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2532") = 0 [pid 289] mkdir("./2533", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9674 ./strace-static-x86_64: Process 15313 attached [pid 15313] set_robust_list(0x555556f746a0, 24) = 0 [pid 15313] chdir("./2533") = 0 [pid 15313] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15313] setpgid(0, 0) = 0 [pid 15313] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15313] write(3, "1000", 4) = 4 [pid 15313] close(3) = 0 [pid 15313] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15313] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15313] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15313] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15313] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15313] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15313] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15313] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[9675]}, 88) = 9675 [pid 15313] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15313] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15313] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15314 attached [pid 15314] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15314] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15314] memfd_create("syzkaller", 0) = 3 [pid 15314] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15314] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15314] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15314] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15314] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15314] close(3) = 0 [pid 15314] mkdir("./file1", 0777) = 0 [pid 15314] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15314] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15314] chdir("./file1") = 0 [pid 15314] ioctl(4, LOOP_CLR_FD) = 0 [pid 15314] close(4) = 0 [pid 15314] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15314] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15313] <... futex resumed>) = 0 [pid 15313] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 304.442367][T15302] EXT4-fs (loop0): 1 truncate cleaned up [ 304.447851][T15302] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue [ 304.472346][T15305] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5886: Corrupt filesystem [ 304.548666][T15308] EXT4-fs (loop0): 1 truncate cleaned up [ 304.554237][T15308] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue [pid 15313] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15314] <... futex resumed>) = 0 [pid 15314] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15314] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15313] <... futex resumed>) = 0 [pid 15313] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15313] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15313] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15313] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15313] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15313] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} [pid 15314] <... futex resumed>) = 1 [pid 15313] <... clone3 resumed> => {parent_tid=[9676]}, 88) = 9676 [pid 15313] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15313] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15313] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15313] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 15314] memfd_create("syzkaller", 0 [pid 15313] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15313] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15313] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} [pid 15314] <... memfd_create resumed>) = 4 [pid 15313] <... clone3 resumed> => {parent_tid=[9677]}, 88) = 9677 [pid 15313] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15313] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15313] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15318 attached [pid 15318] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 15318] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15318] memfd_create("syzkaller", 0) = 5 [pid 15318] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15314] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) ./strace-static-x86_64: Process 15317 attached [pid 15318] close(5) = 0 [pid 15318] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15313] <... futex resumed>) = 0 [pid 15313] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15313] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15318] <... futex resumed>) = 1 [pid 15318] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 15314] close(4 [pid 15317] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 15318] <... open resumed>) = 5 [pid 15317] <... set_robust_list resumed>) = 0 [pid 15314] <... close resumed>) = 0 [pid 15318] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15313] <... futex resumed>) = 0 [pid 15313] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15313] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15318] <... futex resumed>) = 1 [pid 15318] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 15318] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15313] <... futex resumed>) = 0 [pid 15313] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15313] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15318] <... futex resumed>) = 1 [pid 15318] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 4 [pid 15318] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15313] <... futex resumed>) = 0 [pid 15313] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15313] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15318] <... futex resumed>) = 1 [pid 15318] write(4, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 15314] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15317] rt_sigprocmask(SIG_SETMASK, [], [pid 15314] <... futex resumed>) = 0 [pid 15317] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15314] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15317] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 15318] <... write resumed>) = 262144 [pid 15318] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15313] <... futex resumed>) = 0 [pid 15318] <... futex resumed>) = 1 [pid 15318] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15317] <... setxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 15317] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15313] close(3 [pid 15317] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15313] <... close resumed>) = 0 [pid 15313] close(4) = 0 [pid 15313] close(5) = 0 [pid 15313] close(6) = -1 EBADF (Bad file descriptor) [pid 15313] close(7) = -1 EBADF (Bad file descriptor) [pid 15313] close(8) = -1 EBADF (Bad file descriptor) [pid 15313] close(9) = -1 EBADF (Bad file descriptor) [pid 15313] close(10) = -1 EBADF (Bad file descriptor) [pid 15313] close(11) = -1 EBADF (Bad file descriptor) [pid 15313] close(12) = -1 EBADF (Bad file descriptor) [pid 15313] close(13) = -1 EBADF (Bad file descriptor) [pid 15313] close(14) = -1 EBADF (Bad file descriptor) [pid 15313] close(15) = -1 EBADF (Bad file descriptor) [pid 15313] close(16) = -1 EBADF (Bad file descriptor) [pid 15313] close(17) = -1 EBADF (Bad file descriptor) [pid 15313] close(18) = -1 EBADF (Bad file descriptor) [pid 15313] close(19) = -1 EBADF (Bad file descriptor) [pid 15313] close(20) = -1 EBADF (Bad file descriptor) [pid 15313] close(21) = -1 EBADF (Bad file descriptor) [pid 15313] close(22) = -1 EBADF (Bad file descriptor) [pid 15313] close(23) = -1 EBADF (Bad file descriptor) [pid 15313] close(24) = -1 EBADF (Bad file descriptor) [pid 15313] close(25) = -1 EBADF (Bad file descriptor) [pid 15313] close(26) = -1 EBADF (Bad file descriptor) [pid 15313] close(27) = -1 EBADF (Bad file descriptor) [pid 15313] close(28) = -1 EBADF (Bad file descriptor) [pid 15313] close(29) = -1 EBADF (Bad file descriptor) [pid 15313] exit_group(0 [pid 15314] <... futex resumed>) = 231 [pid 15313] <... exit_group resumed>) = ? [pid 15317] <... futex resumed>) = ? [pid 15314] +++ exited with 0 +++ [pid 15317] +++ exited with 0 +++ [pid 15318] <... futex resumed>) = ? [pid 15318] +++ exited with 0 +++ [pid 15313] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9674, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2533", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2533", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2533/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2533/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2533/binderfs") = 0 [ 304.701635][T15314] EXT4-fs (loop0): 1 truncate cleaned up [ 304.707120][T15314] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue [ 304.733361][T15317] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5886: Corrupt filesystem [pid 289] umount2("./2533/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2533/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2533/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2533/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2533/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2533/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2533") = 0 [pid 289] mkdir("./2534", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9678 ./strace-static-x86_64: Process 15319 attached [pid 15319] set_robust_list(0x555556f746a0, 24) = 0 [pid 15319] chdir("./2534") = 0 [pid 15319] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15319] setpgid(0, 0) = 0 [pid 15319] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15319] write(3, "1000", 4) = 4 [pid 15319] close(3) = 0 [pid 15319] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15319] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15319] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15319] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15319] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15319] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15319] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15319] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[9679]}, 88) = 9679 [pid 15319] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15319] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15319] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15320 attached [pid 15320] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15320] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15320] memfd_create("syzkaller", 0) = 3 [pid 15320] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15320] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15320] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15320] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15320] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15320] close(3) = 0 [pid 15320] mkdir("./file1", 0777) = 0 [pid 15320] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15320] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15320] chdir("./file1") = 0 [pid 15320] ioctl(4, LOOP_CLR_FD) = 0 [pid 15320] close(4) = 0 [pid 15320] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15319] <... futex resumed>) = 0 [pid 15319] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15319] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15320] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15320] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15320] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15319] <... futex resumed>) = 0 [pid 15319] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15319] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15319] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15319] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15319] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15319] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} [pid 15320] <... futex resumed>) = 0 [pid 15320] memfd_create("syzkaller", 0) = 4 [pid 15319] <... clone3 resumed> => {parent_tid=[9680]}, 88) = 9680 [pid 15320] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 15319] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15320] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 15319] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15320] close(4 [pid 15319] <... futex resumed>) = 0 [pid 15319] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15319] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 15319] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15320] <... close resumed>) = 0 [pid 15319] rt_sigprocmask(SIG_BLOCK, ~[], [pid 15320] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15319] <... rt_sigprocmask resumed>[], 8) = 0 [pid 15320] <... futex resumed>) = 0 [pid 15319] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} [pid 15320] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15319] <... clone3 resumed> => {parent_tid=[9681]}, 88) = 9681 [pid 15319] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15319] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15319] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15323 attached [pid 15323] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 15323] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15323] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0) = 0 [pid 15323] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15323] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 15324 attached [pid 15324] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 15324] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15324] memfd_create("syzkaller", 0) = 4 [pid 15324] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15324] close(4) = 0 [pid 15324] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15319] <... futex resumed>) = 0 [pid 15319] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15324] <... futex resumed>) = 1 [pid 15320] <... futex resumed>) = 0 [pid 15319] <... futex resumed>) = 1 [pid 15320] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 15319] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15320] <... open resumed>) = 4 [pid 15320] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15320] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15319] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15319] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15320] <... futex resumed>) = 0 [pid 15319] <... futex resumed>) = 1 [pid 15320] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 15320] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15319] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15320] <... futex resumed>) = 0 [pid 15319] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15320] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15319] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15320] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15319] <... futex resumed>) = 0 [pid 15320] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 15319] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15320] <... open resumed>) = 5 [pid 15320] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15319] <... futex resumed>) = 0 [pid 15320] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15319] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15320] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15319] <... futex resumed>) = 0 [pid 15320] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 15319] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15324] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15320] <... write resumed>) = 262144 [pid 15320] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15320] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15319] <... futex resumed>) = 0 [pid 15319] close(3) = 0 [pid 15319] close(4) = 0 [pid 15319] close(5) = 0 [pid 15319] close(6) = -1 EBADF (Bad file descriptor) [pid 15319] close(7) = -1 EBADF (Bad file descriptor) [pid 15319] close(8) = -1 EBADF (Bad file descriptor) [pid 15319] close(9) = -1 EBADF (Bad file descriptor) [pid 15319] close(10) = -1 EBADF (Bad file descriptor) [pid 15319] close(11) = -1 EBADF (Bad file descriptor) [pid 15319] close(12) = -1 EBADF (Bad file descriptor) [pid 15319] close(13) = -1 EBADF (Bad file descriptor) [pid 15319] close(14) = -1 EBADF (Bad file descriptor) [pid 15319] close(15) = -1 EBADF (Bad file descriptor) [pid 15319] close(16) = -1 EBADF (Bad file descriptor) [pid 15319] close(17) = -1 EBADF (Bad file descriptor) [pid 15319] close(18) = -1 EBADF (Bad file descriptor) [pid 15319] close(19) = -1 EBADF (Bad file descriptor) [pid 15319] close(20) = -1 EBADF (Bad file descriptor) [pid 15319] close(21) = -1 EBADF (Bad file descriptor) [pid 15319] close(22) = -1 EBADF (Bad file descriptor) [pid 15319] close(23) = -1 EBADF (Bad file descriptor) [pid 15319] close(24) = -1 EBADF (Bad file descriptor) [pid 15319] close(25) = -1 EBADF (Bad file descriptor) [pid 15319] close(26) = -1 EBADF (Bad file descriptor) [pid 15319] close(27) = -1 EBADF (Bad file descriptor) [pid 15319] close(28) = -1 EBADF (Bad file descriptor) [pid 15319] close(29) = -1 EBADF (Bad file descriptor) [pid 15319] exit_group(0 [pid 15323] <... futex resumed>) = 231 [pid 15319] <... exit_group resumed>) = ? [pid 15323] +++ exited with 0 +++ [pid 15320] <... futex resumed>) = ? [pid 15320] +++ exited with 0 +++ [pid 15324] <... futex resumed>) = ? [pid 15324] +++ exited with 0 +++ [pid 15319] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9678, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2534", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2534", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2534/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2534/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2534/binderfs") = 0 [pid 289] umount2("./2534/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2534/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2534/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2534/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2534/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2534/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2534") = 0 [pid 289] mkdir("./2535", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = 0 [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9682 ./strace-static-x86_64: Process 15325 attached [pid 15325] set_robust_list(0x555556f746a0, 24) = 0 [pid 15325] chdir("./2535") = 0 [pid 15325] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15325] setpgid(0, 0) = 0 [pid 15325] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15325] write(3, "1000", 4) = 4 [pid 15325] close(3) = 0 [pid 15325] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15325] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15325] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15325] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15325] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15325] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15325] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15325] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0}./strace-static-x86_64: Process 15326 attached => {parent_tid=[9683]}, 88) = 9683 [pid 15326] set_robust_list(0x7fbc6730d9a0, 24 [pid 15325] rt_sigprocmask(SIG_SETMASK, [], [pid 15326] <... set_robust_list resumed>) = 0 [pid 15325] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15326] rt_sigprocmask(SIG_SETMASK, [], [pid 15325] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15326] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15325] <... futex resumed>) = 0 [pid 15326] memfd_create("syzkaller", 0 [pid 15325] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15326] <... memfd_create resumed>) = 3 [pid 15326] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15326] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15326] munmap(0x7fbc5eeed000, 262144) = 0 [ 304.831205][T15320] EXT4-fs (loop0): 1 truncate cleaned up [ 304.836662][T15320] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue [pid 15326] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15326] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15326] close(3) = 0 [pid 15326] mkdir("./file1", 0777) = 0 [pid 15326] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15326] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15326] chdir("./file1") = 0 [pid 15326] ioctl(4, LOOP_CLR_FD) = 0 [pid 15326] close(4) = 0 [pid 15326] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15325] <... futex resumed>) = 0 [pid 15325] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15325] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15326] <... futex resumed>) = 1 [pid 15326] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15326] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15325] <... futex resumed>) = 0 [pid 15325] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15325] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15325] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15325] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15325] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15325] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[9684]}, 88) = 9684 [pid 15325] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15325] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15325] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15325] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 15325] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15325] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15325] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[9685]}, 88) = 9685 [pid 15325] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15325] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15325] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15326] <... futex resumed>) = 1 [pid 15326] memfd_create("syzkaller", 0) = 4 [pid 15326] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15326] close(4) = 0 [pid 15326] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15326] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 15330 attached ./strace-static-x86_64: Process 15329 attached [pid 15330] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 15330] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15330] memfd_create("syzkaller", 0) = 4 [pid 15329] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 15330] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15330] close(4) = 0 [pid 15329] <... set_robust_list resumed>) = 0 [pid 15329] rt_sigprocmask(SIG_SETMASK, [], [pid 15330] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15329] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15325] <... futex resumed>) = 0 [pid 15325] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15326] <... futex resumed>) = 0 [pid 15325] <... futex resumed>) = 1 [pid 15326] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 15325] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15326] <... open resumed>) = 4 [pid 15329] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 15326] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15325] <... futex resumed>) = 0 [pid 15326] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15325] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15326] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15325] <... futex resumed>) = 0 [pid 15326] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 15325] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15326] <... mount resumed>) = 0 [pid 15330] <... futex resumed>) = 1 [pid 15326] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15325] <... futex resumed>) = 0 [pid 15326] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 15325] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15326] <... open resumed>) = 5 [pid 15325] <... futex resumed>) = 0 [pid 15326] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15325] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15326] <... futex resumed>) = 0 [pid 15325] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15326] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [ 304.912981][T15326] EXT4-fs (loop0): 1 truncate cleaned up [ 304.918614][T15326] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue [pid 15325] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15330] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15325] <... futex resumed>) = 0 [pid 15325] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15326] <... write resumed>) = 262144 [pid 15326] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15325] <... futex resumed>) = 0 [pid 15326] <... futex resumed>) = 1 [pid 15326] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15329] <... setxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 15329] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15329] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15325] close(3) = 0 [pid 15325] close(4) = 0 [pid 15325] close(5) = 0 [pid 15325] close(6) = -1 EBADF (Bad file descriptor) [pid 15325] close(7) = -1 EBADF (Bad file descriptor) [pid 15325] close(8) = -1 EBADF (Bad file descriptor) [pid 15325] close(9) = -1 EBADF (Bad file descriptor) [pid 15325] close(10) = -1 EBADF (Bad file descriptor) [pid 15325] close(11) = -1 EBADF (Bad file descriptor) [pid 15325] close(12) = -1 EBADF (Bad file descriptor) [pid 15325] close(13) = -1 EBADF (Bad file descriptor) [pid 15325] close(14) = -1 EBADF (Bad file descriptor) [pid 15325] close(15) = -1 EBADF (Bad file descriptor) [pid 15325] close(16) = -1 EBADF (Bad file descriptor) [pid 15325] close(17) = -1 EBADF (Bad file descriptor) [pid 15325] close(18) = -1 EBADF (Bad file descriptor) [pid 15325] close(19) = -1 EBADF (Bad file descriptor) [pid 15325] close(20) = -1 EBADF (Bad file descriptor) [pid 15325] close(21) = -1 EBADF (Bad file descriptor) [pid 15325] close(22) = -1 EBADF (Bad file descriptor) [pid 15325] close(23) = -1 EBADF (Bad file descriptor) [pid 15325] close(24) = -1 EBADF (Bad file descriptor) [pid 15325] close(25) = -1 EBADF (Bad file descriptor) [pid 15325] close(26) = -1 EBADF (Bad file descriptor) [pid 15325] close(27) = -1 EBADF (Bad file descriptor) [pid 15325] close(28) = -1 EBADF (Bad file descriptor) [pid 15325] close(29) = -1 EBADF (Bad file descriptor) [pid 15325] exit_group(0 [pid 15326] <... futex resumed>) = ? [pid 15325] <... exit_group resumed>) = ? [pid 15326] +++ exited with 0 +++ [pid 15329] <... futex resumed>) = ? [pid 15329] +++ exited with 0 +++ [pid 15330] <... futex resumed>) = ? [pid 15330] +++ exited with 0 +++ [pid 15325] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9682, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2535", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2535", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2535/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2535/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2535/binderfs") = 0 [ 304.953909][T15329] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5886: Corrupt filesystem [pid 289] umount2("./2535/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2535/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2535/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2535/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2535/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2535/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2535") = 0 [pid 289] mkdir("./2536", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9686 ./strace-static-x86_64: Process 15331 attached [pid 15331] set_robust_list(0x555556f746a0, 24) = 0 [pid 15331] chdir("./2536") = 0 [pid 15331] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15331] setpgid(0, 0) = 0 [pid 15331] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15331] write(3, "1000", 4) = 4 [pid 15331] close(3) = 0 [pid 15331] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15331] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15331] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15331] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15331] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15331] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15331] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15331] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0}./strace-static-x86_64: Process 15332 attached => {parent_tid=[9687]}, 88) = 9687 [pid 15331] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15331] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15331] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15332] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15332] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15332] memfd_create("syzkaller", 0) = 3 [pid 15332] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15332] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15332] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15332] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15332] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15332] close(3) = 0 [pid 15332] mkdir("./file1", 0777) = 0 [pid 15332] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15332] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15332] chdir("./file1") = 0 [pid 15332] ioctl(4, LOOP_CLR_FD) = 0 [pid 15332] close(4) = 0 [pid 15332] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15332] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15331] <... futex resumed>) = 0 [pid 15331] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15331] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15332] <... futex resumed>) = 0 [pid 15332] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15332] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15331] <... futex resumed>) = 0 [pid 15331] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15331] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15331] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15331] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15331] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15331] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[9688]}, 88) = 9688 [pid 15331] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15331] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15331] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15331] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 15331] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15331] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15331] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[9689]}, 88) = 9689 [pid 15331] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15331] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15331] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15332] <... futex resumed>) = 1 [pid 15332] memfd_create("syzkaller", 0) = 4 [pid 15332] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15332] close(4) = 0 [pid 15332] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15332] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 15335 attached [pid 15335] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 15335] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15335] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0./strace-static-x86_64: Process 15336 attached ) = 0 [pid 15335] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15335] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15336] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 15336] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15336] memfd_create("syzkaller", 0) = 4 [pid 15336] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15336] close(4) = 0 [pid 15336] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15331] <... futex resumed>) = 0 [pid 15331] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15331] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15332] <... futex resumed>) = 0 [pid 15332] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 15332] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15331] <... futex resumed>) = 0 [pid 15331] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15331] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15332] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 15332] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15331] <... futex resumed>) = 0 [pid 15331] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15331] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15332] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 15332] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15331] <... futex resumed>) = 0 [pid 15331] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15331] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15332] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 15336] <... futex resumed>) = 1 [pid 15336] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15332] <... write resumed>) = 262144 [pid 15332] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15331] <... futex resumed>) = 0 [pid 15332] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15331] close(3) = 0 [pid 15331] close(4) = 0 [pid 15331] close(5) = 0 [pid 15331] close(6) = -1 EBADF (Bad file descriptor) [pid 15331] close(7) = -1 EBADF (Bad file descriptor) [pid 15331] close(8) = -1 EBADF (Bad file descriptor) [pid 15331] close(9) = -1 EBADF (Bad file descriptor) [pid 15331] close(10) = -1 EBADF (Bad file descriptor) [pid 15331] close(11) = -1 EBADF (Bad file descriptor) [pid 15331] close(12) = -1 EBADF (Bad file descriptor) [pid 15331] close(13) = -1 EBADF (Bad file descriptor) [pid 15331] close(14) = -1 EBADF (Bad file descriptor) [pid 15331] close(15) = -1 EBADF (Bad file descriptor) [pid 15331] close(16) = -1 EBADF (Bad file descriptor) [pid 15331] close(17) = -1 EBADF (Bad file descriptor) [pid 15331] close(18) = -1 EBADF (Bad file descriptor) [pid 15331] close(19) = -1 EBADF (Bad file descriptor) [pid 15331] close(20) = -1 EBADF (Bad file descriptor) [pid 15331] close(21) = -1 EBADF (Bad file descriptor) [pid 15331] close(22) = -1 EBADF (Bad file descriptor) [pid 15331] close(23) = -1 EBADF (Bad file descriptor) [pid 15331] close(24) = -1 EBADF (Bad file descriptor) [pid 15331] close(25) = -1 EBADF (Bad file descriptor) [pid 15331] close(26) = -1 EBADF (Bad file descriptor) [pid 15331] close(27) = -1 EBADF (Bad file descriptor) [pid 15331] close(28) = -1 EBADF (Bad file descriptor) [pid 15331] close(29) = -1 EBADF (Bad file descriptor) [pid 15331] exit_group(0) = ? [pid 15332] <... futex resumed>) = ? [pid 15332] +++ exited with 0 +++ [pid 15335] <... futex resumed>) = ? [pid 15335] +++ exited with 0 +++ [pid 15336] <... futex resumed>) = ? [pid 15336] +++ exited with 0 +++ [pid 15331] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9686, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2536", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2536", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2536/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2536/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2536/binderfs") = 0 [ 305.067626][T15332] EXT4-fs (loop0): 1 truncate cleaned up [ 305.073251][T15332] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue [pid 289] umount2("./2536/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2536/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2536/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2536/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2536/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2536/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2536") = 0 [pid 289] mkdir("./2537", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9690 ./strace-static-x86_64: Process 15337 attached [pid 15337] set_robust_list(0x555556f746a0, 24) = 0 [pid 15337] chdir("./2537") = 0 [pid 15337] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15337] setpgid(0, 0) = 0 [pid 15337] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15337] write(3, "1000", 4) = 4 [pid 15337] close(3) = 0 [pid 15337] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15337] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15337] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15337] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15337] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15337] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15337] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15337] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0}./strace-static-x86_64: Process 15338 attached => {parent_tid=[9691]}, 88) = 9691 [pid 15338] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15338] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15338] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15337] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15337] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15338] <... futex resumed>) = 0 [pid 15337] <... futex resumed>) = 1 [pid 15338] memfd_create("syzkaller", 0) = 3 [pid 15338] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15337] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15338] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15338] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15338] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15338] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15338] close(3) = 0 [pid 15338] mkdir("./file1", 0777) = 0 [pid 15338] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15338] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15338] chdir("./file1") = 0 [pid 15338] ioctl(4, LOOP_CLR_FD) = 0 [pid 15338] close(4) = 0 [pid 15338] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15338] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15337] <... futex resumed>) = 0 [pid 15337] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15337] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15338] <... futex resumed>) = 0 [pid 15338] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15338] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15337] <... futex resumed>) = 0 [pid 15337] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15337] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15337] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15338] memfd_create("syzkaller", 0 [pid 15337] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE [pid 15338] <... memfd_create resumed>) = 4 [pid 15338] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15338] close(4) = 0 [pid 15338] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15338] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15337] <... mprotect resumed>) = 0 [pid 15337] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15337] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0}./strace-static-x86_64: Process 15341 attached => {parent_tid=[9692]}, 88) = 9692 [pid 15337] rt_sigprocmask(SIG_SETMASK, [], [pid 15341] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 15337] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15337] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15341] <... set_robust_list resumed>) = 0 [pid 15337] <... futex resumed>) = 0 [pid 15341] rt_sigprocmask(SIG_SETMASK, [], [pid 15337] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15341] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15338] <... futex resumed>) = 0 [pid 15337] <... futex resumed>) = 1 [pid 15338] memfd_create("syzkaller", 0 [pid 15337] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15341] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 15338] <... memfd_create resumed>) = 4 [pid 15338] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15338] close(4) = 0 [pid 15338] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15337] <... futex resumed>) = 0 [pid 15338] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15337] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15338] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15338] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 15337] <... futex resumed>) = 0 [pid 15337] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15338] <... open resumed>) = 4 [pid 15338] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15337] <... futex resumed>) = 0 [pid 15338] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15337] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15338] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15337] <... futex resumed>) = 0 [pid 15338] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 15337] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15341] <... setxattr resumed>) = 0 [pid 15338] <... mount resumed>) = 0 [pid 15341] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15338] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15341] <... futex resumed>) = 0 [pid 15338] <... futex resumed>) = 1 [pid 15337] <... futex resumed>) = 0 [pid 15338] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15337] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15341] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15338] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15337] <... futex resumed>) = 0 [pid 15338] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 15337] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15338] <... open resumed>) = 5 [pid 15338] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15337] <... futex resumed>) = 0 [pid 15338] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 15337] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15337] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15338] <... write resumed>) = 262144 [pid 15338] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15337] <... futex resumed>) = 0 [pid 15338] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15337] close(3) = 0 [pid 15337] close(4) = 0 [pid 15337] close(5) = 0 [pid 15337] close(6) = -1 EBADF (Bad file descriptor) [pid 15337] close(7) = -1 EBADF (Bad file descriptor) [pid 15337] close(8) = -1 EBADF (Bad file descriptor) [pid 15337] close(9) = -1 EBADF (Bad file descriptor) [pid 15337] close(10) = -1 EBADF (Bad file descriptor) [pid 15337] close(11) = -1 EBADF (Bad file descriptor) [pid 15337] close(12) = -1 EBADF (Bad file descriptor) [pid 15337] close(13) = -1 EBADF (Bad file descriptor) [pid 15337] close(14) = -1 EBADF (Bad file descriptor) [pid 15337] close(15) = -1 EBADF (Bad file descriptor) [pid 15337] close(16) = -1 EBADF (Bad file descriptor) [pid 15337] close(17) = -1 EBADF (Bad file descriptor) [pid 15337] close(18) = -1 EBADF (Bad file descriptor) [pid 15337] close(19) = -1 EBADF (Bad file descriptor) [pid 15337] close(20) = -1 EBADF (Bad file descriptor) [pid 15337] close(21) = -1 EBADF (Bad file descriptor) [pid 15337] close(22) = -1 EBADF (Bad file descriptor) [pid 15337] close(23) = -1 EBADF (Bad file descriptor) [pid 15337] close(24) = -1 EBADF (Bad file descriptor) [pid 15337] close(25) = -1 EBADF (Bad file descriptor) [pid 15337] close(26) = -1 EBADF (Bad file descriptor) [pid 15337] close(27) = -1 EBADF (Bad file descriptor) [pid 15337] close(28) = -1 EBADF (Bad file descriptor) [pid 15337] close(29) = -1 EBADF (Bad file descriptor) [pid 15337] exit_group(0) = ? [pid 15338] <... futex resumed>) = ? [pid 15338] +++ exited with 0 +++ [pid 15341] <... futex resumed>) = ? [pid 15341] +++ exited with 0 +++ [pid 15337] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9690, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2537", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2537", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2537/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2537/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2537/binderfs") = 0 [pid 289] umount2("./2537/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2537/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2537/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2537/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2537/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2537/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2537") = 0 [pid 289] mkdir("./2538", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = 0 [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 15342 attached , child_tidptr=0x555556f74690) = 9693 [pid 15342] set_robust_list(0x555556f746a0, 24) = 0 [pid 15342] chdir("./2538") = 0 [pid 15342] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15342] setpgid(0, 0) = 0 [pid 15342] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15342] write(3, "1000", 4) = 4 [pid 15342] close(3) = 0 [pid 15342] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15342] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15342] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15342] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15342] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15342] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15342] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15342] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[9694]}, 88) = 9694 [pid 15342] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 15343 attached NULL, 8) = 0 [pid 15343] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15343] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15343] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15342] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15343] <... futex resumed>) = 0 [pid 15342] <... futex resumed>) = 1 [pid 15343] memfd_create("syzkaller", 0 [pid 15342] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15343] <... memfd_create resumed>) = 3 [pid 15343] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [ 305.223658][T15338] EXT4-fs (loop0): 1 truncate cleaned up [ 305.229300][T15338] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue [pid 15343] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15343] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15343] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15343] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15343] close(3) = 0 [pid 15343] mkdir("./file1", 0777) = 0 [pid 15343] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15343] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15343] chdir("./file1") = 0 [pid 15343] ioctl(4, LOOP_CLR_FD) = 0 [pid 15343] close(4) = 0 [pid 15343] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15342] <... futex resumed>) = 0 [pid 15342] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15342] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15343] <... futex resumed>) = 1 [pid 15343] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15343] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15342] <... futex resumed>) = 0 [pid 15342] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15342] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15342] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15342] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15342] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15342] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[9695]}, 88) = 9695 [pid 15342] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15342] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15342] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15342] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 15342] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15342] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15342] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[9696]}, 88) = 9696 [pid 15342] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15342] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15342] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15347 attached ./strace-static-x86_64: Process 15346 attached [pid 15347] set_robust_list(0x7fbc5ef0b9a0, 24 [pid 15346] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 15343] <... futex resumed>) = 1 [pid 15343] memfd_create("syzkaller", 0 [pid 15347] <... set_robust_list resumed>) = 0 [pid 15346] <... set_robust_list resumed>) = 0 [pid 15343] <... memfd_create resumed>) = 4 [pid 15346] rt_sigprocmask(SIG_SETMASK, [], [pid 15343] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15343] close(4) = 0 [pid 15343] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15343] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15347] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15347] memfd_create("syzkaller", 0) = 4 [pid 15347] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15347] close(4) = 0 [pid 15347] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15342] <... futex resumed>) = 0 [pid 15342] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15346] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15342] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15343] <... futex resumed>) = 0 [pid 15343] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 15347] <... futex resumed>) = 1 [pid 15347] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15343] <... open resumed>) = 4 [pid 15343] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15342] <... futex resumed>) = 0 [pid 15342] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15342] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15343] <... futex resumed>) = 1 [pid 15343] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 15346] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 15343] <... mount resumed>) = 0 [pid 15346] <... setxattr resumed>) = 0 [pid 15346] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15346] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15343] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15342] <... futex resumed>) = 0 [pid 15342] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15342] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15343] <... futex resumed>) = 1 [pid 15343] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 15343] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15342] <... futex resumed>) = 0 [pid 15342] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15342] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15343] <... futex resumed>) = 1 [pid 15343] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 15343] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15342] <... futex resumed>) = 0 [pid 15342] close(3 [pid 15343] <... futex resumed>) = 1 [pid 15342] <... close resumed>) = 0 [pid 15342] close(4) = 0 [pid 15342] close(5 [pid 15343] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15342] <... close resumed>) = 0 [pid 15342] close(6) = -1 EBADF (Bad file descriptor) [pid 15342] close(7) = -1 EBADF (Bad file descriptor) [pid 15342] close(8) = -1 EBADF (Bad file descriptor) [pid 15342] close(9) = -1 EBADF (Bad file descriptor) [pid 15342] close(10) = -1 EBADF (Bad file descriptor) [pid 15342] close(11) = -1 EBADF (Bad file descriptor) [pid 15342] close(12) = -1 EBADF (Bad file descriptor) [pid 15342] close(13) = -1 EBADF (Bad file descriptor) [pid 15342] close(14) = -1 EBADF (Bad file descriptor) [pid 15342] close(15) = -1 EBADF (Bad file descriptor) [pid 15342] close(16) = -1 EBADF (Bad file descriptor) [pid 15342] close(17) = -1 EBADF (Bad file descriptor) [pid 15342] close(18) = -1 EBADF (Bad file descriptor) [pid 15342] close(19) = -1 EBADF (Bad file descriptor) [pid 15342] close(20) = -1 EBADF (Bad file descriptor) [pid 15342] close(21) = -1 EBADF (Bad file descriptor) [pid 15342] close(22) = -1 EBADF (Bad file descriptor) [pid 15342] close(23) = -1 EBADF (Bad file descriptor) [pid 15342] close(24) = -1 EBADF (Bad file descriptor) [pid 15342] close(25) = -1 EBADF (Bad file descriptor) [pid 15342] close(26) = -1 EBADF (Bad file descriptor) [pid 15342] close(27) = -1 EBADF (Bad file descriptor) [pid 15342] close(28) = -1 EBADF (Bad file descriptor) [pid 15342] close(29) = -1 EBADF (Bad file descriptor) [pid 15342] exit_group(0 [pid 15347] <... futex resumed>) = ? [pid 15346] <... futex resumed>) = ? [pid 15342] <... exit_group resumed>) = ? [pid 15347] +++ exited with 0 +++ [pid 15346] +++ exited with 0 +++ [pid 15343] <... futex resumed>) = ? [pid 15343] +++ exited with 0 +++ [pid 15342] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9693, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2538", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2538", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2538/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2538/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2538/binderfs") = 0 [ 305.323084][T15343] EXT4-fs (loop0): 1 truncate cleaned up [ 305.328838][T15343] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue [pid 289] umount2("./2538/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2538/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2538/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2538/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2538/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2538/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2538") = 0 [pid 289] mkdir("./2539", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9697 ./strace-static-x86_64: Process 15349 attached [pid 15349] set_robust_list(0x555556f746a0, 24) = 0 [pid 15349] chdir("./2539") = 0 [pid 15349] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15349] setpgid(0, 0) = 0 [pid 15349] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15349] write(3, "1000", 4) = 4 [pid 15349] close(3) = 0 [pid 15349] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15349] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15349] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15349] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15349] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15349] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15349] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15349] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[9698]}, 88) = 9698 [pid 15349] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15349] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15349] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15350 attached [pid 15350] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15350] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15350] memfd_create("syzkaller", 0) = 3 [pid 15350] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15350] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15350] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15350] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15350] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15350] close(3) = 0 [pid 15350] mkdir("./file1", 0777) = 0 [pid 15350] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15350] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15350] chdir("./file1") = 0 [pid 15350] ioctl(4, LOOP_CLR_FD) = 0 [pid 15350] close(4) = 0 [pid 15350] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15349] <... futex resumed>) = 0 [pid 15349] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15349] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15350] <... futex resumed>) = 1 [pid 15350] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15350] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15349] <... futex resumed>) = 0 [pid 15349] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15349] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15349] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15349] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15349] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15349] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[9699]}, 88) = 9699 [pid 15349] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15349] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15349] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15349] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 15349] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15349] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15349] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[9700]}, 88) = 9700 [pid 15349] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15349] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15349] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15350] <... futex resumed>) = 1 [pid 15350] memfd_create("syzkaller", 0) = 4 [pid 15350] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15350] close(4) = 0 [pid 15350] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15350] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 15353 attached [pid 15353] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 15353] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15353] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0) = 0 [pid 15353] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15353] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 15354 attached [pid 15354] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 15354] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15354] memfd_create("syzkaller", 0) = 4 [pid 15354] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15354] close(4) = 0 [pid 15354] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15349] <... futex resumed>) = 0 [pid 15349] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15350] <... futex resumed>) = 0 [pid 15349] <... futex resumed>) = 1 [pid 15350] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 15349] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15354] <... futex resumed>) = 1 [pid 15354] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15350] <... open resumed>) = 4 [pid 15350] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15349] <... futex resumed>) = 0 [pid 15350] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 15349] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15350] <... mount resumed>) = 0 [pid 15349] <... futex resumed>) = 0 [pid 15350] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15349] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15350] <... futex resumed>) = 0 [pid 15349] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15350] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 15349] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15350] <... open resumed>) = 5 [pid 15349] <... futex resumed>) = 0 [pid 15350] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15349] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15350] <... futex resumed>) = 0 [pid 15349] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15350] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 15349] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15349] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15350] <... write resumed>) = 262144 [pid 15350] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15349] <... futex resumed>) = 0 [pid 15349] close(3) = 0 [pid 15349] close(4 [pid 15350] <... futex resumed>) = 1 [pid 15349] <... close resumed>) = 0 [pid 15349] close(5) = 0 [pid 15349] close(6) = -1 EBADF (Bad file descriptor) [pid 15349] close(7) = -1 EBADF (Bad file descriptor) [pid 15349] close(8) = -1 EBADF (Bad file descriptor) [pid 15349] close(9) = -1 EBADF (Bad file descriptor) [pid 15349] close(10) = -1 EBADF (Bad file descriptor) [pid 15349] close(11) = -1 EBADF (Bad file descriptor) [pid 15349] close(12) = -1 EBADF (Bad file descriptor) [pid 15349] close(13) = -1 EBADF (Bad file descriptor) [pid 15349] close(14) = -1 EBADF (Bad file descriptor) [pid 15349] close(15 [pid 15350] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15349] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 15349] close(16) = -1 EBADF (Bad file descriptor) [pid 15349] close(17) = -1 EBADF (Bad file descriptor) [pid 15349] close(18) = -1 EBADF (Bad file descriptor) [pid 15349] close(19) = -1 EBADF (Bad file descriptor) [pid 15349] close(20) = -1 EBADF (Bad file descriptor) [pid 15349] close(21) = -1 EBADF (Bad file descriptor) [pid 15349] close(22) = -1 EBADF (Bad file descriptor) [pid 15349] close(23) = -1 EBADF (Bad file descriptor) [pid 15349] close(24) = -1 EBADF (Bad file descriptor) [pid 15349] close(25) = -1 EBADF (Bad file descriptor) [pid 15349] close(26) = -1 EBADF (Bad file descriptor) [pid 15349] close(27) = -1 EBADF (Bad file descriptor) [pid 15349] close(28) = -1 EBADF (Bad file descriptor) [pid 15349] close(29) = -1 EBADF (Bad file descriptor) [pid 15349] exit_group(0 [pid 15353] <... futex resumed>) = ? [pid 15349] <... exit_group resumed>) = ? [pid 15353] +++ exited with 0 +++ [pid 15350] <... futex resumed>) = ? [pid 15350] +++ exited with 0 +++ [pid 15354] <... futex resumed>) = ? [pid 15354] +++ exited with 0 +++ [pid 15349] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9697, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2539", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2539", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2539/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2539/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2539/binderfs") = 0 [ 305.453052][T15350] EXT4-fs (loop0): 1 truncate cleaned up [ 305.458583][T15350] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue [pid 289] umount2("./2539/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2539/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2539/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2539/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2539/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2539/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2539") = 0 [pid 289] mkdir("./2540", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9701 ./strace-static-x86_64: Process 15355 attached [pid 15355] set_robust_list(0x555556f746a0, 24) = 0 [pid 15355] chdir("./2540") = 0 [pid 15355] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15355] setpgid(0, 0) = 0 [pid 15355] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15355] write(3, "1000", 4) = 4 [pid 15355] close(3) = 0 [pid 15355] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15355] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15355] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15355] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15355] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15355] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15355] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15355] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[9702]}, 88) = 9702 [pid 15355] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15355] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15355] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15356 attached [pid 15356] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15356] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15356] memfd_create("syzkaller", 0) = 3 [pid 15356] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15356] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15356] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15356] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15356] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15356] close(3) = 0 [pid 15356] mkdir("./file1", 0777) = 0 [pid 15356] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15356] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15356] chdir("./file1") = 0 [pid 15356] ioctl(4, LOOP_CLR_FD) = 0 [pid 15356] close(4) = 0 [pid 15356] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15355] <... futex resumed>) = 0 [pid 15355] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15355] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15356] <... futex resumed>) = 1 [pid 15356] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15356] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15355] <... futex resumed>) = 0 [pid 15355] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15355] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15355] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15355] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15355] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15355] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[9703]}, 88) = 9703 [pid 15355] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15355] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15355] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15355] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 15355] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15355] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15355] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[9704]}, 88) = 9704 [pid 15355] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15355] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15355] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15356] <... futex resumed>) = 1 [pid 15356] memfd_create("syzkaller", 0) = 4 [pid 15356] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15356] close(4) = 0 [pid 15356] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15356] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 15359 attached [pid 15359] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 15359] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15359] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0) = 0 [pid 15359] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15359] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 15360 attached [pid 15360] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 15360] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15360] memfd_create("syzkaller", 0) = 4 [pid 15360] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15360] close(4) = 0 [pid 15360] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15355] <... futex resumed>) = 0 [pid 15355] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15356] <... futex resumed>) = 0 [pid 15355] <... futex resumed>) = 1 [pid 15356] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 15355] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15356] <... open resumed>) = 4 [pid 15356] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15355] <... futex resumed>) = 0 [pid 15356] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 15355] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15356] <... mount resumed>) = 0 [pid 15355] <... futex resumed>) = 0 [pid 15356] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15355] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15356] <... futex resumed>) = 0 [pid 15355] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15356] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 15355] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15356] <... open resumed>) = 5 [pid 15355] <... futex resumed>) = 0 [pid 15356] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15355] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15356] <... futex resumed>) = 0 [pid 15355] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15356] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 15355] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15360] <... futex resumed>) = 1 [pid 15355] <... futex resumed>) = 0 [pid 15355] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15360] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15356] <... write resumed>) = 262144 [pid 15356] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15355] <... futex resumed>) = 0 [pid 15355] close(3) = 0 [pid 15355] close(4) = 0 [pid 15355] close(5) = 0 [pid 15355] close(6) = -1 EBADF (Bad file descriptor) [pid 15355] close(7) = -1 EBADF (Bad file descriptor) [pid 15355] close(8) = -1 EBADF (Bad file descriptor) [pid 15355] close(9) = -1 EBADF (Bad file descriptor) [pid 15355] close(10) = -1 EBADF (Bad file descriptor) [pid 15355] close(11) = -1 EBADF (Bad file descriptor) [pid 15355] close(12) = -1 EBADF (Bad file descriptor) [pid 15355] close(13) = -1 EBADF (Bad file descriptor) [pid 15355] close(14) = -1 EBADF (Bad file descriptor) [pid 15355] close(15) = -1 EBADF (Bad file descriptor) [pid 15355] close(16) = -1 EBADF (Bad file descriptor) [pid 15355] close(17) = -1 EBADF (Bad file descriptor) [pid 15355] close(18) = -1 EBADF (Bad file descriptor) [pid 15355] close(19) = -1 EBADF (Bad file descriptor) [pid 15355] close(20) = -1 EBADF (Bad file descriptor) [pid 15355] close(21) = -1 EBADF (Bad file descriptor) [pid 15355] close(22) = -1 EBADF (Bad file descriptor) [pid 15355] close(23) = -1 EBADF (Bad file descriptor) [pid 15355] close(24) = -1 EBADF (Bad file descriptor) [pid 15355] close(25) = -1 EBADF (Bad file descriptor) [pid 15355] close(26) = -1 EBADF (Bad file descriptor) [pid 15355] close(27) = -1 EBADF (Bad file descriptor) [pid 15355] close(28) = -1 EBADF (Bad file descriptor) [pid 15355] close(29) = -1 EBADF (Bad file descriptor) [pid 15355] exit_group(0 [pid 15359] <... futex resumed>) = ? [pid 15355] <... exit_group resumed>) = ? [pid 15359] +++ exited with 0 +++ [pid 15356] <... futex resumed>) = ? [pid 15356] +++ exited with 0 +++ [pid 15360] <... futex resumed>) = ? [pid 15360] +++ exited with 0 +++ [pid 15355] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9701, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2540", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2540", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2540/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2540/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2540/binderfs") = 0 [ 305.579653][T15356] EXT4-fs (loop0): 1 truncate cleaned up [ 305.585336][T15356] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue [pid 289] umount2("./2540/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2540/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2540/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2540/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2540/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2540/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2540") = 0 [pid 289] mkdir("./2541", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9705 ./strace-static-x86_64: Process 15361 attached [pid 15361] set_robust_list(0x555556f746a0, 24) = 0 [pid 15361] chdir("./2541") = 0 [pid 15361] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15361] setpgid(0, 0) = 0 [pid 15361] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15361] write(3, "1000", 4) = 4 [pid 15361] close(3) = 0 [pid 15361] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15361] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15361] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15361] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15361] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15361] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15361] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15361] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[9706]}, 88) = 9706 [pid 15361] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15361] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15361] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15362 attached [pid 15362] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15362] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15362] memfd_create("syzkaller", 0) = 3 [pid 15362] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15362] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15362] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15362] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15362] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15362] close(3) = 0 [pid 15362] mkdir("./file1", 0777) = 0 [pid 15362] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15362] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15362] chdir("./file1") = 0 [pid 15362] ioctl(4, LOOP_CLR_FD) = 0 [pid 15362] close(4) = 0 [pid 15362] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15361] <... futex resumed>) = 0 [pid 15361] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15361] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15362] <... futex resumed>) = 1 [pid 15362] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15362] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15361] <... futex resumed>) = 0 [pid 15361] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15361] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15361] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15361] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15361] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15361] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[9707]}, 88) = 9707 [pid 15361] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15361] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15361] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15361] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 15361] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15361] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15361] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[9708]}, 88) = 9708 [pid 15361] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15361] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15361] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15362] <... futex resumed>) = 1 [pid 15362] memfd_create("syzkaller", 0) = 4 [pid 15362] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15362] close(4) = 0 [pid 15362] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15362] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 15365 attached [pid 15365] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 15365] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15365] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0) = 0 [pid 15365] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15365] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 15366 attached [pid 15366] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 15366] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15366] memfd_create("syzkaller", 0) = 4 [pid 15366] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15366] close(4) = 0 [pid 15366] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15361] <... futex resumed>) = 0 [pid 15361] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15362] <... futex resumed>) = 0 [pid 15361] <... futex resumed>) = 1 [pid 15362] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 15361] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15366] <... futex resumed>) = 1 [pid 15366] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15362] <... open resumed>) = 4 [pid 15362] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15361] <... futex resumed>) = 0 [pid 15362] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 15361] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15362] <... mount resumed>) = 0 [pid 15361] <... futex resumed>) = 0 [pid 15362] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15361] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15362] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15361] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15361] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15362] <... futex resumed>) = 0 [pid 15361] <... futex resumed>) = 1 [pid 15362] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 15361] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15362] <... open resumed>) = 5 [pid 15362] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15361] <... futex resumed>) = 0 [pid 15362] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 15361] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15361] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15362] <... write resumed>) = 262144 [pid 15362] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15361] <... futex resumed>) = 0 [pid 15361] close(3) = 0 [pid 15361] close(4 [pid 15362] <... futex resumed>) = 1 [pid 15361] <... close resumed>) = 0 [pid 15361] close(5 [pid 15362] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15361] <... close resumed>) = 0 [pid 15361] close(6) = -1 EBADF (Bad file descriptor) [pid 15361] close(7) = -1 EBADF (Bad file descriptor) [pid 15361] close(8) = -1 EBADF (Bad file descriptor) [pid 15361] close(9) = -1 EBADF (Bad file descriptor) [pid 15361] close(10) = -1 EBADF (Bad file descriptor) [pid 15361] close(11) = -1 EBADF (Bad file descriptor) [pid 15361] close(12) = -1 EBADF (Bad file descriptor) [pid 15361] close(13) = -1 EBADF (Bad file descriptor) [pid 15361] close(14) = -1 EBADF (Bad file descriptor) [pid 15361] close(15) = -1 EBADF (Bad file descriptor) [pid 15361] close(16) = -1 EBADF (Bad file descriptor) [pid 15361] close(17) = -1 EBADF (Bad file descriptor) [pid 15361] close(18) = -1 EBADF (Bad file descriptor) [pid 15361] close(19) = -1 EBADF (Bad file descriptor) [pid 15361] close(20) = -1 EBADF (Bad file descriptor) [pid 15361] close(21) = -1 EBADF (Bad file descriptor) [pid 15361] close(22) = -1 EBADF (Bad file descriptor) [pid 15361] close(23) = -1 EBADF (Bad file descriptor) [pid 15361] close(24) = -1 EBADF (Bad file descriptor) [pid 15361] close(25) = -1 EBADF (Bad file descriptor) [pid 15361] close(26) = -1 EBADF (Bad file descriptor) [pid 15361] close(27) = -1 EBADF (Bad file descriptor) [pid 15361] close(28) = -1 EBADF (Bad file descriptor) [pid 15361] close(29) = -1 EBADF (Bad file descriptor) [pid 15361] exit_group(0 [pid 15365] <... futex resumed>) = ? [pid 15361] <... exit_group resumed>) = ? [pid 15365] +++ exited with 0 +++ [pid 15362] <... futex resumed>) = ? [pid 15362] +++ exited with 0 +++ [pid 15366] <... futex resumed>) = ? [pid 15366] +++ exited with 0 +++ [pid 15361] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9705, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2541", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2541", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2541/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2541/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2541/binderfs") = 0 [ 305.700376][T15362] EXT4-fs (loop0): 1 truncate cleaned up [ 305.705994][T15362] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue [pid 289] umount2("./2541/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2541/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2541/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2541/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2541/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2541/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2541") = 0 [pid 289] mkdir("./2542", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9709 ./strace-static-x86_64: Process 15367 attached [pid 15367] set_robust_list(0x555556f746a0, 24) = 0 [pid 15367] chdir("./2542") = 0 [pid 15367] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15367] setpgid(0, 0) = 0 [pid 15367] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15367] write(3, "1000", 4) = 4 [pid 15367] close(3) = 0 [pid 15367] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15367] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15367] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15367] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15367] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15367] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15367] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15367] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[9710]}, 88) = 9710 [pid 15367] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15367] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15367] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15368 attached [pid 15368] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15368] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15368] memfd_create("syzkaller", 0) = 3 [pid 15368] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15368] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15368] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15368] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15368] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15368] close(3) = 0 [pid 15368] mkdir("./file1", 0777) = 0 [pid 15368] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15368] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15368] chdir("./file1") = 0 [pid 15368] ioctl(4, LOOP_CLR_FD) = 0 [pid 15368] close(4) = 0 [pid 15368] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15367] <... futex resumed>) = 0 [pid 15367] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15367] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15368] <... futex resumed>) = 1 [pid 15368] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15368] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15367] <... futex resumed>) = 0 [pid 15367] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15368] <... futex resumed>) = 1 [pid 15367] <... futex resumed>) = 0 [pid 15367] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15367] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15367] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15367] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15367] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[9711]}, 88) = 9711 [pid 15367] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15367] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15367] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15367] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 15367] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15367] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15367] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[9712]}, 88) = 9712 [pid 15367] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15367] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15367] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15372 attached [pid 15372] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 15372] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 15371 attached NULL, 8) = 0 [pid 15368] memfd_create("syzkaller", 0) = 4 [pid 15368] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15368] close(4) = 0 [pid 15368] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15368] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15371] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 15372] memfd_create("syzkaller", 0 [pid 15371] <... set_robust_list resumed>) = 0 [pid 15371] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15371] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 15372] <... memfd_create resumed>) = 4 [pid 15372] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15372] close(4 [pid 15371] <... setxattr resumed>) = 0 [pid 15371] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15372] <... close resumed>) = 0 [pid 15371] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15372] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15367] <... futex resumed>) = 0 [pid 15367] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15367] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15372] <... futex resumed>) = 1 [pid 15372] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15368] <... futex resumed>) = 0 [pid 15368] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 15368] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15367] <... futex resumed>) = 0 [pid 15367] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15367] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15368] <... futex resumed>) = 1 [pid 15368] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 15368] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15367] <... futex resumed>) = 0 [pid 15367] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15367] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15368] <... futex resumed>) = 1 [pid 15368] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 15368] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15367] <... futex resumed>) = 0 [pid 15367] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15367] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15368] <... futex resumed>) = 1 [pid 15368] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 15368] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15367] <... futex resumed>) = 0 [pid 15367] close(3) = 0 [pid 15367] close(4) = 0 [pid 15367] close(5) = 0 [pid 15367] close(6) = -1 EBADF (Bad file descriptor) [pid 15367] close(7) = -1 EBADF (Bad file descriptor) [pid 15367] close(8) = -1 EBADF (Bad file descriptor) [pid 15367] close(9) = -1 EBADF (Bad file descriptor) [pid 15367] close(10) = -1 EBADF (Bad file descriptor) [pid 15367] close(11) = -1 EBADF (Bad file descriptor) [pid 15367] close(12) = -1 EBADF (Bad file descriptor) [pid 15367] close(13) = -1 EBADF (Bad file descriptor) [pid 15367] close(14) = -1 EBADF (Bad file descriptor) [pid 15367] close(15) = -1 EBADF (Bad file descriptor) [pid 15367] close(16) = -1 EBADF (Bad file descriptor) [pid 15367] close(17) = -1 EBADF (Bad file descriptor) [pid 15367] close(18) = -1 EBADF (Bad file descriptor) [pid 15367] close(19) = -1 EBADF (Bad file descriptor) [pid 15367] close(20) = -1 EBADF (Bad file descriptor) [pid 15367] close(21) = -1 EBADF (Bad file descriptor) [pid 15367] close(22) = -1 EBADF (Bad file descriptor) [pid 15367] close(23) = -1 EBADF (Bad file descriptor) [pid 15367] close(24) = -1 EBADF (Bad file descriptor) [pid 15367] close(25) = -1 EBADF (Bad file descriptor) [pid 15367] close(26) = -1 EBADF (Bad file descriptor) [pid 15367] close(27) = -1 EBADF (Bad file descriptor) [pid 15367] close(28) = -1 EBADF (Bad file descriptor) [pid 15367] close(29) = -1 EBADF (Bad file descriptor) [pid 15367] exit_group(0) = ? [pid 15371] <... futex resumed>) = ? [pid 15371] +++ exited with 0 +++ [pid 15372] <... futex resumed>) = ? [pid 15372] +++ exited with 0 +++ [pid 15368] <... futex resumed>) = ? [pid 15368] +++ exited with 0 +++ [pid 15367] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9709, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2542", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2542", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2542/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2542/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2542/binderfs") = 0 [ 305.820748][T15368] EXT4-fs (loop0): 1 truncate cleaned up [ 305.826454][T15368] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue [pid 289] umount2("./2542/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2542/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2542/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2542/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2542/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2542/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2542") = 0 [pid 289] mkdir("./2543", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9713 ./strace-static-x86_64: Process 15373 attached [pid 15373] set_robust_list(0x555556f746a0, 24) = 0 [pid 15373] chdir("./2543") = 0 [pid 15373] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15373] setpgid(0, 0) = 0 [pid 15373] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15373] write(3, "1000", 4) = 4 [pid 15373] close(3) = 0 [pid 15373] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15373] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15373] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15373] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15373] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15373] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15373] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15373] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0}./strace-static-x86_64: Process 15374 attached => {parent_tid=[9714]}, 88) = 9714 [pid 15373] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15373] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15373] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15374] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15374] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15374] memfd_create("syzkaller", 0) = 3 [pid 15374] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15374] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15374] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15374] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15374] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15374] close(3) = 0 [pid 15374] mkdir("./file1", 0777) = 0 [pid 15374] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15374] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15374] chdir("./file1") = 0 [pid 15374] ioctl(4, LOOP_CLR_FD) = 0 [pid 15374] close(4) = 0 [pid 15374] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15373] <... futex resumed>) = 0 [pid 15373] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15373] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15374] <... futex resumed>) = 1 [pid 15374] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15374] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15373] <... futex resumed>) = 0 [pid 15373] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15373] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15373] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15373] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15373] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15373] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0}./strace-static-x86_64: Process 15377 attached => {parent_tid=[9715]}, 88) = 9715 [pid 15373] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15373] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15373] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15373] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 15373] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15373] rt_sigprocmask(SIG_BLOCK, ~[], [pid 15377] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 15373] <... rt_sigprocmask resumed>[], 8) = 0 [pid 15373] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} [pid 15377] <... set_robust_list resumed>) = 0 [pid 15373] <... clone3 resumed> => {parent_tid=[9716]}, 88) = 9716 [pid 15373] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15373] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 15378 attached [pid 15377] rt_sigprocmask(SIG_SETMASK, [], [pid 15373] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15374] <... futex resumed>) = 1 [pid 15378] set_robust_list(0x7fbc5ef0b9a0, 24 [pid 15377] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15374] memfd_create("syzkaller", 0) = 4 [pid 15378] <... set_robust_list resumed>) = 0 [pid 15377] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 15374] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15374] close(4) = 0 [pid 15374] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15374] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15378] rt_sigprocmask(SIG_SETMASK, [], [pid 15377] <... setxattr resumed>) = 0 [pid 15378] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15377] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15378] memfd_create("syzkaller", 0) = 4 [pid 15378] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15378] close(4) = 0 [pid 15377] <... futex resumed>) = 0 [pid 15378] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15373] <... futex resumed>) = 0 [pid 15373] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15373] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15374] <... futex resumed>) = 0 [pid 15374] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 15377] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15374] <... open resumed>) = 4 [pid 15378] <... futex resumed>) = 1 [pid 15378] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15374] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15373] <... futex resumed>) = 0 [pid 15373] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15373] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15374] <... futex resumed>) = 1 [pid 15374] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 15374] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15373] <... futex resumed>) = 0 [pid 15373] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15373] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15374] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 15374] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15373] <... futex resumed>) = 0 [pid 15373] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15373] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15374] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 15374] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15373] <... futex resumed>) = 0 [pid 15374] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15373] close(3) = 0 [pid 15373] close(4) = 0 [pid 15373] close(5) = 0 [pid 15373] close(6) = -1 EBADF (Bad file descriptor) [pid 15373] close(7) = -1 EBADF (Bad file descriptor) [pid 15373] close(8) = -1 EBADF (Bad file descriptor) [pid 15373] close(9) = -1 EBADF (Bad file descriptor) [pid 15373] close(10) = -1 EBADF (Bad file descriptor) [pid 15373] close(11) = -1 EBADF (Bad file descriptor) [pid 15373] close(12) = -1 EBADF (Bad file descriptor) [pid 15373] close(13) = -1 EBADF (Bad file descriptor) [pid 15373] close(14) = -1 EBADF (Bad file descriptor) [pid 15373] close(15) = -1 EBADF (Bad file descriptor) [pid 15373] close(16) = -1 EBADF (Bad file descriptor) [pid 15373] close(17) = -1 EBADF (Bad file descriptor) [pid 15373] close(18) = -1 EBADF (Bad file descriptor) [pid 15373] close(19) = -1 EBADF (Bad file descriptor) [pid 15373] close(20) = -1 EBADF (Bad file descriptor) [pid 15373] close(21) = -1 EBADF (Bad file descriptor) [pid 15373] close(22) = -1 EBADF (Bad file descriptor) [pid 15373] close(23) = -1 EBADF (Bad file descriptor) [pid 15373] close(24) = -1 EBADF (Bad file descriptor) [pid 15373] close(25) = -1 EBADF (Bad file descriptor) [pid 15373] close(26) = -1 EBADF (Bad file descriptor) [pid 15373] close(27) = -1 EBADF (Bad file descriptor) [pid 15373] close(28) = -1 EBADF (Bad file descriptor) [pid 15373] close(29) = -1 EBADF (Bad file descriptor) [pid 15373] exit_group(0 [pid 15374] <... futex resumed>) = ? [pid 15378] <... futex resumed>) = ? [pid 15377] <... futex resumed>) = ? [pid 15374] +++ exited with 0 +++ [pid 15373] <... exit_group resumed>) = ? [pid 15377] +++ exited with 0 +++ [pid 15378] +++ exited with 0 +++ [pid 15373] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9713, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2543", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2543", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2543/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2543/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2543/binderfs") = 0 [ 305.982386][T15374] EXT4-fs (loop0): 1 truncate cleaned up [ 305.988127][T15374] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue [pid 289] umount2("./2543/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2543/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2543/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2543/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2543/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2543/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2543") = 0 [pid 289] mkdir("./2544", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9717 ./strace-static-x86_64: Process 15379 attached [pid 15379] set_robust_list(0x555556f746a0, 24) = 0 [pid 15379] chdir("./2544") = 0 [pid 15379] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15379] setpgid(0, 0) = 0 [pid 15379] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15379] write(3, "1000", 4) = 4 [pid 15379] close(3) = 0 [pid 15379] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15379] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15379] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15379] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15379] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15379] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15379] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15379] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[9718]}, 88) = 9718 [pid 15379] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15379] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15379] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15380 attached [pid 15380] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15380] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15380] memfd_create("syzkaller", 0) = 3 [pid 15380] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15380] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15380] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15380] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15380] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15380] close(3) = 0 [pid 15380] mkdir("./file1", 0777) = 0 [pid 15380] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15380] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15380] chdir("./file1") = 0 [pid 15380] ioctl(4, LOOP_CLR_FD) = 0 [pid 15380] close(4) = 0 [pid 15380] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15380] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15379] <... futex resumed>) = 0 [pid 15379] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15379] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15380] <... futex resumed>) = 0 [pid 15380] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15380] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15379] <... futex resumed>) = 0 [pid 15379] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15379] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15379] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15379] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15380] <... futex resumed>) = 1 [pid 15379] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15379] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} [pid 15380] memfd_create("syzkaller", 0 [pid 15379] <... clone3 resumed> => {parent_tid=[9719]}, 88) = 9719 [pid 15379] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15379] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15379] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15379] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 15379] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15379] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15379] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[9720]}, 88) = 9720 [pid 15379] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15379] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15379] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15384 attached [pid 15384] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 15384] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15384] memfd_create("syzkaller", 0) = 4 [pid 15384] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15384] close(4) = 0 [pid 15384] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15379] <... futex resumed>) = 0 [pid 15379] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15379] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15384] <... futex resumed>) = 1 [pid 15384] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 15384] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15379] <... futex resumed>) = 0 [pid 15379] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15379] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15384] <... futex resumed>) = 1 [pid 15384] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 15384] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15379] <... futex resumed>) = 0 [pid 15379] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15379] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15384] <... futex resumed>) = 1 [pid 15384] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 15384] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15379] <... futex resumed>) = 0 [pid 15379] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15379] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15384] <... futex resumed>) = 1 [pid 15384] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 15380] <... memfd_create resumed>) = 6 ./strace-static-x86_64: Process 15383 attached [pid 15383] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 15380] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 15383] <... set_robust_list resumed>) = 0 [pid 15380] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 15383] rt_sigprocmask(SIG_SETMASK, [], [pid 15380] close(6 [pid 15383] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15383] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 15380] <... close resumed>) = 0 [pid 15380] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15380] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15384] <... write resumed>) = 262144 [pid 15384] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15379] <... futex resumed>) = 0 [pid 15384] <... futex resumed>) = 1 [pid 15384] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15383] <... setxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 15383] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15383] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15379] close(3) = 0 [pid 15379] close(4) = 0 [pid 15379] close(5) = 0 [pid 15379] close(6) = -1 EBADF (Bad file descriptor) [pid 15379] close(7) = -1 EBADF (Bad file descriptor) [pid 15379] close(8) = -1 EBADF (Bad file descriptor) [pid 15379] close(9) = -1 EBADF (Bad file descriptor) [pid 15379] close(10) = -1 EBADF (Bad file descriptor) [pid 15379] close(11) = -1 EBADF (Bad file descriptor) [pid 15379] close(12) = -1 EBADF (Bad file descriptor) [pid 15379] close(13) = -1 EBADF (Bad file descriptor) [pid 15379] close(14) = -1 EBADF (Bad file descriptor) [pid 15379] close(15) = -1 EBADF (Bad file descriptor) [pid 15379] close(16) = -1 EBADF (Bad file descriptor) [pid 15379] close(17) = -1 EBADF (Bad file descriptor) [pid 15379] close(18) = -1 EBADF (Bad file descriptor) [pid 15379] close(19) = -1 EBADF (Bad file descriptor) [pid 15379] close(20) = -1 EBADF (Bad file descriptor) [pid 15379] close(21) = -1 EBADF (Bad file descriptor) [pid 15379] close(22) = -1 EBADF (Bad file descriptor) [pid 15379] close(23) = -1 EBADF (Bad file descriptor) [pid 15379] close(24) = -1 EBADF (Bad file descriptor) [pid 15379] close(25) = -1 EBADF (Bad file descriptor) [pid 15379] close(26) = -1 EBADF (Bad file descriptor) [pid 15379] close(27) = -1 EBADF (Bad file descriptor) [pid 15379] close(28) = -1 EBADF (Bad file descriptor) [pid 15379] close(29) = -1 EBADF (Bad file descriptor) [pid 15379] exit_group(0) = ? [pid 15380] <... futex resumed>) = ? [pid 15380] +++ exited with 0 +++ [pid 15384] <... futex resumed>) = ? [pid 15384] +++ exited with 0 +++ [pid 15383] <... futex resumed>) = ? [pid 15383] +++ exited with 0 +++ [pid 15379] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9717, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- [pid 289] umount2("./2544", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2544", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2544/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2544/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2544/binderfs") = 0 [ 306.142821][T15380] EXT4-fs (loop0): 1 truncate cleaned up [ 306.148907][T15380] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue [ 306.175085][T15383] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5886: Corrupt filesystem [pid 289] umount2("./2544/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2544/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2544/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2544/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2544/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2544/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2544") = 0 [pid 289] mkdir("./2545", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9721 ./strace-static-x86_64: Process 15385 attached [pid 15385] set_robust_list(0x555556f746a0, 24) = 0 [pid 15385] chdir("./2545") = 0 [pid 15385] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15385] setpgid(0, 0) = 0 [pid 15385] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15385] write(3, "1000", 4) = 4 [pid 15385] close(3) = 0 [pid 15385] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15385] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15385] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15385] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15385] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15385] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15385] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15385] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[9722]}, 88) = 9722 [pid 15385] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15385] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15385] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15386 attached [pid 15386] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15386] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15386] memfd_create("syzkaller", 0) = 3 [pid 15386] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15386] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15386] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15386] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15386] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15386] close(3) = 0 [pid 15386] mkdir("./file1", 0777) = 0 [pid 15386] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15386] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15386] chdir("./file1") = 0 [pid 15386] ioctl(4, LOOP_CLR_FD) = 0 [pid 15386] close(4) = 0 [pid 15386] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15385] <... futex resumed>) = 0 [pid 15386] <... futex resumed>) = 1 [pid 15385] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15386] setxattr("./file1", NULL, NULL, 0, 0 [pid 15385] <... futex resumed>) = 0 [pid 15386] <... setxattr resumed>) = -1 EFAULT (Bad address) [pid 15385] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15386] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15385] <... futex resumed>) = 0 [pid 15386] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15385] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15386] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15385] <... futex resumed>) = 0 [pid 15386] memfd_create("syzkaller", 0 [pid 15385] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15386] <... memfd_create resumed>) = 4 [pid 15385] <... futex resumed>) = 0 [pid 15386] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 15385] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 15386] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 15385] <... mmap resumed>) = 0x7fbc5ef0c000 [pid 15386] close(4 [pid 15385] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE [pid 15386] <... close resumed>) = 0 [pid 15385] <... mprotect resumed>) = 0 [pid 15386] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15385] rt_sigprocmask(SIG_BLOCK, ~[], [pid 15386] <... futex resumed>) = 0 [pid 15385] <... rt_sigprocmask resumed>[], 8) = 0 [pid 15386] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15385] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0}./strace-static-x86_64: Process 15389 attached [pid 15389] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 15385] <... clone3 resumed> => {parent_tid=[9723]}, 88) = 9723 [pid 15389] <... set_robust_list resumed>) = 0 [pid 15385] rt_sigprocmask(SIG_SETMASK, [], [pid 15389] rt_sigprocmask(SIG_SETMASK, [], [pid 15385] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15389] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15385] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15389] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 15385] <... futex resumed>) = 0 [pid 15389] <... setxattr resumed>) = 0 [pid 15385] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15389] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15386] <... futex resumed>) = 0 [pid 15385] <... futex resumed>) = 1 [pid 15389] <... futex resumed>) = 0 [pid 15386] memfd_create("syzkaller", 0 [pid 15385] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15389] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15386] <... memfd_create resumed>) = 4 [pid 15386] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15386] close(4) = 0 [pid 15386] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15385] <... futex resumed>) = 0 [pid 15386] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 15385] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15386] <... open resumed>) = 4 [pid 15385] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15386] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15385] <... futex resumed>) = 0 [pid 15386] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 15385] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15386] <... mount resumed>) = 0 [pid 15385] <... futex resumed>) = 0 [pid 15386] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15385] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15386] <... futex resumed>) = 0 [pid 15385] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15386] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 15385] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15386] <... open resumed>) = 5 [pid 15385] <... futex resumed>) = 0 [pid 15386] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15385] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15386] <... futex resumed>) = 0 [pid 15385] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15386] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 15385] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15385] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15386] <... write resumed>) = 262144 [pid 15386] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15385] <... futex resumed>) = 0 [pid 15385] close(3) = 0 [pid 15385] close(4) = 0 [pid 15385] close(5) = 0 [pid 15386] <... futex resumed>) = 1 [pid 15386] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15385] close(6) = -1 EBADF (Bad file descriptor) [pid 15385] close(7) = -1 EBADF (Bad file descriptor) [pid 15385] close(8) = -1 EBADF (Bad file descriptor) [pid 15385] close(9) = -1 EBADF (Bad file descriptor) [pid 15385] close(10) = -1 EBADF (Bad file descriptor) [pid 15385] close(11) = -1 EBADF (Bad file descriptor) [pid 15385] close(12) = -1 EBADF (Bad file descriptor) [pid 15385] close(13) = -1 EBADF (Bad file descriptor) [pid 15385] close(14) = -1 EBADF (Bad file descriptor) [pid 15385] close(15) = -1 EBADF (Bad file descriptor) [pid 15385] close(16) = -1 EBADF (Bad file descriptor) [pid 15385] close(17) = -1 EBADF (Bad file descriptor) [pid 15385] close(18) = -1 EBADF (Bad file descriptor) [pid 15385] close(19) = -1 EBADF (Bad file descriptor) [pid 15385] close(20) = -1 EBADF (Bad file descriptor) [pid 15385] close(21) = -1 EBADF (Bad file descriptor) [pid 15385] close(22) = -1 EBADF (Bad file descriptor) [pid 15385] close(23) = -1 EBADF (Bad file descriptor) [pid 15385] close(24) = -1 EBADF (Bad file descriptor) [pid 15385] close(25) = -1 EBADF (Bad file descriptor) [pid 15385] close(26) = -1 EBADF (Bad file descriptor) [pid 15385] close(27) = -1 EBADF (Bad file descriptor) [pid 15385] close(28) = -1 EBADF (Bad file descriptor) [pid 15385] close(29) = -1 EBADF (Bad file descriptor) [pid 15385] exit_group(0 [pid 15389] <... futex resumed>) = ? [pid 15385] <... exit_group resumed>) = ? [pid 15389] +++ exited with 0 +++ [pid 15386] <... futex resumed>) = ? [pid 15386] +++ exited with 0 +++ [pid 15385] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9721, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2545", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2545", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2545/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2545/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2545/binderfs") = 0 [ 306.240725][T15386] EXT4-fs (loop0): 1 truncate cleaned up [ 306.246857][T15386] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue [pid 289] umount2("./2545/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2545/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2545/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2545/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2545/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2545/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2545") = 0 [pid 289] mkdir("./2546", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9724 ./strace-static-x86_64: Process 15390 attached [pid 15390] set_robust_list(0x555556f746a0, 24) = 0 [pid 15390] chdir("./2546") = 0 [pid 15390] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15390] setpgid(0, 0) = 0 [pid 15390] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15390] write(3, "1000", 4) = 4 [pid 15390] close(3) = 0 [pid 15390] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15390] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15390] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15390] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15390] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15390] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15390] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15390] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[9725]}, 88) = 9725 [pid 15390] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15390] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15390] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15391 attached [pid 15391] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15391] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15391] memfd_create("syzkaller", 0) = 3 [pid 15391] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15391] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15391] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15391] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15391] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15391] close(3) = 0 [pid 15391] mkdir("./file1", 0777) = 0 [pid 15391] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15391] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15391] chdir("./file1") = 0 [pid 15391] ioctl(4, LOOP_CLR_FD) = 0 [pid 15391] close(4) = 0 [pid 15391] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15390] <... futex resumed>) = 0 [pid 15390] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15390] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15391] <... futex resumed>) = 1 [pid 15391] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15391] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15390] <... futex resumed>) = 0 [pid 15390] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15390] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15390] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15390] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15390] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15390] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[9726]}, 88) = 9726 ./strace-static-x86_64: Process 15394 attached [pid 15390] rt_sigprocmask(SIG_SETMASK, [], [pid 15394] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 15390] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15394] <... set_robust_list resumed>) = 0 [pid 15390] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15394] rt_sigprocmask(SIG_SETMASK, [], [pid 15390] <... futex resumed>) = 0 [pid 15394] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15390] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15394] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 15390] <... futex resumed>) = 0 [pid 15390] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 15390] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15390] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15390] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} [pid 15394] <... setxattr resumed>) = 0 [pid 15390] <... clone3 resumed> => {parent_tid=[9727]}, 88) = 9727 ./strace-static-x86_64: Process 15395 attached [pid 15394] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15390] rt_sigprocmask(SIG_SETMASK, [], [pid 15395] set_robust_list(0x7fbc5ef0b9a0, 24 [pid 15394] <... futex resumed>) = 0 [pid 15390] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15395] <... set_robust_list resumed>) = 0 [pid 15390] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15395] rt_sigprocmask(SIG_SETMASK, [], [pid 15394] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15390] <... futex resumed>) = 0 [pid 15395] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15390] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15395] memfd_create("syzkaller", 0) = 4 [pid 15395] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15395] close(4) = 0 [pid 15395] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15390] <... futex resumed>) = 0 [pid 15395] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15390] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15394] <... futex resumed>) = 0 [pid 15390] futex(0x7fbc673d96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15394] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 15391] <... futex resumed>) = 1 [pid 15394] <... open resumed>) = 4 [pid 15394] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15391] memfd_create("syzkaller", 0 [pid 15394] <... futex resumed>) = 1 [pid 15390] <... futex resumed>) = 0 [pid 15394] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15390] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15394] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15390] <... futex resumed>) = 0 [pid 15394] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 15390] futex(0x7fbc673d96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15394] <... mount resumed>) = 0 [pid 15391] <... memfd_create resumed>) = 5 [pid 15394] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15391] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 15390] <... futex resumed>) = 0 [pid 15394] <... futex resumed>) = 1 [pid 15390] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15394] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 15390] <... futex resumed>) = 0 [pid 15391] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 15394] <... open resumed>) = 6 [pid 15390] futex(0x7fbc673d96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15394] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15390] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15394] <... futex resumed>) = 0 [pid 15390] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15394] write(6, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 15390] <... futex resumed>) = 0 [pid 15391] close(5) = 0 [pid 15391] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15391] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15390] futex(0x7fbc673d96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15394] <... write resumed>) = 262144 [pid 15394] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15390] <... futex resumed>) = 0 [pid 15390] close(3) = 0 [pid 15390] close(4) = 0 [pid 15390] close(5) = -1 EBADF (Bad file descriptor) [pid 15390] close(6) = 0 [pid 15390] close(7) = -1 EBADF (Bad file descriptor) [pid 15390] close(8) = -1 EBADF (Bad file descriptor) [pid 15390] close(9) = -1 EBADF (Bad file descriptor) [pid 15390] close(10) = -1 EBADF (Bad file descriptor) [pid 15390] close(11) = -1 EBADF (Bad file descriptor) [pid 15390] close(12) = -1 EBADF (Bad file descriptor) [pid 15390] close(13) = -1 EBADF (Bad file descriptor) [pid 15390] close(14) = -1 EBADF (Bad file descriptor) [pid 15390] close(15) = -1 EBADF (Bad file descriptor) [pid 15390] close(16) = -1 EBADF (Bad file descriptor) [pid 15390] close(17) = -1 EBADF (Bad file descriptor) [pid 15390] close(18) = -1 EBADF (Bad file descriptor) [pid 15390] close(19) = -1 EBADF (Bad file descriptor) [pid 15390] close(20) = -1 EBADF (Bad file descriptor) [pid 15390] close(21) = -1 EBADF (Bad file descriptor) [pid 15390] close(22) = -1 EBADF (Bad file descriptor) [pid 15390] close(23) = -1 EBADF (Bad file descriptor) [pid 15390] close(24) = -1 EBADF (Bad file descriptor) [pid 15390] close(25) = -1 EBADF (Bad file descriptor) [pid 15390] close(26) = -1 EBADF (Bad file descriptor) [pid 15390] close(27) = -1 EBADF (Bad file descriptor) [pid 15390] close(28) = -1 EBADF (Bad file descriptor) [pid 15390] close(29) = -1 EBADF (Bad file descriptor) [pid 15390] exit_group(0 [pid 15391] <... futex resumed>) = ? [pid 15390] <... exit_group resumed>) = ? [pid 15391] +++ exited with 0 +++ [pid 15395] <... futex resumed>) = ? [pid 15395] +++ exited with 0 +++ [pid 15394] <... futex resumed>) = ? [pid 15394] +++ exited with 0 +++ [pid 15390] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9724, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2546", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2546", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2546/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2546/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2546/binderfs") = 0 [ 306.382634][T15391] EXT4-fs (loop0): 1 truncate cleaned up [ 306.388394][T15391] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue [pid 289] umount2("./2546/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2546/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2546/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2546/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2546/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2546/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2546") = 0 [pid 289] mkdir("./2547", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9728 ./strace-static-x86_64: Process 15397 attached [pid 15397] set_robust_list(0x555556f746a0, 24) = 0 [pid 15397] chdir("./2547") = 0 [pid 15397] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15397] setpgid(0, 0) = 0 [pid 15397] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15397] write(3, "1000", 4) = 4 [pid 15397] close(3) = 0 [pid 15397] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15397] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15397] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15397] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15397] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15397] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15397] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15397] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[9729]}, 88) = 9729 [pid 15397] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15397] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15397] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15398 attached [pid 15398] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15398] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15398] memfd_create("syzkaller", 0) = 3 [pid 15398] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15398] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15398] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15398] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15398] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15398] close(3) = 0 [pid 15398] mkdir("./file1", 0777) = 0 [pid 15398] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15398] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15398] chdir("./file1") = 0 [pid 15398] ioctl(4, LOOP_CLR_FD) = 0 [pid 15398] close(4) = 0 [pid 15398] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15397] <... futex resumed>) = 0 [pid 15398] <... futex resumed>) = 1 [pid 15397] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15398] setxattr("./file1", NULL, NULL, 0, 0 [pid 15397] <... futex resumed>) = 0 [pid 15397] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15398] <... setxattr resumed>) = -1 EFAULT (Bad address) [pid 15398] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15397] <... futex resumed>) = 0 [pid 15397] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15397] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15397] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15397] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15397] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15397] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[9730]}, 88) = 9730 [pid 15397] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15397] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15397] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15397] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 15397] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15397] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15397] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0}./strace-static-x86_64: Process 15401 attached [pid 15398] <... futex resumed>) = 1 [pid 15397] <... clone3 resumed> => {parent_tid=[9731]}, 88) = 9731 [pid 15397] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15397] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15397] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15402 attached [pid 15401] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 15398] memfd_create("syzkaller", 0 [pid 15402] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 15402] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15402] memfd_create("syzkaller", 0) = 4 [pid 15402] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15402] close(4) = 0 [pid 15402] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15397] <... futex resumed>) = 0 [pid 15397] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15397] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15402] <... futex resumed>) = 1 [pid 15402] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 15401] <... set_robust_list resumed>) = 0 [pid 15401] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15401] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0) = 0 [pid 15398] <... memfd_create resumed>) = 5 [pid 15401] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15401] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15402] <... open resumed>) = 4 [pid 15402] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15397] <... futex resumed>) = 0 [pid 15397] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15397] futex(0x7fbc673d96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15401] <... futex resumed>) = 0 [pid 15401] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 15402] <... futex resumed>) = 1 [pid 15402] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15401] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15397] <... futex resumed>) = 0 [pid 15397] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15397] futex(0x7fbc673d96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15401] <... futex resumed>) = 1 [pid 15401] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 15401] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15397] <... futex resumed>) = 0 [pid 15397] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15397] futex(0x7fbc673d96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15401] <... futex resumed>) = 1 [pid 15401] write(6, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 15398] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15398] close(5) = 0 [pid 15398] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15398] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15401] <... write resumed>) = 262144 [pid 15401] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15397] <... futex resumed>) = 0 [pid 15401] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15397] close(3) = 0 [pid 15397] close(4) = 0 [pid 15397] close(5) = -1 EBADF (Bad file descriptor) [pid 15397] close(6) = 0 [pid 15397] close(7) = -1 EBADF (Bad file descriptor) [pid 15397] close(8) = -1 EBADF (Bad file descriptor) [pid 15397] close(9) = -1 EBADF (Bad file descriptor) [pid 15397] close(10) = -1 EBADF (Bad file descriptor) [pid 15397] close(11) = -1 EBADF (Bad file descriptor) [pid 15397] close(12) = -1 EBADF (Bad file descriptor) [pid 15397] close(13) = -1 EBADF (Bad file descriptor) [pid 15397] close(14) = -1 EBADF (Bad file descriptor) [pid 15397] close(15) = -1 EBADF (Bad file descriptor) [pid 15397] close(16) = -1 EBADF (Bad file descriptor) [pid 15397] close(17) = -1 EBADF (Bad file descriptor) [pid 15397] close(18) = -1 EBADF (Bad file descriptor) [pid 15397] close(19) = -1 EBADF (Bad file descriptor) [pid 15397] close(20) = -1 EBADF (Bad file descriptor) [pid 15397] close(21) = -1 EBADF (Bad file descriptor) [pid 15397] close(22) = -1 EBADF (Bad file descriptor) [pid 15397] close(23) = -1 EBADF (Bad file descriptor) [pid 15397] close(24) = -1 EBADF (Bad file descriptor) [pid 15397] close(25) = -1 EBADF (Bad file descriptor) [pid 15397] close(26) = -1 EBADF (Bad file descriptor) [pid 15397] close(27) = -1 EBADF (Bad file descriptor) [pid 15397] close(28) = -1 EBADF (Bad file descriptor) [pid 15397] close(29) = -1 EBADF (Bad file descriptor) [pid 15397] exit_group(0) = ? [pid 15402] <... futex resumed>) = ? [pid 15402] +++ exited with 0 +++ [pid 15398] <... futex resumed>) = ? [pid 15398] +++ exited with 0 +++ [pid 15401] <... futex resumed>) = ? [pid 15401] +++ exited with 0 +++ [pid 15397] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9728, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2547", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2547", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2547/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2547/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2547/binderfs") = 0 [ 306.489911][T15398] EXT4-fs (loop0): 1 truncate cleaned up [ 306.495704][T15398] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue [pid 289] umount2("./2547/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2547/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2547/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2547/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2547/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2547/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2547") = 0 [pid 289] mkdir("./2548", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9732 ./strace-static-x86_64: Process 15403 attached [pid 15403] set_robust_list(0x555556f746a0, 24) = 0 [pid 15403] chdir("./2548") = 0 [pid 15403] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15403] setpgid(0, 0) = 0 [pid 15403] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15403] write(3, "1000", 4) = 4 [pid 15403] close(3) = 0 [pid 15403] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15403] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15403] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15403] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15403] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15403] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15403] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15403] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[9733]}, 88) = 9733 [pid 15403] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15403] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15403] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15404 attached [pid 15404] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15404] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15404] memfd_create("syzkaller", 0) = 3 [pid 15404] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15404] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15404] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15404] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15404] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15404] close(3) = 0 [pid 15404] mkdir("./file1", 0777) = 0 [pid 15404] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15404] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15404] chdir("./file1") = 0 [pid 15404] ioctl(4, LOOP_CLR_FD) = 0 [pid 15404] close(4) = 0 [pid 15404] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15403] <... futex resumed>) = 0 [pid 15403] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15403] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15404] <... futex resumed>) = 1 [pid 15404] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15404] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15403] <... futex resumed>) = 0 [pid 15403] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15403] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15403] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15403] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15403] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15403] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[9734]}, 88) = 9734 [pid 15403] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15403] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 15407 attached [pid 15404] <... futex resumed>) = 1 [pid 15403] <... futex resumed>) = 0 [pid 15403] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15403] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 15403] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15403] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15407] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 15404] memfd_create("syzkaller", 0 [pid 15403] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} [pid 15404] <... memfd_create resumed>) = 4 [pid 15407] <... set_robust_list resumed>) = 0 [pid 15407] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15407] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 15403] <... clone3 resumed> => {parent_tid=[9735]}, 88) = 9735 [pid 15403] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15403] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15404] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 15403] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15404] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) ./strace-static-x86_64: Process 15408 attached [pid 15407] <... setxattr resumed>) = 0 [pid 15404] close(4 [pid 15407] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15407] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15408] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 15408] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15408] memfd_create("syzkaller", 0) = 5 [pid 15408] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15408] close(5) = 0 [pid 15404] <... close resumed>) = 0 [pid 15408] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15408] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15403] <... futex resumed>) = 0 [pid 15404] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15404] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15403] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15403] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15404] <... futex resumed>) = 0 [pid 15404] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 15404] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15403] <... futex resumed>) = 0 [pid 15403] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15404] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 15403] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15404] <... mount resumed>) = 0 [pid 15404] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15403] <... futex resumed>) = 0 [pid 15404] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 15403] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15403] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15404] <... open resumed>) = 5 [pid 15404] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15403] <... futex resumed>) = 0 [pid 15404] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 15403] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15403] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15404] <... write resumed>) = 262144 [pid 15404] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15403] <... futex resumed>) = 0 [pid 15403] close(3 [pid 15404] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15403] <... close resumed>) = 0 [pid 15403] close(4) = 0 [pid 15403] close(5) = 0 [pid 15403] close(6) = -1 EBADF (Bad file descriptor) [pid 15403] close(7) = -1 EBADF (Bad file descriptor) [pid 15403] close(8) = -1 EBADF (Bad file descriptor) [pid 15403] close(9) = -1 EBADF (Bad file descriptor) [pid 15403] close(10) = -1 EBADF (Bad file descriptor) [pid 15403] close(11) = -1 EBADF (Bad file descriptor) [pid 15403] close(12) = -1 EBADF (Bad file descriptor) [pid 15403] close(13) = -1 EBADF (Bad file descriptor) [pid 15403] close(14) = -1 EBADF (Bad file descriptor) [pid 15403] close(15) = -1 EBADF (Bad file descriptor) [pid 15403] close(16) = -1 EBADF (Bad file descriptor) [pid 15403] close(17) = -1 EBADF (Bad file descriptor) [pid 15403] close(18) = -1 EBADF (Bad file descriptor) [pid 15403] close(19) = -1 EBADF (Bad file descriptor) [pid 15403] close(20) = -1 EBADF (Bad file descriptor) [pid 15403] close(21) = -1 EBADF (Bad file descriptor) [pid 15403] close(22) = -1 EBADF (Bad file descriptor) [pid 15403] close(23) = -1 EBADF (Bad file descriptor) [pid 15403] close(24) = -1 EBADF (Bad file descriptor) [pid 15403] close(25) = -1 EBADF (Bad file descriptor) [pid 15403] close(26) = -1 EBADF (Bad file descriptor) [pid 15403] close(27) = -1 EBADF (Bad file descriptor) [pid 15403] close(28) = -1 EBADF (Bad file descriptor) [pid 15403] close(29) = -1 EBADF (Bad file descriptor) [pid 15403] exit_group(0 [pid 15408] <... futex resumed>) = ? [pid 15407] <... futex resumed>) = ? [pid 15403] <... exit_group resumed>) = ? [pid 15404] <... futex resumed>) = ? [pid 15407] +++ exited with 0 +++ [pid 15404] +++ exited with 0 +++ [pid 15408] +++ exited with 0 +++ [pid 15403] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9732, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2548", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2548", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2548/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2548/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2548/binderfs") = 0 [ 306.618857][T15404] EXT4-fs (loop0): 1 truncate cleaned up [ 306.624521][T15404] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue [pid 289] umount2("./2548/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2548/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2548/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2548/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2548/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2548/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2548") = 0 [pid 289] mkdir("./2549", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9736 ./strace-static-x86_64: Process 15409 attached [pid 15409] set_robust_list(0x555556f746a0, 24) = 0 [pid 15409] chdir("./2549") = 0 [pid 15409] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15409] setpgid(0, 0) = 0 [pid 15409] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15409] write(3, "1000", 4) = 4 [pid 15409] close(3) = 0 [pid 15409] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15409] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15409] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15409] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15409] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15409] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15409] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15409] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[9737]}, 88) = 9737 [pid 15409] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15409] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15409] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15410 attached [pid 15410] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15410] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15410] memfd_create("syzkaller", 0) = 3 [pid 15410] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15410] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15410] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15410] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15410] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15410] close(3) = 0 [pid 15410] mkdir("./file1", 0777) = 0 [pid 15410] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15410] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15410] chdir("./file1") = 0 [pid 15410] ioctl(4, LOOP_CLR_FD) = 0 [pid 15410] close(4) = 0 [pid 15410] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15410] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15409] <... futex resumed>) = 0 [pid 15409] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15409] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15410] <... futex resumed>) = 0 [pid 15410] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15410] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15409] <... futex resumed>) = 0 [pid 15409] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15409] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15409] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15409] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15409] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15409] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[9738]}, 88) = 9738 [pid 15409] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15409] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15409] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15409] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 15409] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE./strace-static-x86_64: Process 15413 attached ) = 0 [pid 15413] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 15409] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15413] <... set_robust_list resumed>) = 0 [pid 15409] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0}./strace-static-x86_64: Process 15414 attached [pid 15413] rt_sigprocmask(SIG_SETMASK, [], [pid 15409] <... clone3 resumed> => {parent_tid=[9739]}, 88) = 9739 [pid 15409] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15409] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15414] set_robust_list(0x7fbc5ef0b9a0, 24 [pid 15413] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15409] <... futex resumed>) = 0 [pid 15409] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15410] <... futex resumed>) = 1 [pid 15410] memfd_create("syzkaller", 0 [pid 15414] <... set_robust_list resumed>) = 0 [pid 15413] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 15410] <... memfd_create resumed>) = 4 [pid 15410] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15410] close(4) = 0 [pid 15413] <... setxattr resumed>) = 0 [pid 15410] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15410] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15414] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15414] memfd_create("syzkaller", 0 [pid 15413] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15414] <... memfd_create resumed>) = 4 [pid 15414] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15414] close(4) = 0 [pid 15413] <... futex resumed>) = 0 [pid 15414] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15409] <... futex resumed>) = 0 [pid 15409] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15409] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15413] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15410] <... futex resumed>) = 0 [pid 15410] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 15414] <... futex resumed>) = 1 [pid 15410] <... open resumed>) = 4 [pid 15414] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15410] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15409] <... futex resumed>) = 0 [pid 15409] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15409] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15410] <... futex resumed>) = 1 [pid 15410] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 15410] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15409] <... futex resumed>) = 0 [pid 15409] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15409] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15410] <... futex resumed>) = 1 [pid 15410] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 15410] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15409] <... futex resumed>) = 0 [pid 15409] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15409] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15410] <... futex resumed>) = 1 [pid 15410] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 15410] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15409] <... futex resumed>) = 0 [pid 15410] <... futex resumed>) = 1 [pid 15409] close(3 [pid 15410] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15409] <... close resumed>) = 0 [pid 15409] close(4) = 0 [pid 15409] close(5) = 0 [pid 15409] close(6) = -1 EBADF (Bad file descriptor) [pid 15409] close(7) = -1 EBADF (Bad file descriptor) [pid 15409] close(8) = -1 EBADF (Bad file descriptor) [pid 15409] close(9) = -1 EBADF (Bad file descriptor) [pid 15409] close(10) = -1 EBADF (Bad file descriptor) [pid 15409] close(11) = -1 EBADF (Bad file descriptor) [pid 15409] close(12) = -1 EBADF (Bad file descriptor) [pid 15409] close(13) = -1 EBADF (Bad file descriptor) [pid 15409] close(14) = -1 EBADF (Bad file descriptor) [pid 15409] close(15) = -1 EBADF (Bad file descriptor) [pid 15409] close(16) = -1 EBADF (Bad file descriptor) [pid 15409] close(17) = -1 EBADF (Bad file descriptor) [pid 15409] close(18) = -1 EBADF (Bad file descriptor) [pid 15409] close(19) = -1 EBADF (Bad file descriptor) [pid 15409] close(20) = -1 EBADF (Bad file descriptor) [pid 15409] close(21) = -1 EBADF (Bad file descriptor) [pid 15409] close(22) = -1 EBADF (Bad file descriptor) [pid 15409] close(23) = -1 EBADF (Bad file descriptor) [pid 15409] close(24) = -1 EBADF (Bad file descriptor) [pid 15409] close(25) = -1 EBADF (Bad file descriptor) [pid 15409] close(26) = -1 EBADF (Bad file descriptor) [pid 15409] close(27) = -1 EBADF (Bad file descriptor) [pid 15409] close(28) = -1 EBADF (Bad file descriptor) [pid 15409] close(29) = -1 EBADF (Bad file descriptor) [pid 15409] exit_group(0 [pid 15414] <... futex resumed>) = ? [pid 15409] <... exit_group resumed>) = ? [pid 15414] +++ exited with 0 +++ [pid 15410] <... futex resumed>) = ? [pid 15410] +++ exited with 0 +++ [pid 15413] <... futex resumed>) = ? [pid 15413] +++ exited with 0 +++ [pid 15409] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9736, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2549", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2549", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2549/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2549/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2549/binderfs") = 0 [ 306.734139][T15410] EXT4-fs (loop0): 1 truncate cleaned up [ 306.739830][T15410] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue [pid 289] umount2("./2549/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2549/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2549/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2549/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2549/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2549/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2549") = 0 [pid 289] mkdir("./2550", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9740 ./strace-static-x86_64: Process 15415 attached [pid 15415] set_robust_list(0x555556f746a0, 24) = 0 [pid 15415] chdir("./2550") = 0 [pid 15415] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15415] setpgid(0, 0) = 0 [pid 15415] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15415] write(3, "1000", 4) = 4 [pid 15415] close(3) = 0 [pid 15415] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15415] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15415] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15415] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15415] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15415] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15415] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15415] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0}./strace-static-x86_64: Process 15416 attached [pid 15416] set_robust_list(0x7fbc6730d9a0, 24 [pid 15415] <... clone3 resumed> => {parent_tid=[9741]}, 88) = 9741 [pid 15416] <... set_robust_list resumed>) = 0 [pid 15415] rt_sigprocmask(SIG_SETMASK, [], [pid 15416] rt_sigprocmask(SIG_SETMASK, [], [pid 15415] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15416] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15415] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15415] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15416] memfd_create("syzkaller", 0) = 3 [pid 15416] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15416] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15416] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15416] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15416] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15416] close(3) = 0 [pid 15416] mkdir("./file1", 0777) = 0 [pid 15416] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15416] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15416] chdir("./file1") = 0 [pid 15416] ioctl(4, LOOP_CLR_FD) = 0 [pid 15416] close(4) = 0 [pid 15416] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15415] <... futex resumed>) = 0 [pid 15415] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15415] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15416] <... futex resumed>) = 1 [pid 15416] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15416] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15415] <... futex resumed>) = 0 [pid 15415] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15415] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15415] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15415] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15415] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15415] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[9742]}, 88) = 9742 [pid 15415] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15415] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 15419 attached [pid 15419] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 15415] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15419] <... set_robust_list resumed>) = 0 [pid 15419] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15419] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 15415] <... futex resumed>) = 0 [pid 15415] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 15419] <... setxattr resumed>) = 0 [pid 15415] <... mmap resumed>) = 0x7fbc5eeeb000 [pid 15419] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15415] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE [pid 15419] <... futex resumed>) = 0 [pid 15415] <... mprotect resumed>) = 0 [pid 15419] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15415] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15415] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0}./strace-static-x86_64: Process 15420 attached => {parent_tid=[9743]}, 88) = 9743 [pid 15415] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15415] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15415] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15416] <... futex resumed>) = 1 [pid 15416] memfd_create("syzkaller", 0 [pid 15420] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 15416] <... memfd_create resumed>) = 4 [pid 15420] rt_sigprocmask(SIG_SETMASK, [], [pid 15416] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15420] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15416] close(4) = 0 [pid 15416] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15416] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15420] memfd_create("syzkaller", 0) = 4 [pid 15420] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15420] close(4) = 0 [pid 15420] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15415] <... futex resumed>) = 0 [pid 15415] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15415] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15416] <... futex resumed>) = 0 [pid 15416] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 15420] <... futex resumed>) = 1 [pid 15416] <... open resumed>) = 4 [pid 15416] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15420] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15415] <... futex resumed>) = 0 [pid 15415] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15415] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15416] <... futex resumed>) = 1 [pid 15416] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 15416] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15415] <... futex resumed>) = 0 [pid 15415] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15415] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15416] <... futex resumed>) = 1 [pid 15416] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 15416] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15415] <... futex resumed>) = 0 [pid 15415] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15415] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15416] <... futex resumed>) = 1 [pid 15416] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 15416] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15415] <... futex resumed>) = 0 [pid 15416] <... futex resumed>) = 1 [pid 15415] close(3) = 0 [pid 15415] close(4) = 0 [pid 15415] close(5 [pid 15416] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15415] <... close resumed>) = 0 [pid 15415] close(6) = -1 EBADF (Bad file descriptor) [pid 15415] close(7) = -1 EBADF (Bad file descriptor) [pid 15415] close(8) = -1 EBADF (Bad file descriptor) [pid 15415] close(9) = -1 EBADF (Bad file descriptor) [pid 15415] close(10) = -1 EBADF (Bad file descriptor) [pid 15415] close(11) = -1 EBADF (Bad file descriptor) [pid 15415] close(12) = -1 EBADF (Bad file descriptor) [pid 15415] close(13) = -1 EBADF (Bad file descriptor) [pid 15415] close(14) = -1 EBADF (Bad file descriptor) [pid 15415] close(15) = -1 EBADF (Bad file descriptor) [pid 15415] close(16) = -1 EBADF (Bad file descriptor) [pid 15415] close(17) = -1 EBADF (Bad file descriptor) [pid 15415] close(18) = -1 EBADF (Bad file descriptor) [pid 15415] close(19) = -1 EBADF (Bad file descriptor) [pid 15415] close(20) = -1 EBADF (Bad file descriptor) [pid 15415] close(21) = -1 EBADF (Bad file descriptor) [pid 15415] close(22) = -1 EBADF (Bad file descriptor) [pid 15415] close(23) = -1 EBADF (Bad file descriptor) [pid 15415] close(24) = -1 EBADF (Bad file descriptor) [pid 15415] close(25) = -1 EBADF (Bad file descriptor) [pid 15415] close(26) = -1 EBADF (Bad file descriptor) [pid 15415] close(27) = -1 EBADF (Bad file descriptor) [pid 15415] close(28) = -1 EBADF (Bad file descriptor) [pid 15415] close(29) = -1 EBADF (Bad file descriptor) [pid 15415] exit_group(0) = ? [pid 15420] <... futex resumed>) = ? [pid 15419] <... futex resumed>) = ? [pid 15419] +++ exited with 0 +++ [pid 15416] <... futex resumed>) = ? [pid 15420] +++ exited with 0 +++ [pid 15416] +++ exited with 0 +++ [pid 15415] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9740, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2550", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2550", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2550/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2550/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2550/binderfs") = 0 [ 306.876730][T15416] EXT4-fs (loop0): 1 truncate cleaned up [ 306.882255][T15416] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue [pid 289] umount2("./2550/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2550/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2550/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2550/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2550/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2550/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2550") = 0 [pid 289] mkdir("./2551", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9744 ./strace-static-x86_64: Process 15421 attached [pid 15421] set_robust_list(0x555556f746a0, 24) = 0 [pid 15421] chdir("./2551") = 0 [pid 15421] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15421] setpgid(0, 0) = 0 [pid 15421] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15421] write(3, "1000", 4) = 4 [pid 15421] close(3) = 0 [pid 15421] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15421] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15421] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15421] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15421] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15421] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15421] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15421] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0}./strace-static-x86_64: Process 15422 attached => {parent_tid=[9745]}, 88) = 9745 [pid 15422] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15422] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15422] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15421] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15421] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15422] <... futex resumed>) = 0 [pid 15422] memfd_create("syzkaller", 0 [pid 15421] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15422] <... memfd_create resumed>) = 3 [pid 15422] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15422] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15422] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15422] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15422] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15422] close(3) = 0 [pid 15422] mkdir("./file1", 0777) = 0 [pid 15422] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15422] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15422] chdir("./file1") = 0 [pid 15422] ioctl(4, LOOP_CLR_FD) = 0 [pid 15422] close(4) = 0 [pid 15422] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15421] <... futex resumed>) = 0 [pid 15422] setxattr("./file1", NULL, NULL, 0, 0 [pid 15421] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15422] <... setxattr resumed>) = -1 EFAULT (Bad address) [pid 15422] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15421] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15422] <... futex resumed>) = 0 [pid 15421] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15421] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15422] memfd_create("syzkaller", 0) = 4 [pid 15422] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15422] close(4) = 0 [pid 15422] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15422] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15421] <... futex resumed>) = 1 [pid 15421] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15421] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15421] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15421] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15421] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15421] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[9746]}, 88) = 9746 [pid 15421] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15421] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15421] futex(0x7fbc673d96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15422] <... futex resumed>) = 0 [pid 15422] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0./strace-static-x86_64: Process 15425 attached ) = 0 [pid 15422] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15422] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15425] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 15425] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15425] memfd_create("syzkaller", 0) = 4 [pid 15425] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15425] close(4) = 0 [pid 15425] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15421] <... futex resumed>) = 0 [pid 15421] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15421] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15422] <... futex resumed>) = 0 [pid 15422] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 15425] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15422] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15421] <... futex resumed>) = 0 [pid 15421] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15421] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15422] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 15422] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15421] <... futex resumed>) = 0 [pid 15421] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15421] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15422] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 15422] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15421] <... futex resumed>) = 0 [pid 15421] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15421] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15422] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 15422] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15421] <... futex resumed>) = 0 [pid 15422] <... futex resumed>) = 1 [pid 15422] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15421] close(3) = 0 [pid 15421] close(4) = 0 [pid 15421] close(5) = 0 [pid 15421] close(6) = -1 EBADF (Bad file descriptor) [pid 15421] close(7) = -1 EBADF (Bad file descriptor) [pid 15421] close(8) = -1 EBADF (Bad file descriptor) [pid 15421] close(9) = -1 EBADF (Bad file descriptor) [pid 15421] close(10) = -1 EBADF (Bad file descriptor) [pid 15421] close(11) = -1 EBADF (Bad file descriptor) [pid 15421] close(12) = -1 EBADF (Bad file descriptor) [pid 15421] close(13) = -1 EBADF (Bad file descriptor) [pid 15421] close(14) = -1 EBADF (Bad file descriptor) [pid 15421] close(15) = -1 EBADF (Bad file descriptor) [pid 15421] close(16) = -1 EBADF (Bad file descriptor) [pid 15421] close(17) = -1 EBADF (Bad file descriptor) [pid 15421] close(18) = -1 EBADF (Bad file descriptor) [pid 15421] close(19) = -1 EBADF (Bad file descriptor) [pid 15421] close(20) = -1 EBADF (Bad file descriptor) [pid 15421] close(21) = -1 EBADF (Bad file descriptor) [pid 15421] close(22) = -1 EBADF (Bad file descriptor) [pid 15421] close(23) = -1 EBADF (Bad file descriptor) [pid 15421] close(24) = -1 EBADF (Bad file descriptor) [pid 15421] close(25) = -1 EBADF (Bad file descriptor) [pid 15421] close(26) = -1 EBADF (Bad file descriptor) [pid 15421] close(27) = -1 EBADF (Bad file descriptor) [pid 15421] close(28) = -1 EBADF (Bad file descriptor) [pid 15421] close(29) = -1 EBADF (Bad file descriptor) [pid 15421] exit_group(0) = ? [pid 15425] <... futex resumed>) = 231 [pid 15422] <... futex resumed>) = ? [pid 15425] +++ exited with 0 +++ [pid 15422] +++ exited with 0 +++ [pid 15421] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9744, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2551", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2551", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2551/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2551/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2551/binderfs") = 0 [ 306.972200][T15422] EXT4-fs (loop0): 1 truncate cleaned up [ 306.978280][T15422] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue [pid 289] umount2("./2551/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2551/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2551/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2551/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2551/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2551/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2551") = 0 [pid 289] mkdir("./2552", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9747 ./strace-static-x86_64: Process 15426 attached [pid 15426] set_robust_list(0x555556f746a0, 24) = 0 [pid 15426] chdir("./2552") = 0 [pid 15426] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15426] setpgid(0, 0) = 0 [pid 15426] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15426] write(3, "1000", 4) = 4 [pid 15426] close(3) = 0 [pid 15426] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15426] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15426] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15426] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15426] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15426] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15426] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15426] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0}./strace-static-x86_64: Process 15427 attached [pid 15427] set_robust_list(0x7fbc6730d9a0, 24 [pid 15426] <... clone3 resumed> => {parent_tid=[9748]}, 88) = 9748 [pid 15426] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15426] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15427] <... set_robust_list resumed>) = 0 [pid 15426] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15427] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15427] memfd_create("syzkaller", 0) = 3 [pid 15427] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15427] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15427] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15427] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15427] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15427] close(3) = 0 [pid 15427] mkdir("./file1", 0777) = 0 [pid 15427] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15427] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15427] chdir("./file1") = 0 [pid 15427] ioctl(4, LOOP_CLR_FD) = 0 [pid 15427] close(4) = 0 [pid 15427] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15426] <... futex resumed>) = 0 [pid 15426] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15426] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15427] <... futex resumed>) = 1 [pid 15427] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15427] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15426] <... futex resumed>) = 0 [pid 15426] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15426] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15426] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15426] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15426] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15426] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[9749]}, 88) = 9749 [pid 15426] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15426] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15426] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15426] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 15426] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15426] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15426] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0}./strace-static-x86_64: Process 15431 attached ./strace-static-x86_64: Process 15430 attached => {parent_tid=[9750]}, 88) = 9750 [pid 15426] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15426] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15426] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15427] <... futex resumed>) = 1 [pid 15427] memfd_create("syzkaller", 0) = 4 [pid 15431] set_robust_list(0x7fbc5ef0b9a0, 24 [pid 15430] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 15427] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15427] close(4) = 0 [pid 15427] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15431] <... set_robust_list resumed>) = 0 [pid 15430] <... set_robust_list resumed>) = 0 [pid 15427] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15431] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15431] memfd_create("syzkaller", 0 [pid 15430] rt_sigprocmask(SIG_SETMASK, [], [pid 15431] <... memfd_create resumed>) = 4 [pid 15430] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15431] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15431] close(4) = 0 [pid 15431] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15426] <... futex resumed>) = 0 [pid 15426] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15426] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15427] <... futex resumed>) = 0 [pid 15427] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 15430] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 15427] <... open resumed>) = 4 [pid 15431] <... futex resumed>) = 1 [pid 15431] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15427] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15426] <... futex resumed>) = 0 [pid 15426] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15426] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15427] <... futex resumed>) = 1 [pid 15427] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 15427] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15426] <... futex resumed>) = 0 [pid 15430] <... setxattr resumed>) = 0 [pid 15426] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15426] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15427] <... futex resumed>) = 1 [pid 15427] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 15427] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15430] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15426] <... futex resumed>) = 0 [pid 15426] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15430] <... futex resumed>) = 0 [pid 15426] <... futex resumed>) = 0 [pid 15426] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15430] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15427] <... futex resumed>) = 1 [pid 15427] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 15427] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15426] <... futex resumed>) = 0 [pid 15427] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15426] close(3) = 0 [pid 15426] close(4) = 0 [pid 15426] close(5) = 0 [pid 15426] close(6) = -1 EBADF (Bad file descriptor) [pid 15426] close(7) = -1 EBADF (Bad file descriptor) [pid 15426] close(8) = -1 EBADF (Bad file descriptor) [pid 15426] close(9) = -1 EBADF (Bad file descriptor) [pid 15426] close(10) = -1 EBADF (Bad file descriptor) [pid 15426] close(11) = -1 EBADF (Bad file descriptor) [pid 15426] close(12) = -1 EBADF (Bad file descriptor) [pid 15426] close(13) = -1 EBADF (Bad file descriptor) [pid 15426] close(14) = -1 EBADF (Bad file descriptor) [pid 15426] close(15) = -1 EBADF (Bad file descriptor) [pid 15426] close(16) = -1 EBADF (Bad file descriptor) [pid 15426] close(17) = -1 EBADF (Bad file descriptor) [pid 15426] close(18) = -1 EBADF (Bad file descriptor) [pid 15426] close(19) = -1 EBADF (Bad file descriptor) [pid 15426] close(20) = -1 EBADF (Bad file descriptor) [pid 15426] close(21) = -1 EBADF (Bad file descriptor) [pid 15426] close(22) = -1 EBADF (Bad file descriptor) [pid 15426] close(23) = -1 EBADF (Bad file descriptor) [pid 15426] close(24) = -1 EBADF (Bad file descriptor) [pid 15426] close(25) = -1 EBADF (Bad file descriptor) [pid 15426] close(26) = -1 EBADF (Bad file descriptor) [pid 15426] close(27) = -1 EBADF (Bad file descriptor) [pid 15426] close(28) = -1 EBADF (Bad file descriptor) [pid 15426] close(29) = -1 EBADF (Bad file descriptor) [pid 15426] exit_group(0 [pid 15431] <... futex resumed>) = ? [pid 15430] <... futex resumed>) = ? [pid 15426] <... exit_group resumed>) = ? [pid 15431] +++ exited with 0 +++ [pid 15430] +++ exited with 0 +++ [pid 15427] <... futex resumed>) = ? [pid 15427] +++ exited with 0 +++ [pid 15426] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9747, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2552", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2552", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2552/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2552/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2552/binderfs") = 0 [ 307.074770][T15427] EXT4-fs (loop0): 1 truncate cleaned up [ 307.080916][T15427] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue [pid 289] umount2("./2552/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2552/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2552/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2552/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2552/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2552/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2552") = 0 [pid 289] mkdir("./2553", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9751 ./strace-static-x86_64: Process 15432 attached [pid 15432] set_robust_list(0x555556f746a0, 24) = 0 [pid 15432] chdir("./2553") = 0 [pid 15432] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15432] setpgid(0, 0) = 0 [pid 15432] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15432] write(3, "1000", 4) = 4 [pid 15432] close(3) = 0 [pid 15432] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15432] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15432] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15432] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15432] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15432] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15432] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15432] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[9752]}, 88) = 9752 [pid 15432] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 15433 attached [pid 15433] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15432] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15432] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15432] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15433] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15433] memfd_create("syzkaller", 0) = 3 [pid 15433] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15433] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15433] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15433] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15433] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15433] close(3) = 0 [pid 15433] mkdir("./file1", 0777) = 0 [pid 15433] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15433] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15433] chdir("./file1") = 0 [pid 15433] ioctl(4, LOOP_CLR_FD) = 0 [pid 15433] close(4) = 0 [pid 15433] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15432] <... futex resumed>) = 0 [pid 15432] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15432] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15433] <... futex resumed>) = 1 [pid 15433] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15433] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15432] <... futex resumed>) = 0 [pid 15432] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15432] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15432] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15432] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15432] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15432] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0}./strace-static-x86_64: Process 15436 attached => {parent_tid=[9753]}, 88) = 9753 [pid 15432] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15432] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15432] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15432] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 15432] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15432] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15432] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[9754]}, 88) = 9754 [pid 15432] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15432] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15432] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15433] <... futex resumed>) = 1 [pid 15433] memfd_create("syzkaller", 0) = 4 [pid 15433] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15433] close(4) = 0 [pid 15433] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15433] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15436] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 15436] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15436] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0) = 0 [pid 15436] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15436] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 15437 attached [pid 15437] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 15437] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15437] memfd_create("syzkaller", 0) = 4 [pid 15437] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15437] close(4) = 0 [pid 15437] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15432] <... futex resumed>) = 0 [pid 15432] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15432] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15433] <... futex resumed>) = 0 [pid 15433] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 15437] <... futex resumed>) = 1 [pid 15437] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15433] <... open resumed>) = 4 [pid 15433] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15432] <... futex resumed>) = 0 [pid 15432] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15432] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15433] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 15433] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15432] <... futex resumed>) = 0 [pid 15432] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15432] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15433] <... futex resumed>) = 1 [pid 15433] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 15433] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15432] <... futex resumed>) = 0 [pid 15432] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15432] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15433] <... futex resumed>) = 1 [pid 15433] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 15433] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15432] <... futex resumed>) = 0 [pid 15433] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15432] close(3) = 0 [pid 15432] close(4) = 0 [pid 15432] close(5) = 0 [pid 15432] close(6) = -1 EBADF (Bad file descriptor) [pid 15432] close(7) = -1 EBADF (Bad file descriptor) [pid 15432] close(8) = -1 EBADF (Bad file descriptor) [pid 15432] close(9) = -1 EBADF (Bad file descriptor) [pid 15432] close(10) = -1 EBADF (Bad file descriptor) [pid 15432] close(11) = -1 EBADF (Bad file descriptor) [pid 15432] close(12) = -1 EBADF (Bad file descriptor) [pid 15432] close(13) = -1 EBADF (Bad file descriptor) [pid 15432] close(14) = -1 EBADF (Bad file descriptor) [pid 15432] close(15) = -1 EBADF (Bad file descriptor) [pid 15432] close(16) = -1 EBADF (Bad file descriptor) [pid 15432] close(17) = -1 EBADF (Bad file descriptor) [pid 15432] close(18) = -1 EBADF (Bad file descriptor) [pid 15432] close(19) = -1 EBADF (Bad file descriptor) [pid 15432] close(20) = -1 EBADF (Bad file descriptor) [pid 15432] close(21) = -1 EBADF (Bad file descriptor) [pid 15432] close(22) = -1 EBADF (Bad file descriptor) [pid 15432] close(23) = -1 EBADF (Bad file descriptor) [pid 15432] close(24) = -1 EBADF (Bad file descriptor) [pid 15432] close(25) = -1 EBADF (Bad file descriptor) [pid 15432] close(26) = -1 EBADF (Bad file descriptor) [pid 15432] close(27) = -1 EBADF (Bad file descriptor) [pid 15432] close(28) = -1 EBADF (Bad file descriptor) [pid 15432] close(29) = -1 EBADF (Bad file descriptor) [pid 15432] exit_group(0 [pid 15436] <... futex resumed>) = ? [pid 15432] <... exit_group resumed>) = ? [pid 15436] +++ exited with 0 +++ [pid 15437] <... futex resumed>) = ? [pid 15433] <... futex resumed>) = ? [pid 15437] +++ exited with 0 +++ [pid 15433] +++ exited with 0 +++ [pid 15432] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9751, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2553", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2553", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2553/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2553/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2553/binderfs") = 0 [ 307.151415][T15433] EXT4-fs (loop0): 1 truncate cleaned up [ 307.157005][T15433] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue [pid 289] umount2("./2553/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2553/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2553/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2553/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2553/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2553/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2553") = 0 [pid 289] mkdir("./2554", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9755 ./strace-static-x86_64: Process 15438 attached [pid 15438] set_robust_list(0x555556f746a0, 24) = 0 [pid 15438] chdir("./2554") = 0 [pid 15438] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15438] setpgid(0, 0) = 0 [pid 15438] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15438] write(3, "1000", 4) = 4 [pid 15438] close(3) = 0 [pid 15438] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15438] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15438] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15438] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15438] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15438] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15438] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15438] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[9756]}, 88) = 9756 [pid 15438] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15438] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15438] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15439 attached [pid 15439] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15439] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15439] memfd_create("syzkaller", 0) = 3 [pid 15439] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15439] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15439] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15439] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15439] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15439] close(3) = 0 [pid 15439] mkdir("./file1", 0777) = 0 [pid 15439] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15439] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15439] chdir("./file1") = 0 [pid 15439] ioctl(4, LOOP_CLR_FD) = 0 [pid 15439] close(4) = 0 [pid 15439] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15438] <... futex resumed>) = 0 [pid 15438] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15438] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15439] <... futex resumed>) = 1 [pid 15439] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15439] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15438] <... futex resumed>) = 0 [pid 15438] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15438] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15438] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15438] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15438] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15438] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[9757]}, 88) = 9757 [pid 15438] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15438] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15438] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 15442 attached [pid 15439] <... futex resumed>) = 1 [pid 15438] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 15438] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15438] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15438] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[9758]}, 88) = 9758 [pid 15438] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15438] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15438] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15443 attached [pid 15443] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 15443] rt_sigprocmask(SIG_SETMASK, [], [pid 15442] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 15439] memfd_create("syzkaller", 0 [pid 15443] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15443] memfd_create("syzkaller", 0) = 4 [pid 15443] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15443] close(4) = 0 [pid 15443] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15438] <... futex resumed>) = 0 [pid 15438] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15438] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15443] <... futex resumed>) = 1 [pid 15443] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 15439] <... memfd_create resumed>) = 5 [pid 15442] <... set_robust_list resumed>) = 0 [pid 15442] rt_sigprocmask(SIG_SETMASK, [], [pid 15439] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 15443] <... open resumed>) = 4 [pid 15442] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15442] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 15443] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15439] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 15443] <... futex resumed>) = 1 [pid 15439] close(5 [pid 15438] <... futex resumed>) = 0 [pid 15438] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15438] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15443] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 15442] <... setxattr resumed>) = 0 [pid 15439] <... close resumed>) = 0 [pid 15443] <... mount resumed>) = 0 [pid 15442] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15439] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15443] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15438] <... futex resumed>) = 0 [pid 15438] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15438] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15443] <... futex resumed>) = 1 [pid 15443] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15442] <... futex resumed>) = 0 [pid 15442] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15438] <... futex resumed>) = 0 [pid 15438] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15439] <... futex resumed>) = 1 [pid 15439] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 15439] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15438] <... futex resumed>) = 0 [pid 15438] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15438] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15439] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 15439] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15438] <... futex resumed>) = 0 [pid 15439] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15438] close(3) = 0 [pid 15438] close(4) = 0 [pid 15438] close(5) = 0 [pid 15438] close(6) = -1 EBADF (Bad file descriptor) [pid 15438] close(7) = -1 EBADF (Bad file descriptor) [pid 15438] close(8) = -1 EBADF (Bad file descriptor) [pid 15438] close(9) = -1 EBADF (Bad file descriptor) [pid 15438] close(10) = -1 EBADF (Bad file descriptor) [pid 15438] close(11) = -1 EBADF (Bad file descriptor) [pid 15438] close(12) = -1 EBADF (Bad file descriptor) [pid 15438] close(13) = -1 EBADF (Bad file descriptor) [pid 15438] close(14) = -1 EBADF (Bad file descriptor) [pid 15438] close(15) = -1 EBADF (Bad file descriptor) [pid 15438] close(16) = -1 EBADF (Bad file descriptor) [pid 15438] close(17) = -1 EBADF (Bad file descriptor) [pid 15438] close(18) = -1 EBADF (Bad file descriptor) [pid 15438] close(19) = -1 EBADF (Bad file descriptor) [pid 15438] close(20) = -1 EBADF (Bad file descriptor) [pid 15438] close(21) = -1 EBADF (Bad file descriptor) [pid 15438] close(22) = -1 EBADF (Bad file descriptor) [pid 15438] close(23) = -1 EBADF (Bad file descriptor) [pid 15438] close(24) = -1 EBADF (Bad file descriptor) [pid 15438] close(25) = -1 EBADF (Bad file descriptor) [pid 15438] close(26) = -1 EBADF (Bad file descriptor) [pid 15438] close(27) = -1 EBADF (Bad file descriptor) [pid 15438] close(28) = -1 EBADF (Bad file descriptor) [pid 15438] close(29) = -1 EBADF (Bad file descriptor) [pid 15438] exit_group(0 [pid 15443] <... futex resumed>) = ? [pid 15442] <... futex resumed>) = ? [pid 15439] <... futex resumed>) = ? [pid 15438] <... exit_group resumed>) = ? [pid 15443] +++ exited with 0 +++ [pid 15442] +++ exited with 0 +++ [pid 15439] +++ exited with 0 +++ [pid 15438] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9755, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2554", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2554", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2554/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2554/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2554/binderfs") = 0 [ 307.249001][T15439] EXT4-fs (loop0): 1 truncate cleaned up [ 307.254557][T15439] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue [pid 289] umount2("./2554/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2554/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2554/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2554/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2554/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2554/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2554") = 0 [pid 289] mkdir("./2555", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9759 ./strace-static-x86_64: Process 15444 attached [pid 15444] set_robust_list(0x555556f746a0, 24) = 0 [pid 15444] chdir("./2555") = 0 [pid 15444] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15444] setpgid(0, 0) = 0 [pid 15444] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15444] write(3, "1000", 4) = 4 [pid 15444] close(3) = 0 [pid 15444] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15444] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15444] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15444] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15444] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15444] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15444] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15444] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[9760]}, 88) = 9760 [pid 15444] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15444] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15444] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15445 attached [pid 15445] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15445] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15445] memfd_create("syzkaller", 0) = 3 [pid 15445] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15445] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15445] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15445] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15445] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15445] close(3) = 0 [pid 15445] mkdir("./file1", 0777) = 0 [pid 15445] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15445] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15445] chdir("./file1") = 0 [pid 15445] ioctl(4, LOOP_CLR_FD) = 0 [pid 15445] close(4) = 0 [pid 15445] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15444] <... futex resumed>) = 0 [pid 15444] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15444] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15445] <... futex resumed>) = 1 [pid 15445] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15445] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15444] <... futex resumed>) = 0 [pid 15444] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15444] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15444] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15444] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15444] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15444] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[9761]}, 88) = 9761 [pid 15444] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15444] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15444] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15444] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 15444] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15444] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15444] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[9762]}, 88) = 9762 [pid 15444] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15444] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15444] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15445] <... futex resumed>) = 1 [pid 15445] memfd_create("syzkaller", 0) = 4 [pid 15445] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15445] close(4) = 0 [pid 15445] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15445] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 15448 attached [pid 15448] set_robust_list(0x7fbc5ef2c9a0, 24./strace-static-x86_64: Process 15449 attached [pid 15449] set_robust_list(0x7fbc5ef0b9a0, 24 [pid 15448] <... set_robust_list resumed>) = 0 [pid 15449] <... set_robust_list resumed>) = 0 [pid 15449] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15449] memfd_create("syzkaller", 0 [pid 15448] rt_sigprocmask(SIG_SETMASK, [], [pid 15449] <... memfd_create resumed>) = 4 [pid 15448] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15448] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0) = 0 [pid 15449] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15449] close(4 [pid 15448] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15449] <... close resumed>) = 0 [pid 15449] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15444] <... futex resumed>) = 0 [pid 15444] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15444] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15445] <... futex resumed>) = 0 [pid 15445] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 15448] <... futex resumed>) = 0 [pid 15445] <... open resumed>) = 4 [pid 15445] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15444] <... futex resumed>) = 0 [pid 15449] <... futex resumed>) = 1 [pid 15444] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15444] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15445] <... futex resumed>) = 1 [pid 15445] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 15445] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15444] <... futex resumed>) = 0 [pid 15444] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15444] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15445] <... futex resumed>) = 1 [pid 15445] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 15445] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15444] <... futex resumed>) = 0 [pid 15444] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15444] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15445] <... futex resumed>) = 1 [pid 15445] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 15449] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15448] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15445] <... write resumed>) = 262144 [pid 15445] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15445] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15444] <... futex resumed>) = 0 [pid 15444] close(3) = 0 [pid 15444] close(4) = 0 [pid 15444] close(5) = 0 [pid 15444] close(6) = -1 EBADF (Bad file descriptor) [pid 15444] close(7) = -1 EBADF (Bad file descriptor) [pid 15444] close(8) = -1 EBADF (Bad file descriptor) [pid 15444] close(9) = -1 EBADF (Bad file descriptor) [pid 15444] close(10) = -1 EBADF (Bad file descriptor) [pid 15444] close(11) = -1 EBADF (Bad file descriptor) [pid 15444] close(12) = -1 EBADF (Bad file descriptor) [pid 15444] close(13) = -1 EBADF (Bad file descriptor) [pid 15444] close(14) = -1 EBADF (Bad file descriptor) [pid 15444] close(15) = -1 EBADF (Bad file descriptor) [pid 15444] close(16) = -1 EBADF (Bad file descriptor) [pid 15444] close(17) = -1 EBADF (Bad file descriptor) [pid 15444] close(18) = -1 EBADF (Bad file descriptor) [pid 15444] close(19) = -1 EBADF (Bad file descriptor) [pid 15444] close(20) = -1 EBADF (Bad file descriptor) [pid 15444] close(21) = -1 EBADF (Bad file descriptor) [pid 15444] close(22) = -1 EBADF (Bad file descriptor) [pid 15444] close(23) = -1 EBADF (Bad file descriptor) [pid 15444] close(24) = -1 EBADF (Bad file descriptor) [pid 15444] close(25) = -1 EBADF (Bad file descriptor) [pid 15444] close(26) = -1 EBADF (Bad file descriptor) [pid 15444] close(27) = -1 EBADF (Bad file descriptor) [pid 15444] close(28) = -1 EBADF (Bad file descriptor) [pid 15444] close(29) = -1 EBADF (Bad file descriptor) [pid 15444] exit_group(0) = ? [pid 15448] <... futex resumed>) = ? [pid 15448] +++ exited with 0 +++ [pid 15449] <... futex resumed>) = ? [pid 15449] +++ exited with 0 +++ [pid 15445] <... futex resumed>) = ? [pid 15445] +++ exited with 0 +++ [pid 15444] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9759, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] umount2("./2555", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2555", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2555/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2555/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2555/binderfs") = 0 [ 307.351455][T15445] EXT4-fs (loop0): 1 truncate cleaned up [ 307.357252][T15445] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue [pid 289] umount2("./2555/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2555/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2555/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2555/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2555/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2555/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2555") = 0 [pid 289] mkdir("./2556", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9763 ./strace-static-x86_64: Process 15451 attached [pid 15451] set_robust_list(0x555556f746a0, 24) = 0 [pid 15451] chdir("./2556") = 0 [pid 15451] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15451] setpgid(0, 0) = 0 [pid 15451] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15451] write(3, "1000", 4) = 4 [pid 15451] close(3) = 0 [pid 15451] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15451] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15451] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15451] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15451] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15451] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15451] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15451] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[9764]}, 88) = 9764 [pid 15451] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15451] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15451] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15452 attached [pid 15452] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15452] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15452] memfd_create("syzkaller", 0) = 3 [pid 15452] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15452] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15452] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15452] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15452] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15452] close(3) = 0 [pid 15452] mkdir("./file1", 0777) = 0 [pid 15452] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15452] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15452] chdir("./file1") = 0 [pid 15452] ioctl(4, LOOP_CLR_FD) = 0 [pid 15452] close(4) = 0 [pid 15452] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15451] <... futex resumed>) = 0 [pid 15451] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15451] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15452] <... futex resumed>) = 1 [pid 15452] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15452] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15451] <... futex resumed>) = 0 [pid 15451] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15451] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15451] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15451] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15451] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15451] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[9765]}, 88) = 9765 [pid 15451] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15451] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15451] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15451] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 15451] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15451] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15451] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[9766]}, 88) = 9766 [pid 15451] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15451] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15451] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15452] <... futex resumed>) = 1 [pid 15452] memfd_create("syzkaller", 0) = 4 [pid 15452] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15452] close(4) = 0 [pid 15452] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15452] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 15456 attached [pid 15456] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 15456] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15456] memfd_create("syzkaller", 0) = 4 [pid 15456] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15456] close(4) = 0 [pid 15456] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15451] <... futex resumed>) = 0 [pid 15451] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15451] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15452] <... futex resumed>) = 0 [pid 15452] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 15452] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15451] <... futex resumed>) = 0 [pid 15451] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15451] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15452] <... futex resumed>) = 1 [pid 15452] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 15452] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15451] <... futex resumed>) = 0 [pid 15451] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15451] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15452] <... futex resumed>) = 1 [pid 15452] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 15452] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15451] <... futex resumed>) = 0 [pid 15451] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15451] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15452] <... futex resumed>) = 1 [pid 15452] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651./strace-static-x86_64: Process 15455 attached [pid 15456] <... futex resumed>) = 1 [pid 15456] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15455] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 15455] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15455] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 15452] <... write resumed>) = 262144 [pid 15452] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15451] <... futex resumed>) = 0 [pid 15452] <... futex resumed>) = 1 [pid 15452] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15455] <... setxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 15455] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15455] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15451] close(3) = 0 [pid 15451] close(4) = 0 [pid 15451] close(5) = 0 [pid 15451] close(6) = -1 EBADF (Bad file descriptor) [pid 15451] close(7) = -1 EBADF (Bad file descriptor) [pid 15451] close(8) = -1 EBADF (Bad file descriptor) [pid 15451] close(9) = -1 EBADF (Bad file descriptor) [pid 15451] close(10) = -1 EBADF (Bad file descriptor) [pid 15451] close(11) = -1 EBADF (Bad file descriptor) [pid 15451] close(12) = -1 EBADF (Bad file descriptor) [pid 15451] close(13) = -1 EBADF (Bad file descriptor) [pid 15451] close(14) = -1 EBADF (Bad file descriptor) [pid 15451] close(15) = -1 EBADF (Bad file descriptor) [pid 15451] close(16) = -1 EBADF (Bad file descriptor) [pid 15451] close(17) = -1 EBADF (Bad file descriptor) [pid 15451] close(18) = -1 EBADF (Bad file descriptor) [pid 15451] close(19) = -1 EBADF (Bad file descriptor) [pid 15451] close(20) = -1 EBADF (Bad file descriptor) [pid 15451] close(21) = -1 EBADF (Bad file descriptor) [pid 15451] close(22) = -1 EBADF (Bad file descriptor) [pid 15451] close(23) = -1 EBADF (Bad file descriptor) [pid 15451] close(24) = -1 EBADF (Bad file descriptor) [pid 15451] close(25) = -1 EBADF (Bad file descriptor) [pid 15451] close(26) = -1 EBADF (Bad file descriptor) [pid 15451] close(27) = -1 EBADF (Bad file descriptor) [pid 15451] close(28) = -1 EBADF (Bad file descriptor) [pid 15451] close(29) = -1 EBADF (Bad file descriptor) [pid 15451] exit_group(0 [pid 15456] <... futex resumed>) = ? [pid 15451] <... exit_group resumed>) = ? [pid 15456] +++ exited with 0 +++ [pid 15452] <... futex resumed>) = ? [pid 15452] +++ exited with 0 +++ [pid 15455] <... futex resumed>) = ? [pid 15455] +++ exited with 0 +++ [pid 15451] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9763, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 289] umount2("./2556", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2556", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2556/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2556/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2556/binderfs") = 0 [ 307.452684][T15452] EXT4-fs (loop0): 1 truncate cleaned up [ 307.458224][T15452] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue [ 307.481625][T15455] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5886: Corrupt filesystem [pid 289] umount2("./2556/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2556/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2556/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2556/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2556/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2556/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2556") = 0 [pid 289] mkdir("./2557", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9767 ./strace-static-x86_64: Process 15457 attached [pid 15457] set_robust_list(0x555556f746a0, 24) = 0 [pid 15457] chdir("./2557") = 0 [pid 15457] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15457] setpgid(0, 0) = 0 [pid 15457] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15457] write(3, "1000", 4) = 4 [pid 15457] close(3) = 0 [pid 15457] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15457] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15457] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15457] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15457] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15457] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15457] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15457] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0}./strace-static-x86_64: Process 15458 attached => {parent_tid=[9768]}, 88) = 9768 [pid 15458] set_robust_list(0x7fbc6730d9a0, 24 [pid 15457] rt_sigprocmask(SIG_SETMASK, [], [pid 15458] <... set_robust_list resumed>) = 0 [pid 15457] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15458] rt_sigprocmask(SIG_SETMASK, [], [pid 15457] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15458] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15457] <... futex resumed>) = 0 [pid 15457] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15458] memfd_create("syzkaller", 0) = 3 [pid 15458] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15458] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15458] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15458] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15458] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15458] close(3) = 0 [pid 15458] mkdir("./file1", 0777) = 0 [pid 15458] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15458] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15458] chdir("./file1") = 0 [pid 15458] ioctl(4, LOOP_CLR_FD) = 0 [pid 15458] close(4) = 0 [pid 15458] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15457] <... futex resumed>) = 0 [pid 15457] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15457] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15458] <... futex resumed>) = 1 [pid 15458] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15458] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15457] <... futex resumed>) = 0 [pid 15457] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15457] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15457] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15457] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15457] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15457] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[9769]}, 88) = 9769 [pid 15457] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15457] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15457] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15457] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 15457] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15457] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15457] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[9770]}, 88) = 9770 [pid 15457] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 15461 attached NULL, 8) = 0 [pid 15457] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15457] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15462 attached [pid 15461] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 15458] <... futex resumed>) = 1 [pid 15462] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 15462] rt_sigprocmask(SIG_SETMASK, [], [pid 15461] <... set_robust_list resumed>) = 0 [pid 15458] memfd_create("syzkaller", 0 [pid 15461] rt_sigprocmask(SIG_SETMASK, [], [pid 15462] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15458] <... memfd_create resumed>) = 4 [pid 15462] memfd_create("syzkaller", 0 [pid 15461] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15461] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0) = 0 [pid 15458] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 15462] <... memfd_create resumed>) = 5 [pid 15458] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 15458] close(4 [pid 15462] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 15458] <... close resumed>) = 0 [pid 15462] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 15462] close(5 [pid 15461] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15458] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15462] <... close resumed>) = 0 [pid 15461] <... futex resumed>) = 0 [pid 15458] <... futex resumed>) = 0 [pid 15462] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15461] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15458] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15457] <... futex resumed>) = 0 [pid 15457] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15457] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15462] <... futex resumed>) = 1 [pid 15462] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15458] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15458] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 15458] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15457] <... futex resumed>) = 0 [pid 15457] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15457] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15458] <... futex resumed>) = 1 [pid 15458] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 15458] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15457] <... futex resumed>) = 0 [pid 15457] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15457] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15458] <... futex resumed>) = 1 [pid 15458] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 15458] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15457] <... futex resumed>) = 0 [pid 15457] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15457] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15458] <... futex resumed>) = 1 [pid 15458] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 15458] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15457] <... futex resumed>) = 0 [pid 15457] close(3) = 0 [pid 15458] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15457] close(4) = 0 [pid 15457] close(5) = 0 [pid 15457] close(6) = -1 EBADF (Bad file descriptor) [pid 15457] close(7) = -1 EBADF (Bad file descriptor) [pid 15457] close(8) = -1 EBADF (Bad file descriptor) [pid 15457] close(9) = -1 EBADF (Bad file descriptor) [pid 15457] close(10) = -1 EBADF (Bad file descriptor) [pid 15457] close(11) = -1 EBADF (Bad file descriptor) [pid 15457] close(12) = -1 EBADF (Bad file descriptor) [pid 15457] close(13) = -1 EBADF (Bad file descriptor) [pid 15457] close(14) = -1 EBADF (Bad file descriptor) [pid 15457] close(15) = -1 EBADF (Bad file descriptor) [pid 15457] close(16) = -1 EBADF (Bad file descriptor) [pid 15457] close(17) = -1 EBADF (Bad file descriptor) [pid 15457] close(18) = -1 EBADF (Bad file descriptor) [pid 15457] close(19) = -1 EBADF (Bad file descriptor) [pid 15457] close(20) = -1 EBADF (Bad file descriptor) [pid 15457] close(21) = -1 EBADF (Bad file descriptor) [pid 15457] close(22) = -1 EBADF (Bad file descriptor) [pid 15457] close(23) = -1 EBADF (Bad file descriptor) [pid 15457] close(24) = -1 EBADF (Bad file descriptor) [pid 15457] close(25) = -1 EBADF (Bad file descriptor) [pid 15457] close(26) = -1 EBADF (Bad file descriptor) [pid 15457] close(27) = -1 EBADF (Bad file descriptor) [pid 15457] close(28) = -1 EBADF (Bad file descriptor) [pid 15457] close(29) = -1 EBADF (Bad file descriptor) [pid 15457] exit_group(0 [pid 15462] <... futex resumed>) = ? [pid 15461] <... futex resumed>) = ? [pid 15458] <... futex resumed>) = ? [pid 15457] <... exit_group resumed>) = ? [pid 15462] +++ exited with 0 +++ [pid 15461] +++ exited with 0 +++ [pid 15458] +++ exited with 0 +++ [pid 15457] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9767, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2557", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2557", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2557/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2557/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2557/binderfs") = 0 [ 307.550992][T15458] EXT4-fs (loop0): 1 truncate cleaned up [ 307.556609][T15458] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue [pid 289] umount2("./2557/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2557/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2557/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2557/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2557/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2557/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2557") = 0 [pid 289] mkdir("./2558", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9771 ./strace-static-x86_64: Process 15463 attached [pid 15463] set_robust_list(0x555556f746a0, 24) = 0 [pid 15463] chdir("./2558") = 0 [pid 15463] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15463] setpgid(0, 0) = 0 [pid 15463] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15463] write(3, "1000", 4) = 4 [pid 15463] close(3) = 0 [pid 15463] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15463] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15463] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15463] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15463] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15463] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15463] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15463] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[9772]}, 88) = 9772 [pid 15463] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15463] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15463] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15464 attached [pid 15464] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15464] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15464] memfd_create("syzkaller", 0) = 3 [pid 15464] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15464] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15464] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15464] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15464] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15464] close(3) = 0 [pid 15464] mkdir("./file1", 0777) = 0 [pid 15464] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15464] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15464] chdir("./file1") = 0 [pid 15464] ioctl(4, LOOP_CLR_FD) = 0 [pid 15464] close(4) = 0 [pid 15464] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15463] <... futex resumed>) = 0 [pid 15463] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15463] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15464] <... futex resumed>) = 1 [pid 15464] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15464] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15463] <... futex resumed>) = 0 [pid 15463] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15463] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15463] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15463] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15463] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15463] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[9773]}, 88) = 9773 [pid 15463] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15463] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15463] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15463] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 15463] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15463] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15463] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[9774]}, 88) = 9774 [pid 15463] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15463] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15463] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15464] <... futex resumed>) = 1 [pid 15464] memfd_create("syzkaller", 0) = 4 [pid 15464] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15464] close(4) = 0 [pid 15464] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15464] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 15468 attached [pid 15468] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 15468] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15468] memfd_create("syzkaller", 0) = 4 [pid 15468] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15468] close(4) = 0 [pid 15468] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15463] <... futex resumed>) = 0 [pid 15463] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15463] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15464] <... futex resumed>) = 0 [pid 15464] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 15468] <... futex resumed>) = 1 [pid 15468] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 15467 attached [pid 15467] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 15467] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15467] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0) = 0 [pid 15467] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15467] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15464] <... open resumed>) = 4 [pid 15464] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15463] <... futex resumed>) = 0 [pid 15463] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15463] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15464] <... futex resumed>) = 1 [pid 15464] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 15464] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15463] <... futex resumed>) = 0 [pid 15463] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15463] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15464] <... futex resumed>) = 1 [pid 15464] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 15464] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15463] <... futex resumed>) = 0 [pid 15463] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15463] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15464] <... futex resumed>) = 1 [pid 15464] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 15464] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15464] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15463] <... futex resumed>) = 0 [pid 15463] close(3) = 0 [pid 15463] close(4) = 0 [pid 15463] close(5) = 0 [pid 15463] close(6) = -1 EBADF (Bad file descriptor) [pid 15463] close(7) = -1 EBADF (Bad file descriptor) [pid 15463] close(8) = -1 EBADF (Bad file descriptor) [pid 15463] close(9) = -1 EBADF (Bad file descriptor) [pid 15463] close(10) = -1 EBADF (Bad file descriptor) [pid 15463] close(11) = -1 EBADF (Bad file descriptor) [pid 15463] close(12) = -1 EBADF (Bad file descriptor) [pid 15463] close(13) = -1 EBADF (Bad file descriptor) [pid 15463] close(14) = -1 EBADF (Bad file descriptor) [pid 15463] close(15) = -1 EBADF (Bad file descriptor) [pid 15463] close(16) = -1 EBADF (Bad file descriptor) [pid 15463] close(17) = -1 EBADF (Bad file descriptor) [pid 15463] close(18) = -1 EBADF (Bad file descriptor) [pid 15463] close(19) = -1 EBADF (Bad file descriptor) [pid 15463] close(20) = -1 EBADF (Bad file descriptor) [pid 15463] close(21) = -1 EBADF (Bad file descriptor) [pid 15463] close(22) = -1 EBADF (Bad file descriptor) [pid 15463] close(23) = -1 EBADF (Bad file descriptor) [pid 15463] close(24) = -1 EBADF (Bad file descriptor) [pid 15463] close(25) = -1 EBADF (Bad file descriptor) [pid 15463] close(26) = -1 EBADF (Bad file descriptor) [pid 15463] close(27) = -1 EBADF (Bad file descriptor) [pid 15463] close(28) = -1 EBADF (Bad file descriptor) [pid 15463] close(29) = -1 EBADF (Bad file descriptor) [pid 15463] exit_group(0) = ? [pid 15468] <... futex resumed>) = ? [pid 15468] +++ exited with 0 +++ [pid 15467] <... futex resumed>) = ? [pid 15464] <... futex resumed>) = ? [pid 15467] +++ exited with 0 +++ [pid 15464] +++ exited with 0 +++ [pid 15463] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9771, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2558", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2558", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2558/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2558/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2558/binderfs") = 0 [ 307.652045][T15464] EXT4-fs (loop0): 1 truncate cleaned up [ 307.657654][T15464] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue [pid 289] umount2("./2558/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2558/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2558/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2558/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2558/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2558/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2558") = 0 [pid 289] mkdir("./2559", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9775 ./strace-static-x86_64: Process 15469 attached [pid 15469] set_robust_list(0x555556f746a0, 24) = 0 [pid 15469] chdir("./2559") = 0 [pid 15469] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15469] setpgid(0, 0) = 0 [pid 15469] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15469] write(3, "1000", 4) = 4 [pid 15469] close(3) = 0 [pid 15469] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15469] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15469] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15469] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15469] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15469] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15469] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15469] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[9776]}, 88) = 9776 [pid 15469] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15469] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15469] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15470 attached [pid 15470] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15470] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15470] memfd_create("syzkaller", 0) = 3 [pid 15470] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15470] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15470] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15470] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15470] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15470] close(3) = 0 [pid 15470] mkdir("./file1", 0777) = 0 [pid 15470] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15470] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15470] chdir("./file1") = 0 [pid 15470] ioctl(4, LOOP_CLR_FD) = 0 [pid 15470] close(4) = 0 [pid 15470] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15469] <... futex resumed>) = 0 [pid 15469] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15469] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15470] <... futex resumed>) = 1 [pid 15470] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15470] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15469] <... futex resumed>) = 0 [pid 15469] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15469] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15469] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15469] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15469] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15469] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[9777]}, 88) = 9777 [pid 15469] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15469] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15469] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15469] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 15469] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15469] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15469] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[9778]}, 88) = 9778 [pid 15469] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15469] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15469] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15470] <... futex resumed>) = 1 [pid 15470] memfd_create("syzkaller", 0) = 4 [pid 15470] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15470] close(4) = 0 [pid 15470] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15470] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 15473 attached [pid 15473] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 15473] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15473] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0) = 0 [pid 15473] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15473] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 15474 attached [pid 15474] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 15474] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15474] memfd_create("syzkaller", 0) = 4 [pid 15474] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15474] close(4) = 0 [pid 15474] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15469] <... futex resumed>) = 0 [pid 15469] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15469] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15474] <... futex resumed>) = 1 [pid 15470] <... futex resumed>) = 0 [pid 15474] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15470] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 15470] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15469] <... futex resumed>) = 0 [pid 15469] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15469] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15470] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 15470] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15469] <... futex resumed>) = 0 [pid 15469] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15469] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15470] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 15470] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15469] <... futex resumed>) = 0 [pid 15469] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15469] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15470] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 15470] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15470] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15469] <... futex resumed>) = 0 [pid 15469] close(3) = 0 [pid 15469] close(4) = 0 [pid 15469] close(5) = 0 [pid 15469] close(6) = -1 EBADF (Bad file descriptor) [pid 15469] close(7) = -1 EBADF (Bad file descriptor) [pid 15469] close(8) = -1 EBADF (Bad file descriptor) [pid 15469] close(9) = -1 EBADF (Bad file descriptor) [pid 15469] close(10) = -1 EBADF (Bad file descriptor) [pid 15469] close(11) = -1 EBADF (Bad file descriptor) [pid 15469] close(12) = -1 EBADF (Bad file descriptor) [pid 15469] close(13) = -1 EBADF (Bad file descriptor) [pid 15469] close(14) = -1 EBADF (Bad file descriptor) [pid 15469] close(15) = -1 EBADF (Bad file descriptor) [pid 15469] close(16) = -1 EBADF (Bad file descriptor) [pid 15469] close(17) = -1 EBADF (Bad file descriptor) [pid 15469] close(18) = -1 EBADF (Bad file descriptor) [pid 15469] close(19) = -1 EBADF (Bad file descriptor) [pid 15469] close(20) = -1 EBADF (Bad file descriptor) [pid 15469] close(21) = -1 EBADF (Bad file descriptor) [pid 15469] close(22) = -1 EBADF (Bad file descriptor) [pid 15469] close(23) = -1 EBADF (Bad file descriptor) [pid 15469] close(24) = -1 EBADF (Bad file descriptor) [pid 15469] close(25) = -1 EBADF (Bad file descriptor) [pid 15469] close(26) = -1 EBADF (Bad file descriptor) [pid 15469] close(27) = -1 EBADF (Bad file descriptor) [pid 15469] close(28) = -1 EBADF (Bad file descriptor) [pid 15469] close(29) = -1 EBADF (Bad file descriptor) [pid 15469] exit_group(0) = ? [pid 15470] <... futex resumed>) = ? [pid 15470] +++ exited with 0 +++ [pid 15473] <... futex resumed>) = ? [pid 15473] +++ exited with 0 +++ [pid 15474] <... futex resumed>) = ? [pid 15474] +++ exited with 0 +++ [pid 15469] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9775, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 289] umount2("./2559", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2559", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2559/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2559/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2559/binderfs") = 0 [ 307.781371][T15470] EXT4-fs (loop0): 1 truncate cleaned up [ 307.786868][T15470] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue [pid 289] umount2("./2559/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2559/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2559/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2559/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2559/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2559/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2559") = 0 [pid 289] mkdir("./2560", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9779 ./strace-static-x86_64: Process 15475 attached [pid 15475] set_robust_list(0x555556f746a0, 24) = 0 [pid 15475] chdir("./2560") = 0 [pid 15475] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15475] setpgid(0, 0) = 0 [pid 15475] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15475] write(3, "1000", 4) = 4 [pid 15475] close(3) = 0 [pid 15475] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15475] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15475] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15475] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15475] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15475] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15475] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15475] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[9780]}, 88) = 9780 [pid 15475] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15475] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15475] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15476 attached [pid 15476] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15476] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15476] memfd_create("syzkaller", 0) = 3 [pid 15476] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15476] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15476] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15476] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15476] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15476] close(3) = 0 [pid 15476] mkdir("./file1", 0777) = 0 [pid 15476] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15476] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15476] chdir("./file1") = 0 [pid 15476] ioctl(4, LOOP_CLR_FD) = 0 [pid 15476] close(4) = 0 [pid 15476] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15476] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15475] <... futex resumed>) = 0 [pid 15475] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15475] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15476] <... futex resumed>) = 0 [pid 15476] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15476] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15475] <... futex resumed>) = 0 [pid 15475] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15475] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15475] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15475] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15475] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15475] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[9781]}, 88) = 9781 [pid 15475] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15475] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15475] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15475] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 15475] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15475] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15475] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[9782]}, 88) = 9782 [pid 15475] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15475] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15475] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15476] <... futex resumed>) = 1 [pid 15476] memfd_create("syzkaller", 0) = 4 [pid 15476] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15476] close(4) = 0 [pid 15476] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15476] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 15479 attached [pid 15479] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 15479] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15479] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0./strace-static-x86_64: Process 15480 attached [pid 15480] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 15480] rt_sigprocmask(SIG_SETMASK, [], [pid 15479] <... setxattr resumed>) = 0 [pid 15480] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15479] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15480] memfd_create("syzkaller", 0) = 4 [pid 15480] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15480] close(4) = 0 [pid 15480] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15475] <... futex resumed>) = 0 [pid 15475] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15475] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15476] <... futex resumed>) = 0 [pid 15476] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 15476] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15475] <... futex resumed>) = 0 [pid 15475] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15475] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15476] <... futex resumed>) = 1 [pid 15479] <... futex resumed>) = 0 [pid 15476] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 15480] <... futex resumed>) = 1 [pid 15476] <... mount resumed>) = 0 [pid 15476] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15475] <... futex resumed>) = 0 [pid 15475] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15475] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15476] <... futex resumed>) = 1 [pid 15476] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 15476] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15475] <... futex resumed>) = 0 [pid 15475] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15475] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15476] <... futex resumed>) = 1 [pid 15476] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 15480] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15479] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15476] <... write resumed>) = 262144 [pid 15476] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15475] <... futex resumed>) = 0 [pid 15476] <... futex resumed>) = 1 [pid 15475] close(3 [pid 15476] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15475] <... close resumed>) = 0 [pid 15475] close(4) = 0 [pid 15475] close(5) = 0 [pid 15475] close(6) = -1 EBADF (Bad file descriptor) [pid 15475] close(7) = -1 EBADF (Bad file descriptor) [pid 15475] close(8) = -1 EBADF (Bad file descriptor) [pid 15475] close(9) = -1 EBADF (Bad file descriptor) [pid 15475] close(10) = -1 EBADF (Bad file descriptor) [pid 15475] close(11) = -1 EBADF (Bad file descriptor) [pid 15475] close(12) = -1 EBADF (Bad file descriptor) [pid 15475] close(13) = -1 EBADF (Bad file descriptor) [pid 15475] close(14) = -1 EBADF (Bad file descriptor) [pid 15475] close(15) = -1 EBADF (Bad file descriptor) [pid 15475] close(16) = -1 EBADF (Bad file descriptor) [pid 15475] close(17) = -1 EBADF (Bad file descriptor) [pid 15475] close(18) = -1 EBADF (Bad file descriptor) [pid 15475] close(19) = -1 EBADF (Bad file descriptor) [pid 15475] close(20) = -1 EBADF (Bad file descriptor) [pid 15475] close(21) = -1 EBADF (Bad file descriptor) [pid 15475] close(22) = -1 EBADF (Bad file descriptor) [pid 15475] close(23) = -1 EBADF (Bad file descriptor) [pid 15475] close(24) = -1 EBADF (Bad file descriptor) [pid 15475] close(25) = -1 EBADF (Bad file descriptor) [pid 15475] close(26) = -1 EBADF (Bad file descriptor) [pid 15475] close(27) = -1 EBADF (Bad file descriptor) [pid 15475] close(28) = -1 EBADF (Bad file descriptor) [pid 15475] close(29) = -1 EBADF (Bad file descriptor) [pid 15475] exit_group(0) = ? [pid 15476] <... futex resumed>) = ? [pid 15476] +++ exited with 0 +++ [pid 15480] <... futex resumed>) = ? [pid 15479] <... futex resumed>) = ? [pid 15480] +++ exited with 0 +++ [pid 15479] +++ exited with 0 +++ [pid 15475] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9779, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2560", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2560", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2560/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2560/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2560/binderfs") = 0 [ 307.910852][T15476] EXT4-fs (loop0): 1 truncate cleaned up [ 307.916465][T15476] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue [pid 289] umount2("./2560/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2560/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2560/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2560/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2560/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2560/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2560") = 0 [pid 289] mkdir("./2561", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9783 ./strace-static-x86_64: Process 15481 attached [pid 15481] set_robust_list(0x555556f746a0, 24) = 0 [pid 15481] chdir("./2561") = 0 [pid 15481] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15481] setpgid(0, 0) = 0 [pid 15481] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15481] write(3, "1000", 4) = 4 [pid 15481] close(3) = 0 [pid 15481] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15481] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15481] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15481] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15481] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15481] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15481] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15481] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[9784]}, 88) = 9784 [pid 15481] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15481] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15481] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15482 attached [pid 15482] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15482] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15482] memfd_create("syzkaller", 0) = 3 [pid 15482] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15482] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15482] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15482] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15482] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15482] close(3) = 0 [pid 15482] mkdir("./file1", 0777) = 0 [pid 15482] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15482] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15482] chdir("./file1") = 0 [pid 15482] ioctl(4, LOOP_CLR_FD) = 0 [pid 15482] close(4) = 0 [pid 15482] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15481] <... futex resumed>) = 0 [pid 15481] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15481] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15482] <... futex resumed>) = 1 [pid 15482] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15482] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15481] <... futex resumed>) = 0 [pid 15481] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15481] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15481] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15481] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15481] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15481] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[9785]}, 88) = 9785 [pid 15481] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15481] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15481] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15481] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 15481] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15481] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15481] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[9786]}, 88) = 9786 [pid 15481] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15481] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15481] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15482] <... futex resumed>) = 1 [pid 15482] memfd_create("syzkaller", 0) = 4 [pid 15482] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15482] close(4) = 0 [pid 15482] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15482] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 15486 attached [pid 15486] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 15486] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15486] memfd_create("syzkaller", 0) = 4 [pid 15486] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15486] close(4) = 0 [pid 15486] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15481] <... futex resumed>) = 0 [pid 15481] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15481] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15482] <... futex resumed>) = 0 [pid 15482] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 15486] <... futex resumed>) = 1 [pid 15486] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 15485 attached [pid 15482] <... open resumed>) = 4 [pid 15482] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15481] <... futex resumed>) = 0 [pid 15482] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 15481] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15482] <... mount resumed>) = 0 [pid 15481] <... futex resumed>) = 0 [pid 15482] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15481] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15482] <... futex resumed>) = 0 [pid 15481] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15482] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 15481] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15482] <... open resumed>) = 5 [pid 15481] <... futex resumed>) = 0 [pid 15482] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15481] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15482] <... futex resumed>) = 0 [pid 15481] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15482] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 15481] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15481] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15485] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 15485] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15485] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 15482] <... write resumed>) = 262144 [pid 15482] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15482] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15481] <... futex resumed>) = 0 [pid 15485] <... setxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 15485] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15485] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15481] close(3) = 0 [pid 15481] close(4) = 0 [pid 15481] close(5) = 0 [pid 15481] close(6) = -1 EBADF (Bad file descriptor) [pid 15481] close(7) = -1 EBADF (Bad file descriptor) [pid 15481] close(8) = -1 EBADF (Bad file descriptor) [pid 15481] close(9) = -1 EBADF (Bad file descriptor) [pid 15481] close(10) = -1 EBADF (Bad file descriptor) [pid 15481] close(11) = -1 EBADF (Bad file descriptor) [pid 15481] close(12) = -1 EBADF (Bad file descriptor) [pid 15481] close(13) = -1 EBADF (Bad file descriptor) [pid 15481] close(14) = -1 EBADF (Bad file descriptor) [pid 15481] close(15) = -1 EBADF (Bad file descriptor) [pid 15481] close(16) = -1 EBADF (Bad file descriptor) [pid 15481] close(17) = -1 EBADF (Bad file descriptor) [pid 15481] close(18) = -1 EBADF (Bad file descriptor) [pid 15481] close(19) = -1 EBADF (Bad file descriptor) [pid 15481] close(20) = -1 EBADF (Bad file descriptor) [pid 15481] close(21) = -1 EBADF (Bad file descriptor) [pid 15481] close(22) = -1 EBADF (Bad file descriptor) [pid 15481] close(23) = -1 EBADF (Bad file descriptor) [pid 15481] close(24) = -1 EBADF (Bad file descriptor) [pid 15481] close(25) = -1 EBADF (Bad file descriptor) [pid 15481] close(26) = -1 EBADF (Bad file descriptor) [pid 15481] close(27) = -1 EBADF (Bad file descriptor) [pid 15481] close(28) = -1 EBADF (Bad file descriptor) [pid 15481] close(29) = -1 EBADF (Bad file descriptor) [pid 15481] exit_group(0 [pid 15486] <... futex resumed>) = ? [pid 15481] <... exit_group resumed>) = ? [pid 15486] +++ exited with 0 +++ [pid 15482] <... futex resumed>) = ? [pid 15482] +++ exited with 0 +++ [pid 15485] <... futex resumed>) = ? [pid 15485] +++ exited with 0 +++ [pid 15481] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9783, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2561", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2561", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2561/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2561/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2561/binderfs") = 0 [pid 289] umount2("./2561/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2561/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2561/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2561/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2561/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2561/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2561") = 0 [pid 289] mkdir("./2562", 0777) = 0 [ 308.021581][T15482] EXT4-fs (loop0): 1 truncate cleaned up [ 308.027269][T15482] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue [ 308.052084][T15485] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5886: Corrupt filesystem [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9787 ./strace-static-x86_64: Process 15487 attached [pid 15487] set_robust_list(0x555556f746a0, 24) = 0 [pid 15487] chdir("./2562") = 0 [pid 15487] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15487] setpgid(0, 0) = 0 [pid 15487] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15487] write(3, "1000", 4) = 4 [pid 15487] close(3) = 0 [pid 15487] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15487] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15487] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15487] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15487] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15487] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15487] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15487] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[9788]}, 88) = 9788 [pid 15487] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15487] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15487] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15488 attached [pid 15488] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15488] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15488] memfd_create("syzkaller", 0) = 3 [pid 15488] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15488] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15488] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15488] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15488] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15488] close(3) = 0 [pid 15488] mkdir("./file1", 0777) = 0 [pid 15488] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15488] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15488] chdir("./file1") = 0 [pid 15488] ioctl(4, LOOP_CLR_FD) = 0 [pid 15488] close(4) = 0 [pid 15488] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15488] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15487] <... futex resumed>) = 0 [pid 15487] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15487] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15488] <... futex resumed>) = 0 [pid 15488] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15488] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15487] <... futex resumed>) = 0 [pid 15487] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15487] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15487] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15487] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15487] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15487] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[9789]}, 88) = 9789 [pid 15487] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15487] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15487] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15487] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 15487] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15487] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 ./strace-static-x86_64: Process 15491 attached [pid 15487] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0}./strace-static-x86_64: Process 15492 attached [pid 15491] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 15487] <... clone3 resumed> => {parent_tid=[9790]}, 88) = 9790 [pid 15487] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15487] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15487] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15492] set_robust_list(0x7fbc5ef0b9a0, 24 [pid 15491] <... set_robust_list resumed>) = 0 [pid 15488] <... futex resumed>) = 1 [pid 15488] memfd_create("syzkaller", 0) = 4 [pid 15488] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 15491] rt_sigprocmask(SIG_SETMASK, [], [pid 15488] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 15488] close(4 [pid 15492] <... set_robust_list resumed>) = 0 [pid 15491] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15488] <... close resumed>) = 0 [pid 15488] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15488] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15491] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 15492] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15492] memfd_create("syzkaller", 0 [pid 15491] <... setxattr resumed>) = 0 [pid 15492] <... memfd_create resumed>) = 4 [pid 15492] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15492] close(4) = 0 [pid 15492] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15491] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15487] <... futex resumed>) = 0 [pid 15487] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15487] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15491] <... futex resumed>) = 0 [pid 15488] <... futex resumed>) = 0 [pid 15488] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 15491] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15488] <... open resumed>) = 4 [pid 15488] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15487] <... futex resumed>) = 0 [pid 15487] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15487] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15488] <... futex resumed>) = 1 [pid 15488] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 15492] <... futex resumed>) = 1 [pid 15492] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15488] <... mount resumed>) = 0 [pid 15488] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15487] <... futex resumed>) = 0 [pid 15487] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15487] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15488] <... futex resumed>) = 1 [pid 15488] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 15488] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15487] <... futex resumed>) = 0 [pid 15487] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15487] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15488] <... futex resumed>) = 1 [pid 15488] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 15488] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15487] <... futex resumed>) = 0 [pid 15487] close(3) = 0 [pid 15487] close(4) = 0 [pid 15487] close(5) = 0 [pid 15487] close(6) = -1 EBADF (Bad file descriptor) [pid 15487] close(7) = -1 EBADF (Bad file descriptor) [pid 15487] close(8) = -1 EBADF (Bad file descriptor) [pid 15487] close(9) = -1 EBADF (Bad file descriptor) [pid 15487] close(10) = -1 EBADF (Bad file descriptor) [pid 15487] close(11) = -1 EBADF (Bad file descriptor) [pid 15487] close(12) = -1 EBADF (Bad file descriptor) [pid 15487] close(13) = -1 EBADF (Bad file descriptor) [pid 15487] close(14) = -1 EBADF (Bad file descriptor) [pid 15487] close(15) = -1 EBADF (Bad file descriptor) [pid 15487] close(16) = -1 EBADF (Bad file descriptor) [pid 15487] close(17) = -1 EBADF (Bad file descriptor) [pid 15487] close(18) = -1 EBADF (Bad file descriptor) [pid 15487] close(19) = -1 EBADF (Bad file descriptor) [pid 15487] close(20) = -1 EBADF (Bad file descriptor) [pid 15487] close(21) = -1 EBADF (Bad file descriptor) [pid 15487] close(22) = -1 EBADF (Bad file descriptor) [pid 15487] close(23) = -1 EBADF (Bad file descriptor) [pid 15487] close(24) = -1 EBADF (Bad file descriptor) [pid 15487] close(25) = -1 EBADF (Bad file descriptor) [pid 15487] close(26) = -1 EBADF (Bad file descriptor) [pid 15487] close(27) = -1 EBADF (Bad file descriptor) [pid 15487] close(28) = -1 EBADF (Bad file descriptor) [pid 15487] close(29) = -1 EBADF (Bad file descriptor) [pid 15487] exit_group(0) = ? [pid 15491] <... futex resumed>) = ? [pid 15492] <... futex resumed>) = ? [pid 15491] +++ exited with 0 +++ [pid 15492] +++ exited with 0 +++ [pid 15488] <... futex resumed>) = ? [pid 15488] +++ exited with 0 +++ [pid 15487] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9787, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2562", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2562", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2562/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2562/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2562/binderfs") = 0 [ 308.182272][T15488] EXT4-fs (loop0): 1 truncate cleaned up [ 308.188021][T15488] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue [pid 289] umount2("./2562/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2562/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2562/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2562/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2562/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2562/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2562") = 0 [pid 289] mkdir("./2563", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9791 ./strace-static-x86_64: Process 15493 attached [pid 15493] set_robust_list(0x555556f746a0, 24) = 0 [pid 15493] chdir("./2563") = 0 [pid 15493] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15493] setpgid(0, 0) = 0 [pid 15493] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15493] write(3, "1000", 4) = 4 [pid 15493] close(3) = 0 [pid 15493] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15493] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15493] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15493] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15493] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15493] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15493] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15493] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[9792]}, 88) = 9792 ./strace-static-x86_64: Process 15494 attached [pid 15493] rt_sigprocmask(SIG_SETMASK, [], [pid 15494] set_robust_list(0x7fbc6730d9a0, 24 [pid 15493] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15493] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15493] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15494] <... set_robust_list resumed>) = 0 [pid 15494] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15494] memfd_create("syzkaller", 0) = 3 [pid 15494] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15494] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15494] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15494] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15494] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15494] close(3) = 0 [pid 15494] mkdir("./file1", 0777) = 0 [pid 15494] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15494] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15494] chdir("./file1") = 0 [pid 15494] ioctl(4, LOOP_CLR_FD) = 0 [pid 15494] close(4) = 0 [pid 15494] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15493] <... futex resumed>) = 0 [pid 15493] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15493] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15494] <... futex resumed>) = 1 [pid 15494] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15494] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15493] <... futex resumed>) = 0 [pid 15493] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15493] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15493] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15493] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15493] rt_sigprocmask(SIG_BLOCK, ~[], [pid 15494] <... futex resumed>) = 1 [pid 15493] <... rt_sigprocmask resumed>[], 8) = 0 [pid 15494] memfd_create("syzkaller", 0) = 4 [pid 15494] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15493] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} [pid 15494] close(4) = 0 [pid 15494] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15494] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15493] <... clone3 resumed> => {parent_tid=[9793]}, 88) = 9793 [pid 15493] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 15497 attached NULL, 8) = 0 [pid 15497] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 15493] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15493] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15497] <... set_robust_list resumed>) = 0 [pid 15493] <... futex resumed>) = 1 [pid 15494] <... futex resumed>) = 0 [pid 15497] rt_sigprocmask(SIG_SETMASK, [], [pid 15493] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15494] memfd_create("syzkaller", 0 [pid 15497] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15497] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 15494] <... memfd_create resumed>) = 4 [pid 15497] <... setxattr resumed>) = 0 [pid 15494] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 15497] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15497] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15494] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 15494] close(4) = 0 [pid 15494] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15493] <... futex resumed>) = 0 [pid 15493] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15494] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 15493] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15494] <... open resumed>) = 4 [pid 15494] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15493] <... futex resumed>) = 0 [pid 15494] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15493] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15494] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15493] <... futex resumed>) = 0 [pid 15494] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 15493] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15494] <... mount resumed>) = 0 [pid 15494] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15493] <... futex resumed>) = 0 [pid 15494] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 15493] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15493] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15494] <... open resumed>) = 5 [pid 15494] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15493] <... futex resumed>) = 0 [pid 15494] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 15493] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15493] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15494] <... write resumed>) = 262144 [pid 15494] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15493] <... futex resumed>) = 0 [pid 15494] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15493] close(3) = 0 [pid 15493] close(4) = 0 [pid 15493] close(5) = 0 [pid 15493] close(6) = -1 EBADF (Bad file descriptor) [pid 15493] close(7) = -1 EBADF (Bad file descriptor) [pid 15493] close(8) = -1 EBADF (Bad file descriptor) [pid 15493] close(9) = -1 EBADF (Bad file descriptor) [pid 15493] close(10) = -1 EBADF (Bad file descriptor) [pid 15493] close(11) = -1 EBADF (Bad file descriptor) [pid 15493] close(12) = -1 EBADF (Bad file descriptor) [pid 15493] close(13) = -1 EBADF (Bad file descriptor) [pid 15493] close(14) = -1 EBADF (Bad file descriptor) [pid 15493] close(15) = -1 EBADF (Bad file descriptor) [pid 15493] close(16) = -1 EBADF (Bad file descriptor) [pid 15493] close(17) = -1 EBADF (Bad file descriptor) [pid 15493] close(18) = -1 EBADF (Bad file descriptor) [pid 15493] close(19) = -1 EBADF (Bad file descriptor) [pid 15493] close(20) = -1 EBADF (Bad file descriptor) [pid 15493] close(21) = -1 EBADF (Bad file descriptor) [pid 15493] close(22) = -1 EBADF (Bad file descriptor) [pid 15493] close(23) = -1 EBADF (Bad file descriptor) [pid 15493] close(24) = -1 EBADF (Bad file descriptor) [pid 15493] close(25) = -1 EBADF (Bad file descriptor) [pid 15493] close(26) = -1 EBADF (Bad file descriptor) [pid 15493] close(27) = -1 EBADF (Bad file descriptor) [pid 15493] close(28) = -1 EBADF (Bad file descriptor) [pid 15493] close(29) = -1 EBADF (Bad file descriptor) [pid 15493] exit_group(0 [pid 15494] <... futex resumed>) = ? [pid 15497] <... futex resumed>) = ? [pid 15493] <... exit_group resumed>) = ? [pid 15494] +++ exited with 0 +++ [pid 15497] +++ exited with 0 +++ [pid 15493] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9791, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2563", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2563", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2563/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2563/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2563/binderfs") = 0 [ 308.303936][T15494] EXT4-fs (loop0): 1 truncate cleaned up [ 308.309517][T15494] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue [pid 289] umount2("./2563/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2563/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2563/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2563/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2563/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2563/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2563") = 0 [pid 289] mkdir("./2564", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9794 ./strace-static-x86_64: Process 15499 attached [pid 15499] set_robust_list(0x555556f746a0, 24) = 0 [pid 15499] chdir("./2564") = 0 [pid 15499] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15499] setpgid(0, 0) = 0 [pid 15499] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15499] write(3, "1000", 4) = 4 [pid 15499] close(3) = 0 [pid 15499] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15499] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15499] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15499] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15499] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15499] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15499] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15499] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[9795]}, 88) = 9795 [pid 15499] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15499] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15499] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15500 attached [pid 15500] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15500] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15500] memfd_create("syzkaller", 0) = 3 [pid 15500] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15500] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15500] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15500] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15500] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15500] close(3) = 0 [pid 15500] mkdir("./file1", 0777) = 0 [pid 15500] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15500] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15500] chdir("./file1") = 0 [pid 15500] ioctl(4, LOOP_CLR_FD) = 0 [pid 15500] close(4) = 0 [pid 15500] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15499] <... futex resumed>) = 0 [pid 15499] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15499] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15500] <... futex resumed>) = 1 [pid 15500] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15500] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15499] <... futex resumed>) = 0 [pid 15499] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15499] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15499] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15499] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15499] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15499] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[9796]}, 88) = 9796 [pid 15499] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15499] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15499] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15499] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 15499] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15499] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15499] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[9797]}, 88) = 9797 [pid 15499] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15499] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15499] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15500] <... futex resumed>) = 1 [pid 15500] memfd_create("syzkaller", 0) = 4 [pid 15500] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15500] close(4) = 0 [pid 15500] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15500] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 15503 attached [pid 15503] set_robust_list(0x7fbc5ef2c9a0, 24./strace-static-x86_64: Process 15504 attached ) = 0 [pid 15503] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15503] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0) = 0 [pid 15503] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15503] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15504] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 15504] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15504] memfd_create("syzkaller", 0) = 4 [pid 15504] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15504] close(4) = 0 [pid 15504] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15499] <... futex resumed>) = 0 [pid 15504] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15499] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15499] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15500] <... futex resumed>) = 0 [pid 15500] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 15500] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15499] <... futex resumed>) = 0 [pid 15499] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15499] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15500] <... futex resumed>) = 1 [pid 15500] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 15500] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15499] <... futex resumed>) = 0 [pid 15499] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15499] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15500] <... futex resumed>) = 1 [pid 15500] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 15500] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15499] <... futex resumed>) = 0 [pid 15499] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15499] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15500] <... futex resumed>) = 1 [pid 15500] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 15500] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15499] <... futex resumed>) = 0 [pid 15500] <... futex resumed>) = 1 [pid 15499] close(3) = 0 [pid 15499] close(4) = 0 [pid 15499] close(5) = 0 [pid 15499] close(6) = -1 EBADF (Bad file descriptor) [pid 15499] close(7) = -1 EBADF (Bad file descriptor) [pid 15499] close(8) = -1 EBADF (Bad file descriptor) [pid 15499] close(9) = -1 EBADF (Bad file descriptor) [pid 15499] close(10) = -1 EBADF (Bad file descriptor) [pid 15499] close(11) = -1 EBADF (Bad file descriptor) [pid 15499] close(12) = -1 EBADF (Bad file descriptor) [pid 15499] close(13) = -1 EBADF (Bad file descriptor) [pid 15499] close(14) = -1 EBADF (Bad file descriptor) [pid 15499] close(15) = -1 EBADF (Bad file descriptor) [pid 15499] close(16) = -1 EBADF (Bad file descriptor) [pid 15499] close(17) = -1 EBADF (Bad file descriptor) [pid 15499] close(18) = -1 EBADF (Bad file descriptor) [pid 15499] close(19) = -1 EBADF (Bad file descriptor) [pid 15499] close(20) = -1 EBADF (Bad file descriptor) [pid 15499] close(21) = -1 EBADF (Bad file descriptor) [pid 15499] close(22) = -1 EBADF (Bad file descriptor) [pid 15499] close(23) = -1 EBADF (Bad file descriptor) [pid 15499] close(24) = -1 EBADF (Bad file descriptor) [pid 15499] close(25) = -1 EBADF (Bad file descriptor) [pid 15499] close(26) = -1 EBADF (Bad file descriptor) [pid 15499] close(27) = -1 EBADF (Bad file descriptor) [pid 15499] close(28) = -1 EBADF (Bad file descriptor) [pid 15499] close(29) = -1 EBADF (Bad file descriptor) [pid 15499] exit_group(0) = ? [pid 15503] <... futex resumed>) = ? [pid 15503] +++ exited with 0 +++ [pid 15504] <... futex resumed>) = ? [pid 15504] +++ exited with 0 +++ [pid 15500] +++ exited with 0 +++ [pid 15499] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9794, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2564", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2564", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2564/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2564/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2564/binderfs") = 0 [pid 289] umount2("./2564/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2564/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2564/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2564/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2564/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2564/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2564") = 0 [pid 289] mkdir("./2565", 0777) = 0 [ 308.457852][T15500] EXT4-fs (loop0): 1 truncate cleaned up [ 308.463842][T15500] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9798 ./strace-static-x86_64: Process 15505 attached [pid 15505] set_robust_list(0x555556f746a0, 24) = 0 [pid 15505] chdir("./2565") = 0 [pid 15505] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15505] setpgid(0, 0) = 0 [pid 15505] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15505] write(3, "1000", 4) = 4 [pid 15505] close(3) = 0 [pid 15505] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15505] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15505] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15505] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15505] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15505] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15505] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15505] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[9799]}, 88) = 9799 [pid 15505] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15505] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15505] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15506 attached [pid 15506] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15506] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15506] memfd_create("syzkaller", 0) = 3 [pid 15506] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15506] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15506] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15506] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15506] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15506] close(3) = 0 [pid 15506] mkdir("./file1", 0777) = 0 [pid 15506] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15506] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15506] chdir("./file1") = 0 [pid 15506] ioctl(4, LOOP_CLR_FD) = 0 [pid 15506] close(4) = 0 [pid 15506] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15505] <... futex resumed>) = 0 [pid 15505] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15505] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15506] <... futex resumed>) = 1 [pid 15506] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15506] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15505] <... futex resumed>) = 0 [pid 15505] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15505] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15505] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15505] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15505] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15505] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[9800]}, 88) = 9800 ./strace-static-x86_64: Process 15509 attached [pid 15506] <... futex resumed>) = 1 [pid 15505] rt_sigprocmask(SIG_SETMASK, [], [pid 15509] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 15506] memfd_create("syzkaller", 0 [pid 15509] <... set_robust_list resumed>) = 0 [pid 15506] <... memfd_create resumed>) = 4 [pid 15509] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15509] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15506] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15506] close(4) = 0 [pid 15506] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15506] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15505] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15505] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15505] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15505] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15509] <... futex resumed>) = 0 [pid 15509] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 15506] <... futex resumed>) = 0 [pid 15509] <... setxattr resumed>) = 0 [pid 15509] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15509] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15506] memfd_create("syzkaller", 0) = 4 [pid 15506] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15506] close(4) = 0 [pid 15506] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15505] <... futex resumed>) = 0 [pid 15505] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15505] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15506] <... futex resumed>) = 1 [pid 15506] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 15506] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15505] <... futex resumed>) = 0 [pid 15505] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15505] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15506] <... futex resumed>) = 1 [pid 15506] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 15506] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15505] <... futex resumed>) = 0 [pid 15506] <... futex resumed>) = 1 [pid 15505] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15505] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15506] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 15506] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15505] <... futex resumed>) = 0 [pid 15505] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15505] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15506] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 15506] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15505] <... futex resumed>) = 0 [pid 15505] close(3) = 0 [pid 15505] close(4) = 0 [pid 15505] close(5 [pid 15506] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15505] <... close resumed>) = 0 [pid 15505] close(6) = -1 EBADF (Bad file descriptor) [pid 15505] close(7) = -1 EBADF (Bad file descriptor) [pid 15505] close(8) = -1 EBADF (Bad file descriptor) [pid 15505] close(9) = -1 EBADF (Bad file descriptor) [pid 15505] close(10) = -1 EBADF (Bad file descriptor) [pid 15505] close(11) = -1 EBADF (Bad file descriptor) [pid 15505] close(12) = -1 EBADF (Bad file descriptor) [pid 15505] close(13) = -1 EBADF (Bad file descriptor) [pid 15505] close(14) = -1 EBADF (Bad file descriptor) [pid 15505] close(15) = -1 EBADF (Bad file descriptor) [pid 15505] close(16) = -1 EBADF (Bad file descriptor) [pid 15505] close(17) = -1 EBADF (Bad file descriptor) [pid 15505] close(18) = -1 EBADF (Bad file descriptor) [pid 15505] close(19) = -1 EBADF (Bad file descriptor) [pid 15505] close(20) = -1 EBADF (Bad file descriptor) [pid 15505] close(21) = -1 EBADF (Bad file descriptor) [pid 15505] close(22) = -1 EBADF (Bad file descriptor) [pid 15505] close(23) = -1 EBADF (Bad file descriptor) [pid 15505] close(24) = -1 EBADF (Bad file descriptor) [pid 15505] close(25) = -1 EBADF (Bad file descriptor) [pid 15505] close(26) = -1 EBADF (Bad file descriptor) [pid 15505] close(27) = -1 EBADF (Bad file descriptor) [pid 15505] close(28) = -1 EBADF (Bad file descriptor) [pid 15505] close(29) = -1 EBADF (Bad file descriptor) [pid 15505] exit_group(0 [pid 15509] <... futex resumed>) = ? [pid 15505] <... exit_group resumed>) = ? [pid 15509] +++ exited with 0 +++ [pid 15506] <... futex resumed>) = ? [pid 15506] +++ exited with 0 +++ [pid 15505] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9798, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2565", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2565", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2565/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2565/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2565/binderfs") = 0 [ 308.576054][T15506] EXT4-fs (loop0): 1 truncate cleaned up [ 308.581725][T15506] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue [pid 289] umount2("./2565/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2565/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2565/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2565/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2565/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2565/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2565") = 0 [pid 289] mkdir("./2566", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9801 ./strace-static-x86_64: Process 15510 attached [pid 15510] set_robust_list(0x555556f746a0, 24) = 0 [pid 15510] chdir("./2566") = 0 [pid 15510] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15510] setpgid(0, 0) = 0 [pid 15510] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15510] write(3, "1000", 4) = 4 [pid 15510] close(3) = 0 [pid 15510] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15510] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15510] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15510] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15510] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15510] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15510] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15510] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[9802]}, 88) = 9802 [pid 15510] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15510] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15510] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15511 attached [pid 15511] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15511] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15511] memfd_create("syzkaller", 0) = 3 [pid 15511] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15511] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15511] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15511] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15511] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15511] close(3) = 0 [pid 15511] mkdir("./file1", 0777) = 0 [pid 15511] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15511] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15511] chdir("./file1") = 0 [pid 15511] ioctl(4, LOOP_CLR_FD) = 0 [pid 15511] close(4) = 0 [pid 15511] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15510] <... futex resumed>) = 0 [pid 15511] setxattr("./file1", NULL, NULL, 0, 0 [pid 15510] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15511] <... setxattr resumed>) = -1 EFAULT (Bad address) [pid 15510] <... futex resumed>) = 0 [pid 15511] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15510] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15511] <... futex resumed>) = 0 [pid 15510] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15511] memfd_create("syzkaller", 0 [pid 15510] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15511] <... memfd_create resumed>) = 4 [pid 15510] <... futex resumed>) = 0 [pid 15511] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 15510] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15511] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 15510] <... futex resumed>) = 0 [pid 15511] close(4 [pid 15510] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 15511] <... close resumed>) = 0 [pid 15510] <... mmap resumed>) = 0x7fbc5ef0c000 [pid 15511] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15510] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE [pid 15511] <... futex resumed>) = 0 [pid 15510] <... mprotect resumed>) = 0 [pid 15511] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15510] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15510] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[9803]}, 88) = 9803 [pid 15510] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15510] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15510] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15511] <... futex resumed>) = 0 [pid 15510] <... futex resumed>) = 1 [pid 15511] memfd_create("syzkaller", 0 [pid 15510] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15511] <... memfd_create resumed>) = 4 [pid 15511] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15511] close(4) = 0 [pid 15511] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15510] <... futex resumed>) = 0 [pid 15511] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 15510] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15510] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15511] <... open resumed>) = 4 ./strace-static-x86_64: Process 15514 attached [pid 15511] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15510] <... futex resumed>) = 0 [pid 15511] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 15510] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15511] <... mount resumed>) = 0 [pid 15510] <... futex resumed>) = 0 [pid 15511] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15510] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15511] <... futex resumed>) = 0 [pid 15510] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15510] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15511] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 15510] <... futex resumed>) = 0 [pid 15510] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15511] <... open resumed>) = 5 [pid 15511] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15510] <... futex resumed>) = 0 [pid 15511] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 15510] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15510] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15514] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 15514] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15514] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 15511] <... write resumed>) = 262144 [pid 15511] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15510] <... futex resumed>) = 0 [pid 15511] <... futex resumed>) = 1 [pid 15511] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15514] <... setxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 15514] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15514] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15510] close(3) = 0 [pid 15510] close(4) = 0 [pid 15510] close(5) = 0 [pid 15510] close(6) = -1 EBADF (Bad file descriptor) [pid 15510] close(7) = -1 EBADF (Bad file descriptor) [pid 15510] close(8) = -1 EBADF (Bad file descriptor) [pid 15510] close(9) = -1 EBADF (Bad file descriptor) [pid 15510] close(10) = -1 EBADF (Bad file descriptor) [pid 15510] close(11) = -1 EBADF (Bad file descriptor) [pid 15510] close(12) = -1 EBADF (Bad file descriptor) [pid 15510] close(13) = -1 EBADF (Bad file descriptor) [pid 15510] close(14) = -1 EBADF (Bad file descriptor) [pid 15510] close(15) = -1 EBADF (Bad file descriptor) [pid 15510] close(16) = -1 EBADF (Bad file descriptor) [pid 15510] close(17) = -1 EBADF (Bad file descriptor) [pid 15510] close(18) = -1 EBADF (Bad file descriptor) [pid 15510] close(19) = -1 EBADF (Bad file descriptor) [pid 15510] close(20) = -1 EBADF (Bad file descriptor) [pid 15510] close(21) = -1 EBADF (Bad file descriptor) [pid 15510] close(22) = -1 EBADF (Bad file descriptor) [pid 15510] close(23) = -1 EBADF (Bad file descriptor) [pid 15510] close(24) = -1 EBADF (Bad file descriptor) [pid 15510] close(25) = -1 EBADF (Bad file descriptor) [pid 15510] close(26) = -1 EBADF (Bad file descriptor) [pid 15510] close(27) = -1 EBADF (Bad file descriptor) [pid 15510] close(28) = -1 EBADF (Bad file descriptor) [pid 15510] close(29) = -1 EBADF (Bad file descriptor) [pid 15510] exit_group(0) = ? [pid 15511] <... futex resumed>) = ? [pid 15511] +++ exited with 0 +++ [pid 15514] <... futex resumed>) = ? [pid 15514] +++ exited with 0 +++ [pid 15510] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9801, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 289] umount2("./2566", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2566", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2566/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2566/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2566/binderfs") = 0 [pid 289] umount2("./2566/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2566/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2566/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2566/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2566/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2566/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2566") = 0 [pid 289] mkdir("./2567", 0777) = 0 [ 308.739116][T15511] EXT4-fs (loop0): 1 truncate cleaned up [ 308.745038][T15511] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue [ 308.767876][T15514] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5886: Corrupt filesystem [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9804 ./strace-static-x86_64: Process 15515 attached [pid 15515] set_robust_list(0x555556f746a0, 24) = 0 [pid 15515] chdir("./2567") = 0 [pid 15515] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15515] setpgid(0, 0) = 0 [pid 15515] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15515] write(3, "1000", 4) = 4 [pid 15515] close(3) = 0 [pid 15515] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15515] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15515] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15515] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15515] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15515] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15515] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15515] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[9805]}, 88) = 9805 [pid 15515] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15515] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15515] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15516 attached [pid 15516] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15516] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15516] memfd_create("syzkaller", 0) = 3 [pid 15516] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15516] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15516] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15516] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15516] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15516] close(3) = 0 [pid 15516] mkdir("./file1", 0777) = 0 [pid 15516] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15516] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15516] chdir("./file1") = 0 [pid 15516] ioctl(4, LOOP_CLR_FD) = 0 [pid 15516] close(4) = 0 [pid 15516] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15515] <... futex resumed>) = 0 [pid 15515] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15515] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15516] <... futex resumed>) = 1 [pid 15516] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15516] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15515] <... futex resumed>) = 0 [pid 15515] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15515] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15515] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15515] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15515] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15515] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[9806]}, 88) = 9806 [pid 15515] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15515] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15515] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15515] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 15515] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15515] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15515] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[9807]}, 88) = 9807 [pid 15515] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15515] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15515] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15516] <... futex resumed>) = 1 [pid 15516] memfd_create("syzkaller", 0) = 4 [pid 15516] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15516] close(4) = 0 [pid 15516] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15516] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 15519 attached [pid 15519] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 15519] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15519] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0) = 0 [pid 15519] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15519] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 15520 attached [pid 15520] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 15520] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15520] memfd_create("syzkaller", 0) = 4 [pid 15520] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15520] close(4) = 0 [pid 15520] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15515] <... futex resumed>) = 0 [pid 15515] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15516] <... futex resumed>) = 0 [pid 15515] <... futex resumed>) = 1 [pid 15516] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 15515] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15516] <... open resumed>) = 4 [pid 15516] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15515] <... futex resumed>) = 0 [pid 15516] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 15515] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15516] <... mount resumed>) = 0 [pid 15515] <... futex resumed>) = 0 [pid 15516] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15515] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15516] <... futex resumed>) = 0 [pid 15515] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15516] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 15515] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15516] <... open resumed>) = 5 [pid 15515] <... futex resumed>) = 0 [pid 15516] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15515] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15516] <... futex resumed>) = 0 [pid 15515] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15516] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 15515] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15520] <... futex resumed>) = 1 [pid 15515] <... futex resumed>) = 0 [pid 15520] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15515] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15516] <... write resumed>) = 262144 [pid 15516] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15515] <... futex resumed>) = 0 [pid 15516] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15515] close(3) = 0 [pid 15515] close(4) = 0 [pid 15515] close(5) = 0 [pid 15515] close(6) = -1 EBADF (Bad file descriptor) [pid 15515] close(7) = -1 EBADF (Bad file descriptor) [pid 15515] close(8) = -1 EBADF (Bad file descriptor) [pid 15515] close(9) = -1 EBADF (Bad file descriptor) [pid 15515] close(10) = -1 EBADF (Bad file descriptor) [pid 15515] close(11) = -1 EBADF (Bad file descriptor) [pid 15515] close(12) = -1 EBADF (Bad file descriptor) [pid 15515] close(13) = -1 EBADF (Bad file descriptor) [pid 15515] close(14) = -1 EBADF (Bad file descriptor) [pid 15515] close(15) = -1 EBADF (Bad file descriptor) [pid 15515] close(16) = -1 EBADF (Bad file descriptor) [pid 15515] close(17) = -1 EBADF (Bad file descriptor) [pid 15515] close(18) = -1 EBADF (Bad file descriptor) [pid 15515] close(19) = -1 EBADF (Bad file descriptor) [pid 15515] close(20) = -1 EBADF (Bad file descriptor) [pid 15515] close(21) = -1 EBADF (Bad file descriptor) [pid 15515] close(22) = -1 EBADF (Bad file descriptor) [pid 15515] close(23) = -1 EBADF (Bad file descriptor) [pid 15515] close(24) = -1 EBADF (Bad file descriptor) [pid 15515] close(25) = -1 EBADF (Bad file descriptor) [pid 15515] close(26) = -1 EBADF (Bad file descriptor) [pid 15515] close(27) = -1 EBADF (Bad file descriptor) [pid 15515] close(28) = -1 EBADF (Bad file descriptor) [pid 15515] close(29) = -1 EBADF (Bad file descriptor) [pid 15515] exit_group(0 [pid 15519] <... futex resumed>) = ? [pid 15515] <... exit_group resumed>) = ? [pid 15519] +++ exited with 0 +++ [pid 15520] <... futex resumed>) = ? [pid 15516] <... futex resumed>) = ? [pid 15520] +++ exited with 0 +++ [pid 15516] +++ exited with 0 +++ [pid 15515] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9804, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2567", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2567", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2567/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2567/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2567/binderfs") = 0 [ 308.827880][T15516] EXT4-fs (loop0): 1 truncate cleaned up [ 308.833780][T15516] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue [pid 289] umount2("./2567/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2567/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2567/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2567/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2567/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2567/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2567") = 0 [pid 289] mkdir("./2568", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9808 ./strace-static-x86_64: Process 15521 attached [pid 15521] set_robust_list(0x555556f746a0, 24) = 0 [pid 15521] chdir("./2568") = 0 [pid 15521] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15521] setpgid(0, 0) = 0 [pid 15521] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15521] write(3, "1000", 4) = 4 [pid 15521] close(3) = 0 [pid 15521] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15521] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15521] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15521] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15521] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15521] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15521] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15521] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[9809]}, 88) = 9809 [pid 15521] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15521] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15521] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15522 attached [pid 15522] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15522] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15522] memfd_create("syzkaller", 0) = 3 [pid 15522] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15522] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15522] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15522] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15522] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15522] close(3) = 0 [pid 15522] mkdir("./file1", 0777) = 0 [pid 15522] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15522] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15522] chdir("./file1") = 0 [pid 15522] ioctl(4, LOOP_CLR_FD) = 0 [pid 15522] close(4) = 0 [pid 15522] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15521] <... futex resumed>) = 0 [pid 15521] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15521] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15522] <... futex resumed>) = 1 [pid 15522] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15522] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15521] <... futex resumed>) = 0 [pid 15521] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15521] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15521] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15521] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15521] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15521] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[9810]}, 88) = 9810 [pid 15521] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 15525 attached [pid 15525] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 15521] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15525] <... set_robust_list resumed>) = 0 [pid 15521] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15525] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15521] <... futex resumed>) = 0 [pid 15525] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 15521] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15521] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 15521] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15521] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15521] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0}./strace-static-x86_64: Process 15526 attached => {parent_tid=[9811]}, 88) = 9811 [pid 15521] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15521] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15521] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15522] <... futex resumed>) = 1 [pid 15525] <... setxattr resumed>) = 0 [pid 15522] memfd_create("syzkaller", 0 [pid 15525] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15522] <... memfd_create resumed>) = 4 [pid 15525] <... futex resumed>) = 0 [pid 15522] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 15525] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15522] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 15526] set_robust_list(0x7fbc5ef0b9a0, 24 [pid 15522] close(4) = 0 [pid 15522] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15522] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15526] <... set_robust_list resumed>) = 0 [pid 15526] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15526] memfd_create("syzkaller", 0) = 4 [pid 15526] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15526] close(4) = 0 [pid 15526] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15526] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15521] <... futex resumed>) = 0 [pid 15521] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15521] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15522] <... futex resumed>) = 0 [pid 15522] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 15522] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15521] <... futex resumed>) = 0 [pid 15521] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15521] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15522] <... futex resumed>) = 1 [pid 15522] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 15522] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15521] <... futex resumed>) = 0 [pid 15521] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15521] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15522] <... futex resumed>) = 1 [pid 15522] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 15522] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15521] <... futex resumed>) = 0 [pid 15521] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15521] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15522] <... futex resumed>) = 1 [pid 15522] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 15522] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15521] <... futex resumed>) = 0 [pid 15521] close(3) = 0 [pid 15521] close(4) = 0 [pid 15521] close(5) = 0 [pid 15521] close(6) = -1 EBADF (Bad file descriptor) [pid 15521] close(7) = -1 EBADF (Bad file descriptor) [pid 15521] close(8) = -1 EBADF (Bad file descriptor) [pid 15521] close(9) = -1 EBADF (Bad file descriptor) [pid 15521] close(10) = -1 EBADF (Bad file descriptor) [pid 15521] close(11) = -1 EBADF (Bad file descriptor) [pid 15521] close(12) = -1 EBADF (Bad file descriptor) [pid 15521] close(13) = -1 EBADF (Bad file descriptor) [pid 15521] close(14) = -1 EBADF (Bad file descriptor) [pid 15521] close(15) = -1 EBADF (Bad file descriptor) [pid 15521] close(16) = -1 EBADF (Bad file descriptor) [pid 15521] close(17) = -1 EBADF (Bad file descriptor) [pid 15521] close(18) = -1 EBADF (Bad file descriptor) [pid 15521] close(19) = -1 EBADF (Bad file descriptor) [pid 15521] close(20) = -1 EBADF (Bad file descriptor) [pid 15521] close(21) = -1 EBADF (Bad file descriptor) [pid 15521] close(22) = -1 EBADF (Bad file descriptor) [pid 15521] close(23) = -1 EBADF (Bad file descriptor) [pid 15521] close(24) = -1 EBADF (Bad file descriptor) [pid 15521] close(25) = -1 EBADF (Bad file descriptor) [pid 15521] close(26) = -1 EBADF (Bad file descriptor) [pid 15521] close(27) = -1 EBADF (Bad file descriptor) [pid 15521] close(28) = -1 EBADF (Bad file descriptor) [pid 15521] close(29) = -1 EBADF (Bad file descriptor) [pid 15521] exit_group(0 [pid 15526] <... futex resumed>) = ? [pid 15521] <... exit_group resumed>) = ? [pid 15526] +++ exited with 0 +++ [pid 15522] <... futex resumed>) = ? [pid 15522] +++ exited with 0 +++ [pid 15525] <... futex resumed>) = ? [pid 15525] +++ exited with 0 +++ [pid 15521] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9808, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2568", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2568", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2568/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2568/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2568/binderfs") = 0 [ 308.984606][T15522] EXT4-fs (loop0): 1 truncate cleaned up [ 308.990225][T15522] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue [pid 289] umount2("./2568/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2568/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2568/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2568/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2568/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2568/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2568") = 0 [pid 289] mkdir("./2569", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9812 ./strace-static-x86_64: Process 15527 attached [pid 15527] set_robust_list(0x555556f746a0, 24) = 0 [pid 15527] chdir("./2569") = 0 [pid 15527] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15527] setpgid(0, 0) = 0 [pid 15527] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15527] write(3, "1000", 4) = 4 [pid 15527] close(3) = 0 [pid 15527] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15527] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15527] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15527] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15527] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15527] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15527] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15527] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[9813]}, 88) = 9813 [pid 15527] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15527] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15527] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15528 attached [pid 15528] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15528] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15528] memfd_create("syzkaller", 0) = 3 [pid 15528] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15528] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15528] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15528] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15528] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15528] close(3) = 0 [pid 15528] mkdir("./file1", 0777) = 0 [pid 15528] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15528] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15528] chdir("./file1") = 0 [pid 15528] ioctl(4, LOOP_CLR_FD) = 0 [pid 15528] close(4) = 0 [pid 15528] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15527] <... futex resumed>) = 0 [pid 15528] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15527] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15528] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15527] <... futex resumed>) = 0 [pid 15528] setxattr("./file1", NULL, NULL, 0, 0 [pid 15527] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15528] <... setxattr resumed>) = -1 EFAULT (Bad address) [pid 15528] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15527] <... futex resumed>) = 0 [pid 15527] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15528] memfd_create("syzkaller", 0 [pid 15527] <... futex resumed>) = 0 [pid 15527] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15527] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15527] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15527] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15527] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} [pid 15528] <... memfd_create resumed>) = 4 [pid 15528] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15528] close(4 [pid 15527] <... clone3 resumed> => {parent_tid=[9814]}, 88) = 9814 [pid 15527] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15527] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15528] <... close resumed>) = 0 [pid 15527] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15528] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15527] <... futex resumed>) = 0 [pid 15528] <... futex resumed>) = 0 [pid 15527] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 15528] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15527] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE./strace-static-x86_64: Process 15531 attached ) = 0 [pid 15527] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15531] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 15527] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0}./strace-static-x86_64: Process 15532 attached [pid 15531] <... set_robust_list resumed>) = 0 [pid 15527] <... clone3 resumed> => {parent_tid=[9815]}, 88) = 9815 [pid 15527] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15527] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15527] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15531] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15531] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 15532] set_robust_list(0x7fbc5ef0b9a0, 24 [pid 15531] <... setxattr resumed>) = 0 [pid 15532] <... set_robust_list resumed>) = 0 [pid 15531] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15532] rt_sigprocmask(SIG_SETMASK, [], [pid 15531] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15532] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15532] memfd_create("syzkaller", 0) = 4 [pid 15532] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15532] close(4) = 0 [pid 15532] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15527] <... futex resumed>) = 0 [pid 15532] <... futex resumed>) = 1 [pid 15527] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15532] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15528] <... futex resumed>) = 0 [pid 15527] <... futex resumed>) = 1 [pid 15528] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 15527] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15528] <... open resumed>) = 4 [pid 15528] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15527] <... futex resumed>) = 0 [pid 15528] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15527] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15528] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15527] <... futex resumed>) = 0 [pid 15528] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 15527] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15528] <... mount resumed>) = 0 [pid 15528] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15527] <... futex resumed>) = 0 [pid 15528] <... futex resumed>) = 1 [pid 15527] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15528] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 15527] <... futex resumed>) = 0 [pid 15528] <... open resumed>) = 5 [pid 15527] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15528] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15527] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15528] <... futex resumed>) = 0 [pid 15527] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15528] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 15527] <... futex resumed>) = 0 [pid 15527] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15528] <... write resumed>) = 262144 [pid 15528] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15527] <... futex resumed>) = 0 [pid 15528] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15527] close(3) = 0 [pid 15527] close(4) = 0 [pid 15527] close(5) = 0 [pid 15527] close(6) = -1 EBADF (Bad file descriptor) [pid 15527] close(7) = -1 EBADF (Bad file descriptor) [pid 15527] close(8) = -1 EBADF (Bad file descriptor) [pid 15527] close(9) = -1 EBADF (Bad file descriptor) [pid 15527] close(10) = -1 EBADF (Bad file descriptor) [pid 15527] close(11) = -1 EBADF (Bad file descriptor) [pid 15527] close(12) = -1 EBADF (Bad file descriptor) [pid 15527] close(13) = -1 EBADF (Bad file descriptor) [pid 15527] close(14) = -1 EBADF (Bad file descriptor) [pid 15527] close(15) = -1 EBADF (Bad file descriptor) [pid 15527] close(16) = -1 EBADF (Bad file descriptor) [pid 15527] close(17) = -1 EBADF (Bad file descriptor) [pid 15527] close(18) = -1 EBADF (Bad file descriptor) [pid 15527] close(19) = -1 EBADF (Bad file descriptor) [pid 15527] close(20) = -1 EBADF (Bad file descriptor) [pid 15527] close(21) = -1 EBADF (Bad file descriptor) [pid 15527] close(22) = -1 EBADF (Bad file descriptor) [pid 15527] close(23) = -1 EBADF (Bad file descriptor) [pid 15527] close(24) = -1 EBADF (Bad file descriptor) [pid 15527] close(25) = -1 EBADF (Bad file descriptor) [pid 15527] close(26) = -1 EBADF (Bad file descriptor) [pid 15527] close(27) = -1 EBADF (Bad file descriptor) [pid 15527] close(28) = -1 EBADF (Bad file descriptor) [pid 15527] close(29) = -1 EBADF (Bad file descriptor) [pid 15527] exit_group(0) = ? [pid 15528] <... futex resumed>) = ? [pid 15528] +++ exited with 0 +++ [pid 15531] <... futex resumed>) = ? [pid 15531] +++ exited with 0 +++ [pid 15532] <... futex resumed>) = ? [pid 15532] +++ exited with 0 +++ [pid 15527] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9812, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2569", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2569", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2569/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2569/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2569/binderfs") = 0 [ 309.182817][T15528] EXT4-fs (loop0): 1 truncate cleaned up [ 309.188654][T15528] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue [pid 289] umount2("./2569/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2569/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2569/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2569/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2569/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2569/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2569") = 0 [pid 289] mkdir("./2570", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9816 ./strace-static-x86_64: Process 15533 attached [pid 15533] set_robust_list(0x555556f746a0, 24) = 0 [pid 15533] chdir("./2570") = 0 [pid 15533] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15533] setpgid(0, 0) = 0 [pid 15533] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15533] write(3, "1000", 4) = 4 [pid 15533] close(3) = 0 [pid 15533] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15533] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15533] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15533] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15533] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15533] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15533] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15533] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[9817]}, 88) = 9817 [pid 15533] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15533] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15533] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15534 attached [pid 15534] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15534] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15534] memfd_create("syzkaller", 0) = 3 [pid 15534] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15534] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15534] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15534] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15534] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15534] close(3) = 0 [pid 15534] mkdir("./file1", 0777) = 0 [pid 15534] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15534] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15534] chdir("./file1") = 0 [pid 15534] ioctl(4, LOOP_CLR_FD) = 0 [pid 15534] close(4) = 0 [pid 15534] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15533] <... futex resumed>) = 0 [pid 15533] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15533] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15534] <... futex resumed>) = 1 [pid 15534] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15534] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15533] <... futex resumed>) = 0 [pid 15533] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15533] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15533] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15533] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15533] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15533] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[9818]}, 88) = 9818 [pid 15533] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15533] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15533] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15533] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 15533] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15533] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15533] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[9819]}, 88) = 9819 [pid 15533] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15533] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15533] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15534] <... futex resumed>) = 1 [pid 15534] memfd_create("syzkaller", 0) = 4 [pid 15534] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15534] close(4) = 0 [pid 15534] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15534] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 15537 attached [pid 15537] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 15537] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15537] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0./strace-static-x86_64: Process 15538 attached ) = 0 [pid 15538] set_robust_list(0x7fbc5ef0b9a0, 24 [pid 15537] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15538] <... set_robust_list resumed>) = 0 [pid 15538] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15538] memfd_create("syzkaller", 0) = 4 [pid 15538] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15538] close(4) = 0 [pid 15538] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15533] <... futex resumed>) = 0 [pid 15533] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15533] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15534] <... futex resumed>) = 0 [pid 15534] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 15537] <... futex resumed>) = 0 [pid 15538] <... futex resumed>) = 1 [pid 15538] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15537] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15534] <... open resumed>) = 4 [pid 15534] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15533] <... futex resumed>) = 0 [pid 15533] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15533] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15534] <... futex resumed>) = 1 [pid 15534] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 15534] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15533] <... futex resumed>) = 0 [pid 15533] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15533] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15534] <... futex resumed>) = 1 [pid 15534] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 15534] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15533] <... futex resumed>) = 0 [pid 15533] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15533] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15534] <... futex resumed>) = 1 [pid 15534] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 15534] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15533] <... futex resumed>) = 0 [pid 15533] close(3) = 0 [pid 15533] close(4) = 0 [pid 15533] close(5 [pid 15534] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15533] <... close resumed>) = 0 [pid 15533] close(6) = -1 EBADF (Bad file descriptor) [pid 15533] close(7) = -1 EBADF (Bad file descriptor) [pid 15533] close(8) = -1 EBADF (Bad file descriptor) [pid 15533] close(9) = -1 EBADF (Bad file descriptor) [pid 15533] close(10) = -1 EBADF (Bad file descriptor) [pid 15533] close(11) = -1 EBADF (Bad file descriptor) [pid 15533] close(12) = -1 EBADF (Bad file descriptor) [pid 15533] close(13) = -1 EBADF (Bad file descriptor) [pid 15533] close(14) = -1 EBADF (Bad file descriptor) [pid 15533] close(15) = -1 EBADF (Bad file descriptor) [pid 15533] close(16) = -1 EBADF (Bad file descriptor) [pid 15533] close(17) = -1 EBADF (Bad file descriptor) [pid 15533] close(18) = -1 EBADF (Bad file descriptor) [pid 15533] close(19) = -1 EBADF (Bad file descriptor) [pid 15533] close(20) = -1 EBADF (Bad file descriptor) [pid 15533] close(21) = -1 EBADF (Bad file descriptor) [pid 15533] close(22) = -1 EBADF (Bad file descriptor) [pid 15533] close(23) = -1 EBADF (Bad file descriptor) [pid 15533] close(24) = -1 EBADF (Bad file descriptor) [pid 15533] close(25) = -1 EBADF (Bad file descriptor) [pid 15533] close(26) = -1 EBADF (Bad file descriptor) [pid 15533] close(27) = -1 EBADF (Bad file descriptor) [pid 15533] close(28) = -1 EBADF (Bad file descriptor) [pid 15533] close(29) = -1 EBADF (Bad file descriptor) [pid 15533] exit_group(0) = ? [pid 15538] <... futex resumed>) = ? [pid 15537] <... futex resumed>) = ? [pid 15534] <... futex resumed>) = ? [pid 15538] +++ exited with 0 +++ [pid 15537] +++ exited with 0 +++ [pid 15534] +++ exited with 0 +++ [pid 15533] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9816, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2570", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2570", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2570/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2570/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2570/binderfs") = 0 [ 309.311733][T15534] EXT4-fs (loop0): 1 truncate cleaned up [ 309.317432][T15534] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue [pid 289] umount2("./2570/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2570/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2570/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2570/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2570/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2570/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2570") = 0 [pid 289] mkdir("./2571", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9820 ./strace-static-x86_64: Process 15539 attached [pid 15539] set_robust_list(0x555556f746a0, 24) = 0 [pid 15539] chdir("./2571") = 0 [pid 15539] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15539] setpgid(0, 0) = 0 [pid 15539] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15539] write(3, "1000", 4) = 4 [pid 15539] close(3) = 0 [pid 15539] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15539] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15539] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15539] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15539] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15539] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15539] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15539] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[9821]}, 88) = 9821 [pid 15539] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15539] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15539] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15540 attached [pid 15540] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15540] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15540] memfd_create("syzkaller", 0) = 3 [pid 15540] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15540] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15540] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15540] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15540] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15540] close(3) = 0 [pid 15540] mkdir("./file1", 0777) = 0 [pid 15540] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15540] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15540] chdir("./file1") = 0 [pid 15540] ioctl(4, LOOP_CLR_FD) = 0 [pid 15540] close(4) = 0 [pid 15540] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15539] <... futex resumed>) = 0 [pid 15539] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15539] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15540] <... futex resumed>) = 1 [pid 15540] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15540] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15539] <... futex resumed>) = 0 [pid 15539] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15539] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15539] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15539] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15539] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15539] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[9822]}, 88) = 9822 [pid 15539] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15539] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15539] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15539] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 15539] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15539] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15539] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[9823]}, 88) = 9823 ./strace-static-x86_64: Process 15544 attached ./strace-static-x86_64: Process 15543 attached [pid 15540] <... futex resumed>) = 1 [pid 15539] rt_sigprocmask(SIG_SETMASK, [], [pid 15544] set_robust_list(0x7fbc5ef0b9a0, 24 [pid 15539] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15544] <... set_robust_list resumed>) = 0 [pid 15544] rt_sigprocmask(SIG_SETMASK, [], [pid 15539] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15544] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15539] <... futex resumed>) = 0 [pid 15544] memfd_create("syzkaller", 0 [pid 15539] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15544] <... memfd_create resumed>) = 4 [pid 15543] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 15540] memfd_create("syzkaller", 0 [pid 15544] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15544] close(4) = 0 [pid 15544] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15539] <... futex resumed>) = 0 [pid 15543] <... set_robust_list resumed>) = 0 [pid 15544] <... futex resumed>) = 1 [pid 15540] <... memfd_create resumed>) = 4 [pid 15539] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15539] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15543] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15543] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 15544] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 15540] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15543] <... setxattr resumed>) = 0 [pid 15543] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15543] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15540] close(4) = 0 [pid 15544] <... open resumed>) = 5 [pid 15540] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15544] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15540] <... futex resumed>) = 0 [pid 15539] <... futex resumed>) = 0 [pid 15539] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15539] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15540] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 15544] <... futex resumed>) = 1 [pid 15544] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15540] <... mount resumed>) = 0 [pid 15540] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15539] <... futex resumed>) = 0 [pid 15539] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15539] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15540] <... futex resumed>) = 1 [pid 15540] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 4 [pid 15540] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15539] <... futex resumed>) = 0 [pid 15539] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15539] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15540] <... futex resumed>) = 1 [pid 15540] write(4, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 15540] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15539] <... futex resumed>) = 0 [pid 15539] close(3) = 0 [pid 15539] close(4 [pid 15540] <... futex resumed>) = 1 [pid 15539] <... close resumed>) = 0 [pid 15540] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15539] close(5) = 0 [pid 15539] close(6) = -1 EBADF (Bad file descriptor) [pid 15539] close(7) = -1 EBADF (Bad file descriptor) [pid 15539] close(8) = -1 EBADF (Bad file descriptor) [pid 15539] close(9) = -1 EBADF (Bad file descriptor) [pid 15539] close(10) = -1 EBADF (Bad file descriptor) [pid 15539] close(11) = -1 EBADF (Bad file descriptor) [pid 15539] close(12) = -1 EBADF (Bad file descriptor) [pid 15539] close(13) = -1 EBADF (Bad file descriptor) [pid 15539] close(14) = -1 EBADF (Bad file descriptor) [pid 15539] close(15) = -1 EBADF (Bad file descriptor) [pid 15539] close(16) = -1 EBADF (Bad file descriptor) [pid 15539] close(17) = -1 EBADF (Bad file descriptor) [pid 15539] close(18) = -1 EBADF (Bad file descriptor) [pid 15539] close(19) = -1 EBADF (Bad file descriptor) [pid 15539] close(20) = -1 EBADF (Bad file descriptor) [pid 15539] close(21) = -1 EBADF (Bad file descriptor) [pid 15539] close(22) = -1 EBADF (Bad file descriptor) [pid 15539] close(23) = -1 EBADF (Bad file descriptor) [pid 15539] close(24) = -1 EBADF (Bad file descriptor) [pid 15539] close(25) = -1 EBADF (Bad file descriptor) [pid 15539] close(26) = -1 EBADF (Bad file descriptor) [pid 15539] close(27) = -1 EBADF (Bad file descriptor) [pid 15539] close(28) = -1 EBADF (Bad file descriptor) [pid 15539] close(29) = -1 EBADF (Bad file descriptor) [pid 15539] exit_group(0) = ? [pid 15543] <... futex resumed>) = ? [pid 15543] +++ exited with 0 +++ [pid 15540] <... futex resumed>) = ? [pid 15540] +++ exited with 0 +++ [pid 15544] <... futex resumed>) = ? [pid 15544] +++ exited with 0 +++ [pid 15539] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9820, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] umount2("./2571", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2571", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2571/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2571/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2571/binderfs") = 0 [ 309.390203][T15540] EXT4-fs (loop0): 1 truncate cleaned up [ 309.395811][T15540] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue [pid 289] umount2("./2571/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2571/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2571/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2571/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2571/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2571/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2571") = 0 [pid 289] mkdir("./2572", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9824 ./strace-static-x86_64: Process 15546 attached [pid 15546] set_robust_list(0x555556f746a0, 24) = 0 [pid 15546] chdir("./2572") = 0 [pid 15546] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15546] setpgid(0, 0) = 0 [pid 15546] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15546] write(3, "1000", 4) = 4 [pid 15546] close(3) = 0 [pid 15546] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15546] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15546] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15546] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15546] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15546] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15546] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15546] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[9825]}, 88) = 9825 [pid 15546] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15546] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15546] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15547 attached [pid 15547] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15547] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15547] memfd_create("syzkaller", 0) = 3 [pid 15547] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15547] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15547] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15547] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15547] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15547] close(3) = 0 [pid 15547] mkdir("./file1", 0777) = 0 [pid 15547] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15547] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15547] chdir("./file1") = 0 [pid 15547] ioctl(4, LOOP_CLR_FD) = 0 [pid 15547] close(4) = 0 [pid 15547] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15546] <... futex resumed>) = 0 [pid 15546] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15547] setxattr("./file1", NULL, NULL, 0, 0 [pid 15546] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15547] <... setxattr resumed>) = -1 EFAULT (Bad address) [pid 15547] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15546] <... futex resumed>) = 0 [pid 15546] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15546] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15546] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15546] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15546] rt_sigprocmask(SIG_BLOCK, ~[], [pid 15547] memfd_create("syzkaller", 0 [pid 15546] <... rt_sigprocmask resumed>[], 8) = 0 [pid 15546] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0}./strace-static-x86_64: Process 15550 attached [pid 15547] <... memfd_create resumed>) = 4 [pid 15546] <... clone3 resumed> => {parent_tid=[9826]}, 88) = 9826 [pid 15546] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15546] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15546] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15546] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 15546] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15546] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15546] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0}./strace-static-x86_64: Process 15551 attached [pid 15550] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 15547] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 15546] <... clone3 resumed> => {parent_tid=[9827]}, 88) = 9827 [pid 15546] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15546] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15546] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15547] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 15551] set_robust_list(0x7fbc5ef0b9a0, 24 [pid 15550] <... set_robust_list resumed>) = 0 [pid 15551] <... set_robust_list resumed>) = 0 [pid 15550] rt_sigprocmask(SIG_SETMASK, [], [pid 15547] close(4 [pid 15551] rt_sigprocmask(SIG_SETMASK, [], [pid 15550] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15547] <... close resumed>) = 0 [pid 15551] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15550] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 15547] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15550] <... setxattr resumed>) = 0 [pid 15547] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15551] memfd_create("syzkaller", 0 [pid 15550] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15551] <... memfd_create resumed>) = 4 [pid 15551] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 15550] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15551] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 15551] close(4) = 0 [pid 15551] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15546] <... futex resumed>) = 0 [pid 15546] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15547] <... futex resumed>) = 0 [pid 15546] <... futex resumed>) = 1 [pid 15547] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 15546] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15551] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15547] <... open resumed>) = 4 [pid 15547] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15546] <... futex resumed>) = 0 [pid 15547] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15546] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15547] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15546] <... futex resumed>) = 0 [pid 15547] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 15546] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15547] <... mount resumed>) = 0 [pid 15547] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15546] <... futex resumed>) = 0 [pid 15547] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15546] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15547] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15546] <... futex resumed>) = 0 [pid 15547] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 15546] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15547] <... open resumed>) = 5 [pid 15547] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15546] <... futex resumed>) = 0 [pid 15547] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15546] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15547] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15546] <... futex resumed>) = 0 [pid 15547] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 15546] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15547] <... write resumed>) = 262144 [pid 15547] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15546] <... futex resumed>) = 0 [pid 15547] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15546] close(3) = 0 [pid 15546] close(4) = 0 [pid 15546] close(5) = 0 [pid 15546] close(6) = -1 EBADF (Bad file descriptor) [pid 15546] close(7) = -1 EBADF (Bad file descriptor) [pid 15546] close(8) = -1 EBADF (Bad file descriptor) [pid 15546] close(9) = -1 EBADF (Bad file descriptor) [pid 15546] close(10) = -1 EBADF (Bad file descriptor) [pid 15546] close(11) = -1 EBADF (Bad file descriptor) [pid 15546] close(12) = -1 EBADF (Bad file descriptor) [pid 15546] close(13) = -1 EBADF (Bad file descriptor) [pid 15546] close(14) = -1 EBADF (Bad file descriptor) [pid 15546] close(15) = -1 EBADF (Bad file descriptor) [pid 15546] close(16) = -1 EBADF (Bad file descriptor) [pid 15546] close(17) = -1 EBADF (Bad file descriptor) [pid 15546] close(18) = -1 EBADF (Bad file descriptor) [pid 15546] close(19) = -1 EBADF (Bad file descriptor) [pid 15546] close(20) = -1 EBADF (Bad file descriptor) [pid 15546] close(21) = -1 EBADF (Bad file descriptor) [pid 15546] close(22) = -1 EBADF (Bad file descriptor) [pid 15546] close(23) = -1 EBADF (Bad file descriptor) [pid 15546] close(24) = -1 EBADF (Bad file descriptor) [pid 15546] close(25) = -1 EBADF (Bad file descriptor) [pid 15546] close(26) = -1 EBADF (Bad file descriptor) [pid 15546] close(27) = -1 EBADF (Bad file descriptor) [pid 15546] close(28) = -1 EBADF (Bad file descriptor) [pid 15546] close(29) = -1 EBADF (Bad file descriptor) [pid 15546] exit_group(0) = ? [pid 15550] <... futex resumed>) = ? [pid 15547] <... futex resumed>) = ? [pid 15550] +++ exited with 0 +++ [pid 15547] +++ exited with 0 +++ [pid 15551] <... futex resumed>) = ? [pid 15551] +++ exited with 0 +++ [pid 15546] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9824, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2572", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2572", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2572/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2572/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2572/binderfs") = 0 [ 309.541807][T15547] EXT4-fs (loop0): 1 truncate cleaned up [ 309.547501][T15547] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue [pid 289] umount2("./2572/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2572/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2572/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2572/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2572/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2572/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2572") = 0 [pid 289] mkdir("./2573", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9828 ./strace-static-x86_64: Process 15552 attached [pid 15552] set_robust_list(0x555556f746a0, 24) = 0 [pid 15552] chdir("./2573") = 0 [pid 15552] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15552] setpgid(0, 0) = 0 [pid 15552] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15552] write(3, "1000", 4) = 4 [pid 15552] close(3) = 0 [pid 15552] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15552] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15552] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15552] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15552] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15552] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15552] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15552] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[9829]}, 88) = 9829 [pid 15552] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15552] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15552] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15553 attached [pid 15553] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15553] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15553] memfd_create("syzkaller", 0) = 3 [pid 15553] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15553] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15553] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15553] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15553] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15553] close(3) = 0 [pid 15553] mkdir("./file1", 0777) = 0 [pid 15553] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15553] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15553] chdir("./file1") = 0 [pid 15553] ioctl(4, LOOP_CLR_FD) = 0 [pid 15553] close(4) = 0 [pid 15553] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15552] <... futex resumed>) = 0 [pid 15552] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15552] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15553] <... futex resumed>) = 1 [pid 15553] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15553] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15552] <... futex resumed>) = 0 [pid 15552] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15552] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15552] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15552] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE [pid 15553] <... futex resumed>) = 1 [pid 15552] <... mprotect resumed>) = 0 [pid 15553] memfd_create("syzkaller", 0 [pid 15552] rt_sigprocmask(SIG_BLOCK, ~[], [pid 15553] <... memfd_create resumed>) = 4 [pid 15552] <... rt_sigprocmask resumed>[], 8) = 0 [pid 15552] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[9830]}, 88) = 9830 [pid 15552] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15552] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15552] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15553] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 15552] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 15553] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 15552] <... mmap resumed>) = 0x7fbc5eeeb000 [pid 15553] close(4 [pid 15552] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE [pid 15553] <... close resumed>) = 0 [pid 15552] <... mprotect resumed>) = 0 [pid 15553] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15552] rt_sigprocmask(SIG_BLOCK, ~[], [pid 15553] <... futex resumed>) = 0 [pid 15552] <... rt_sigprocmask resumed>[], 8) = 0 [pid 15553] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15552] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[9831]}, 88) = 9831 [pid 15552] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15552] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15552] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15556 attached [pid 15556] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 15556] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15556] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0) = 0 [pid 15556] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15556] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 15557 attached [pid 15557] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 15557] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15557] memfd_create("syzkaller", 0) = 4 [pid 15557] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15557] close(4) = 0 [pid 15557] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15552] <... futex resumed>) = 0 [pid 15552] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15553] <... futex resumed>) = 0 [pid 15552] <... futex resumed>) = 1 [pid 15553] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 15552] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15553] <... open resumed>) = 4 [pid 15553] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15552] <... futex resumed>) = 0 [pid 15553] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 15552] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15553] <... mount resumed>) = 0 [pid 15552] <... futex resumed>) = 0 [pid 15553] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15552] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15553] <... futex resumed>) = 0 [pid 15552] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15553] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 15552] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15553] <... open resumed>) = 5 [pid 15552] <... futex resumed>) = 0 [pid 15553] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15552] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15553] <... futex resumed>) = 0 [pid 15552] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15553] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 15552] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15557] <... futex resumed>) = 1 [pid 15552] <... futex resumed>) = 0 [pid 15557] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15552] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15553] <... write resumed>) = 262144 [pid 15553] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15552] <... futex resumed>) = 0 [pid 15552] close(3 [pid 15553] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15552] <... close resumed>) = 0 [pid 15552] close(4) = 0 [pid 15552] close(5) = 0 [pid 15552] close(6) = -1 EBADF (Bad file descriptor) [pid 15552] close(7) = -1 EBADF (Bad file descriptor) [pid 15552] close(8) = -1 EBADF (Bad file descriptor) [pid 15552] close(9) = -1 EBADF (Bad file descriptor) [pid 15552] close(10) = -1 EBADF (Bad file descriptor) [pid 15552] close(11) = -1 EBADF (Bad file descriptor) [pid 15552] close(12) = -1 EBADF (Bad file descriptor) [pid 15552] close(13) = -1 EBADF (Bad file descriptor) [pid 15552] close(14) = -1 EBADF (Bad file descriptor) [pid 15552] close(15) = -1 EBADF (Bad file descriptor) [pid 15552] close(16) = -1 EBADF (Bad file descriptor) [pid 15552] close(17) = -1 EBADF (Bad file descriptor) [pid 15552] close(18) = -1 EBADF (Bad file descriptor) [pid 15552] close(19) = -1 EBADF (Bad file descriptor) [pid 15552] close(20) = -1 EBADF (Bad file descriptor) [pid 15552] close(21) = -1 EBADF (Bad file descriptor) [pid 15552] close(22) = -1 EBADF (Bad file descriptor) [pid 15552] close(23) = -1 EBADF (Bad file descriptor) [pid 15552] close(24) = -1 EBADF (Bad file descriptor) [pid 15552] close(25) = -1 EBADF (Bad file descriptor) [pid 15552] close(26) = -1 EBADF (Bad file descriptor) [pid 15552] close(27) = -1 EBADF (Bad file descriptor) [pid 15552] close(28) = -1 EBADF (Bad file descriptor) [pid 15552] close(29) = -1 EBADF (Bad file descriptor) [pid 15552] exit_group(0) = ? [pid 15556] <... futex resumed>) = 231 [pid 15553] <... futex resumed>) = ? [pid 15553] +++ exited with 0 +++ [pid 15556] +++ exited with 0 +++ [pid 15557] <... futex resumed>) = ? [pid 15557] +++ exited with 0 +++ [pid 15552] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9828, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2573", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2573", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2573/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2573/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2573/binderfs") = 0 [ 309.649823][T15553] EXT4-fs (loop0): 1 truncate cleaned up [ 309.655539][T15553] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue [pid 289] umount2("./2573/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2573/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2573/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2573/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2573/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2573/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2573") = 0 [pid 289] mkdir("./2574", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9832 ./strace-static-x86_64: Process 15558 attached [pid 15558] set_robust_list(0x555556f746a0, 24) = 0 [pid 15558] chdir("./2574") = 0 [pid 15558] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15558] setpgid(0, 0) = 0 [pid 15558] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15558] write(3, "1000", 4) = 4 [pid 15558] close(3) = 0 [pid 15558] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15558] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15558] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15558] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15558] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15558] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15558] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15558] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[9833]}, 88) = 9833 ./strace-static-x86_64: Process 15559 attached [pid 15558] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15558] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15558] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15559] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15559] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15559] memfd_create("syzkaller", 0) = 3 [pid 15559] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15559] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15559] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15559] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15559] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15559] close(3) = 0 [pid 15559] mkdir("./file1", 0777) = 0 [pid 15559] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15559] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15559] chdir("./file1") = 0 [pid 15559] ioctl(4, LOOP_CLR_FD) = 0 [pid 15559] close(4) = 0 [pid 15559] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15558] <... futex resumed>) = 0 [pid 15558] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15559] <... futex resumed>) = 1 [pid 15558] <... futex resumed>) = 0 [pid 15559] setxattr("./file1", NULL, NULL, 0, 0 [pid 15558] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15559] <... setxattr resumed>) = -1 EFAULT (Bad address) [pid 15559] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15558] <... futex resumed>) = 0 [pid 15559] memfd_create("syzkaller", 0 [pid 15558] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15559] <... memfd_create resumed>) = 4 [pid 15558] <... futex resumed>) = 0 [pid 15559] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 15558] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15559] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 15558] <... futex resumed>) = 0 [pid 15559] close(4 [pid 15558] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 15559] <... close resumed>) = 0 [pid 15558] <... mmap resumed>) = 0x7fbc5ef0c000 [pid 15559] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15558] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE [pid 15559] <... futex resumed>) = 0 [pid 15558] <... mprotect resumed>) = 0 [pid 15559] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15558] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15558] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[9834]}, 88) = 9834 [pid 15558] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15558] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15558] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15559] <... futex resumed>) = 0 [pid 15558] <... futex resumed>) = 1 [pid 15559] memfd_create("syzkaller", 0 [pid 15558] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15559] <... memfd_create resumed>) = 4 [pid 15559] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15559] close(4) = 0 [pid 15559] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15558] <... futex resumed>) = 0 [pid 15559] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 15558] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15558] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 15562 attached [pid 15562] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 15562] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15562] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0) = 0 [pid 15562] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15562] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15559] <... open resumed>) = 4 [pid 15559] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15558] <... futex resumed>) = 0 [pid 15559] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 15558] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15559] <... mount resumed>) = 0 [pid 15558] <... futex resumed>) = 0 [pid 15559] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15558] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15559] <... futex resumed>) = 0 [pid 15558] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15559] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 15558] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15559] <... open resumed>) = 5 [pid 15558] <... futex resumed>) = 0 [pid 15559] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15558] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15559] <... futex resumed>) = 0 [pid 15558] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15559] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 15558] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15558] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15559] <... write resumed>) = 262144 [pid 15559] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15558] <... futex resumed>) = 0 [pid 15558] close(3) = 0 [pid 15558] close(4) = 0 [pid 15558] close(5 [pid 15559] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15558] <... close resumed>) = 0 [pid 15558] close(6) = -1 EBADF (Bad file descriptor) [pid 15558] close(7) = -1 EBADF (Bad file descriptor) [pid 15558] close(8) = -1 EBADF (Bad file descriptor) [pid 15558] close(9) = -1 EBADF (Bad file descriptor) [pid 15558] close(10) = -1 EBADF (Bad file descriptor) [pid 15558] close(11) = -1 EBADF (Bad file descriptor) [pid 15558] close(12) = -1 EBADF (Bad file descriptor) [pid 15558] close(13) = -1 EBADF (Bad file descriptor) [pid 15558] close(14) = -1 EBADF (Bad file descriptor) [pid 15558] close(15) = -1 EBADF (Bad file descriptor) [pid 15558] close(16) = -1 EBADF (Bad file descriptor) [pid 15558] close(17) = -1 EBADF (Bad file descriptor) [pid 15558] close(18) = -1 EBADF (Bad file descriptor) [pid 15558] close(19) = -1 EBADF (Bad file descriptor) [pid 15558] close(20) = -1 EBADF (Bad file descriptor) [pid 15558] close(21) = -1 EBADF (Bad file descriptor) [pid 15558] close(22) = -1 EBADF (Bad file descriptor) [pid 15558] close(23) = -1 EBADF (Bad file descriptor) [pid 15558] close(24) = -1 EBADF (Bad file descriptor) [pid 15558] close(25) = -1 EBADF (Bad file descriptor) [pid 15558] close(26) = -1 EBADF (Bad file descriptor) [pid 15558] close(27) = -1 EBADF (Bad file descriptor) [pid 15558] close(28) = -1 EBADF (Bad file descriptor) [pid 15558] close(29) = -1 EBADF (Bad file descriptor) [pid 15558] exit_group(0 [pid 15562] <... futex resumed>) = ? [pid 15559] <... futex resumed>) = ? [pid 15558] <... exit_group resumed>) = ? [pid 15559] +++ exited with 0 +++ [pid 15562] +++ exited with 0 +++ [pid 15558] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9832, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 289] umount2("./2574", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2574", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2574/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2574/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2574/binderfs") = 0 [ 309.728095][T15559] EXT4-fs (loop0): 1 truncate cleaned up [ 309.733821][T15559] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue [pid 289] umount2("./2574/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2574/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2574/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2574/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2574/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2574/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2574") = 0 [pid 289] mkdir("./2575", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9835 ./strace-static-x86_64: Process 15563 attached [pid 15563] set_robust_list(0x555556f746a0, 24) = 0 [pid 15563] chdir("./2575") = 0 [pid 15563] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15563] setpgid(0, 0) = 0 [pid 15563] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15563] write(3, "1000", 4) = 4 [pid 15563] close(3) = 0 [pid 15563] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15563] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15563] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15563] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15563] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15563] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15563] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15563] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[9836]}, 88) = 9836 [pid 15563] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15563] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15563] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15564 attached [pid 15564] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15564] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15564] memfd_create("syzkaller", 0) = 3 [pid 15564] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15564] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15564] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15564] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15564] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15564] close(3) = 0 [pid 15564] mkdir("./file1", 0777) = 0 [pid 15564] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15564] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15564] chdir("./file1") = 0 [pid 15564] ioctl(4, LOOP_CLR_FD) = 0 [pid 15564] close(4) = 0 [pid 15564] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15563] <... futex resumed>) = 0 [pid 15563] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15563] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15564] <... futex resumed>) = 1 [pid 15564] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15564] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15563] <... futex resumed>) = 0 [pid 15563] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15563] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15563] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15563] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15563] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15563] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[9837]}, 88) = 9837 [pid 15563] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15563] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15563] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15563] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 15563] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15563] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15563] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[9838]}, 88) = 9838 [pid 15563] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15563] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15563] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15564] <... futex resumed>) = 1 [pid 15564] memfd_create("syzkaller", 0) = 4 ./strace-static-x86_64: Process 15568 attached ./strace-static-x86_64: Process 15567 attached [pid 15564] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 15567] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 15568] set_robust_list(0x7fbc5ef0b9a0, 24 [pid 15564] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 15567] <... set_robust_list resumed>) = 0 [pid 15568] <... set_robust_list resumed>) = 0 [pid 15567] rt_sigprocmask(SIG_SETMASK, [], [pid 15564] close(4 [pid 15568] rt_sigprocmask(SIG_SETMASK, [], [pid 15567] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15564] <... close resumed>) = 0 [pid 15568] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15568] memfd_create("syzkaller", 0) = 4 [pid 15568] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15568] close(4) = 0 [pid 15568] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15568] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15567] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 15563] <... futex resumed>) = 0 [pid 15564] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15563] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15567] <... setxattr resumed>) = 0 [pid 15567] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15567] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15564] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 15563] <... futex resumed>) = 0 [pid 15564] <... open resumed>) = 4 [pid 15563] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15564] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15564] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15563] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15563] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15563] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15564] <... futex resumed>) = 0 [pid 15564] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 15564] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15563] <... futex resumed>) = 0 [pid 15564] <... futex resumed>) = 1 [pid 15563] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15563] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15564] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 15564] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15563] <... futex resumed>) = 0 [pid 15563] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15563] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15564] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 15564] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15563] <... futex resumed>) = 0 [pid 15564] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15563] close(3) = 0 [pid 15563] close(4) = 0 [pid 15563] close(5) = 0 [pid 15563] close(6) = -1 EBADF (Bad file descriptor) [pid 15563] close(7) = -1 EBADF (Bad file descriptor) [pid 15563] close(8) = -1 EBADF (Bad file descriptor) [pid 15563] close(9) = -1 EBADF (Bad file descriptor) [pid 15563] close(10) = -1 EBADF (Bad file descriptor) [pid 15563] close(11) = -1 EBADF (Bad file descriptor) [pid 15563] close(12) = -1 EBADF (Bad file descriptor) [pid 15563] close(13) = -1 EBADF (Bad file descriptor) [pid 15563] close(14) = -1 EBADF (Bad file descriptor) [pid 15563] close(15) = -1 EBADF (Bad file descriptor) [pid 15563] close(16) = -1 EBADF (Bad file descriptor) [pid 15563] close(17) = -1 EBADF (Bad file descriptor) [pid 15563] close(18) = -1 EBADF (Bad file descriptor) [pid 15563] close(19) = -1 EBADF (Bad file descriptor) [pid 15563] close(20) = -1 EBADF (Bad file descriptor) [pid 15563] close(21) = -1 EBADF (Bad file descriptor) [pid 15563] close(22) = -1 EBADF (Bad file descriptor) [pid 15563] close(23) = -1 EBADF (Bad file descriptor) [pid 15563] close(24) = -1 EBADF (Bad file descriptor) [pid 15563] close(25) = -1 EBADF (Bad file descriptor) [pid 15563] close(26) = -1 EBADF (Bad file descriptor) [pid 15563] close(27) = -1 EBADF (Bad file descriptor) [pid 15563] close(28) = -1 EBADF (Bad file descriptor) [pid 15563] close(29) = -1 EBADF (Bad file descriptor) [pid 15563] exit_group(0 [pid 15568] <... futex resumed>) = ? [pid 15567] <... futex resumed>) = ? [pid 15564] <... futex resumed>) = ? [pid 15563] <... exit_group resumed>) = ? [pid 15568] +++ exited with 0 +++ [pid 15567] +++ exited with 0 +++ [pid 15564] +++ exited with 0 +++ [pid 15563] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9835, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2575", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2575", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2575/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2575/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2575/binderfs") = 0 [ 309.898726][T15564] EXT4-fs (loop0): 1 truncate cleaned up [ 309.904513][T15564] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue [pid 289] umount2("./2575/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2575/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2575/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2575/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2575/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2575/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2575") = 0 [pid 289] mkdir("./2576", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9839 ./strace-static-x86_64: Process 15569 attached [pid 15569] set_robust_list(0x555556f746a0, 24) = 0 [pid 15569] chdir("./2576") = 0 [pid 15569] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15569] setpgid(0, 0) = 0 [pid 15569] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15569] write(3, "1000", 4) = 4 [pid 15569] close(3) = 0 [pid 15569] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15569] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15569] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15569] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15569] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15569] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15569] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15569] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[9840]}, 88) = 9840 [pid 15569] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15569] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15569] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15570 attached [pid 15570] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15570] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15570] memfd_create("syzkaller", 0) = 3 [pid 15570] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15570] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15570] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15570] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15570] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15570] close(3) = 0 [pid 15570] mkdir("./file1", 0777) = 0 [pid 15570] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15570] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15570] chdir("./file1") = 0 [pid 15570] ioctl(4, LOOP_CLR_FD) = 0 [pid 15570] close(4) = 0 [pid 15570] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15569] <... futex resumed>) = 0 [pid 15569] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15569] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15570] <... futex resumed>) = 1 [pid 15570] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15570] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15569] <... futex resumed>) = 0 [pid 15569] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15569] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15569] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15569] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15569] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15569] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[9841]}, 88) = 9841 [pid 15569] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15569] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15569] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15569] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 15569] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15569] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15569] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[9842]}, 88) = 9842 [pid 15569] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15569] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15569] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15570] <... futex resumed>) = 1 [pid 15570] memfd_create("syzkaller", 0) = 4 [pid 15570] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0./strace-static-x86_64: Process 15574 attached ./strace-static-x86_64: Process 15573 attached ) = -1 ENOMEM (Cannot allocate memory) [pid 15573] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 15574] set_robust_list(0x7fbc5ef0b9a0, 24 [pid 15573] <... set_robust_list resumed>) = 0 [pid 15570] close(4 [pid 15574] <... set_robust_list resumed>) = 0 [pid 15573] rt_sigprocmask(SIG_SETMASK, [], [pid 15574] rt_sigprocmask(SIG_SETMASK, [], [pid 15570] <... close resumed>) = 0 [pid 15573] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15574] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15573] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 15574] memfd_create("syzkaller", 0 [pid 15570] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15574] <... memfd_create resumed>) = 4 [pid 15570] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15574] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15574] close(4) = 0 [pid 15574] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15569] <... futex resumed>) = 0 [pid 15574] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15569] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15573] <... setxattr resumed>) = 0 [pid 15573] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15569] <... futex resumed>) = 1 [pid 15573] <... futex resumed>) = 0 [pid 15569] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15573] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15570] <... futex resumed>) = 0 [pid 15570] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 15570] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15569] <... futex resumed>) = 0 [pid 15569] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15569] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15570] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 15570] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15569] <... futex resumed>) = 0 [pid 15569] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15569] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15570] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 15570] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15569] <... futex resumed>) = 0 [pid 15569] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15569] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15570] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 15570] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15569] <... futex resumed>) = 0 [pid 15570] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15569] close(3) = 0 [pid 15569] close(4) = 0 [pid 15569] close(5) = 0 [pid 15569] close(6) = -1 EBADF (Bad file descriptor) [pid 15569] close(7) = -1 EBADF (Bad file descriptor) [pid 15569] close(8) = -1 EBADF (Bad file descriptor) [pid 15569] close(9) = -1 EBADF (Bad file descriptor) [pid 15569] close(10) = -1 EBADF (Bad file descriptor) [pid 15569] close(11) = -1 EBADF (Bad file descriptor) [pid 15569] close(12) = -1 EBADF (Bad file descriptor) [pid 15569] close(13) = -1 EBADF (Bad file descriptor) [pid 15569] close(14) = -1 EBADF (Bad file descriptor) [pid 15569] close(15) = -1 EBADF (Bad file descriptor) [pid 15569] close(16) = -1 EBADF (Bad file descriptor) [pid 15569] close(17) = -1 EBADF (Bad file descriptor) [pid 15569] close(18) = -1 EBADF (Bad file descriptor) [pid 15569] close(19) = -1 EBADF (Bad file descriptor) [pid 15569] close(20) = -1 EBADF (Bad file descriptor) [pid 15569] close(21) = -1 EBADF (Bad file descriptor) [pid 15569] close(22) = -1 EBADF (Bad file descriptor) [pid 15569] close(23) = -1 EBADF (Bad file descriptor) [pid 15569] close(24) = -1 EBADF (Bad file descriptor) [pid 15569] close(25) = -1 EBADF (Bad file descriptor) [pid 15569] close(26) = -1 EBADF (Bad file descriptor) [pid 15569] close(27) = -1 EBADF (Bad file descriptor) [pid 15569] close(28) = -1 EBADF (Bad file descriptor) [pid 15569] close(29) = -1 EBADF (Bad file descriptor) [pid 15569] exit_group(0 [pid 15574] <... futex resumed>) = ? [pid 15573] <... futex resumed>) = ? [pid 15569] <... exit_group resumed>) = ? [pid 15574] +++ exited with 0 +++ [pid 15573] +++ exited with 0 +++ [pid 15570] <... futex resumed>) = ? [pid 15570] +++ exited with 0 +++ [pid 15569] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9839, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2576", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2576", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2576/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2576/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2576/binderfs") = 0 [ 309.992440][T15570] EXT4-fs (loop0): 1 truncate cleaned up [ 309.998212][T15570] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue [pid 289] umount2("./2576/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2576/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2576/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2576/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2576/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2576/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2576") = 0 [pid 289] mkdir("./2577", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9843 ./strace-static-x86_64: Process 15575 attached [pid 15575] set_robust_list(0x555556f746a0, 24) = 0 [pid 15575] chdir("./2577") = 0 [pid 15575] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15575] setpgid(0, 0) = 0 [pid 15575] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15575] write(3, "1000", 4) = 4 [pid 15575] close(3) = 0 [pid 15575] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15575] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15575] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15575] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15575] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15575] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15575] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15575] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0}./strace-static-x86_64: Process 15576 attached => {parent_tid=[9844]}, 88) = 9844 [pid 15575] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15575] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15575] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15576] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15576] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15576] memfd_create("syzkaller", 0) = 3 [pid 15576] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15576] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15576] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15576] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15576] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15576] close(3) = 0 [pid 15576] mkdir("./file1", 0777) = 0 [pid 15576] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15576] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15576] chdir("./file1") = 0 [pid 15576] ioctl(4, LOOP_CLR_FD) = 0 [pid 15576] close(4) = 0 [pid 15576] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15576] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15575] <... futex resumed>) = 0 [pid 15575] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15576] <... futex resumed>) = 0 [pid 15575] <... futex resumed>) = 1 [pid 15576] setxattr("./file1", NULL, NULL, 0, 0 [pid 15575] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15576] <... setxattr resumed>) = -1 EFAULT (Bad address) [pid 15576] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15575] <... futex resumed>) = 0 [pid 15576] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15575] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15576] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15575] <... futex resumed>) = 0 [pid 15576] memfd_create("syzkaller", 0) = 4 [pid 15576] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15576] close(4) = 0 [pid 15576] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15576] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15575] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15575] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15575] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15575] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15575] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15575] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[9845]}, 88) = 9845 [pid 15575] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15575] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15575] futex(0x7fbc673d96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15576] <... futex resumed>) = 0 [pid 15576] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0) = 0 [pid 15576] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15576] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 15579 attached [pid 15579] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 15579] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15579] memfd_create("syzkaller", 0) = 4 [pid 15579] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15579] close(4) = 0 [pid 15579] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15575] <... futex resumed>) = 0 [pid 15575] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15575] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15576] <... futex resumed>) = 0 [pid 15576] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 15576] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15575] <... futex resumed>) = 0 [pid 15575] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15575] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15576] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 15576] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15575] <... futex resumed>) = 0 [pid 15575] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15575] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15576] <... futex resumed>) = 1 [pid 15576] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 15576] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15575] <... futex resumed>) = 0 [pid 15575] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15575] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15576] <... futex resumed>) = 1 [pid 15576] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 15579] <... futex resumed>) = 1 [pid 15579] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15576] <... write resumed>) = 262144 [pid 15576] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15575] <... futex resumed>) = 0 [pid 15575] close(3) = 0 [pid 15575] close(4) = 0 [pid 15575] close(5) = 0 [pid 15575] close(6) = -1 EBADF (Bad file descriptor) [pid 15575] close(7) = -1 EBADF (Bad file descriptor) [pid 15575] close(8) = -1 EBADF (Bad file descriptor) [pid 15575] close(9) = -1 EBADF (Bad file descriptor) [pid 15575] close(10) = -1 EBADF (Bad file descriptor) [pid 15575] close(11) = -1 EBADF (Bad file descriptor) [pid 15575] close(12) = -1 EBADF (Bad file descriptor) [pid 15575] close(13) = -1 EBADF (Bad file descriptor) [pid 15575] close(14) = -1 EBADF (Bad file descriptor) [pid 15575] close(15) = -1 EBADF (Bad file descriptor) [pid 15575] close(16) = -1 EBADF (Bad file descriptor) [pid 15575] close(17) = -1 EBADF (Bad file descriptor) [pid 15575] close(18) = -1 EBADF (Bad file descriptor) [pid 15575] close(19) = -1 EBADF (Bad file descriptor) [pid 15575] close(20) = -1 EBADF (Bad file descriptor) [pid 15575] close(21) = -1 EBADF (Bad file descriptor) [pid 15575] close(22) = -1 EBADF (Bad file descriptor) [pid 15575] close(23) = -1 EBADF (Bad file descriptor) [pid 15575] close(24) = -1 EBADF (Bad file descriptor) [pid 15575] close(25) = -1 EBADF (Bad file descriptor) [pid 15575] close(26) = -1 EBADF (Bad file descriptor) [pid 15575] close(27) = -1 EBADF (Bad file descriptor) [pid 15575] close(28) = -1 EBADF (Bad file descriptor) [pid 15575] close(29) = -1 EBADF (Bad file descriptor) [pid 15575] exit_group(0) = ? [pid 15579] <... futex resumed>) = ? [pid 15576] <... futex resumed>) = ? [pid 15576] +++ exited with 0 +++ [pid 15579] +++ exited with 0 +++ [pid 15575] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9843, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2577", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2577", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2577/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2577/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2577/binderfs") = 0 [ 310.096187][T15576] EXT4-fs (loop0): 1 truncate cleaned up [ 310.101731][T15576] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue [pid 289] umount2("./2577/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2577/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2577/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2577/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2577/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2577/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2577") = 0 [pid 289] mkdir("./2578", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9846 ./strace-static-x86_64: Process 15580 attached [pid 15580] set_robust_list(0x555556f746a0, 24) = 0 [pid 15580] chdir("./2578") = 0 [pid 15580] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15580] setpgid(0, 0) = 0 [pid 15580] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15580] write(3, "1000", 4) = 4 [pid 15580] close(3) = 0 [pid 15580] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15580] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15580] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15580] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15580] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15580] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15580] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15580] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[9847]}, 88) = 9847 [pid 15580] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15580] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15580] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15581 attached [pid 15581] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15581] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15581] memfd_create("syzkaller", 0) = 3 [pid 15581] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15581] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15581] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15581] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15581] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15581] close(3) = 0 [pid 15581] mkdir("./file1", 0777) = 0 [pid 15581] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15581] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15581] chdir("./file1") = 0 [pid 15581] ioctl(4, LOOP_CLR_FD) = 0 [pid 15581] close(4) = 0 [pid 15581] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15580] <... futex resumed>) = 0 [pid 15580] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15580] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15581] <... futex resumed>) = 1 [pid 15581] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15581] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15580] <... futex resumed>) = 0 [pid 15580] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15580] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15580] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15580] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15580] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15580] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[9848]}, 88) = 9848 [pid 15580] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15580] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15580] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15580] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 15580] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE [pid 15581] <... futex resumed>) = 1 [pid 15580] <... mprotect resumed>) = 0 [pid 15581] memfd_create("syzkaller", 0 [pid 15580] rt_sigprocmask(SIG_BLOCK, ~[], [pid 15581] <... memfd_create resumed>) = 4 [pid 15580] <... rt_sigprocmask resumed>[], 8) = 0 [pid 15581] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 15580] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} [pid 15581] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 15581] close(4 [pid 15580] <... clone3 resumed> => {parent_tid=[9849]}, 88) = 9849 ./strace-static-x86_64: Process 15585 attached ./strace-static-x86_64: Process 15584 attached [pid 15581] <... close resumed>) = 0 [pid 15580] rt_sigprocmask(SIG_SETMASK, [], [pid 15585] set_robust_list(0x7fbc5ef0b9a0, 24 [pid 15584] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 15580] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15585] <... set_robust_list resumed>) = 0 [pid 15584] <... set_robust_list resumed>) = 0 [pid 15580] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15585] rt_sigprocmask(SIG_SETMASK, [], [pid 15584] rt_sigprocmask(SIG_SETMASK, [], [pid 15580] <... futex resumed>) = 0 [pid 15585] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15584] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15580] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15581] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15581] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15585] memfd_create("syzkaller", 0 [pid 15584] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 15585] <... memfd_create resumed>) = 4 [pid 15585] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15585] close(4) = 0 [pid 15585] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15580] <... futex resumed>) = 0 [pid 15585] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15580] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15581] <... futex resumed>) = 0 [pid 15580] <... futex resumed>) = 1 [pid 15581] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 15580] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15584] <... setxattr resumed>) = 0 [pid 15581] <... open resumed>) = 4 [pid 15581] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15580] <... futex resumed>) = 0 [pid 15581] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 15580] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15581] <... mount resumed>) = 0 [pid 15580] <... futex resumed>) = 0 [pid 15584] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15581] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15580] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15581] <... futex resumed>) = 0 [pid 15580] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15581] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 15580] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15584] <... futex resumed>) = 0 [pid 15581] <... open resumed>) = 5 [pid 15580] <... futex resumed>) = 0 [pid 15581] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15580] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15581] <... futex resumed>) = 0 [pid 15580] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15581] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 15580] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15584] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15580] <... futex resumed>) = 0 [pid 15580] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15581] <... write resumed>) = 262144 [pid 15581] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15580] <... futex resumed>) = 0 [pid 15580] close(3) = 0 [pid 15580] close(4) = 0 [pid 15580] close(5) = 0 [pid 15580] close(6) = -1 EBADF (Bad file descriptor) [pid 15580] close(7) = -1 EBADF (Bad file descriptor) [pid 15580] close(8) = -1 EBADF (Bad file descriptor) [pid 15580] close(9) = -1 EBADF (Bad file descriptor) [pid 15580] close(10) = -1 EBADF (Bad file descriptor) [pid 15580] close(11) = -1 EBADF (Bad file descriptor) [pid 15580] close(12) = -1 EBADF (Bad file descriptor) [pid 15580] close(13) = -1 EBADF (Bad file descriptor) [pid 15580] close(14) = -1 EBADF (Bad file descriptor) [pid 15580] close(15) = -1 EBADF (Bad file descriptor) [pid 15580] close(16) = -1 EBADF (Bad file descriptor) [pid 15580] close(17) = -1 EBADF (Bad file descriptor) [pid 15580] close(18) = -1 EBADF (Bad file descriptor) [pid 15580] close(19) = -1 EBADF (Bad file descriptor) [pid 15580] close(20) = -1 EBADF (Bad file descriptor) [pid 15580] close(21) = -1 EBADF (Bad file descriptor) [pid 15580] close(22) = -1 EBADF (Bad file descriptor) [pid 15580] close(23) = -1 EBADF (Bad file descriptor) [pid 15580] close(24) = -1 EBADF (Bad file descriptor) [pid 15580] close(25) = -1 EBADF (Bad file descriptor) [pid 15580] close(26) = -1 EBADF (Bad file descriptor) [pid 15580] close(27) = -1 EBADF (Bad file descriptor) [pid 15580] close(28) = -1 EBADF (Bad file descriptor) [pid 15580] close(29) = -1 EBADF (Bad file descriptor) [pid 15580] exit_group(0 [pid 15585] <... futex resumed>) = ? [pid 15580] <... exit_group resumed>) = ? [pid 15585] +++ exited with 0 +++ [pid 15584] <... futex resumed>) = ? [pid 15584] +++ exited with 0 +++ [pid 15581] <... futex resumed>) = ? [pid 15581] +++ exited with 0 +++ [pid 15580] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9846, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 289] umount2("./2578", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2578", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2578/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2578/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2578/binderfs") = 0 [ 310.261571][T15581] EXT4-fs (loop0): 1 truncate cleaned up [ 310.267184][T15581] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue [pid 289] umount2("./2578/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2578/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2578/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2578/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2578/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2578/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2578") = 0 [pid 289] mkdir("./2579", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9850 ./strace-static-x86_64: Process 15586 attached [pid 15586] set_robust_list(0x555556f746a0, 24) = 0 [pid 15586] chdir("./2579") = 0 [pid 15586] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15586] setpgid(0, 0) = 0 [pid 15586] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15586] write(3, "1000", 4) = 4 [pid 15586] close(3) = 0 [pid 15586] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15586] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15586] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15586] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15586] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15586] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15586] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15586] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0}./strace-static-x86_64: Process 15587 attached [pid 15587] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15587] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15587] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15586] <... clone3 resumed> => {parent_tid=[9851]}, 88) = 9851 [pid 15586] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15586] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15587] <... futex resumed>) = 0 [pid 15586] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15587] memfd_create("syzkaller", 0) = 3 [pid 15587] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15587] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15587] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15587] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15587] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15587] close(3) = 0 [pid 15587] mkdir("./file1", 0777) = 0 [pid 15587] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15587] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15587] chdir("./file1") = 0 [pid 15587] ioctl(4, LOOP_CLR_FD) = 0 [pid 15587] close(4) = 0 [pid 15587] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15587] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15586] <... futex resumed>) = 0 [pid 15586] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15586] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15587] <... futex resumed>) = 0 [pid 15587] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15587] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15586] <... futex resumed>) = 0 [pid 15586] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15586] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15586] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 15587] <... futex resumed>) = 1 [pid 15587] memfd_create("syzkaller", 0 [pid 15586] <... mmap resumed>) = 0x7fbc5ef0c000 [pid 15586] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15586] rt_sigprocmask(SIG_BLOCK, ~[], [pid 15587] <... memfd_create resumed>) = 4 [pid 15586] <... rt_sigprocmask resumed>[], 8) = 0 [pid 15586] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} [pid 15587] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0./strace-static-x86_64: Process 15591 attached [pid 15586] <... clone3 resumed> => {parent_tid=[9852]}, 88) = 9852 [pid 15586] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15586] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15586] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15591] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 15587] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 15586] <... futex resumed>) = 0 [pid 15586] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 15586] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15586] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15591] <... set_robust_list resumed>) = 0 [pid 15587] close(4 [pid 15586] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[9853]}, 88) = 9853 [pid 15587] <... close resumed>) = 0 [pid 15591] rt_sigprocmask(SIG_SETMASK, [], [pid 15586] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15586] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15586] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15591] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15587] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 15592 attached [pid 15592] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 15592] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15592] memfd_create("syzkaller", 0) = 4 [pid 15591] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 15587] <... futex resumed>) = 0 [pid 15592] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 15587] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15592] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 15592] close(4) = 0 [pid 15592] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15586] <... futex resumed>) = 0 [pid 15586] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15586] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15592] <... futex resumed>) = 1 [pid 15592] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15587] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15587] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 15591] <... setxattr resumed>) = 0 [pid 15591] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15591] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15587] <... open resumed>) = 4 [pid 15587] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15586] <... futex resumed>) = 0 [pid 15587] <... futex resumed>) = 1 [pid 15586] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15587] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 15586] <... futex resumed>) = 0 [pid 15586] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15587] <... mount resumed>) = 0 [pid 15587] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15586] <... futex resumed>) = 0 [pid 15586] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15587] <... futex resumed>) = 1 [pid 15586] <... futex resumed>) = 0 [pid 15586] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15587] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 15587] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15586] <... futex resumed>) = 0 [pid 15586] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15587] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 15586] <... futex resumed>) = 0 [pid 15586] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15587] <... write resumed>) = 262144 [pid 15587] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15586] <... futex resumed>) = 0 [pid 15586] close(3) = 0 [pid 15586] close(4) = 0 [pid 15586] close(5 [pid 15587] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15586] <... close resumed>) = 0 [pid 15586] close(6) = -1 EBADF (Bad file descriptor) [pid 15586] close(7) = -1 EBADF (Bad file descriptor) [pid 15586] close(8) = -1 EBADF (Bad file descriptor) [pid 15586] close(9) = -1 EBADF (Bad file descriptor) [pid 15586] close(10) = -1 EBADF (Bad file descriptor) [pid 15586] close(11) = -1 EBADF (Bad file descriptor) [pid 15586] close(12) = -1 EBADF (Bad file descriptor) [pid 15586] close(13) = -1 EBADF (Bad file descriptor) [pid 15586] close(14) = -1 EBADF (Bad file descriptor) [pid 15586] close(15) = -1 EBADF (Bad file descriptor) [pid 15586] close(16) = -1 EBADF (Bad file descriptor) [pid 15586] close(17) = -1 EBADF (Bad file descriptor) [pid 15586] close(18) = -1 EBADF (Bad file descriptor) [pid 15586] close(19) = -1 EBADF (Bad file descriptor) [pid 15586] close(20) = -1 EBADF (Bad file descriptor) [pid 15586] close(21) = -1 EBADF (Bad file descriptor) [pid 15586] close(22) = -1 EBADF (Bad file descriptor) [pid 15586] close(23) = -1 EBADF (Bad file descriptor) [pid 15586] close(24) = -1 EBADF (Bad file descriptor) [pid 15586] close(25) = -1 EBADF (Bad file descriptor) [pid 15586] close(26) = -1 EBADF (Bad file descriptor) [pid 15586] close(27) = -1 EBADF (Bad file descriptor) [pid 15586] close(28) = -1 EBADF (Bad file descriptor) [pid 15586] close(29) = -1 EBADF (Bad file descriptor) [pid 15586] exit_group(0) = ? [pid 15587] <... futex resumed>) = ? [pid 15592] <... futex resumed>) = ? [pid 15587] +++ exited with 0 +++ [pid 15592] +++ exited with 0 +++ [pid 15591] <... futex resumed>) = ? [pid 15591] +++ exited with 0 +++ [pid 15586] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9850, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2579", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2579", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2579/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2579/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2579/binderfs") = 0 [ 310.428997][T15587] EXT4-fs (loop0): 1 truncate cleaned up [ 310.434920][T15587] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue [pid 289] umount2("./2579/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2579/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2579/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2579/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2579/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2579/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2579") = 0 [pid 289] mkdir("./2580", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9854 ./strace-static-x86_64: Process 15593 attached [pid 15593] set_robust_list(0x555556f746a0, 24) = 0 [pid 15593] chdir("./2580") = 0 [pid 15593] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15593] setpgid(0, 0) = 0 [pid 15593] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15593] write(3, "1000", 4) = 4 [pid 15593] close(3) = 0 [pid 15593] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15593] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15593] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15593] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15593] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15593] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15593] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15593] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[9855]}, 88) = 9855 [pid 15593] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15593] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 15594 attached [pid 15593] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15594] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15594] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15594] memfd_create("syzkaller", 0) = 3 [pid 15594] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15594] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15594] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15594] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15594] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15594] close(3) = 0 [pid 15594] mkdir("./file1", 0777) = 0 [pid 15594] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15594] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15594] chdir("./file1") = 0 [pid 15594] ioctl(4, LOOP_CLR_FD) = 0 [pid 15594] close(4) = 0 [pid 15594] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15594] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15593] <... futex resumed>) = 0 [pid 15593] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15594] <... futex resumed>) = 0 [pid 15593] <... futex resumed>) = 1 [pid 15594] setxattr("./file1", NULL, NULL, 0, 0 [pid 15593] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15594] <... setxattr resumed>) = -1 EFAULT (Bad address) [pid 15594] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15593] <... futex resumed>) = 0 [pid 15594] memfd_create("syzkaller", 0 [pid 15593] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15594] <... memfd_create resumed>) = 4 [pid 15593] <... futex resumed>) = 0 [pid 15594] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 15593] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15594] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 15593] <... futex resumed>) = 0 [pid 15594] close(4 [pid 15593] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 15594] <... close resumed>) = 0 [pid 15593] <... mmap resumed>) = 0x7fbc5ef0c000 [pid 15594] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15593] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE [pid 15594] <... futex resumed>) = 0 [pid 15593] <... mprotect resumed>) = 0 [pid 15594] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15593] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15593] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[9856]}, 88) = 9856 [pid 15593] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15593] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15593] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15594] <... futex resumed>) = 0 [pid 15593] <... futex resumed>) = 1 [pid 15594] memfd_create("syzkaller", 0 [pid 15593] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15594] <... memfd_create resumed>) = 4 [pid 15594] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15594] close(4) = 0 [pid 15594] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15593] <... futex resumed>) = 0 [pid 15594] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 15593] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 15597 attached [pid 15594] <... open resumed>) = 4 [pid 15593] <... futex resumed>) = 0 [pid 15594] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15593] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15594] <... futex resumed>) = 0 [pid 15593] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15594] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 15593] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15597] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 15594] <... mount resumed>) = 0 [pid 15593] <... futex resumed>) = 0 [pid 15594] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15593] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15594] <... futex resumed>) = 0 [pid 15593] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15594] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 15593] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15594] <... open resumed>) = 5 [pid 15593] <... futex resumed>) = 0 [pid 15597] <... set_robust_list resumed>) = 0 [pid 15594] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15593] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15594] <... futex resumed>) = 0 [pid 15593] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15594] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 15593] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15597] rt_sigprocmask(SIG_SETMASK, [], [pid 15593] <... futex resumed>) = 0 [pid 15593] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15597] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15597] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 15594] <... write resumed>) = 262144 [pid 15594] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15594] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15593] <... futex resumed>) = 0 [pid 15597] <... setxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 15597] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15593] close(3 [pid 15597] <... futex resumed>) = 0 [pid 15597] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15593] <... close resumed>) = 0 [pid 15593] close(4) = 0 [pid 15593] close(5) = 0 [pid 15593] close(6) = -1 EBADF (Bad file descriptor) [pid 15593] close(7) = -1 EBADF (Bad file descriptor) [pid 15593] close(8) = -1 EBADF (Bad file descriptor) [pid 15593] close(9) = -1 EBADF (Bad file descriptor) [pid 15593] close(10) = -1 EBADF (Bad file descriptor) [pid 15593] close(11) = -1 EBADF (Bad file descriptor) [pid 15593] close(12) = -1 EBADF (Bad file descriptor) [pid 15593] close(13) = -1 EBADF (Bad file descriptor) [pid 15593] close(14) = -1 EBADF (Bad file descriptor) [pid 15593] close(15) = -1 EBADF (Bad file descriptor) [pid 15593] close(16) = -1 EBADF (Bad file descriptor) [pid 15593] close(17) = -1 EBADF (Bad file descriptor) [pid 15593] close(18) = -1 EBADF (Bad file descriptor) [pid 15593] close(19) = -1 EBADF (Bad file descriptor) [pid 15593] close(20) = -1 EBADF (Bad file descriptor) [pid 15593] close(21) = -1 EBADF (Bad file descriptor) [pid 15593] close(22) = -1 EBADF (Bad file descriptor) [pid 15593] close(23) = -1 EBADF (Bad file descriptor) [pid 15593] close(24) = -1 EBADF (Bad file descriptor) [pid 15593] close(25) = -1 EBADF (Bad file descriptor) [pid 15593] close(26) = -1 EBADF (Bad file descriptor) [pid 15593] close(27) = -1 EBADF (Bad file descriptor) [pid 15593] close(28) = -1 EBADF (Bad file descriptor) [pid 15593] close(29) = -1 EBADF (Bad file descriptor) [pid 15593] exit_group(0 [pid 15597] <... futex resumed>) = ? [pid 15593] <... exit_group resumed>) = ? [pid 15597] +++ exited with 0 +++ [pid 15594] <... futex resumed>) = ? [pid 15594] +++ exited with 0 +++ [pid 15593] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9854, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] umount2("./2580", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2580", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2580/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2580/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2580/binderfs") = 0 [ 310.580934][T15594] EXT4-fs (loop0): 1 truncate cleaned up [ 310.586434][T15594] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue [ 310.614540][T15597] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5886: Corrupt filesystem [pid 289] umount2("./2580/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2580/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2580/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2580/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2580/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2580/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2580") = 0 [pid 289] mkdir("./2581", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9857 ./strace-static-x86_64: Process 15598 attached [pid 15598] set_robust_list(0x555556f746a0, 24) = 0 [pid 15598] chdir("./2581") = 0 [pid 15598] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15598] setpgid(0, 0) = 0 [pid 15598] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15598] write(3, "1000", 4) = 4 [pid 15598] close(3) = 0 [pid 15598] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15598] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15598] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15598] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15598] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15598] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15598] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15598] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0}./strace-static-x86_64: Process 15599 attached => {parent_tid=[9858]}, 88) = 9858 [pid 15598] rt_sigprocmask(SIG_SETMASK, [], [pid 15599] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15599] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15599] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15598] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15598] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15599] <... futex resumed>) = 0 [pid 15598] <... futex resumed>) = 1 [pid 15598] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15599] memfd_create("syzkaller", 0) = 3 [pid 15599] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15599] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15599] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15599] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15599] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15599] close(3) = 0 [pid 15599] mkdir("./file1", 0777) = 0 [pid 15599] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15599] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15599] chdir("./file1") = 0 [pid 15599] ioctl(4, LOOP_CLR_FD) = 0 [pid 15599] close(4) = 0 [pid 15599] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15599] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15598] <... futex resumed>) = 0 [pid 15598] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15598] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15599] <... futex resumed>) = 0 [pid 15599] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15599] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15598] <... futex resumed>) = 0 [pid 15598] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15598] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15598] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15598] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15598] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15598] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[9859]}, 88) = 9859 [pid 15598] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15598] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15598] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15598] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 15598] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15598] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15598] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[9860]}, 88) = 9860 [pid 15598] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15598] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15598] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15599] <... futex resumed>) = 1 [pid 15599] memfd_create("syzkaller", 0) = 4 [pid 15599] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15599] close(4) = 0 [pid 15599] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15599] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 15602 attached [pid 15602] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 15602] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15602] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0) = 0 [pid 15602] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15602] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 15603 attached [pid 15603] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 15603] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15603] memfd_create("syzkaller", 0) = 4 [pid 15603] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15603] close(4) = 0 [pid 15603] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15598] <... futex resumed>) = 0 [pid 15598] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15599] <... futex resumed>) = 0 [pid 15598] <... futex resumed>) = 1 [pid 15599] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 15598] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15603] <... futex resumed>) = 1 [pid 15599] <... open resumed>) = 4 [pid 15599] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15598] <... futex resumed>) = 0 [pid 15599] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 15598] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15599] <... mount resumed>) = 0 [pid 15598] <... futex resumed>) = 0 [pid 15599] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15598] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15599] <... futex resumed>) = 0 [pid 15598] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15599] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 15598] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15599] <... open resumed>) = 5 [pid 15598] <... futex resumed>) = 0 [pid 15599] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15598] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15599] <... futex resumed>) = 0 [pid 15598] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15599] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 15598] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15598] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15603] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15599] <... write resumed>) = 262144 [pid 15599] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15598] <... futex resumed>) = 0 [pid 15598] close(3) = 0 [pid 15598] close(4) = 0 [pid 15598] close(5) = 0 [pid 15598] close(6) = -1 EBADF (Bad file descriptor) [pid 15598] close(7) = -1 EBADF (Bad file descriptor) [pid 15598] close(8) = -1 EBADF (Bad file descriptor) [pid 15598] close(9) = -1 EBADF (Bad file descriptor) [pid 15598] close(10) = -1 EBADF (Bad file descriptor) [pid 15598] close(11) = -1 EBADF (Bad file descriptor) [pid 15598] close(12) = -1 EBADF (Bad file descriptor) [pid 15598] close(13) = -1 EBADF (Bad file descriptor) [pid 15598] close(14) = -1 EBADF (Bad file descriptor) [pid 15598] close(15) = -1 EBADF (Bad file descriptor) [pid 15598] close(16) = -1 EBADF (Bad file descriptor) [pid 15598] close(17) = -1 EBADF (Bad file descriptor) [pid 15598] close(18) = -1 EBADF (Bad file descriptor) [pid 15598] close(19) = -1 EBADF (Bad file descriptor) [pid 15598] close(20) = -1 EBADF (Bad file descriptor) [pid 15598] close(21) = -1 EBADF (Bad file descriptor) [pid 15598] close(22) = -1 EBADF (Bad file descriptor) [pid 15598] close(23) = -1 EBADF (Bad file descriptor) [pid 15598] close(24) = -1 EBADF (Bad file descriptor) [pid 15598] close(25) = -1 EBADF (Bad file descriptor) [pid 15598] close(26) = -1 EBADF (Bad file descriptor) [pid 15598] close(27) = -1 EBADF (Bad file descriptor) [pid 15598] close(28) = -1 EBADF (Bad file descriptor) [pid 15598] close(29) = -1 EBADF (Bad file descriptor) [pid 15598] exit_group(0) = ? [pid 15602] <... futex resumed>) = ? [pid 15602] +++ exited with 0 +++ [pid 15599] <... futex resumed>) = ? [pid 15599] +++ exited with 0 +++ [pid 15603] <... futex resumed>) = ? [pid 15603] +++ exited with 0 +++ [pid 15598] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9857, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2581", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2581", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2581/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2581/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2581/binderfs") = 0 [ 310.687779][T15599] EXT4-fs (loop0): 1 truncate cleaned up [ 310.693302][T15599] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue [pid 289] umount2("./2581/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2581/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2581/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2581/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2581/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2581/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2581") = 0 [pid 289] mkdir("./2582", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9861 ./strace-static-x86_64: Process 15604 attached [pid 15604] set_robust_list(0x555556f746a0, 24) = 0 [pid 15604] chdir("./2582") = 0 [pid 15604] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15604] setpgid(0, 0) = 0 [pid 15604] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15604] write(3, "1000", 4) = 4 [pid 15604] close(3) = 0 [pid 15604] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15604] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15604] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15604] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15604] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15604] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15604] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15604] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0}./strace-static-x86_64: Process 15605 attached => {parent_tid=[9862]}, 88) = 9862 [pid 15605] set_robust_list(0x7fbc6730d9a0, 24 [pid 15604] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15604] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15604] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15605] <... set_robust_list resumed>) = 0 [pid 15605] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15605] memfd_create("syzkaller", 0) = 3 [pid 15605] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15605] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15605] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15605] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15605] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15605] close(3) = 0 [pid 15605] mkdir("./file1", 0777) = 0 [pid 15605] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15605] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15605] chdir("./file1") = 0 [pid 15605] ioctl(4, LOOP_CLR_FD) = 0 [pid 15605] close(4) = 0 [pid 15605] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15604] <... futex resumed>) = 0 [pid 15604] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15605] setxattr("./file1", NULL, NULL, 0, 0 [pid 15604] <... futex resumed>) = 0 [pid 15604] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15605] <... setxattr resumed>) = -1 EFAULT (Bad address) [pid 15605] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15604] <... futex resumed>) = 0 [pid 15605] <... futex resumed>) = 1 [pid 15605] memfd_create("syzkaller", 0 [pid 15604] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15604] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15605] <... memfd_create resumed>) = 4 [pid 15604] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15605] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 15604] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE [pid 15605] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 15604] <... mprotect resumed>) = 0 [pid 15605] close(4 [pid 15604] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15604] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[9863]}, 88) = 9863 [pid 15604] rt_sigprocmask(SIG_SETMASK, [], [pid 15605] <... close resumed>) = 0 [pid 15604] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15605] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15604] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15604] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15604] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15608 attached [pid 15608] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 15605] <... futex resumed>) = 1 [pid 15604] <... futex resumed>) = 0 [pid 15608] rt_sigprocmask(SIG_SETMASK, [], [pid 15604] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15608] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15608] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 15605] memfd_create("syzkaller", 0) = 4 [pid 15608] <... setxattr resumed>) = 0 [pid 15605] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15608] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15608] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15605] close(4) = 0 [pid 15605] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15604] <... futex resumed>) = 0 [pid 15604] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15604] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15605] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 15605] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15604] <... futex resumed>) = 0 [pid 15604] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15604] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15605] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 15605] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15604] <... futex resumed>) = 0 [pid 15604] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15604] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15605] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 15605] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15604] <... futex resumed>) = 0 [pid 15604] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15604] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15605] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 15605] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15604] <... futex resumed>) = 0 [pid 15604] close(3) = 0 [pid 15604] close(4) = 0 [pid 15604] close(5 [pid 15605] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15604] <... close resumed>) = 0 [pid 15604] close(6) = -1 EBADF (Bad file descriptor) [pid 15604] close(7) = -1 EBADF (Bad file descriptor) [pid 15604] close(8) = -1 EBADF (Bad file descriptor) [pid 15604] close(9) = -1 EBADF (Bad file descriptor) [pid 15604] close(10) = -1 EBADF (Bad file descriptor) [pid 15604] close(11) = -1 EBADF (Bad file descriptor) [pid 15604] close(12) = -1 EBADF (Bad file descriptor) [pid 15604] close(13) = -1 EBADF (Bad file descriptor) [pid 15604] close(14) = -1 EBADF (Bad file descriptor) [pid 15604] close(15) = -1 EBADF (Bad file descriptor) [pid 15604] close(16) = -1 EBADF (Bad file descriptor) [pid 15604] close(17) = -1 EBADF (Bad file descriptor) [pid 15604] close(18) = -1 EBADF (Bad file descriptor) [pid 15604] close(19) = -1 EBADF (Bad file descriptor) [pid 15604] close(20) = -1 EBADF (Bad file descriptor) [pid 15604] close(21) = -1 EBADF (Bad file descriptor) [pid 15604] close(22) = -1 EBADF (Bad file descriptor) [pid 15604] close(23) = -1 EBADF (Bad file descriptor) [pid 15604] close(24) = -1 EBADF (Bad file descriptor) [pid 15604] close(25) = -1 EBADF (Bad file descriptor) [pid 15604] close(26) = -1 EBADF (Bad file descriptor) [pid 15604] close(27) = -1 EBADF (Bad file descriptor) [pid 15604] close(28) = -1 EBADF (Bad file descriptor) [pid 15604] close(29) = -1 EBADF (Bad file descriptor) [pid 15604] exit_group(0) = ? [pid 15608] <... futex resumed>) = ? [pid 15605] <... futex resumed>) = ? [pid 15608] +++ exited with 0 +++ [pid 15605] +++ exited with 0 +++ [pid 15604] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9861, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 289] umount2("./2582", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2582", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2582/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2582/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2582/binderfs") = 0 [ 310.773832][T15605] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2582/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2582/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2582/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2582/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2582/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2582/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2582") = 0 [pid 289] mkdir("./2583", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9864 ./strace-static-x86_64: Process 15609 attached [pid 15609] set_robust_list(0x555556f746a0, 24) = 0 [pid 15609] chdir("./2583") = 0 [pid 15609] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15609] setpgid(0, 0) = 0 [pid 15609] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15609] write(3, "1000", 4) = 4 [pid 15609] close(3) = 0 [pid 15609] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15609] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15609] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15609] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15609] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15609] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15609] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15609] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0}./strace-static-x86_64: Process 15610 attached => {parent_tid=[9865]}, 88) = 9865 [pid 15609] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15609] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15609] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15610] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15610] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15610] memfd_create("syzkaller", 0) = 3 [pid 15610] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15610] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15610] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15610] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15610] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15610] close(3) = 0 [pid 15610] mkdir("./file1", 0777) = 0 [pid 15610] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15610] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15610] chdir("./file1") = 0 [pid 15610] ioctl(4, LOOP_CLR_FD) = 0 [pid 15610] close(4) = 0 [pid 15610] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15610] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15609] <... futex resumed>) = 0 [pid 15609] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15609] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15610] <... futex resumed>) = 0 [pid 15610] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15610] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15609] <... futex resumed>) = 0 [pid 15609] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15609] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15609] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15609] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15609] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15609] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} [pid 15610] <... futex resumed>) = 1 ./strace-static-x86_64: Process 15613 attached [pid 15609] <... clone3 resumed> => {parent_tid=[9866]}, 88) = 9866 [pid 15609] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15610] memfd_create("syzkaller", 0 [pid 15609] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15610] <... memfd_create resumed>) = 4 [pid 15609] <... futex resumed>) = 0 [pid 15610] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15610] close(4 [pid 15609] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15610] <... close resumed>) = 0 [pid 15609] <... futex resumed>) = 0 [pid 15610] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15609] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 15610] <... futex resumed>) = 0 [pid 15609] <... mmap resumed>) = 0x7fbc5eeeb000 [pid 15610] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15609] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE [pid 15613] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 15609] <... mprotect resumed>) = 0 [pid 15613] <... set_robust_list resumed>) = 0 [pid 15613] rt_sigprocmask(SIG_SETMASK, [], [pid 15609] rt_sigprocmask(SIG_BLOCK, ~[], [pid 15613] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15609] <... rt_sigprocmask resumed>[], 8) = 0 [pid 15613] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 15609] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[9867]}, 88) = 9867 [pid 15613] <... setxattr resumed>) = 0 [pid 15609] rt_sigprocmask(SIG_SETMASK, [], [pid 15613] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15609] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15613] <... futex resumed>) = 0 [pid 15609] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15613] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15609] <... futex resumed>) = 0 ./strace-static-x86_64: Process 15614 attached [pid 15609] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15614] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 15614] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15614] memfd_create("syzkaller", 0) = 4 [pid 15614] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15614] close(4) = 0 [pid 15614] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15609] <... futex resumed>) = 0 [pid 15614] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15609] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15610] <... futex resumed>) = 0 [pid 15609] <... futex resumed>) = 1 [pid 15610] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 15609] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15610] <... open resumed>) = 4 [pid 15610] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15610] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15609] <... futex resumed>) = 0 [pid 15609] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15610] <... futex resumed>) = 0 [pid 15609] <... futex resumed>) = 1 [pid 15610] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 15609] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15610] <... mount resumed>) = 0 [pid 15610] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15610] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15609] <... futex resumed>) = 0 [pid 15610] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15609] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15610] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 15609] <... futex resumed>) = 0 [pid 15610] <... open resumed>) = 5 [pid 15609] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15610] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15609] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15610] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15609] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15610] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15609] <... futex resumed>) = 0 [pid 15610] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 15609] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15610] <... write resumed>) = 262144 [pid 15610] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15609] <... futex resumed>) = 0 [pid 15610] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15609] close(3) = 0 [pid 15609] close(4) = 0 [pid 15609] close(5) = 0 [pid 15609] close(6) = -1 EBADF (Bad file descriptor) [pid 15609] close(7) = -1 EBADF (Bad file descriptor) [pid 15609] close(8) = -1 EBADF (Bad file descriptor) [pid 15609] close(9) = -1 EBADF (Bad file descriptor) [pid 15609] close(10) = -1 EBADF (Bad file descriptor) [pid 15609] close(11) = -1 EBADF (Bad file descriptor) [pid 15609] close(12) = -1 EBADF (Bad file descriptor) [pid 15609] close(13) = -1 EBADF (Bad file descriptor) [pid 15609] close(14) = -1 EBADF (Bad file descriptor) [pid 15609] close(15) = -1 EBADF (Bad file descriptor) [pid 15609] close(16) = -1 EBADF (Bad file descriptor) [pid 15609] close(17) = -1 EBADF (Bad file descriptor) [pid 15609] close(18) = -1 EBADF (Bad file descriptor) [pid 15609] close(19) = -1 EBADF (Bad file descriptor) [pid 15609] close(20) = -1 EBADF (Bad file descriptor) [pid 15609] close(21) = -1 EBADF (Bad file descriptor) [pid 15609] close(22) = -1 EBADF (Bad file descriptor) [pid 15609] close(23) = -1 EBADF (Bad file descriptor) [pid 15609] close(24) = -1 EBADF (Bad file descriptor) [pid 15609] close(25) = -1 EBADF (Bad file descriptor) [pid 15609] close(26) = -1 EBADF (Bad file descriptor) [pid 15609] close(27) = -1 EBADF (Bad file descriptor) [pid 15609] close(28) = -1 EBADF (Bad file descriptor) [pid 15609] close(29) = -1 EBADF (Bad file descriptor) [pid 15609] exit_group(0 [pid 15610] <... futex resumed>) = ? [pid 15613] <... futex resumed>) = ? [pid 15609] <... exit_group resumed>) = ? [pid 15614] <... futex resumed>) = ? [pid 15613] +++ exited with 0 +++ [pid 15610] +++ exited with 0 +++ [pid 15614] +++ exited with 0 +++ [pid 15609] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9864, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2583", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2583", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2583/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2583/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2583/binderfs") = 0 [pid 289] umount2("./2583/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2583/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2583/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2583/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2583/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2583/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2583") = 0 [pid 289] mkdir("./2584", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9868 ./strace-static-x86_64: Process 15615 attached [pid 15615] set_robust_list(0x555556f746a0, 24) = 0 [pid 15615] chdir("./2584") = 0 [pid 15615] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15615] setpgid(0, 0) = 0 [pid 15615] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15615] write(3, "1000", 4) = 4 [pid 15615] close(3) = 0 [pid 15615] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15615] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15615] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15615] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15615] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15615] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15615] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15615] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[9869]}, 88) = 9869 [pid 15615] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15615] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15615] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15616 attached [pid 15616] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15616] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15616] memfd_create("syzkaller", 0) = 3 [pid 15616] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15616] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15616] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15616] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 310.906516][T15610] EXT4-fs (loop0): 1 truncate cleaned up [pid 15616] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15616] close(3) = 0 [pid 15616] mkdir("./file1", 0777) = 0 [pid 15616] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15616] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15616] chdir("./file1") = 0 [pid 15616] ioctl(4, LOOP_CLR_FD) = 0 [pid 15616] close(4) = 0 [pid 15616] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15615] <... futex resumed>) = 0 [pid 15615] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15615] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15616] <... futex resumed>) = 1 [pid 15616] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15616] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15615] <... futex resumed>) = 0 [pid 15615] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15615] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15615] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15615] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15615] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15615] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[9870]}, 88) = 9870 [pid 15615] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15615] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15615] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15615] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 15615] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15615] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15615] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[9871]}, 88) = 9871 [pid 15615] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15615] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15615] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15619 attached ./strace-static-x86_64: Process 15620 attached [pid 15619] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 15620] set_robust_list(0x7fbc5ef0b9a0, 24 [pid 15619] <... set_robust_list resumed>) = 0 [pid 15616] <... futex resumed>) = 1 [pid 15620] <... set_robust_list resumed>) = 0 [pid 15619] rt_sigprocmask(SIG_SETMASK, [], [pid 15616] memfd_create("syzkaller", 0 [pid 15620] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15620] memfd_create("syzkaller", 0) = 4 [pid 15620] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15620] close(4) = 0 [pid 15620] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15615] <... futex resumed>) = 0 [pid 15615] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15615] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15620] <... futex resumed>) = 1 [pid 15620] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 15619] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15620] <... open resumed>) = 4 [pid 15620] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15615] <... futex resumed>) = 0 [pid 15615] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15615] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15620] <... futex resumed>) = 1 [pid 15620] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 15620] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15615] <... futex resumed>) = 0 [pid 15615] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15615] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15620] <... futex resumed>) = 1 [pid 15620] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 15620] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15615] <... futex resumed>) = 0 [pid 15615] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15615] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15620] <... futex resumed>) = 1 [pid 15620] write(6, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 15619] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 15616] <... memfd_create resumed>) = 5 [pid 15620] <... write resumed>) = 262144 [pid 15620] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15615] <... futex resumed>) = 0 [pid 15620] <... futex resumed>) = 1 [pid 15620] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15616] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15616] close(5) = 0 [pid 15616] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15616] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15619] <... setxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 15619] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15619] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15615] close(3) = 0 [pid 15615] close(4) = 0 [pid 15615] close(5) = -1 EBADF (Bad file descriptor) [pid 15615] close(6) = 0 [pid 15615] close(7) = -1 EBADF (Bad file descriptor) [pid 15615] close(8) = -1 EBADF (Bad file descriptor) [pid 15615] close(9) = -1 EBADF (Bad file descriptor) [pid 15615] close(10) = -1 EBADF (Bad file descriptor) [pid 15615] close(11) = -1 EBADF (Bad file descriptor) [pid 15615] close(12) = -1 EBADF (Bad file descriptor) [pid 15615] close(13) = -1 EBADF (Bad file descriptor) [pid 15615] close(14) = -1 EBADF (Bad file descriptor) [pid 15615] close(15) = -1 EBADF (Bad file descriptor) [pid 15615] close(16) = -1 EBADF (Bad file descriptor) [pid 15615] close(17) = -1 EBADF (Bad file descriptor) [pid 15615] close(18) = -1 EBADF (Bad file descriptor) [pid 15615] close(19) = -1 EBADF (Bad file descriptor) [pid 15615] close(20) = -1 EBADF (Bad file descriptor) [pid 15615] close(21) = -1 EBADF (Bad file descriptor) [pid 15615] close(22) = -1 EBADF (Bad file descriptor) [pid 15615] close(23) = -1 EBADF (Bad file descriptor) [pid 15615] close(24) = -1 EBADF (Bad file descriptor) [pid 15615] close(25) = -1 EBADF (Bad file descriptor) [pid 15615] close(26) = -1 EBADF (Bad file descriptor) [pid 15615] close(27) = -1 EBADF (Bad file descriptor) [pid 15615] close(28) = -1 EBADF (Bad file descriptor) [pid 15615] close(29) = -1 EBADF (Bad file descriptor) [pid 15615] exit_group(0) = ? [pid 15616] <... futex resumed>) = ? [pid 15620] <... futex resumed>) = ? [pid 15620] +++ exited with 0 +++ [pid 15616] +++ exited with 0 +++ [pid 15619] <... futex resumed>) = ? [pid 15619] +++ exited with 0 +++ [pid 15615] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9868, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2584", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2584", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2584/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2584/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2584/binderfs") = 0 [ 310.969914][T15616] EXT4-fs (loop0): 1 truncate cleaned up [ 310.993820][T15619] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5886: Corrupt filesystem [pid 289] umount2("./2584/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2584/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2584/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2584/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2584/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2584/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2584") = 0 [pid 289] mkdir("./2585", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9872 ./strace-static-x86_64: Process 15621 attached [pid 15621] set_robust_list(0x555556f746a0, 24) = 0 [pid 15621] chdir("./2585") = 0 [pid 15621] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15621] setpgid(0, 0) = 0 [pid 15621] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15621] write(3, "1000", 4) = 4 [pid 15621] close(3) = 0 [pid 15621] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15621] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15621] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15621] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15621] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15621] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15621] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15621] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[9873]}, 88) = 9873 [pid 15621] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 15622 attached [pid 15621] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15622] set_robust_list(0x7fbc6730d9a0, 24 [pid 15621] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15622] <... set_robust_list resumed>) = 0 [pid 15622] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15622] memfd_create("syzkaller", 0) = 3 [pid 15622] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15622] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15622] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15622] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15622] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15622] close(3) = 0 [pid 15622] mkdir("./file1", 0777) = 0 [pid 15622] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15622] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15622] chdir("./file1") = 0 [pid 15622] ioctl(4, LOOP_CLR_FD) = 0 [pid 15622] close(4) = 0 [pid 15622] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15621] <... futex resumed>) = 0 [pid 15621] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15621] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15622] <... futex resumed>) = 1 [pid 15622] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15622] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15621] <... futex resumed>) = 0 [pid 15621] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15621] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15621] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15621] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15621] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15621] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[9874]}, 88) = 9874 [pid 15621] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15621] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15621] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15621] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 15621] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15621] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15621] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[9875]}, 88) = 9875 [pid 15621] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15621] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15621] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15622] <... futex resumed>) = 1 [pid 15622] memfd_create("syzkaller", 0) = 4 ./strace-static-x86_64: Process 15626 attached [pid 15622] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15622] close(4) = 0 [pid 15622] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15622] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 15625 attached [pid 15625] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 15625] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15625] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 15626] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 15626] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15625] <... setxattr resumed>) = 0 [pid 15626] memfd_create("syzkaller", 0 [pid 15625] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15625] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15626] <... memfd_create resumed>) = 4 [pid 15626] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15626] close(4) = 0 [pid 15626] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15626] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15621] <... futex resumed>) = 0 [pid 15621] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15621] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15622] <... futex resumed>) = 0 [pid 15622] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 15622] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15621] <... futex resumed>) = 0 [pid 15622] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15621] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15622] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15621] <... futex resumed>) = 0 [pid 15622] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 15621] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15622] <... mount resumed>) = 0 [pid 15622] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15621] <... futex resumed>) = 0 [pid 15622] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 15621] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15622] <... open resumed>) = 5 [pid 15621] <... futex resumed>) = 0 [pid 15622] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15621] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15622] <... futex resumed>) = 0 [pid 15621] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15622] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15621] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15622] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15621] <... futex resumed>) = 0 [pid 15622] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 15621] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15622] <... write resumed>) = 262144 [pid 15622] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15621] <... futex resumed>) = 0 [pid 15621] close(3) = 0 [pid 15621] close(4) = 0 [pid 15621] close(5 [pid 15622] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15621] <... close resumed>) = 0 [pid 15621] close(6) = -1 EBADF (Bad file descriptor) [pid 15621] close(7) = -1 EBADF (Bad file descriptor) [pid 15621] close(8) = -1 EBADF (Bad file descriptor) [pid 15621] close(9) = -1 EBADF (Bad file descriptor) [pid 15621] close(10) = -1 EBADF (Bad file descriptor) [pid 15621] close(11) = -1 EBADF (Bad file descriptor) [pid 15621] close(12) = -1 EBADF (Bad file descriptor) [pid 15621] close(13) = -1 EBADF (Bad file descriptor) [pid 15621] close(14) = -1 EBADF (Bad file descriptor) [pid 15621] close(15) = -1 EBADF (Bad file descriptor) [pid 15621] close(16) = -1 EBADF (Bad file descriptor) [pid 15621] close(17) = -1 EBADF (Bad file descriptor) [pid 15621] close(18) = -1 EBADF (Bad file descriptor) [pid 15621] close(19) = -1 EBADF (Bad file descriptor) [pid 15621] close(20) = -1 EBADF (Bad file descriptor) [pid 15621] close(21) = -1 EBADF (Bad file descriptor) [pid 15621] close(22) = -1 EBADF (Bad file descriptor) [pid 15621] close(23) = -1 EBADF (Bad file descriptor) [pid 15621] close(24) = -1 EBADF (Bad file descriptor) [pid 15621] close(25) = -1 EBADF (Bad file descriptor) [pid 15621] close(26) = -1 EBADF (Bad file descriptor) [pid 15621] close(27) = -1 EBADF (Bad file descriptor) [pid 15621] close(28) = -1 EBADF (Bad file descriptor) [pid 15621] close(29) = -1 EBADF (Bad file descriptor) [pid 15621] exit_group(0) = ? [pid 15622] <... futex resumed>) = ? [pid 15622] +++ exited with 0 +++ [pid 15626] <... futex resumed>) = ? [pid 15626] +++ exited with 0 +++ [pid 15625] <... futex resumed>) = ? [pid 15625] +++ exited with 0 +++ [pid 15621] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9872, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 289] umount2("./2585", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2585", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2585/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2585/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2585/binderfs") = 0 [pid 289] umount2("./2585/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2585/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2585/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2585/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2585/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2585/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2585") = 0 [pid 289] mkdir("./2586", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9876 ./strace-static-x86_64: Process 15627 attached [pid 15627] set_robust_list(0x555556f746a0, 24) = 0 [pid 15627] chdir("./2586") = 0 [pid 15627] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15627] setpgid(0, 0) = 0 [pid 15627] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15627] write(3, "1000", 4) = 4 [pid 15627] close(3) = 0 [pid 15627] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15627] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15627] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15627] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15627] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15627] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15627] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15627] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[9877]}, 88) = 9877 [pid 15627] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15627] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15627] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15628 attached [ 311.101618][T15622] EXT4-fs (loop0): 1 truncate cleaned up [pid 15628] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15628] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15628] memfd_create("syzkaller", 0) = 3 [pid 15628] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15628] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15628] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15628] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15628] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15628] close(3) = 0 [pid 15628] mkdir("./file1", 0777) = 0 [pid 15628] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15628] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15628] chdir("./file1") = 0 [pid 15628] ioctl(4, LOOP_CLR_FD) = 0 [pid 15628] close(4) = 0 [pid 15628] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15627] <... futex resumed>) = 0 [pid 15627] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15627] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15628] <... futex resumed>) = 1 [pid 15628] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15628] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15627] <... futex resumed>) = 0 [pid 15627] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15627] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15627] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15627] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15627] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15627] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} [pid 15628] <... futex resumed>) = 1 [pid 15628] memfd_create("syzkaller", 0 [pid 15627] <... clone3 resumed> => {parent_tid=[9878]}, 88) = 9878 [pid 15627] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15627] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 15631 attached [pid 15628] <... memfd_create resumed>) = 4 [pid 15627] <... futex resumed>) = 0 [pid 15627] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15628] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15628] close(4) = 0 [pid 15628] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15628] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15631] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 15631] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15631] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0) = 0 [pid 15631] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15631] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15627] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 15627] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15627] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15627] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[9879]}, 88) = 9879 [pid 15627] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15627] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15627] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15632 attached [pid 15632] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 15632] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15632] memfd_create("syzkaller", 0) = 4 [pid 15632] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15632] close(4) = 0 [pid 15632] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15627] <... futex resumed>) = 0 [pid 15627] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15628] <... futex resumed>) = 0 [pid 15627] <... futex resumed>) = 1 [pid 15628] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 15627] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15632] <... futex resumed>) = 1 [pid 15628] <... open resumed>) = 4 [pid 15632] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15628] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15627] <... futex resumed>) = 0 [pid 15628] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 15627] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15628] <... mount resumed>) = 0 [pid 15627] <... futex resumed>) = 0 [pid 15628] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15627] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15628] <... futex resumed>) = 0 [pid 15627] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15628] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 15627] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15628] <... open resumed>) = 5 [pid 15627] <... futex resumed>) = 0 [pid 15628] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15627] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15628] <... futex resumed>) = 0 [pid 15627] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15628] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 15627] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15627] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15628] <... write resumed>) = 262144 [pid 15628] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15627] <... futex resumed>) = 0 [pid 15627] close(3) = 0 [pid 15627] close(4) = 0 [pid 15627] close(5 [pid 15628] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15627] <... close resumed>) = 0 [pid 15627] close(6) = -1 EBADF (Bad file descriptor) [pid 15627] close(7) = -1 EBADF (Bad file descriptor) [pid 15627] close(8) = -1 EBADF (Bad file descriptor) [pid 15627] close(9) = -1 EBADF (Bad file descriptor) [pid 15627] close(10) = -1 EBADF (Bad file descriptor) [pid 15627] close(11) = -1 EBADF (Bad file descriptor) [pid 15627] close(12) = -1 EBADF (Bad file descriptor) [pid 15627] close(13) = -1 EBADF (Bad file descriptor) [pid 15627] close(14) = -1 EBADF (Bad file descriptor) [pid 15627] close(15) = -1 EBADF (Bad file descriptor) [pid 15627] close(16) = -1 EBADF (Bad file descriptor) [pid 15627] close(17) = -1 EBADF (Bad file descriptor) [pid 15627] close(18) = -1 EBADF (Bad file descriptor) [pid 15627] close(19) = -1 EBADF (Bad file descriptor) [pid 15627] close(20) = -1 EBADF (Bad file descriptor) [pid 15627] close(21) = -1 EBADF (Bad file descriptor) [pid 15627] close(22) = -1 EBADF (Bad file descriptor) [pid 15627] close(23) = -1 EBADF (Bad file descriptor) [pid 15627] close(24) = -1 EBADF (Bad file descriptor) [pid 15627] close(25) = -1 EBADF (Bad file descriptor) [pid 15627] close(26) = -1 EBADF (Bad file descriptor) [pid 15627] close(27) = -1 EBADF (Bad file descriptor) [pid 15627] close(28) = -1 EBADF (Bad file descriptor) [pid 15627] close(29) = -1 EBADF (Bad file descriptor) [pid 15627] exit_group(0) = ? [pid 15631] <... futex resumed>) = ? [pid 15628] <... futex resumed>) = ? [pid 15631] +++ exited with 0 +++ [pid 15628] +++ exited with 0 +++ [pid 15632] <... futex resumed>) = ? [pid 15632] +++ exited with 0 +++ [pid 15627] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9876, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2586", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2586", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2586/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2586/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2586/binderfs") = 0 [ 311.173316][T15628] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2586/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2586/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2586/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2586/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2586/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2586/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2586") = 0 [pid 289] mkdir("./2587", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9880 ./strace-static-x86_64: Process 15633 attached [pid 15633] set_robust_list(0x555556f746a0, 24) = 0 [pid 15633] chdir("./2587") = 0 [pid 15633] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15633] setpgid(0, 0) = 0 [pid 15633] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15633] write(3, "1000", 4) = 4 [pid 15633] close(3) = 0 [pid 15633] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15633] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15633] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15633] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15633] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15633] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15633] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15633] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[9881]}, 88) = 9881 [pid 15633] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15633] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15633] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15634 attached [pid 15634] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15634] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15634] memfd_create("syzkaller", 0) = 3 [pid 15634] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15634] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15634] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15634] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15634] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15634] close(3) = 0 [pid 15634] mkdir("./file1", 0777) = 0 [pid 15634] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15634] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15634] chdir("./file1") = 0 [pid 15634] ioctl(4, LOOP_CLR_FD) = 0 [pid 15634] close(4) = 0 [pid 15634] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15633] <... futex resumed>) = 0 [pid 15633] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15633] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15634] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15634] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15633] <... futex resumed>) = 0 [pid 15633] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15633] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15633] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15633] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15633] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15633] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} [pid 15634] memfd_create("syzkaller", 0 [pid 15633] <... clone3 resumed> => {parent_tid=[9882]}, 88) = 9882 [pid 15633] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15633] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15633] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15633] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 15633] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15633] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15633] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[9883]}, 88) = 9883 [pid 15633] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15633] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15633] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15637 attached ./strace-static-x86_64: Process 15638 attached [pid 15638] set_robust_list(0x7fbc5ef0b9a0, 24 [pid 15637] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 15638] <... set_robust_list resumed>) = 0 [pid 15637] <... set_robust_list resumed>) = 0 [pid 15638] rt_sigprocmask(SIG_SETMASK, [], [pid 15637] rt_sigprocmask(SIG_SETMASK, [], [pid 15638] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15637] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15638] memfd_create("syzkaller", 0 [pid 15637] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0) = 0 [pid 15638] <... memfd_create resumed>) = 4 [pid 15638] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15638] close(4) = 0 [pid 15638] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15633] <... futex resumed>) = 0 [pid 15633] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15633] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15638] <... futex resumed>) = 1 [pid 15638] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 15637] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15637] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15638] <... open resumed>) = 4 [pid 15638] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15633] <... futex resumed>) = 0 [pid 15633] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15633] futex(0x7fbc673d96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15637] <... futex resumed>) = 0 [pid 15637] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 15637] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15633] <... futex resumed>) = 0 [pid 15633] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15633] futex(0x7fbc673d96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15637] <... futex resumed>) = 1 [pid 15637] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 15637] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15633] <... futex resumed>) = 0 [pid 15633] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15633] futex(0x7fbc673d96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15638] <... futex resumed>) = 1 [pid 15637] <... futex resumed>) = 1 [pid 15638] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15637] write(6, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 15634] <... memfd_create resumed>) = 5 [pid 15634] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15634] close(5) = 0 [pid 15634] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15634] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15637] <... write resumed>) = 262144 [pid 15637] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15633] <... futex resumed>) = 0 [pid 15633] close(3) = 0 [pid 15633] close(4) = 0 [pid 15633] close(5) = -1 EBADF (Bad file descriptor) [pid 15633] close(6) = 0 [pid 15637] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15633] close(7) = -1 EBADF (Bad file descriptor) [pid 15633] close(8) = -1 EBADF (Bad file descriptor) [pid 15633] close(9) = -1 EBADF (Bad file descriptor) [pid 15633] close(10) = -1 EBADF (Bad file descriptor) [pid 15633] close(11) = -1 EBADF (Bad file descriptor) [pid 15633] close(12) = -1 EBADF (Bad file descriptor) [pid 15633] close(13) = -1 EBADF (Bad file descriptor) [pid 15633] close(14) = -1 EBADF (Bad file descriptor) [pid 15633] close(15) = -1 EBADF (Bad file descriptor) [pid 15633] close(16) = -1 EBADF (Bad file descriptor) [pid 15633] close(17) = -1 EBADF (Bad file descriptor) [pid 15633] close(18) = -1 EBADF (Bad file descriptor) [pid 15633] close(19) = -1 EBADF (Bad file descriptor) [pid 15633] close(20) = -1 EBADF (Bad file descriptor) [pid 15633] close(21) = -1 EBADF (Bad file descriptor) [pid 15633] close(22) = -1 EBADF (Bad file descriptor) [pid 15633] close(23) = -1 EBADF (Bad file descriptor) [pid 15633] close(24) = -1 EBADF (Bad file descriptor) [pid 15633] close(25) = -1 EBADF (Bad file descriptor) [pid 15633] close(26) = -1 EBADF (Bad file descriptor) [pid 15633] close(27) = -1 EBADF (Bad file descriptor) [pid 15633] close(28) = -1 EBADF (Bad file descriptor) [pid 15633] close(29) = -1 EBADF (Bad file descriptor) [pid 15633] exit_group(0) = ? [pid 15638] <... futex resumed>) = -1 (errno 18446744073709551555) [pid 15638] +++ exited with 0 +++ [pid 15634] <... futex resumed>) = ? [pid 15637] <... futex resumed>) = -1 (errno 18446744073709551555) [pid 15634] +++ exited with 0 +++ [pid 15637] +++ exited with 0 +++ [pid 15633] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9880, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2587", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2587", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2587/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2587/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2587/binderfs") = 0 [ 311.287949][T15634] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2587/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2587/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2587/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2587/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2587/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2587/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2587") = 0 [pid 289] mkdir("./2588", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9884 ./strace-static-x86_64: Process 15639 attached [pid 15639] set_robust_list(0x555556f746a0, 24) = 0 [pid 15639] chdir("./2588") = 0 [pid 15639] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15639] setpgid(0, 0) = 0 [pid 15639] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15639] write(3, "1000", 4) = 4 [pid 15639] close(3) = 0 [pid 15639] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15639] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15639] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15639] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15639] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15639] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15639] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15639] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[9885]}, 88) = 9885 [pid 15639] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15639] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15639] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15640 attached [pid 15640] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15640] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15640] memfd_create("syzkaller", 0) = 3 [pid 15640] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15640] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15640] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15640] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15640] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15640] close(3) = 0 [pid 15640] mkdir("./file1", 0777) = 0 [pid 15640] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15640] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15640] chdir("./file1") = 0 [pid 15640] ioctl(4, LOOP_CLR_FD) = 0 [pid 15640] close(4) = 0 [pid 15640] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15639] <... futex resumed>) = 0 [pid 15640] <... futex resumed>) = 1 [pid 15639] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15640] setxattr("./file1", NULL, NULL, 0, 0 [pid 15639] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15640] <... setxattr resumed>) = -1 EFAULT (Bad address) [pid 15640] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15639] <... futex resumed>) = 0 [pid 15640] <... futex resumed>) = 1 [pid 15639] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15640] memfd_create("syzkaller", 0 [pid 15639] <... futex resumed>) = 0 [pid 15639] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15640] <... memfd_create resumed>) = 4 [pid 15639] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 15640] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15639] <... mmap resumed>) = 0x7fbc5ef0c000 [pid 15640] close(4 [pid 15639] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15640] <... close resumed>) = 0 [pid 15639] rt_sigprocmask(SIG_BLOCK, ~[], [pid 15640] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15639] <... rt_sigprocmask resumed>[], 8) = 0 [pid 15640] <... futex resumed>) = 0 [pid 15639] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} [pid 15640] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 15643 attached [pid 15639] <... clone3 resumed> => {parent_tid=[9886]}, 88) = 9886 [pid 15643] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 15639] rt_sigprocmask(SIG_SETMASK, [], [pid 15643] <... set_robust_list resumed>) = 0 [pid 15639] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15643] rt_sigprocmask(SIG_SETMASK, [], [pid 15639] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15643] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15639] <... futex resumed>) = 0 [pid 15643] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 15639] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15640] <... futex resumed>) = 0 [pid 15639] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15640] memfd_create("syzkaller", 0) = 4 [pid 15640] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15640] close(4) = 0 [pid 15640] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15639] <... futex resumed>) = 0 [pid 15640] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15639] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15640] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15639] <... futex resumed>) = 0 [pid 15643] <... setxattr resumed>) = 0 [pid 15640] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 15639] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15643] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15640] <... open resumed>) = 4 [pid 15643] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15640] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15639] <... futex resumed>) = 0 [pid 15640] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 15639] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15640] <... mount resumed>) = 0 [pid 15639] <... futex resumed>) = 0 [pid 15639] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15640] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15639] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15640] <... futex resumed>) = 0 [pid 15639] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15640] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 15639] <... futex resumed>) = 0 [pid 15639] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15640] <... open resumed>) = 5 [pid 15640] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15639] <... futex resumed>) = 0 [pid 15640] <... futex resumed>) = 1 [pid 15639] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15640] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 15639] <... futex resumed>) = 0 [pid 15639] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15640] <... write resumed>) = 262144 [pid 15640] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15639] <... futex resumed>) = 0 [pid 15640] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15639] close(3) = 0 [pid 15639] close(4) = 0 [pid 15639] close(5) = 0 [pid 15639] close(6) = -1 EBADF (Bad file descriptor) [pid 15639] close(7) = -1 EBADF (Bad file descriptor) [pid 15639] close(8) = -1 EBADF (Bad file descriptor) [pid 15639] close(9) = -1 EBADF (Bad file descriptor) [pid 15639] close(10) = -1 EBADF (Bad file descriptor) [pid 15639] close(11) = -1 EBADF (Bad file descriptor) [pid 15639] close(12) = -1 EBADF (Bad file descriptor) [pid 15639] close(13) = -1 EBADF (Bad file descriptor) [pid 15639] close(14) = -1 EBADF (Bad file descriptor) [pid 15639] close(15) = -1 EBADF (Bad file descriptor) [pid 15639] close(16) = -1 EBADF (Bad file descriptor) [pid 15639] close(17) = -1 EBADF (Bad file descriptor) [pid 15639] close(18) = -1 EBADF (Bad file descriptor) [pid 15639] close(19) = -1 EBADF (Bad file descriptor) [pid 15639] close(20) = -1 EBADF (Bad file descriptor) [pid 15639] close(21) = -1 EBADF (Bad file descriptor) [pid 15639] close(22) = -1 EBADF (Bad file descriptor) [pid 15639] close(23) = -1 EBADF (Bad file descriptor) [pid 15639] close(24) = -1 EBADF (Bad file descriptor) [pid 15639] close(25) = -1 EBADF (Bad file descriptor) [pid 15639] close(26) = -1 EBADF (Bad file descriptor) [pid 15639] close(27) = -1 EBADF (Bad file descriptor) [pid 15639] close(28) = -1 EBADF (Bad file descriptor) [pid 15639] close(29) = -1 EBADF (Bad file descriptor) [pid 15639] exit_group(0) = ? [pid 15643] <... futex resumed>) = ? [pid 15640] <... futex resumed>) = ? [pid 15643] +++ exited with 0 +++ [pid 15640] +++ exited with 0 +++ [pid 15639] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9884, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2588", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2588", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2588/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2588/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2588/binderfs") = 0 [ 311.420060][T15640] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2588/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2588/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2588/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2588/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2588/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2588/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2588") = 0 [pid 289] mkdir("./2589", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9887 ./strace-static-x86_64: Process 15645 attached [pid 15645] set_robust_list(0x555556f746a0, 24) = 0 [pid 15645] chdir("./2589") = 0 [pid 15645] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15645] setpgid(0, 0) = 0 [pid 15645] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15645] write(3, "1000", 4) = 4 [pid 15645] close(3) = 0 [pid 15645] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15645] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15645] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15645] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15645] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15645] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15645] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15645] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0}./strace-static-x86_64: Process 15646 attached => {parent_tid=[9888]}, 88) = 9888 [pid 15646] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15646] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15646] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15645] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15645] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15646] <... futex resumed>) = 0 [pid 15646] memfd_create("syzkaller", 0) = 3 [pid 15646] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15645] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15646] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15646] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15646] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15646] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15646] close(3) = 0 [pid 15646] mkdir("./file1", 0777) = 0 [pid 15646] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15646] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15646] chdir("./file1") = 0 [pid 15646] ioctl(4, LOOP_CLR_FD) = 0 [pid 15646] close(4) = 0 [pid 15646] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15646] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15645] <... futex resumed>) = 0 [pid 15645] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15645] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15646] <... futex resumed>) = 0 [pid 15646] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15646] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15645] <... futex resumed>) = 0 [pid 15645] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15645] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15645] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 15646] <... futex resumed>) = 1 [pid 15645] <... mmap resumed>) = 0x7fbc5ef0c000 [pid 15645] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15645] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15645] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[9889]}, 88) = 9889 [pid 15646] memfd_create("syzkaller", 0./strace-static-x86_64: Process 15649 attached [pid 15645] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15645] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15645] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15645] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 15645] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15645] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15649] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 15646] <... memfd_create resumed>) = 4 [pid 15645] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} [pid 15649] <... set_robust_list resumed>) = 0 [pid 15649] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15649] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0./strace-static-x86_64: Process 15650 attached [pid 15645] <... clone3 resumed> => {parent_tid=[9890]}, 88) = 9890 [pid 15646] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 15650] set_robust_list(0x7fbc5ef0b9a0, 24 [pid 15649] <... setxattr resumed>) = 0 [pid 15646] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 15645] rt_sigprocmask(SIG_SETMASK, [], [pid 15646] close(4 [pid 15645] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15646] <... close resumed>) = 0 [pid 15645] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15646] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15645] <... futex resumed>) = 0 [pid 15646] <... futex resumed>) = 0 [pid 15645] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15646] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15650] <... set_robust_list resumed>) = 0 [pid 15650] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15650] memfd_create("syzkaller", 0) = 4 [pid 15650] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15650] close(4) = 0 [pid 15650] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15645] <... futex resumed>) = 0 [pid 15645] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15646] <... futex resumed>) = 0 [pid 15645] <... futex resumed>) = 1 [pid 15646] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 15645] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15650] <... futex resumed>) = 1 [pid 15650] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15649] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15649] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15646] <... open resumed>) = 4 [pid 15646] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15645] <... futex resumed>) = 0 [pid 15646] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15645] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15646] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15645] <... futex resumed>) = 0 [pid 15646] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 15645] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15646] <... mount resumed>) = 0 [pid 15646] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15645] <... futex resumed>) = 0 [pid 15646] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15645] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15646] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15645] <... futex resumed>) = 0 [pid 15646] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 15645] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15646] <... open resumed>) = 5 [pid 15646] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15645] <... futex resumed>) = 0 [pid 15646] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15645] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15646] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15645] <... futex resumed>) = 0 [pid 15646] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 15645] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15646] <... write resumed>) = 262144 [pid 15646] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15645] <... futex resumed>) = 0 [pid 15646] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15645] close(3) = 0 [pid 15645] close(4) = 0 [pid 15645] close(5) = 0 [pid 15645] close(6) = -1 EBADF (Bad file descriptor) [pid 15645] close(7) = -1 EBADF (Bad file descriptor) [pid 15645] close(8) = -1 EBADF (Bad file descriptor) [pid 15645] close(9) = -1 EBADF (Bad file descriptor) [pid 15645] close(10) = -1 EBADF (Bad file descriptor) [pid 15645] close(11) = -1 EBADF (Bad file descriptor) [pid 15645] close(12) = -1 EBADF (Bad file descriptor) [pid 15645] close(13) = -1 EBADF (Bad file descriptor) [pid 15645] close(14) = -1 EBADF (Bad file descriptor) [pid 15645] close(15) = -1 EBADF (Bad file descriptor) [pid 15645] close(16) = -1 EBADF (Bad file descriptor) [pid 15645] close(17) = -1 EBADF (Bad file descriptor) [pid 15645] close(18) = -1 EBADF (Bad file descriptor) [pid 15645] close(19) = -1 EBADF (Bad file descriptor) [pid 15645] close(20) = -1 EBADF (Bad file descriptor) [pid 15645] close(21) = -1 EBADF (Bad file descriptor) [pid 15645] close(22) = -1 EBADF (Bad file descriptor) [pid 15645] close(23) = -1 EBADF (Bad file descriptor) [pid 15645] close(24) = -1 EBADF (Bad file descriptor) [pid 15645] close(25) = -1 EBADF (Bad file descriptor) [pid 15645] close(26) = -1 EBADF (Bad file descriptor) [pid 15645] close(27) = -1 EBADF (Bad file descriptor) [pid 15645] close(28) = -1 EBADF (Bad file descriptor) [pid 15645] close(29) = -1 EBADF (Bad file descriptor) [pid 15645] exit_group(0 [pid 15646] <... futex resumed>) = ? [pid 15645] <... exit_group resumed>) = ? [pid 15646] +++ exited with 0 +++ [pid 15650] <... futex resumed>) = ? [pid 15650] +++ exited with 0 +++ [pid 15649] <... futex resumed>) = ? [pid 15649] +++ exited with 0 +++ [pid 15645] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9887, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2589", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2589", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2589/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2589/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2589/binderfs") = 0 [ 311.540194][T15646] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2589/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2589/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2589/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2589/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2589/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2589/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2589") = 0 [pid 289] mkdir("./2590", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9891 ./strace-static-x86_64: Process 15651 attached [pid 15651] set_robust_list(0x555556f746a0, 24) = 0 [pid 15651] chdir("./2590") = 0 [pid 15651] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15651] setpgid(0, 0) = 0 [pid 15651] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15651] write(3, "1000", 4) = 4 [pid 15651] close(3) = 0 [pid 15651] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15651] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15651] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15651] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15651] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15651] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15651] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15651] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0}./strace-static-x86_64: Process 15652 attached => {parent_tid=[9892]}, 88) = 9892 [pid 15651] rt_sigprocmask(SIG_SETMASK, [], [pid 15652] set_robust_list(0x7fbc6730d9a0, 24 [pid 15651] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15651] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15652] <... set_robust_list resumed>) = 0 [pid 15652] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15652] memfd_create("syzkaller", 0 [pid 15651] <... futex resumed>) = 0 [pid 15652] <... memfd_create resumed>) = 3 [pid 15652] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15651] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15652] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15652] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15652] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15652] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15652] close(3) = 0 [pid 15652] mkdir("./file1", 0777) = 0 [pid 15652] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15652] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15652] chdir("./file1") = 0 [pid 15652] ioctl(4, LOOP_CLR_FD) = 0 [pid 15652] close(4) = 0 [pid 15652] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15651] <... futex resumed>) = 0 [pid 15652] setxattr("./file1", NULL, NULL, 0, 0 [pid 15651] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15652] <... setxattr resumed>) = -1 EFAULT (Bad address) [pid 15651] <... futex resumed>) = 0 [pid 15652] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15651] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15652] <... futex resumed>) = 0 [pid 15651] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15652] memfd_create("syzkaller", 0 [pid 15651] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15652] <... memfd_create resumed>) = 4 [pid 15651] <... futex resumed>) = 0 [pid 15652] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 15651] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15652] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 15651] <... futex resumed>) = 0 [pid 15652] close(4 [pid 15651] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 15652] <... close resumed>) = 0 [pid 15651] <... mmap resumed>) = 0x7fbc5ef0c000 [pid 15652] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15651] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE [pid 15652] <... futex resumed>) = 0 [pid 15651] <... mprotect resumed>) = 0 [pid 15652] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15651] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15651] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[9893]}, 88) = 9893 [pid 15651] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15651] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15651] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15652] <... futex resumed>) = 0 [pid 15651] <... futex resumed>) = 1 [pid 15652] memfd_create("syzkaller", 0 [pid 15651] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15652] <... memfd_create resumed>) = 4 [pid 15652] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15652] close(4) = 0 [pid 15652] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15651] <... futex resumed>) = 0 [pid 15652] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15651] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15652] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15651] <... futex resumed>) = 0 [pid 15652] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 15651] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 15655 attached [pid 15655] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 15655] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15655] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0) = 0 [pid 15655] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15655] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15652] <... open resumed>) = 4 [pid 15652] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15651] <... futex resumed>) = 0 [pid 15652] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15651] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15652] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15651] <... futex resumed>) = 0 [pid 15652] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 15651] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15652] <... mount resumed>) = 0 [pid 15652] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15651] <... futex resumed>) = 0 [pid 15652] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15651] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15652] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15651] <... futex resumed>) = 0 [pid 15652] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 15651] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15652] <... open resumed>) = 5 [pid 15652] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15651] <... futex resumed>) = 0 [pid 15652] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15651] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15652] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15651] <... futex resumed>) = 0 [pid 15652] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 15651] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15652] <... write resumed>) = 262144 [pid 15652] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15651] <... futex resumed>) = 0 [pid 15651] close(3) = 0 [pid 15651] close(4) = 0 [pid 15651] close(5 [pid 15652] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15651] <... close resumed>) = 0 [pid 15651] close(6) = -1 EBADF (Bad file descriptor) [pid 15651] close(7) = -1 EBADF (Bad file descriptor) [pid 15651] close(8) = -1 EBADF (Bad file descriptor) [pid 15651] close(9) = -1 EBADF (Bad file descriptor) [pid 15651] close(10) = -1 EBADF (Bad file descriptor) [pid 15651] close(11) = -1 EBADF (Bad file descriptor) [pid 15651] close(12) = -1 EBADF (Bad file descriptor) [pid 15651] close(13) = -1 EBADF (Bad file descriptor) [pid 15651] close(14) = -1 EBADF (Bad file descriptor) [pid 15651] close(15) = -1 EBADF (Bad file descriptor) [pid 15651] close(16) = -1 EBADF (Bad file descriptor) [pid 15651] close(17) = -1 EBADF (Bad file descriptor) [pid 15651] close(18) = -1 EBADF (Bad file descriptor) [pid 15651] close(19) = -1 EBADF (Bad file descriptor) [pid 15651] close(20) = -1 EBADF (Bad file descriptor) [pid 15651] close(21) = -1 EBADF (Bad file descriptor) [pid 15651] close(22) = -1 EBADF (Bad file descriptor) [pid 15651] close(23) = -1 EBADF (Bad file descriptor) [pid 15651] close(24) = -1 EBADF (Bad file descriptor) [pid 15651] close(25) = -1 EBADF (Bad file descriptor) [pid 15651] close(26) = -1 EBADF (Bad file descriptor) [pid 15651] close(27) = -1 EBADF (Bad file descriptor) [pid 15651] close(28) = -1 EBADF (Bad file descriptor) [pid 15651] close(29) = -1 EBADF (Bad file descriptor) [pid 15651] exit_group(0 [pid 15652] <... futex resumed>) = ? [pid 15651] <... exit_group resumed>) = ? [pid 15652] +++ exited with 0 +++ [pid 15655] <... futex resumed>) = ? [pid 15655] +++ exited with 0 +++ [pid 15651] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9891, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2590", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2590", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2590/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2590/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2590/binderfs") = 0 [ 311.631136][T15652] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2590/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2590/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2590/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2590/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2590/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2590/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2590") = 0 [pid 289] mkdir("./2591", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9894 ./strace-static-x86_64: Process 15656 attached [pid 15656] set_robust_list(0x555556f746a0, 24) = 0 [pid 15656] chdir("./2591") = 0 [pid 15656] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15656] setpgid(0, 0) = 0 [pid 15656] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15656] write(3, "1000", 4) = 4 [pid 15656] close(3) = 0 [pid 15656] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15656] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15656] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15656] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15656] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15656] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15656] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15656] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[9895]}, 88) = 9895 [pid 15656] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15656] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15656] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15657 attached [pid 15657] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15657] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15657] memfd_create("syzkaller", 0) = 3 [pid 15657] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15657] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15657] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15657] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15657] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15657] close(3) = 0 [pid 15657] mkdir("./file1", 0777) = 0 [pid 15657] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15657] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15657] chdir("./file1") = 0 [pid 15657] ioctl(4, LOOP_CLR_FD) = 0 [pid 15657] close(4) = 0 [pid 15657] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15656] <... futex resumed>) = 0 [pid 15656] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15656] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15657] <... futex resumed>) = 1 [pid 15657] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15657] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15656] <... futex resumed>) = 0 [pid 15656] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15656] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15656] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15656] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15656] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15656] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[9896]}, 88) = 9896 [pid 15656] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15656] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15656] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15656] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 15656] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15656] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15656] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[9897]}, 88) = 9897 [pid 15656] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15656] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15656] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15657] <... futex resumed>) = 1 [pid 15657] memfd_create("syzkaller", 0) = 4 ./strace-static-x86_64: Process 15661 attached [pid 15657] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15657] close(4) = 0 [pid 15661] set_robust_list(0x7fbc5ef0b9a0, 24 [pid 15657] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15657] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 15660 attached [pid 15660] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 15660] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15660] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 15661] <... set_robust_list resumed>) = 0 [pid 15660] <... setxattr resumed>) = 0 [pid 15660] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15660] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15661] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15661] memfd_create("syzkaller", 0) = 4 [pid 15661] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15661] close(4) = 0 [pid 15661] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15656] <... futex resumed>) = 0 [pid 15656] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15656] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15657] <... futex resumed>) = 0 [pid 15657] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 15661] <... futex resumed>) = 1 [pid 15657] <... open resumed>) = 4 [pid 15657] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15656] <... futex resumed>) = 0 [pid 15657] <... futex resumed>) = 1 [pid 15657] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 15656] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15656] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15657] <... mount resumed>) = 0 [pid 15657] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15656] <... futex resumed>) = 0 [pid 15657] <... futex resumed>) = 1 [pid 15661] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15657] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 15656] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15657] <... open resumed>) = 5 [pid 15656] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15657] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15656] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15657] <... futex resumed>) = 0 [pid 15656] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15657] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 15656] <... futex resumed>) = 0 [pid 15656] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15657] <... write resumed>) = 262144 [pid 15657] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15656] <... futex resumed>) = 0 [pid 15657] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15656] close(3) = 0 [pid 15656] close(4) = 0 [pid 15656] close(5) = 0 [pid 15656] close(6) = -1 EBADF (Bad file descriptor) [pid 15656] close(7) = -1 EBADF (Bad file descriptor) [pid 15656] close(8) = -1 EBADF (Bad file descriptor) [pid 15656] close(9) = -1 EBADF (Bad file descriptor) [pid 15656] close(10) = -1 EBADF (Bad file descriptor) [pid 15656] close(11) = -1 EBADF (Bad file descriptor) [pid 15656] close(12) = -1 EBADF (Bad file descriptor) [pid 15656] close(13) = -1 EBADF (Bad file descriptor) [pid 15656] close(14) = -1 EBADF (Bad file descriptor) [pid 15656] close(15) = -1 EBADF (Bad file descriptor) [pid 15656] close(16) = -1 EBADF (Bad file descriptor) [pid 15656] close(17) = -1 EBADF (Bad file descriptor) [pid 15656] close(18) = -1 EBADF (Bad file descriptor) [pid 15656] close(19) = -1 EBADF (Bad file descriptor) [pid 15656] close(20) = -1 EBADF (Bad file descriptor) [pid 15656] close(21) = -1 EBADF (Bad file descriptor) [pid 15656] close(22) = -1 EBADF (Bad file descriptor) [pid 15656] close(23) = -1 EBADF (Bad file descriptor) [pid 15656] close(24) = -1 EBADF (Bad file descriptor) [pid 15656] close(25) = -1 EBADF (Bad file descriptor) [pid 15656] close(26) = -1 EBADF (Bad file descriptor) [pid 15656] close(27) = -1 EBADF (Bad file descriptor) [pid 15656] close(28) = -1 EBADF (Bad file descriptor) [pid 15656] close(29) = -1 EBADF (Bad file descriptor) [pid 15656] exit_group(0) = ? [pid 15657] <... futex resumed>) = ? [pid 15660] <... futex resumed>) = ? [pid 15657] +++ exited with 0 +++ [pid 15660] +++ exited with 0 +++ [pid 15661] <... futex resumed>) = ? [pid 15661] +++ exited with 0 +++ [pid 15656] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9894, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2591", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2591", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2591/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2591/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2591/binderfs") = 0 [ 311.741895][T15657] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2591/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2591/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2591/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2591/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2591/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2591/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2591") = 0 [pid 289] mkdir("./2592", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9898 ./strace-static-x86_64: Process 15662 attached [pid 15662] set_robust_list(0x555556f746a0, 24) = 0 [pid 15662] chdir("./2592") = 0 [pid 15662] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15662] setpgid(0, 0) = 0 [pid 15662] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15662] write(3, "1000", 4) = 4 [pid 15662] close(3) = 0 [pid 15662] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15662] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15662] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15662] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15662] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15662] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15662] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15662] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[9899]}, 88) = 9899 [pid 15662] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15662] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15662] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15663 attached [pid 15663] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15663] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15663] memfd_create("syzkaller", 0) = 3 [pid 15663] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15663] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15663] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15663] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15663] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15663] close(3) = 0 [pid 15663] mkdir("./file1", 0777) = 0 [pid 15663] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15663] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15663] chdir("./file1") = 0 [pid 15663] ioctl(4, LOOP_CLR_FD) = 0 [pid 15663] close(4) = 0 [pid 15663] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15662] <... futex resumed>) = 0 [pid 15662] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15662] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15663] <... futex resumed>) = 1 [pid 15663] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15663] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15662] <... futex resumed>) = 0 [pid 15662] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15662] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15662] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 15663] <... futex resumed>) = 1 [pid 15662] <... mmap resumed>) = 0x7fbc5ef0c000 [pid 15662] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15662] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15662] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[9900]}, 88) = 9900 [pid 15662] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15662] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15662] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15662] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 15662] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15662] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15662] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[9901]}, 88) = 9901 [pid 15662] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15662] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15662] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15663] memfd_create("syzkaller", 0) = 4 [pid 15663] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15663] close(4) = 0 [pid 15663] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15663] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 15666 attached [pid 15666] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 15666] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15666] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0) = 0 ./strace-static-x86_64: Process 15667 attached [pid 15667] set_robust_list(0x7fbc5ef0b9a0, 24 [pid 15666] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15667] <... set_robust_list resumed>) = 0 [pid 15667] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15667] memfd_create("syzkaller", 0 [pid 15666] <... futex resumed>) = 0 [pid 15667] <... memfd_create resumed>) = 4 [pid 15667] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15667] close(4) = 0 [pid 15667] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15662] <... futex resumed>) = 0 [pid 15662] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15662] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15663] <... futex resumed>) = 0 [pid 15663] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 15667] <... futex resumed>) = 1 [pid 15667] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15666] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15663] <... open resumed>) = 4 [pid 15663] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15662] <... futex resumed>) = 0 [pid 15662] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15663] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 15662] <... futex resumed>) = 0 [pid 15662] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15663] <... mount resumed>) = 0 [pid 15663] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15662] <... futex resumed>) = 0 [pid 15662] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15662] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15663] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 15663] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15662] <... futex resumed>) = 0 [pid 15662] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15662] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15663] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 15663] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15662] <... futex resumed>) = 0 [pid 15663] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15662] close(3) = 0 [pid 15662] close(4) = 0 [pid 15662] close(5) = 0 [pid 15662] close(6) = -1 EBADF (Bad file descriptor) [pid 15662] close(7) = -1 EBADF (Bad file descriptor) [pid 15662] close(8) = -1 EBADF (Bad file descriptor) [pid 15662] close(9) = -1 EBADF (Bad file descriptor) [pid 15662] close(10) = -1 EBADF (Bad file descriptor) [pid 15662] close(11) = -1 EBADF (Bad file descriptor) [pid 15662] close(12) = -1 EBADF (Bad file descriptor) [pid 15662] close(13) = -1 EBADF (Bad file descriptor) [pid 15662] close(14) = -1 EBADF (Bad file descriptor) [pid 15662] close(15) = -1 EBADF (Bad file descriptor) [pid 15662] close(16) = -1 EBADF (Bad file descriptor) [pid 15662] close(17) = -1 EBADF (Bad file descriptor) [pid 15662] close(18) = -1 EBADF (Bad file descriptor) [pid 15662] close(19) = -1 EBADF (Bad file descriptor) [pid 15662] close(20) = -1 EBADF (Bad file descriptor) [pid 15662] close(21) = -1 EBADF (Bad file descriptor) [pid 15662] close(22) = -1 EBADF (Bad file descriptor) [pid 15662] close(23) = -1 EBADF (Bad file descriptor) [pid 15662] close(24) = -1 EBADF (Bad file descriptor) [pid 15662] close(25) = -1 EBADF (Bad file descriptor) [pid 15662] close(26) = -1 EBADF (Bad file descriptor) [pid 15662] close(27) = -1 EBADF (Bad file descriptor) [pid 15662] close(28) = -1 EBADF (Bad file descriptor) [pid 15662] close(29) = -1 EBADF (Bad file descriptor) [pid 15662] exit_group(0) = ? [pid 15663] <... futex resumed>) = ? [pid 15663] +++ exited with 0 +++ [pid 15667] <... futex resumed>) = ? [pid 15666] <... futex resumed>) = ? [pid 15667] +++ exited with 0 +++ [pid 15666] +++ exited with 0 +++ [pid 15662] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9898, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2592", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2592", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2592/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2592/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2592/binderfs") = 0 [ 311.864213][T15663] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2592/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2592/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2592/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2592/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2592/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2592/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2592") = 0 [pid 289] mkdir("./2593", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9902 ./strace-static-x86_64: Process 15668 attached [pid 15668] set_robust_list(0x555556f746a0, 24) = 0 [pid 15668] chdir("./2593") = 0 [pid 15668] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15668] setpgid(0, 0) = 0 [pid 15668] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15668] write(3, "1000", 4) = 4 [pid 15668] close(3) = 0 [pid 15668] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15668] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15668] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15668] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15668] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15668] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15668] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15668] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[9903]}, 88) = 9903 [pid 15668] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15668] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15668] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15669 attached [pid 15669] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15669] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15669] memfd_create("syzkaller", 0) = 3 [pid 15669] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15669] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15669] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15669] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15669] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15669] close(3) = 0 [pid 15669] mkdir("./file1", 0777) = 0 [pid 15669] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15669] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15669] chdir("./file1") = 0 [pid 15669] ioctl(4, LOOP_CLR_FD) = 0 [pid 15669] close(4) = 0 [pid 15669] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15668] <... futex resumed>) = 0 [pid 15669] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15668] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15669] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15668] <... futex resumed>) = 0 [pid 15669] setxattr("./file1", NULL, NULL, 0, 0 [pid 15668] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15669] <... setxattr resumed>) = -1 EFAULT (Bad address) [pid 15669] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15668] <... futex resumed>) = 0 [pid 15669] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15668] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15669] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15668] <... futex resumed>) = 0 [pid 15669] memfd_create("syzkaller", 0 [pid 15668] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15669] <... memfd_create resumed>) = 4 [pid 15668] <... futex resumed>) = 0 [pid 15669] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 15668] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 15669] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 15668] <... mmap resumed>) = 0x7fbc5ef0c000 [pid 15669] close(4 [pid 15668] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE [pid 15669] <... close resumed>) = 0 [pid 15668] <... mprotect resumed>) = 0 [pid 15669] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15668] rt_sigprocmask(SIG_BLOCK, ~[], [pid 15669] <... futex resumed>) = 0 [pid 15668] <... rt_sigprocmask resumed>[], 8) = 0 [pid 15669] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15668] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[9904]}, 88) = 9904 [pid 15668] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15668] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15668] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15669] <... futex resumed>) = 0 [pid 15668] <... futex resumed>) = 1 [pid 15669] memfd_create("syzkaller", 0 [pid 15668] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15669] <... memfd_create resumed>) = 4 [pid 15669] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15669] close(4) = 0 [pid 15669] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15668] <... futex resumed>) = 0 [pid 15669] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15668] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15669] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15668] <... futex resumed>) = 0 [pid 15669] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 15668] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15669] <... open resumed>) = 4 [pid 15669] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15668] <... futex resumed>) = 0 [pid 15669] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15668] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15669] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15668] <... futex resumed>) = 0 [pid 15669] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 15668] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15669] <... mount resumed>) = 0 [pid 15669] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15668] <... futex resumed>) = 0 [pid 15669] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15668] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15669] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15668] <... futex resumed>) = 0 [pid 15669] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 15668] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15669] <... open resumed>) = 5 [pid 15669] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15668] <... futex resumed>) = 0 [pid 15669] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15668] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15669] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15668] <... futex resumed>) = 0 [pid 15669] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 15668] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 15672 attached [pid 15672] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 15672] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15672] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 15669] <... write resumed>) = 262144 [pid 15669] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15668] <... futex resumed>) = 0 [pid 15669] <... futex resumed>) = 1 [pid 15669] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15672] <... setxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 15672] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15672] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15668] close(3) = 0 [pid 15668] close(4) = 0 [pid 15668] close(5) = 0 [pid 15668] close(6) = -1 EBADF (Bad file descriptor) [pid 15668] close(7) = -1 EBADF (Bad file descriptor) [pid 15668] close(8) = -1 EBADF (Bad file descriptor) [pid 15668] close(9) = -1 EBADF (Bad file descriptor) [pid 15668] close(10) = -1 EBADF (Bad file descriptor) [pid 15668] close(11) = -1 EBADF (Bad file descriptor) [pid 15668] close(12) = -1 EBADF (Bad file descriptor) [pid 15668] close(13) = -1 EBADF (Bad file descriptor) [pid 15668] close(14) = -1 EBADF (Bad file descriptor) [pid 15668] close(15) = -1 EBADF (Bad file descriptor) [pid 15668] close(16) = -1 EBADF (Bad file descriptor) [pid 15668] close(17) = -1 EBADF (Bad file descriptor) [pid 15668] close(18) = -1 EBADF (Bad file descriptor) [pid 15668] close(19) = -1 EBADF (Bad file descriptor) [pid 15668] close(20) = -1 EBADF (Bad file descriptor) [pid 15668] close(21) = -1 EBADF (Bad file descriptor) [pid 15668] close(22) = -1 EBADF (Bad file descriptor) [pid 15668] close(23) = -1 EBADF (Bad file descriptor) [pid 15668] close(24) = -1 EBADF (Bad file descriptor) [pid 15668] close(25) = -1 EBADF (Bad file descriptor) [pid 15668] close(26) = -1 EBADF (Bad file descriptor) [pid 15668] close(27) = -1 EBADF (Bad file descriptor) [pid 15668] close(28) = -1 EBADF (Bad file descriptor) [pid 15668] close(29) = -1 EBADF (Bad file descriptor) [pid 15668] exit_group(0) = ? [pid 15672] <... futex resumed>) = ? [pid 15672] +++ exited with 0 +++ [pid 15669] <... futex resumed>) = ? [pid 15669] +++ exited with 0 +++ [pid 15668] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9902, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2593", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2593", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2593/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2593/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2593/binderfs") = 0 [ 312.021113][T15669] EXT4-fs (loop0): 1 truncate cleaned up [ 312.033524][T15672] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5886: Corrupt filesystem [pid 289] umount2("./2593/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2593/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2593/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2593/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2593/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2593/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2593") = 0 [pid 289] mkdir("./2594", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9905 ./strace-static-x86_64: Process 15673 attached [pid 15673] set_robust_list(0x555556f746a0, 24) = 0 [pid 15673] chdir("./2594") = 0 [pid 15673] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15673] setpgid(0, 0) = 0 [pid 15673] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15673] write(3, "1000", 4) = 4 [pid 15673] close(3) = 0 [pid 15673] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15673] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15673] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15673] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15673] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15673] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15673] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15673] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[9906]}, 88) = 9906 [pid 15673] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15673] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15673] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15674 attached [pid 15674] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15674] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15674] memfd_create("syzkaller", 0) = 3 [pid 15674] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15674] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15674] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15674] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15674] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15674] close(3) = 0 [pid 15674] mkdir("./file1", 0777) = 0 [pid 15674] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15674] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15674] chdir("./file1") = 0 [pid 15674] ioctl(4, LOOP_CLR_FD) = 0 [pid 15674] close(4) = 0 [pid 15674] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15674] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15673] <... futex resumed>) = 0 [pid 15673] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15674] <... futex resumed>) = 0 [pid 15673] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15674] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15674] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15673] <... futex resumed>) = 0 [pid 15673] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15674] memfd_create("syzkaller", 0 [pid 15673] <... futex resumed>) = 0 [pid 15673] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15674] <... memfd_create resumed>) = 4 [pid 15673] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 15674] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15673] <... mmap resumed>) = 0x7fbc5ef0c000 [pid 15673] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE [pid 15674] close(4 [pid 15673] <... mprotect resumed>) = 0 [pid 15673] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15673] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[9907]}, 88) = 9907 ./strace-static-x86_64: Process 15677 attached [pid 15674] <... close resumed>) = 0 [pid 15673] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15673] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15673] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15673] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 15673] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15673] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15673] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[9908]}, 88) = 9908 [pid 15674] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15673] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15673] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15673] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15677] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 15677] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15677] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0) = 0 ./strace-static-x86_64: Process 15678 attached [pid 15674] <... futex resumed>) = 0 [pid 15677] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15677] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15678] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 15678] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15678] memfd_create("syzkaller", 0) = 4 [pid 15678] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15678] close(4) = 0 [pid 15678] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15673] <... futex resumed>) = 0 [pid 15673] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15673] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15678] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15674] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 15674] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15674] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15673] <... futex resumed>) = 0 [pid 15673] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15674] <... futex resumed>) = 0 [pid 15674] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 15674] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15674] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15673] <... futex resumed>) = 1 [pid 15673] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 15673] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15674] <... futex resumed>) = 0 [pid 15674] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 15674] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15674] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15673] <... futex resumed>) = 1 [pid 15673] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 15673] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15674] <... futex resumed>) = 0 [pid 15674] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 15673] <... futex resumed>) = 1 [pid 15673] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15674] <... write resumed>) = 262144 [pid 15674] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15674] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15673] <... futex resumed>) = 0 [pid 15673] close(3) = 0 [pid 15673] close(4) = 0 [pid 15673] close(5) = 0 [pid 15673] close(6) = -1 EBADF (Bad file descriptor) [pid 15673] close(7) = -1 EBADF (Bad file descriptor) [pid 15673] close(8) = -1 EBADF (Bad file descriptor) [pid 15673] close(9) = -1 EBADF (Bad file descriptor) [pid 15673] close(10) = -1 EBADF (Bad file descriptor) [pid 15673] close(11) = -1 EBADF (Bad file descriptor) [pid 15673] close(12) = -1 EBADF (Bad file descriptor) [pid 15673] close(13) = -1 EBADF (Bad file descriptor) [pid 15673] close(14) = -1 EBADF (Bad file descriptor) [pid 15673] close(15) = -1 EBADF (Bad file descriptor) [pid 15673] close(16) = -1 EBADF (Bad file descriptor) [pid 15673] close(17) = -1 EBADF (Bad file descriptor) [pid 15673] close(18) = -1 EBADF (Bad file descriptor) [pid 15673] close(19) = -1 EBADF (Bad file descriptor) [pid 15673] close(20) = -1 EBADF (Bad file descriptor) [pid 15673] close(21) = -1 EBADF (Bad file descriptor) [pid 15673] close(22) = -1 EBADF (Bad file descriptor) [pid 15673] close(23) = -1 EBADF (Bad file descriptor) [pid 15673] close(24) = -1 EBADF (Bad file descriptor) [pid 15673] close(25) = -1 EBADF (Bad file descriptor) [pid 15673] close(26) = -1 EBADF (Bad file descriptor) [pid 15673] close(27) = -1 EBADF (Bad file descriptor) [pid 15673] close(28) = -1 EBADF (Bad file descriptor) [pid 15673] close(29) = -1 EBADF (Bad file descriptor) [pid 15673] exit_group(0 [pid 15677] <... futex resumed>) = 231 [pid 15674] <... futex resumed>) = ? [pid 15678] <... futex resumed>) = ? [pid 15673] <... exit_group resumed>) = ? [pid 15678] +++ exited with 0 +++ [pid 15677] +++ exited with 0 +++ [pid 15674] +++ exited with 0 +++ [pid 15673] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9905, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2594", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2594", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2594/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2594/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2594/binderfs") = 0 [ 312.112544][T15674] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2594/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2594/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2594/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2594/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2594/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2594/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2594") = 0 [pid 289] mkdir("./2595", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9909 ./strace-static-x86_64: Process 15679 attached [pid 15679] set_robust_list(0x555556f746a0, 24) = 0 [pid 15679] chdir("./2595") = 0 [pid 15679] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15679] setpgid(0, 0) = 0 [pid 15679] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15679] write(3, "1000", 4) = 4 [pid 15679] close(3) = 0 [pid 15679] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15679] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15679] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15679] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15679] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15679] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15679] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15679] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[9910]}, 88) = 9910 [pid 15679] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15679] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15679] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15680 attached [pid 15680] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15680] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15680] memfd_create("syzkaller", 0) = 3 [pid 15680] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15680] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15680] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15680] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15680] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15680] close(3) = 0 [pid 15680] mkdir("./file1", 0777) = 0 [pid 15680] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15680] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15680] chdir("./file1") = 0 [pid 15680] ioctl(4, LOOP_CLR_FD) = 0 [pid 15680] close(4) = 0 [pid 15680] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15679] <... futex resumed>) = 0 [pid 15680] setxattr("./file1", NULL, NULL, 0, 0 [pid 15679] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15679] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15680] <... setxattr resumed>) = -1 EFAULT (Bad address) [pid 15680] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15679] <... futex resumed>) = 0 [pid 15679] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15679] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15679] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15679] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15679] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15679] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} [pid 15680] memfd_create("syzkaller", 0./strace-static-x86_64: Process 15683 attached [pid 15679] <... clone3 resumed> => {parent_tid=[9911]}, 88) = 9911 [pid 15680] <... memfd_create resumed>) = 4 [pid 15679] rt_sigprocmask(SIG_SETMASK, [], [pid 15683] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 15679] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15680] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15680] close(4) = 0 [pid 15680] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15680] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15683] rt_sigprocmask(SIG_SETMASK, [], [pid 15679] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15683] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15679] <... futex resumed>) = 0 [pid 15683] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 15679] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15680] <... futex resumed>) = 0 [pid 15679] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15680] memfd_create("syzkaller", 0 [pid 15683] <... setxattr resumed>) = 0 [pid 15680] <... memfd_create resumed>) = 4 [pid 15683] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15680] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 15683] <... futex resumed>) = 0 [pid 15680] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 15683] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15680] close(4) = 0 [pid 15680] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15679] <... futex resumed>) = 0 [pid 15679] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15679] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15680] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 15680] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15679] <... futex resumed>) = 0 [pid 15679] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15680] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 15679] <... futex resumed>) = 0 [pid 15679] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15680] <... mount resumed>) = 0 [pid 15680] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15679] <... futex resumed>) = 0 [pid 15679] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15679] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15680] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 15680] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15679] <... futex resumed>) = 0 [pid 15679] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15679] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15680] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 15680] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15679] <... futex resumed>) = 0 [pid 15679] close(3) = 0 [pid 15679] close(4) = 0 [pid 15679] close(5 [pid 15680] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15679] <... close resumed>) = 0 [pid 15679] close(6) = -1 EBADF (Bad file descriptor) [pid 15679] close(7) = -1 EBADF (Bad file descriptor) [pid 15679] close(8) = -1 EBADF (Bad file descriptor) [pid 15679] close(9) = -1 EBADF (Bad file descriptor) [pid 15679] close(10) = -1 EBADF (Bad file descriptor) [pid 15679] close(11) = -1 EBADF (Bad file descriptor) [pid 15679] close(12) = -1 EBADF (Bad file descriptor) [pid 15679] close(13) = -1 EBADF (Bad file descriptor) [pid 15679] close(14) = -1 EBADF (Bad file descriptor) [pid 15679] close(15) = -1 EBADF (Bad file descriptor) [pid 15679] close(16) = -1 EBADF (Bad file descriptor) [pid 15679] close(17) = -1 EBADF (Bad file descriptor) [pid 15679] close(18) = -1 EBADF (Bad file descriptor) [pid 15679] close(19) = -1 EBADF (Bad file descriptor) [pid 15679] close(20) = -1 EBADF (Bad file descriptor) [pid 15679] close(21) = -1 EBADF (Bad file descriptor) [pid 15679] close(22) = -1 EBADF (Bad file descriptor) [pid 15679] close(23) = -1 EBADF (Bad file descriptor) [pid 15679] close(24) = -1 EBADF (Bad file descriptor) [pid 15679] close(25) = -1 EBADF (Bad file descriptor) [pid 15679] close(26) = -1 EBADF (Bad file descriptor) [pid 15679] close(27) = -1 EBADF (Bad file descriptor) [pid 15679] close(28) = -1 EBADF (Bad file descriptor) [pid 15679] close(29) = -1 EBADF (Bad file descriptor) [pid 15679] exit_group(0) = ? [pid 15683] <... futex resumed>) = ? [pid 15680] <... futex resumed>) = ? [pid 15683] +++ exited with 0 +++ [pid 15680] +++ exited with 0 +++ [pid 15679] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9909, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2595", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2595", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2595/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2595/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2595/binderfs") = 0 [ 312.264056][T15680] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2595/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2595/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2595/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2595/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2595/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2595/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2595") = 0 [pid 289] mkdir("./2596", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9912 ./strace-static-x86_64: Process 15684 attached [pid 15684] set_robust_list(0x555556f746a0, 24) = 0 [pid 15684] chdir("./2596") = 0 [pid 15684] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15684] setpgid(0, 0) = 0 [pid 15684] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15684] write(3, "1000", 4) = 4 [pid 15684] close(3) = 0 [pid 15684] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15684] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15684] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15684] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15684] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15684] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15684] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15684] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0}./strace-static-x86_64: Process 15685 attached => {parent_tid=[9913]}, 88) = 9913 [pid 15684] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15684] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15684] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15685] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15685] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15685] memfd_create("syzkaller", 0) = 3 [pid 15685] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15685] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15685] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15685] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15685] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15685] close(3) = 0 [pid 15685] mkdir("./file1", 0777) = 0 [pid 15685] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15685] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15685] chdir("./file1") = 0 [pid 15685] ioctl(4, LOOP_CLR_FD) = 0 [pid 15685] close(4) = 0 [pid 15685] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15684] <... futex resumed>) = 0 [pid 15684] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15684] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15685] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15685] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15684] <... futex resumed>) = 0 [pid 15684] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15684] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15684] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15684] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15684] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15684] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[9914]}, 88) = 9914 [pid 15684] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15684] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15684] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15684] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 15684] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15684] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15684] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[9915]}, 88) = 9915 ./strace-static-x86_64: Process 15689 attached ./strace-static-x86_64: Process 15688 attached [pid 15685] memfd_create("syzkaller", 0 [pid 15684] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15684] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15684] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15688] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 15689] set_robust_list(0x7fbc5ef0b9a0, 24 [pid 15685] <... memfd_create resumed>) = 4 [pid 15688] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15689] <... set_robust_list resumed>) = 0 [pid 15688] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 15689] rt_sigprocmask(SIG_SETMASK, [], [pid 15688] <... setxattr resumed>) = 0 [pid 15689] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15689] memfd_create("syzkaller", 0 [pid 15685] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15689] <... memfd_create resumed>) = 5 [pid 15685] close(4) = 0 [pid 15689] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 15685] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15689] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 15685] <... futex resumed>) = 0 [pid 15685] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15689] close(5) = 0 [pid 15689] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15684] <... futex resumed>) = 0 [pid 15684] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15684] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15685] <... futex resumed>) = 0 [pid 15685] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 15689] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15688] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15688] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15685] <... open resumed>) = 4 [pid 15685] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15684] <... futex resumed>) = 0 [pid 15684] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15684] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15685] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 15685] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15684] <... futex resumed>) = 0 [pid 15684] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15684] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15685] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 15685] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15684] <... futex resumed>) = 0 [pid 15684] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15684] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15685] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 15685] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15684] <... futex resumed>) = 0 [pid 15684] close(3) = 0 [pid 15684] close(4) = 0 [pid 15684] close(5 [pid 15685] <... futex resumed>) = 1 [pid 15684] <... close resumed>) = 0 [pid 15685] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15684] close(6) = -1 EBADF (Bad file descriptor) [pid 15684] close(7) = -1 EBADF (Bad file descriptor) [pid 15684] close(8) = -1 EBADF (Bad file descriptor) [pid 15684] close(9) = -1 EBADF (Bad file descriptor) [pid 15684] close(10) = -1 EBADF (Bad file descriptor) [pid 15684] close(11) = -1 EBADF (Bad file descriptor) [pid 15684] close(12) = -1 EBADF (Bad file descriptor) [pid 15684] close(13) = -1 EBADF (Bad file descriptor) [pid 15684] close(14) = -1 EBADF (Bad file descriptor) [pid 15684] close(15) = -1 EBADF (Bad file descriptor) [pid 15684] close(16) = -1 EBADF (Bad file descriptor) [pid 15684] close(17) = -1 EBADF (Bad file descriptor) [pid 15684] close(18) = -1 EBADF (Bad file descriptor) [pid 15684] close(19) = -1 EBADF (Bad file descriptor) [pid 15684] close(20) = -1 EBADF (Bad file descriptor) [pid 15684] close(21) = -1 EBADF (Bad file descriptor) [pid 15684] close(22) = -1 EBADF (Bad file descriptor) [pid 15684] close(23) = -1 EBADF (Bad file descriptor) [pid 15684] close(24) = -1 EBADF (Bad file descriptor) [pid 15684] close(25) = -1 EBADF (Bad file descriptor) [pid 15684] close(26) = -1 EBADF (Bad file descriptor) [pid 15684] close(27) = -1 EBADF (Bad file descriptor) [pid 15684] close(28) = -1 EBADF (Bad file descriptor) [pid 15684] close(29) = -1 EBADF (Bad file descriptor) [pid 15684] exit_group(0) = ? [pid 15685] <... futex resumed>) = ? [pid 15685] +++ exited with 0 +++ [pid 15689] <... futex resumed>) = ? [pid 15688] <... futex resumed>) = 231 [pid 15689] +++ exited with 0 +++ [pid 15688] +++ exited with 0 +++ [pid 15684] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9912, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2596", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2596", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2596/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2596/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2596/binderfs") = 0 [ 312.380190][T15685] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2596/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2596/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2596/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2596/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2596/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2596/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2596") = 0 [pid 289] mkdir("./2597", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9916 ./strace-static-x86_64: Process 15691 attached [pid 15691] set_robust_list(0x555556f746a0, 24) = 0 [pid 15691] chdir("./2597") = 0 [pid 15691] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15691] setpgid(0, 0) = 0 [pid 15691] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15691] write(3, "1000", 4) = 4 [pid 15691] close(3) = 0 [pid 15691] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15691] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15691] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15691] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15691] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15691] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15691] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15691] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0}./strace-static-x86_64: Process 15692 attached => {parent_tid=[9917]}, 88) = 9917 [pid 15692] set_robust_list(0x7fbc6730d9a0, 24 [pid 15691] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15691] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15691] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15692] <... set_robust_list resumed>) = 0 [pid 15692] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15692] memfd_create("syzkaller", 0) = 3 [pid 15692] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15692] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15692] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15692] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15692] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15692] close(3) = 0 [pid 15692] mkdir("./file1", 0777) = 0 [pid 15692] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15692] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15692] chdir("./file1") = 0 [pid 15692] ioctl(4, LOOP_CLR_FD) = 0 [pid 15692] close(4) = 0 [pid 15692] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15692] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15691] <... futex resumed>) = 0 [pid 15691] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15691] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15692] <... futex resumed>) = 0 [pid 15692] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15692] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15691] <... futex resumed>) = 0 [pid 15691] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15692] <... futex resumed>) = 1 [pid 15692] memfd_create("syzkaller", 0 [pid 15691] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15691] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15691] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE [pid 15692] <... memfd_create resumed>) = 4 [pid 15691] <... mprotect resumed>) = 0 [pid 15692] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 15691] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15692] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 15691] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} [pid 15692] close(4) = 0 [pid 15692] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15691] <... clone3 resumed> => {parent_tid=[9918]}, 88) = 9918 ./strace-static-x86_64: Process 15695 attached [pid 15691] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15691] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15691] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15691] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15695] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 15695] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15695] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 15691] <... futex resumed>) = 0 [pid 15692] <... futex resumed>) = 1 [pid 15691] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15692] memfd_create("syzkaller", 0 [pid 15695] <... setxattr resumed>) = 0 [pid 15695] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15695] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15692] <... memfd_create resumed>) = 4 [pid 15692] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15692] close(4) = 0 [pid 15692] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15691] <... futex resumed>) = 0 [pid 15691] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15691] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15692] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 15692] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15691] <... futex resumed>) = 0 [pid 15691] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15691] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15692] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 15692] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15691] <... futex resumed>) = 0 [pid 15691] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15691] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15692] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 15692] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15691] <... futex resumed>) = 0 [pid 15691] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15691] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15692] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 15692] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15691] <... futex resumed>) = 0 [pid 15691] close(3) = 0 [pid 15691] close(4) = 0 [pid 15691] close(5 [pid 15692] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15691] <... close resumed>) = 0 [pid 15691] close(6) = -1 EBADF (Bad file descriptor) [pid 15691] close(7) = -1 EBADF (Bad file descriptor) [pid 15691] close(8) = -1 EBADF (Bad file descriptor) [pid 15691] close(9) = -1 EBADF (Bad file descriptor) [pid 15691] close(10) = -1 EBADF (Bad file descriptor) [pid 15691] close(11) = -1 EBADF (Bad file descriptor) [pid 15691] close(12) = -1 EBADF (Bad file descriptor) [pid 15691] close(13) = -1 EBADF (Bad file descriptor) [pid 15691] close(14) = -1 EBADF (Bad file descriptor) [pid 15691] close(15) = -1 EBADF (Bad file descriptor) [pid 15691] close(16) = -1 EBADF (Bad file descriptor) [pid 15691] close(17) = -1 EBADF (Bad file descriptor) [pid 15691] close(18) = -1 EBADF (Bad file descriptor) [pid 15691] close(19) = -1 EBADF (Bad file descriptor) [pid 15691] close(20) = -1 EBADF (Bad file descriptor) [pid 15691] close(21) = -1 EBADF (Bad file descriptor) [pid 15691] close(22) = -1 EBADF (Bad file descriptor) [pid 15691] close(23) = -1 EBADF (Bad file descriptor) [pid 15691] close(24) = -1 EBADF (Bad file descriptor) [pid 15691] close(25) = -1 EBADF (Bad file descriptor) [pid 15691] close(26) = -1 EBADF (Bad file descriptor) [pid 15691] close(27) = -1 EBADF (Bad file descriptor) [pid 15691] close(28) = -1 EBADF (Bad file descriptor) [pid 15691] close(29) = -1 EBADF (Bad file descriptor) [pid 15691] exit_group(0) = ? [pid 15695] <... futex resumed>) = ? [pid 15695] +++ exited with 0 +++ [pid 15692] <... futex resumed>) = ? [pid 15692] +++ exited with 0 +++ [pid 15691] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9916, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2597", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2597", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2597/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2597/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2597/binderfs") = 0 [ 312.515928][T15692] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2597/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2597/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2597/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2597/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2597/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2597/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2597") = 0 [pid 289] mkdir("./2598", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9919 ./strace-static-x86_64: Process 15696 attached [pid 15696] set_robust_list(0x555556f746a0, 24) = 0 [pid 15696] chdir("./2598") = 0 [pid 15696] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15696] setpgid(0, 0) = 0 [pid 15696] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15696] write(3, "1000", 4) = 4 [pid 15696] close(3) = 0 [pid 15696] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15696] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15696] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15696] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15696] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15696] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15696] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15696] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[9920]}, 88) = 9920 [pid 15696] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15696] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15696] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15697 attached [pid 15697] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15697] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15697] memfd_create("syzkaller", 0) = 3 [pid 15697] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15697] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15697] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15697] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15697] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15697] close(3) = 0 [pid 15697] mkdir("./file1", 0777) = 0 [pid 15697] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15697] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15697] chdir("./file1") = 0 [pid 15697] ioctl(4, LOOP_CLR_FD) = 0 [pid 15697] close(4) = 0 [pid 15697] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15697] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15696] <... futex resumed>) = 0 [pid 15696] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15696] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15697] <... futex resumed>) = 0 [pid 15697] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15697] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15696] <... futex resumed>) = 0 [pid 15696] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15696] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15696] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15696] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15696] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15697] <... futex resumed>) = 1 [pid 15696] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} [pid 15697] memfd_create("syzkaller", 0 [pid 15696] <... clone3 resumed> => {parent_tid=[9921]}, 88) = 9921 [pid 15696] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15696] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15696] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15696] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 15696] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15696] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15696] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[9922]}, 88) = 9922 [pid 15696] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15696] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15696] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15700 attached [pid 15700] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 15700] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15700] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0) = 0 [pid 15700] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15700] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 15701 attached [pid 15701] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 15701] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15701] memfd_create("syzkaller", 0) = 5 [pid 15701] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15701] close(5) = 0 [pid 15701] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15696] <... futex resumed>) = 0 [pid 15696] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15696] futex(0x7fbc673d96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15700] <... futex resumed>) = 0 [pid 15700] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 15700] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15696] <... futex resumed>) = 0 [pid 15696] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15696] futex(0x7fbc673d96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15700] <... futex resumed>) = 1 [pid 15700] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 15700] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15696] <... futex resumed>) = 0 [pid 15696] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15696] futex(0x7fbc673d96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15700] <... futex resumed>) = 1 [pid 15700] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 15700] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15696] <... futex resumed>) = 0 [pid 15696] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15696] futex(0x7fbc673d96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15700] <... futex resumed>) = 1 [pid 15700] write(6, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 15701] <... futex resumed>) = 1 [pid 15697] <... memfd_create resumed>) = 4 [pid 15701] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15697] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15697] close(4) = 0 [pid 15697] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15697] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15700] <... write resumed>) = 262144 [pid 15700] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15696] <... futex resumed>) = 0 [pid 15700] <... futex resumed>) = 1 [pid 15696] close(3 [pid 15700] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15696] <... close resumed>) = 0 [pid 15696] close(4) = -1 EBADF (Bad file descriptor) [pid 15696] close(5) = 0 [pid 15696] close(6) = 0 [pid 15696] close(7) = -1 EBADF (Bad file descriptor) [pid 15696] close(8) = -1 EBADF (Bad file descriptor) [pid 15696] close(9) = -1 EBADF (Bad file descriptor) [pid 15696] close(10) = -1 EBADF (Bad file descriptor) [pid 15696] close(11) = -1 EBADF (Bad file descriptor) [pid 15696] close(12) = -1 EBADF (Bad file descriptor) [pid 15696] close(13) = -1 EBADF (Bad file descriptor) [pid 15696] close(14) = -1 EBADF (Bad file descriptor) [pid 15696] close(15) = -1 EBADF (Bad file descriptor) [pid 15696] close(16) = -1 EBADF (Bad file descriptor) [pid 15696] close(17) = -1 EBADF (Bad file descriptor) [pid 15696] close(18) = -1 EBADF (Bad file descriptor) [pid 15696] close(19) = -1 EBADF (Bad file descriptor) [pid 15696] close(20) = -1 EBADF (Bad file descriptor) [pid 15696] close(21) = -1 EBADF (Bad file descriptor) [pid 15696] close(22) = -1 EBADF (Bad file descriptor) [pid 15696] close(23) = -1 EBADF (Bad file descriptor) [pid 15696] close(24) = -1 EBADF (Bad file descriptor) [pid 15696] close(25) = -1 EBADF (Bad file descriptor) [pid 15696] close(26) = -1 EBADF (Bad file descriptor) [pid 15696] close(27) = -1 EBADF (Bad file descriptor) [pid 15696] close(28) = -1 EBADF (Bad file descriptor) [pid 15696] close(29) = -1 EBADF (Bad file descriptor) [pid 15696] exit_group(0) = ? [pid 15697] <... futex resumed>) = 231 [pid 15697] +++ exited with 0 +++ [pid 15701] <... futex resumed>) = ? [pid 15701] +++ exited with 0 +++ [pid 15700] <... futex resumed>) = ? [pid 15700] +++ exited with 0 +++ [pid 15696] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9919, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2598", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2598", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2598/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2598/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2598/binderfs") = 0 [ 312.610401][T15697] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2598/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2598/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2598/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2598/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2598/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2598/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2598") = 0 [pid 289] mkdir("./2599", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9923 ./strace-static-x86_64: Process 15702 attached [pid 15702] set_robust_list(0x555556f746a0, 24) = 0 [pid 15702] chdir("./2599") = 0 [pid 15702] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15702] setpgid(0, 0) = 0 [pid 15702] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15702] write(3, "1000", 4) = 4 [pid 15702] close(3) = 0 [pid 15702] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15702] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15702] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15702] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15702] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15702] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15702] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15702] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[9924]}, 88) = 9924 [pid 15702] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15702] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15702] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15703 attached [pid 15703] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15703] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15703] memfd_create("syzkaller", 0) = 3 [pid 15703] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15703] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15703] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15703] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15703] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15703] close(3) = 0 [pid 15703] mkdir("./file1", 0777) = 0 [pid 15703] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15703] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15703] chdir("./file1") = 0 [pid 15703] ioctl(4, LOOP_CLR_FD) = 0 [pid 15703] close(4) = 0 [pid 15703] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15703] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15702] <... futex resumed>) = 0 [pid 15702] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15703] <... futex resumed>) = 0 [pid 15702] <... futex resumed>) = 1 [pid 15703] setxattr("./file1", NULL, NULL, 0, 0 [pid 15702] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15703] <... setxattr resumed>) = -1 EFAULT (Bad address) [pid 15703] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15702] <... futex resumed>) = 0 [pid 15703] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15702] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15703] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15702] <... futex resumed>) = 0 [pid 15703] memfd_create("syzkaller", 0 [pid 15702] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15703] <... memfd_create resumed>) = 4 [pid 15702] <... futex resumed>) = 0 [pid 15703] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 15702] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 15703] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 15702] <... mmap resumed>) = 0x7fbc5ef0c000 [pid 15703] close(4 [pid 15702] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE [pid 15703] <... close resumed>) = 0 [pid 15702] <... mprotect resumed>) = 0 [pid 15703] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15702] rt_sigprocmask(SIG_BLOCK, ~[], [pid 15703] <... futex resumed>) = 0 [pid 15702] <... rt_sigprocmask resumed>[], 8) = 0 [pid 15703] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15702] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[9925]}, 88) = 9925 [pid 15702] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15702] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15702] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15703] <... futex resumed>) = 0 [pid 15702] <... futex resumed>) = 1 [pid 15703] memfd_create("syzkaller", 0 [pid 15702] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15703] <... memfd_create resumed>) = 4 [pid 15703] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15703] close(4) = 0 [pid 15703] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15702] <... futex resumed>) = 0 [pid 15703] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15702] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15703] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15702] <... futex resumed>) = 0 [pid 15703] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 15702] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 15706 attached [pid 15703] <... open resumed>) = 4 [pid 15706] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 15706] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15706] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 15703] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15702] <... futex resumed>) = 0 [pid 15706] <... setxattr resumed>) = 0 [pid 15703] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15702] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15702] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15706] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15706] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15703] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15703] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 15703] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15702] <... futex resumed>) = 0 [pid 15703] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15702] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15703] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15702] <... futex resumed>) = 0 [pid 15703] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 15702] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15703] <... open resumed>) = 5 [pid 15703] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15702] <... futex resumed>) = 0 [pid 15703] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15702] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15703] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15702] <... futex resumed>) = 0 [pid 15703] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 15702] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15703] <... write resumed>) = 262144 [pid 15703] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15702] <... futex resumed>) = 0 [pid 15703] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15702] close(3) = 0 [pid 15702] close(4) = 0 [pid 15702] close(5) = 0 [pid 15702] close(6) = -1 EBADF (Bad file descriptor) [pid 15702] close(7) = -1 EBADF (Bad file descriptor) [pid 15702] close(8) = -1 EBADF (Bad file descriptor) [pid 15702] close(9) = -1 EBADF (Bad file descriptor) [pid 15702] close(10) = -1 EBADF (Bad file descriptor) [pid 15702] close(11) = -1 EBADF (Bad file descriptor) [pid 15702] close(12) = -1 EBADF (Bad file descriptor) [pid 15702] close(13) = -1 EBADF (Bad file descriptor) [pid 15702] close(14) = -1 EBADF (Bad file descriptor) [pid 15702] close(15) = -1 EBADF (Bad file descriptor) [pid 15702] close(16) = -1 EBADF (Bad file descriptor) [pid 15702] close(17) = -1 EBADF (Bad file descriptor) [pid 15702] close(18) = -1 EBADF (Bad file descriptor) [pid 15702] close(19) = -1 EBADF (Bad file descriptor) [pid 15702] close(20) = -1 EBADF (Bad file descriptor) [pid 15702] close(21) = -1 EBADF (Bad file descriptor) [pid 15702] close(22) = -1 EBADF (Bad file descriptor) [pid 15702] close(23) = -1 EBADF (Bad file descriptor) [pid 15702] close(24) = -1 EBADF (Bad file descriptor) [pid 15702] close(25) = -1 EBADF (Bad file descriptor) [pid 15702] close(26) = -1 EBADF (Bad file descriptor) [pid 15702] close(27) = -1 EBADF (Bad file descriptor) [pid 15702] close(28) = -1 EBADF (Bad file descriptor) [pid 15702] close(29) = -1 EBADF (Bad file descriptor) [pid 15702] exit_group(0 [pid 15706] <... futex resumed>) = ? [pid 15703] <... futex resumed>) = ? [pid 15702] <... exit_group resumed>) = ? [pid 15706] +++ exited with 0 +++ [pid 15703] +++ exited with 0 +++ [pid 15702] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9923, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2599", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2599", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2599/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2599/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2599/binderfs") = 0 [ 312.739159][T15703] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2599/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2599/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2599/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2599/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2599/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2599/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2599") = 0 [pid 289] mkdir("./2600", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9926 ./strace-static-x86_64: Process 15707 attached [pid 15707] set_robust_list(0x555556f746a0, 24) = 0 [pid 15707] chdir("./2600") = 0 [pid 15707] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15707] setpgid(0, 0) = 0 [pid 15707] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15707] write(3, "1000", 4) = 4 [pid 15707] close(3) = 0 [pid 15707] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15707] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15707] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15707] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15707] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15707] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15707] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15707] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[9927]}, 88) = 9927 [pid 15707] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15707] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15707] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15708 attached [pid 15708] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15708] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15708] memfd_create("syzkaller", 0) = 3 [pid 15708] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15708] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15708] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15708] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15708] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15708] close(3) = 0 [pid 15708] mkdir("./file1", 0777) = 0 [pid 15708] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15708] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15708] chdir("./file1") = 0 [pid 15708] ioctl(4, LOOP_CLR_FD) = 0 [pid 15708] close(4) = 0 [pid 15708] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15707] <... futex resumed>) = 0 [pid 15707] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15707] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15708] <... futex resumed>) = 1 [pid 15708] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15708] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15707] <... futex resumed>) = 0 [pid 15707] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15707] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15707] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15708] <... futex resumed>) = 1 [pid 15707] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE [pid 15708] memfd_create("syzkaller", 0) = 4 [pid 15708] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15708] close(4) = 0 [pid 15708] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15708] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15707] <... mprotect resumed>) = 0 [pid 15707] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15707] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[9928]}, 88) = 9928 [pid 15707] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 15711 attached NULL, 8) = 0 [pid 15707] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15707] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15708] <... futex resumed>) = 0 [pid 15707] <... futex resumed>) = 1 [pid 15708] memfd_create("syzkaller", 0 [pid 15707] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15711] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 15708] <... memfd_create resumed>) = 4 [pid 15708] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15711] <... set_robust_list resumed>) = 0 [pid 15708] close(4) = 0 [pid 15708] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15711] rt_sigprocmask(SIG_SETMASK, [], [pid 15708] <... futex resumed>) = 1 [pid 15707] <... futex resumed>) = 0 [pid 15708] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15707] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15708] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15707] <... futex resumed>) = 0 [pid 15708] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 15707] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15711] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15711] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 15708] <... open resumed>) = 4 [pid 15708] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15711] <... setxattr resumed>) = 0 [pid 15708] <... futex resumed>) = 1 [pid 15707] <... futex resumed>) = 0 [pid 15711] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15708] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15707] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15711] <... futex resumed>) = 0 [pid 15708] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15707] <... futex resumed>) = 0 [pid 15711] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15708] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 15707] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15708] <... mount resumed>) = 0 [pid 15708] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15707] <... futex resumed>) = 0 [pid 15708] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 15707] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15708] <... open resumed>) = 5 [pid 15707] <... futex resumed>) = 0 [pid 15708] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15707] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15708] <... futex resumed>) = 0 [pid 15708] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15707] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15708] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15707] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15708] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 15707] <... futex resumed>) = 0 [pid 15707] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15708] <... write resumed>) = 262144 [pid 15708] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15707] <... futex resumed>) = 0 [pid 15708] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15707] close(3) = 0 [pid 15707] close(4) = 0 [pid 15707] close(5) = 0 [pid 15707] close(6) = -1 EBADF (Bad file descriptor) [pid 15707] close(7) = -1 EBADF (Bad file descriptor) [pid 15707] close(8) = -1 EBADF (Bad file descriptor) [pid 15707] close(9) = -1 EBADF (Bad file descriptor) [pid 15707] close(10) = -1 EBADF (Bad file descriptor) [pid 15707] close(11) = -1 EBADF (Bad file descriptor) [pid 15707] close(12) = -1 EBADF (Bad file descriptor) [pid 15707] close(13) = -1 EBADF (Bad file descriptor) [pid 15707] close(14) = -1 EBADF (Bad file descriptor) [pid 15707] close(15) = -1 EBADF (Bad file descriptor) [pid 15707] close(16) = -1 EBADF (Bad file descriptor) [pid 15707] close(17) = -1 EBADF (Bad file descriptor) [pid 15707] close(18) = -1 EBADF (Bad file descriptor) [pid 15707] close(19) = -1 EBADF (Bad file descriptor) [pid 15707] close(20) = -1 EBADF (Bad file descriptor) [pid 15707] close(21) = -1 EBADF (Bad file descriptor) [pid 15707] close(22) = -1 EBADF (Bad file descriptor) [pid 15707] close(23) = -1 EBADF (Bad file descriptor) [pid 15707] close(24) = -1 EBADF (Bad file descriptor) [pid 15707] close(25) = -1 EBADF (Bad file descriptor) [pid 15707] close(26) = -1 EBADF (Bad file descriptor) [pid 15707] close(27) = -1 EBADF (Bad file descriptor) [pid 15707] close(28) = -1 EBADF (Bad file descriptor) [pid 15707] close(29) = -1 EBADF (Bad file descriptor) [pid 15707] exit_group(0 [pid 15708] <... futex resumed>) = ? [pid 15707] <... exit_group resumed>) = ? [pid 15711] <... futex resumed>) = ? [pid 15708] +++ exited with 0 +++ [pid 15711] +++ exited with 0 +++ [pid 15707] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9926, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2600", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2600", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2600/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2600/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2600/binderfs") = 0 [pid 289] umount2("./2600/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2600/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2600/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2600/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2600/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2600/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2600") = 0 [pid 289] mkdir("./2601", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9929 ./strace-static-x86_64: Process 15712 attached [pid 15712] set_robust_list(0x555556f746a0, 24) = 0 [pid 15712] chdir("./2601") = 0 [pid 15712] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15712] setpgid(0, 0) = 0 [pid 15712] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15712] write(3, "1000", 4) = 4 [pid 15712] close(3) = 0 [pid 15712] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15712] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15712] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15712] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15712] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15712] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15712] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15712] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[9930]}, 88) = 9930 [pid 15712] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15712] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15712] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15713 attached [pid 15713] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15713] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15713] memfd_create("syzkaller", 0) = 3 [pid 15713] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15713] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15713] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15713] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15713] ioctl(4, LOOP_SET_FD, 3) = 0 [ 312.859820][T15708] EXT4-fs (loop0): 1 truncate cleaned up [pid 15713] close(3) = 0 [pid 15713] mkdir("./file1", 0777) = 0 [pid 15713] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15713] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15713] chdir("./file1") = 0 [pid 15713] ioctl(4, LOOP_CLR_FD) = 0 [pid 15713] close(4) = 0 [pid 15713] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15712] <... futex resumed>) = 0 [pid 15712] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15712] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15713] <... futex resumed>) = 1 [pid 15713] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15713] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15712] <... futex resumed>) = 0 [pid 15712] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15712] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15712] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15712] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15712] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15712] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[9931]}, 88) = 9931 [pid 15712] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15712] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15712] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15712] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 15712] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15712] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15712] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[9932]}, 88) = 9932 [pid 15712] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15712] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15712] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15713] <... futex resumed>) = 1 [pid 15713] memfd_create("syzkaller", 0) = 4 [pid 15713] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15713] close(4) = 0 [pid 15713] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15713] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 15717 attached [pid 15717] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 15717] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15717] memfd_create("syzkaller", 0) = 4 [pid 15717] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15717] close(4) = 0 [pid 15717] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15712] <... futex resumed>) = 0 [pid 15712] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15712] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15713] <... futex resumed>) = 0 [pid 15713] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 15717] <... futex resumed>) = 1 [pid 15717] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 15716 attached [pid 15716] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 15716] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15716] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0) = 0 [pid 15716] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15716] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15713] <... open resumed>) = 4 [pid 15713] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15712] <... futex resumed>) = 0 [pid 15712] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15712] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15713] <... futex resumed>) = 1 [pid 15713] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 15713] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15712] <... futex resumed>) = 0 [pid 15712] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15712] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15713] <... futex resumed>) = 1 [pid 15713] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 15713] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15712] <... futex resumed>) = 0 [pid 15712] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15712] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15713] <... futex resumed>) = 1 [pid 15713] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 15713] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15712] <... futex resumed>) = 0 [pid 15713] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15712] close(3) = 0 [pid 15712] close(4) = 0 [pid 15712] close(5) = 0 [pid 15712] close(6) = -1 EBADF (Bad file descriptor) [pid 15712] close(7) = -1 EBADF (Bad file descriptor) [pid 15712] close(8) = -1 EBADF (Bad file descriptor) [pid 15712] close(9) = -1 EBADF (Bad file descriptor) [pid 15712] close(10) = -1 EBADF (Bad file descriptor) [pid 15712] close(11) = -1 EBADF (Bad file descriptor) [pid 15712] close(12) = -1 EBADF (Bad file descriptor) [pid 15712] close(13) = -1 EBADF (Bad file descriptor) [pid 15712] close(14) = -1 EBADF (Bad file descriptor) [pid 15712] close(15) = -1 EBADF (Bad file descriptor) [pid 15712] close(16) = -1 EBADF (Bad file descriptor) [pid 15712] close(17) = -1 EBADF (Bad file descriptor) [pid 15712] close(18) = -1 EBADF (Bad file descriptor) [pid 15712] close(19) = -1 EBADF (Bad file descriptor) [pid 15712] close(20) = -1 EBADF (Bad file descriptor) [pid 15712] close(21) = -1 EBADF (Bad file descriptor) [pid 15712] close(22) = -1 EBADF (Bad file descriptor) [pid 15712] close(23) = -1 EBADF (Bad file descriptor) [pid 15712] close(24) = -1 EBADF (Bad file descriptor) [pid 15712] close(25) = -1 EBADF (Bad file descriptor) [pid 15712] close(26) = -1 EBADF (Bad file descriptor) [pid 15712] close(27) = -1 EBADF (Bad file descriptor) [pid 15712] close(28) = -1 EBADF (Bad file descriptor) [pid 15712] close(29) = -1 EBADF (Bad file descriptor) [pid 15712] exit_group(0) = ? [pid 15717] <... futex resumed>) = ? [pid 15716] <... futex resumed>) = ? [pid 15713] <... futex resumed>) = ? [pid 15717] +++ exited with 0 +++ [pid 15716] +++ exited with 0 +++ [pid 15713] +++ exited with 0 +++ [pid 15712] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9929, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2601", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2601", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2601/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2601/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2601/binderfs") = 0 [pid 289] umount2("./2601/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2601/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2601/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2601/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2601/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2601/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2601") = 0 [pid 289] mkdir("./2602", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9933 ./strace-static-x86_64: Process 15718 attached [pid 15718] set_robust_list(0x555556f746a0, 24) = 0 [pid 15718] chdir("./2602") = 0 [pid 15718] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15718] setpgid(0, 0) = 0 [pid 15718] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15718] write(3, "1000", 4) = 4 [pid 15718] close(3) = 0 [pid 15718] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15718] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15718] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15718] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15718] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15718] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15718] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15718] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[9934]}, 88) = 9934 [pid 15718] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15718] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15718] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15719 attached [pid 15719] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15719] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15719] memfd_create("syzkaller", 0) = 3 [pid 15719] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15719] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15719] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15719] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15719] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15719] close(3) = 0 [pid 15719] mkdir("./file1", 0777) = 0 [ 312.923636][T15713] EXT4-fs (loop0): 1 truncate cleaned up [pid 15719] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15719] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15719] chdir("./file1") = 0 [pid 15719] ioctl(4, LOOP_CLR_FD) = 0 [pid 15719] close(4) = 0 [pid 15719] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15718] <... futex resumed>) = 0 [pid 15718] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15718] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15719] <... futex resumed>) = 1 [pid 15719] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15719] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15718] <... futex resumed>) = 0 [pid 15718] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15718] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15718] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15718] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15718] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15718] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[9935]}, 88) = 9935 [pid 15718] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15718] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15718] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15718] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 15718] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15718] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15718] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[9936]}, 88) = 9936 [pid 15718] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15718] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15718] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15719] <... futex resumed>) = 1 [pid 15719] memfd_create("syzkaller", 0) = 4 [pid 15719] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15719] close(4) = 0 [pid 15719] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15719] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 15722 attached [pid 15722] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 15722] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15722] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0) = 0 [pid 15722] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15722] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 15723 attached [pid 15723] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 15723] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15723] memfd_create("syzkaller", 0) = 4 [pid 15723] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15723] close(4) = 0 [pid 15723] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15718] <... futex resumed>) = 0 [pid 15718] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15719] <... futex resumed>) = 0 [pid 15718] <... futex resumed>) = 1 [pid 15719] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 15718] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15723] <... futex resumed>) = 1 [pid 15723] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15719] <... open resumed>) = 4 [pid 15719] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15718] <... futex resumed>) = 0 [pid 15719] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 15718] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15719] <... mount resumed>) = 0 [pid 15718] <... futex resumed>) = 0 [pid 15719] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15718] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15719] <... futex resumed>) = 0 [pid 15718] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15719] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 15718] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15719] <... open resumed>) = 5 [pid 15718] <... futex resumed>) = 0 [pid 15719] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15718] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15719] <... futex resumed>) = 0 [pid 15718] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15719] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 15718] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15718] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15719] <... write resumed>) = 262144 [pid 15719] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15718] <... futex resumed>) = 0 [pid 15718] close(3) = 0 [pid 15718] close(4) = 0 [pid 15718] close(5) = 0 [pid 15718] close(6) = -1 EBADF (Bad file descriptor) [pid 15718] close(7) = -1 EBADF (Bad file descriptor) [pid 15718] close(8) = -1 EBADF (Bad file descriptor) [pid 15718] close(9) = -1 EBADF (Bad file descriptor) [pid 15718] close(10) = -1 EBADF (Bad file descriptor) [pid 15718] close(11) = -1 EBADF (Bad file descriptor) [pid 15718] close(12) = -1 EBADF (Bad file descriptor) [pid 15718] close(13) = -1 EBADF (Bad file descriptor) [pid 15718] close(14) = -1 EBADF (Bad file descriptor) [pid 15718] close(15) = -1 EBADF (Bad file descriptor) [pid 15718] close(16) = -1 EBADF (Bad file descriptor) [pid 15718] close(17) = -1 EBADF (Bad file descriptor) [pid 15718] close(18) = -1 EBADF (Bad file descriptor) [pid 15718] close(19) = -1 EBADF (Bad file descriptor) [pid 15718] close(20) = -1 EBADF (Bad file descriptor) [pid 15718] close(21) = -1 EBADF (Bad file descriptor) [pid 15718] close(22) = -1 EBADF (Bad file descriptor) [pid 15718] close(23) = -1 EBADF (Bad file descriptor) [pid 15718] close(24) = -1 EBADF (Bad file descriptor) [pid 15718] close(25) = -1 EBADF (Bad file descriptor) [pid 15718] close(26) = -1 EBADF (Bad file descriptor) [pid 15718] close(27) = -1 EBADF (Bad file descriptor) [pid 15718] close(28) = -1 EBADF (Bad file descriptor) [pid 15718] close(29) = -1 EBADF (Bad file descriptor) [pid 15718] exit_group(0) = ? [pid 15723] <... futex resumed>) = ? [pid 15722] <... futex resumed>) = ? [pid 15722] +++ exited with 0 +++ [pid 15719] <... futex resumed>) = ? [pid 15723] +++ exited with 0 +++ [pid 15719] +++ exited with 0 +++ [pid 15718] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9933, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2602", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2602", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2602/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2602/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2602/binderfs") = 0 [pid 289] umount2("./2602/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2602/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2602/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2602/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2602/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2602/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2602") = 0 [pid 289] mkdir("./2603", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = 0 [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9937 ./strace-static-x86_64: Process 15724 attached [pid 15724] set_robust_list(0x555556f746a0, 24) = 0 [pid 15724] chdir("./2603") = 0 [pid 15724] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15724] setpgid(0, 0) = 0 [pid 15724] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15724] write(3, "1000", 4) = 4 [pid 15724] close(3) = 0 [pid 15724] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15724] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15724] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15724] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15724] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15724] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15724] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15724] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0}./strace-static-x86_64: Process 15725 attached [pid 15725] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15725] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15725] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15724] <... clone3 resumed> => {parent_tid=[9938]}, 88) = 9938 [pid 15724] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15724] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15725] <... futex resumed>) = 0 [pid 15724] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15725] memfd_create("syzkaller", 0) = 3 [pid 15725] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15725] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15725] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15725] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15725] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15725] close(3) = 0 [pid 15725] mkdir("./file1", 0777) = 0 [ 312.978963][T15719] EXT4-fs (loop0): 1 truncate cleaned up [pid 15725] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15725] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15725] chdir("./file1") = 0 [pid 15725] ioctl(4, LOOP_CLR_FD) = 0 [pid 15725] close(4) = 0 [pid 15725] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15724] <... futex resumed>) = 0 [pid 15724] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15724] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15725] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15725] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15724] <... futex resumed>) = 0 [pid 15724] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15724] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15724] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15724] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15724] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15724] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[9939]}, 88) = 9939 [pid 15724] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 15728 attached [pid 15725] <... futex resumed>) = 1 [pid 15724] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15724] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15724] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 15728] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 15724] <... mmap resumed>) = 0x7fbc5eeeb000 [pid 15724] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15728] <... set_robust_list resumed>) = 0 [pid 15724] rt_sigprocmask(SIG_BLOCK, ~[], [pid 15725] memfd_create("syzkaller", 0 [pid 15724] <... rt_sigprocmask resumed>[], 8) = 0 [pid 15724] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} [pid 15728] rt_sigprocmask(SIG_SETMASK, [], [pid 15725] <... memfd_create resumed>) = 4 [pid 15724] <... clone3 resumed> => {parent_tid=[9940]}, 88) = 9940 ./strace-static-x86_64: Process 15729 attached [pid 15728] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15725] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 15724] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15724] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15724] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15729] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 15728] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 15729] rt_sigprocmask(SIG_SETMASK, [], [pid 15725] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 15729] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15725] close(4 [pid 15728] <... setxattr resumed>) = 0 [pid 15725] <... close resumed>) = 0 [pid 15729] memfd_create("syzkaller", 0 [pid 15728] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15725] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15725] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15729] <... memfd_create resumed>) = 4 [pid 15729] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15729] close(4) = 0 [pid 15729] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15724] <... futex resumed>) = 0 [pid 15724] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15725] <... futex resumed>) = 0 [pid 15724] <... futex resumed>) = 1 [pid 15725] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 15724] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15728] <... futex resumed>) = 0 [pid 15729] <... futex resumed>) = 1 [pid 15725] <... open resumed>) = 4 [pid 15725] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15724] <... futex resumed>) = 0 [pid 15725] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 15724] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15725] <... mount resumed>) = 0 [pid 15724] <... futex resumed>) = 0 [pid 15725] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15724] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15725] <... futex resumed>) = 0 [pid 15724] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15725] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 15724] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15725] <... open resumed>) = 5 [pid 15724] <... futex resumed>) = 0 [pid 15725] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15724] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15725] <... futex resumed>) = 0 [pid 15724] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15725] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 15724] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15729] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15728] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15724] <... futex resumed>) = 0 [pid 15724] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15725] <... write resumed>) = 262144 [pid 15725] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15724] <... futex resumed>) = 0 [pid 15724] close(3) = 0 [pid 15724] close(4) = 0 [pid 15724] close(5 [pid 15725] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15724] <... close resumed>) = 0 [pid 15724] close(6) = -1 EBADF (Bad file descriptor) [pid 15724] close(7) = -1 EBADF (Bad file descriptor) [pid 15724] close(8) = -1 EBADF (Bad file descriptor) [pid 15724] close(9) = -1 EBADF (Bad file descriptor) [pid 15724] close(10) = -1 EBADF (Bad file descriptor) [pid 15724] close(11) = -1 EBADF (Bad file descriptor) [pid 15724] close(12) = -1 EBADF (Bad file descriptor) [pid 15724] close(13) = -1 EBADF (Bad file descriptor) [pid 15724] close(14) = -1 EBADF (Bad file descriptor) [pid 15724] close(15) = -1 EBADF (Bad file descriptor) [pid 15724] close(16) = -1 EBADF (Bad file descriptor) [pid 15724] close(17) = -1 EBADF (Bad file descriptor) [pid 15724] close(18) = -1 EBADF (Bad file descriptor) [pid 15724] close(19) = -1 EBADF (Bad file descriptor) [pid 15724] close(20) = -1 EBADF (Bad file descriptor) [pid 15724] close(21) = -1 EBADF (Bad file descriptor) [pid 15724] close(22) = -1 EBADF (Bad file descriptor) [pid 15724] close(23) = -1 EBADF (Bad file descriptor) [pid 15724] close(24) = -1 EBADF (Bad file descriptor) [pid 15724] close(25) = -1 EBADF (Bad file descriptor) [pid 15724] close(26) = -1 EBADF (Bad file descriptor) [pid 15724] close(27) = -1 EBADF (Bad file descriptor) [pid 15724] close(28) = -1 EBADF (Bad file descriptor) [pid 15724] close(29) = -1 EBADF (Bad file descriptor) [pid 15724] exit_group(0 [pid 15728] <... futex resumed>) = ? [pid 15725] <... futex resumed>) = ? [pid 15724] <... exit_group resumed>) = ? [pid 15728] +++ exited with 0 +++ [pid 15729] <... futex resumed>) = ? [pid 15729] +++ exited with 0 +++ [pid 15725] +++ exited with 0 +++ [pid 15724] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9937, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2603", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2603", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2603/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2603/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2603/binderfs") = 0 [ 313.022858][T15725] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2603/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2603/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2603/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2603/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2603/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2603/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2603") = 0 [pid 289] mkdir("./2604", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9941 ./strace-static-x86_64: Process 15730 attached [pid 15730] set_robust_list(0x555556f746a0, 24) = 0 [pid 15730] chdir("./2604") = 0 [pid 15730] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15730] setpgid(0, 0) = 0 [pid 15730] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15730] write(3, "1000", 4) = 4 [pid 15730] close(3) = 0 [pid 15730] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15730] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15730] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15730] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15730] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15730] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15730] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15730] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[9942]}, 88) = 9942 [pid 15730] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15730] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 15731 attached ) = 0 [pid 15730] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15731] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15731] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15731] memfd_create("syzkaller", 0) = 3 [pid 15731] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15731] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15731] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15731] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15731] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15731] close(3) = 0 [pid 15731] mkdir("./file1", 0777) = 0 [pid 15731] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15731] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15731] chdir("./file1") = 0 [pid 15731] ioctl(4, LOOP_CLR_FD) = 0 [pid 15731] close(4) = 0 [pid 15731] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15730] <... futex resumed>) = 0 [pid 15730] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15730] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15731] <... futex resumed>) = 1 [pid 15731] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15731] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15730] <... futex resumed>) = 0 [pid 15730] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15730] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15730] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15730] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15730] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15730] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[9943]}, 88) = 9943 [pid 15730] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15730] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15730] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15730] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 15730] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15730] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15730] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[9944]}, 88) = 9944 [pid 15730] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15730] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15730] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15731] <... futex resumed>) = 1 [pid 15731] memfd_create("syzkaller", 0) = 4 [pid 15731] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15731] close(4) = 0 [pid 15731] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15731] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 15735 attached [pid 15735] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 15735] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15735] memfd_create("syzkaller", 0) = 4 [pid 15735] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15735] close(4) = 0 [pid 15735] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15730] <... futex resumed>) = 0 [pid 15730] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15730] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15731] <... futex resumed>) = 0 [pid 15731] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 15731] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15730] <... futex resumed>) = 0 [pid 15730] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15730] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15731] <... futex resumed>) = 1 [pid 15731] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 15731] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15730] <... futex resumed>) = 0 [pid 15730] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15730] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15731] <... futex resumed>) = 1 [pid 15731] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 15731] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15730] <... futex resumed>) = 0 [pid 15730] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15730] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15731] <... futex resumed>) = 1 [pid 15731] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651./strace-static-x86_64: Process 15734 attached [pid 15735] <... futex resumed>) = 1 [pid 15734] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 15735] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15734] <... set_robust_list resumed>) = 0 [pid 15731] <... write resumed>) = 262144 [pid 15734] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15734] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 15731] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15730] <... futex resumed>) = 0 [pid 15731] <... futex resumed>) = 1 [pid 15731] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15734] <... setxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 15734] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15734] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15730] close(3) = 0 [pid 15730] close(4) = 0 [pid 15730] close(5) = 0 [pid 15730] close(6) = -1 EBADF (Bad file descriptor) [pid 15730] close(7) = -1 EBADF (Bad file descriptor) [pid 15730] close(8) = -1 EBADF (Bad file descriptor) [pid 15730] close(9) = -1 EBADF (Bad file descriptor) [pid 15730] close(10) = -1 EBADF (Bad file descriptor) [pid 15730] close(11) = -1 EBADF (Bad file descriptor) [pid 15730] close(12) = -1 EBADF (Bad file descriptor) [pid 15730] close(13) = -1 EBADF (Bad file descriptor) [pid 15730] close(14) = -1 EBADF (Bad file descriptor) [pid 15730] close(15) = -1 EBADF (Bad file descriptor) [pid 15730] close(16) = -1 EBADF (Bad file descriptor) [pid 15730] close(17) = -1 EBADF (Bad file descriptor) [pid 15730] close(18) = -1 EBADF (Bad file descriptor) [pid 15730] close(19) = -1 EBADF (Bad file descriptor) [pid 15730] close(20) = -1 EBADF (Bad file descriptor) [pid 15730] close(21) = -1 EBADF (Bad file descriptor) [pid 15730] close(22) = -1 EBADF (Bad file descriptor) [pid 15730] close(23) = -1 EBADF (Bad file descriptor) [pid 15730] close(24) = -1 EBADF (Bad file descriptor) [pid 15730] close(25) = -1 EBADF (Bad file descriptor) [pid 15730] close(26) = -1 EBADF (Bad file descriptor) [pid 15730] close(27) = -1 EBADF (Bad file descriptor) [pid 15730] close(28) = -1 EBADF (Bad file descriptor) [pid 15730] close(29) = -1 EBADF (Bad file descriptor) [pid 15730] exit_group(0 [pid 15735] <... futex resumed>) = 231 [pid 15730] <... exit_group resumed>) = ? [pid 15735] +++ exited with 0 +++ [pid 15734] <... futex resumed>) = ? [pid 15731] <... futex resumed>) = ? [pid 15734] +++ exited with 0 +++ [pid 15731] +++ exited with 0 +++ [pid 15730] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9941, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2604", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2604", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2604/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2604/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2604/binderfs") = 0 [ 313.149931][T15731] EXT4-fs (loop0): 1 truncate cleaned up [ 313.166905][T15734] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5886: Corrupt filesystem [pid 289] umount2("./2604/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2604/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2604/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2604/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2604/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2604/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2604") = 0 [pid 289] mkdir("./2605", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9945 ./strace-static-x86_64: Process 15736 attached [pid 15736] set_robust_list(0x555556f746a0, 24) = 0 [pid 15736] chdir("./2605") = 0 [pid 15736] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15736] setpgid(0, 0) = 0 [pid 15736] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15736] write(3, "1000", 4) = 4 [pid 15736] close(3) = 0 [pid 15736] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15736] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15736] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15736] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15736] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15736] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15736] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15736] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[9946]}, 88) = 9946 [pid 15736] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15736] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15736] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15737 attached [pid 15737] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15737] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15737] memfd_create("syzkaller", 0) = 3 [pid 15737] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15737] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15737] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15737] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15737] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15737] close(3) = 0 [pid 15737] mkdir("./file1", 0777) = 0 [pid 15737] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15737] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15737] chdir("./file1") = 0 [pid 15737] ioctl(4, LOOP_CLR_FD) = 0 [pid 15737] close(4) = 0 [pid 15737] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15737] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15736] <... futex resumed>) = 0 [pid 15736] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15736] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15737] <... futex resumed>) = 0 [pid 15737] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15737] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15736] <... futex resumed>) = 0 [pid 15736] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15736] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15736] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15736] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15736] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15736] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[9947]}, 88) = 9947 [pid 15736] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15736] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15736] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15736] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 15736] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15736] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15736] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[9948]}, 88) = 9948 [pid 15736] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15736] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15736] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15737] <... futex resumed>) = 1 [pid 15737] memfd_create("syzkaller", 0) = 4 [pid 15737] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15737] close(4) = 0 [pid 15737] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15737] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 15740 attached [pid 15740] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 15740] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15740] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0./strace-static-x86_64: Process 15741 attached ) = 0 [pid 15740] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15740] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15741] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 15741] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15741] memfd_create("syzkaller", 0) = 4 [pid 15741] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15741] close(4) = 0 [pid 15741] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15736] <... futex resumed>) = 0 [pid 15736] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15736] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15737] <... futex resumed>) = 0 [pid 15737] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 15741] <... futex resumed>) = 1 [pid 15737] <... open resumed>) = 4 [pid 15741] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15737] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15736] <... futex resumed>) = 0 [pid 15736] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15736] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15737] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 15737] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15736] <... futex resumed>) = 0 [pid 15736] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15736] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15737] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 15737] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15736] <... futex resumed>) = 0 [pid 15736] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15736] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15737] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 15737] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15736] <... futex resumed>) = 0 [pid 15736] close(3) = 0 [pid 15736] close(4) = 0 [pid 15736] close(5) = 0 [pid 15736] close(6) = -1 EBADF (Bad file descriptor) [pid 15736] close(7) = -1 EBADF (Bad file descriptor) [pid 15736] close(8) = -1 EBADF (Bad file descriptor) [pid 15736] close(9) = -1 EBADF (Bad file descriptor) [pid 15736] close(10) = -1 EBADF (Bad file descriptor) [pid 15736] close(11) = -1 EBADF (Bad file descriptor) [pid 15736] close(12) = -1 EBADF (Bad file descriptor) [pid 15736] close(13) = -1 EBADF (Bad file descriptor) [pid 15736] close(14) = -1 EBADF (Bad file descriptor) [pid 15736] close(15) = -1 EBADF (Bad file descriptor) [pid 15736] close(16) = -1 EBADF (Bad file descriptor) [pid 15736] close(17) = -1 EBADF (Bad file descriptor) [pid 15736] close(18) = -1 EBADF (Bad file descriptor) [pid 15736] close(19) = -1 EBADF (Bad file descriptor) [pid 15736] close(20) = -1 EBADF (Bad file descriptor) [pid 15736] close(21) = -1 EBADF (Bad file descriptor) [pid 15736] close(22) = -1 EBADF (Bad file descriptor) [pid 15736] close(23) = -1 EBADF (Bad file descriptor) [pid 15736] close(24) = -1 EBADF (Bad file descriptor) [pid 15736] close(25) = -1 EBADF (Bad file descriptor) [pid 15736] close(26) = -1 EBADF (Bad file descriptor) [pid 15736] close(27) = -1 EBADF (Bad file descriptor) [pid 15736] close(28) = -1 EBADF (Bad file descriptor) [pid 15736] close(29) = -1 EBADF (Bad file descriptor) [pid 15736] exit_group(0) = ? [pid 15737] <... futex resumed>) = ? [pid 15737] +++ exited with 0 +++ [pid 15741] <... futex resumed>) = ? [pid 15741] +++ exited with 0 +++ [pid 15740] <... futex resumed>) = ? [pid 15740] +++ exited with 0 +++ [pid 15736] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9945, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2605", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2605", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2605/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2605/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2605/binderfs") = 0 [ 313.301366][T15737] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2605/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2605/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2605/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2605/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2605/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2605/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2605") = 0 [pid 289] mkdir("./2606", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9949 ./strace-static-x86_64: Process 15742 attached [pid 15742] set_robust_list(0x555556f746a0, 24) = 0 [pid 15742] chdir("./2606") = 0 [pid 15742] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15742] setpgid(0, 0) = 0 [pid 15742] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15742] write(3, "1000", 4) = 4 [pid 15742] close(3) = 0 [pid 15742] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15742] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15742] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15742] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15742] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15742] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15742] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15742] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[9950]}, 88) = 9950 [pid 15742] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15742] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15742] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15743 attached [pid 15743] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15743] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15743] memfd_create("syzkaller", 0) = 3 [pid 15743] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15743] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15743] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15743] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15743] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15743] close(3) = 0 [pid 15743] mkdir("./file1", 0777) = 0 [pid 15743] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15743] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15743] chdir("./file1") = 0 [pid 15743] ioctl(4, LOOP_CLR_FD) = 0 [pid 15743] close(4) = 0 [pid 15743] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15742] <... futex resumed>) = 0 [pid 15742] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15742] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15743] <... futex resumed>) = 1 [pid 15743] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15743] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15742] <... futex resumed>) = 0 [pid 15742] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15742] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15742] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15742] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15742] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15742] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[9951]}, 88) = 9951 [pid 15742] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15742] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15742] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15742] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 15742] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15742] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15742] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[9952]}, 88) = 9952 [pid 15742] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15743] <... futex resumed>) = 1 [pid 15742] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15743] memfd_create("syzkaller", 0 [pid 15742] <... futex resumed>) = 0 [pid 15743] <... memfd_create resumed>) = 4 [pid 15742] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15743] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15743] close(4) = 0 [pid 15743] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15743] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 15747 attached [pid 15747] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 15747] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15747] memfd_create("syzkaller", 0) = 4 [pid 15747] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15747] close(4) = 0 [pid 15747] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15742] <... futex resumed>) = 0 [pid 15742] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15743] <... futex resumed>) = 0 [pid 15742] <... futex resumed>) = 1 [pid 15743] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 15742] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15747] <... futex resumed>) = 1 [pid 15747] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 15746 attached [pid 15746] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 15746] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15746] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0) = 0 [pid 15746] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15746] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15743] <... open resumed>) = 4 [pid 15743] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15742] <... futex resumed>) = 0 [pid 15742] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15742] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15743] <... futex resumed>) = 1 [pid 15743] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 15743] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15742] <... futex resumed>) = 0 [pid 15742] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15742] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15743] <... futex resumed>) = 1 [pid 15743] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 15743] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15742] <... futex resumed>) = 0 [pid 15742] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15742] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15743] <... futex resumed>) = 1 [pid 15743] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 15743] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15742] <... futex resumed>) = 0 [pid 15742] close(3) = 0 [pid 15742] close(4) = 0 [pid 15742] close(5) = 0 [pid 15742] close(6) = -1 EBADF (Bad file descriptor) [pid 15742] close(7) = -1 EBADF (Bad file descriptor) [pid 15742] close(8) = -1 EBADF (Bad file descriptor) [pid 15742] close(9) = -1 EBADF (Bad file descriptor) [pid 15742] close(10) = -1 EBADF (Bad file descriptor) [pid 15742] close(11) = -1 EBADF (Bad file descriptor) [pid 15742] close(12) = -1 EBADF (Bad file descriptor) [pid 15742] close(13) = -1 EBADF (Bad file descriptor) [pid 15742] close(14) = -1 EBADF (Bad file descriptor) [pid 15742] close(15) = -1 EBADF (Bad file descriptor) [pid 15742] close(16) = -1 EBADF (Bad file descriptor) [pid 15742] close(17) = -1 EBADF (Bad file descriptor) [pid 15742] close(18) = -1 EBADF (Bad file descriptor) [pid 15742] close(19) = -1 EBADF (Bad file descriptor) [pid 15742] close(20) = -1 EBADF (Bad file descriptor) [pid 15742] close(21) = -1 EBADF (Bad file descriptor) [pid 15742] close(22) = -1 EBADF (Bad file descriptor) [pid 15742] close(23) = -1 EBADF (Bad file descriptor) [pid 15742] close(24) = -1 EBADF (Bad file descriptor) [pid 15742] close(25) = -1 EBADF (Bad file descriptor) [pid 15742] close(26) = -1 EBADF (Bad file descriptor) [pid 15742] close(27) = -1 EBADF (Bad file descriptor) [pid 15742] close(28) = -1 EBADF (Bad file descriptor) [pid 15742] close(29) = -1 EBADF (Bad file descriptor) [pid 15742] exit_group(0 [pid 15747] <... futex resumed>) = ? [pid 15742] <... exit_group resumed>) = ? [pid 15747] +++ exited with 0 +++ [pid 15746] <... futex resumed>) = ? [pid 15746] +++ exited with 0 +++ [pid 15743] <... futex resumed>) = ? [pid 15743] +++ exited with 0 +++ [pid 15742] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9949, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2606", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2606", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2606/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2606/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2606/binderfs") = 0 [pid 289] umount2("./2606/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2606/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2606/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2606/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2606/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2606/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2606") = 0 [pid 289] mkdir("./2607", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9953 ./strace-static-x86_64: Process 15748 attached [pid 15748] set_robust_list(0x555556f746a0, 24) = 0 [pid 15748] chdir("./2607") = 0 [pid 15748] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15748] setpgid(0, 0) = 0 [pid 15748] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15748] write(3, "1000", 4) = 4 [pid 15748] close(3) = 0 [pid 15748] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15748] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15748] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15748] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15748] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15748] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15748] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15748] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[9954]}, 88) = 9954 [pid 15748] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15748] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15748] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15749 attached [pid 15749] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15749] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15749] memfd_create("syzkaller", 0) = 3 [pid 15749] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15749] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15749] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15749] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15749] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15749] close(3) = 0 [pid 15749] mkdir("./file1", 0777) = 0 [ 313.380120][T15743] EXT4-fs (loop0): 1 truncate cleaned up [pid 15749] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15749] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15749] chdir("./file1") = 0 [pid 15749] ioctl(4, LOOP_CLR_FD) = 0 [pid 15749] close(4) = 0 [pid 15749] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15748] <... futex resumed>) = 0 [pid 15748] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15748] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15749] <... futex resumed>) = 1 [pid 15749] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15749] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15748] <... futex resumed>) = 0 [pid 15748] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15748] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15748] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15748] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15748] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15748] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[9955]}, 88) = 9955 [pid 15748] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15748] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15748] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15748] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 15748] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15748] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15748] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[9956]}, 88) = 9956 [pid 15748] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15748] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15748] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15749] <... futex resumed>) = 1 [pid 15749] memfd_create("syzkaller", 0) = 4 [pid 15749] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15749] close(4) = 0 [pid 15749] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15749] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 15753 attached [pid 15753] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 15753] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15753] memfd_create("syzkaller", 0) = 4 [pid 15753] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15753] close(4) = 0 [pid 15753] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15748] <... futex resumed>) = 0 [pid 15748] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15748] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15749] <... futex resumed>) = 0 [pid 15749] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 15753] <... futex resumed>) = 1 [pid 15753] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 15752 attached [pid 15752] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 15752] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15752] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0) = 0 [pid 15752] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15752] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15749] <... open resumed>) = 4 [pid 15749] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15748] <... futex resumed>) = 0 [pid 15748] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15748] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15749] <... futex resumed>) = 1 [pid 15749] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 15749] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15748] <... futex resumed>) = 0 [pid 15748] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15748] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15749] <... futex resumed>) = 1 [pid 15749] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 15749] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15748] <... futex resumed>) = 0 [pid 15748] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15748] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15749] <... futex resumed>) = 1 [pid 15749] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 15749] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15748] <... futex resumed>) = 0 [pid 15748] close(3) = 0 [pid 15748] close(4) = 0 [pid 15748] close(5) = 0 [pid 15748] close(6) = -1 EBADF (Bad file descriptor) [pid 15748] close(7) = -1 EBADF (Bad file descriptor) [pid 15748] close(8) = -1 EBADF (Bad file descriptor) [pid 15748] close(9) = -1 EBADF (Bad file descriptor) [pid 15748] close(10) = -1 EBADF (Bad file descriptor) [pid 15748] close(11) = -1 EBADF (Bad file descriptor) [pid 15748] close(12) = -1 EBADF (Bad file descriptor) [pid 15749] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15748] close(13) = -1 EBADF (Bad file descriptor) [pid 15748] close(14) = -1 EBADF (Bad file descriptor) [pid 15748] close(15) = -1 EBADF (Bad file descriptor) [pid 15748] close(16) = -1 EBADF (Bad file descriptor) [pid 15748] close(17) = -1 EBADF (Bad file descriptor) [pid 15748] close(18) = -1 EBADF (Bad file descriptor) [pid 15748] close(19) = -1 EBADF (Bad file descriptor) [pid 15748] close(20) = -1 EBADF (Bad file descriptor) [pid 15748] close(21) = -1 EBADF (Bad file descriptor) [pid 15748] close(22) = -1 EBADF (Bad file descriptor) [pid 15748] close(23) = -1 EBADF (Bad file descriptor) [pid 15748] close(24) = -1 EBADF (Bad file descriptor) [pid 15748] close(25) = -1 EBADF (Bad file descriptor) [pid 15748] close(26) = -1 EBADF (Bad file descriptor) [pid 15748] close(27) = -1 EBADF (Bad file descriptor) [pid 15748] close(28) = -1 EBADF (Bad file descriptor) [pid 15748] close(29) = -1 EBADF (Bad file descriptor) [pid 15748] exit_group(0 [pid 15753] <... futex resumed>) = ? [pid 15752] <... futex resumed>) = ? [pid 15749] <... futex resumed>) = ? [pid 15748] <... exit_group resumed>) = ? [pid 15753] +++ exited with 0 +++ [pid 15752] +++ exited with 0 +++ [pid 15749] +++ exited with 0 +++ [pid 15748] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9953, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] umount2("./2607", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2607", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2607/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2607/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2607/binderfs") = 0 [ 313.438211][T15749] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2607/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2607/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2607/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2607/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2607/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2607/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2607") = 0 [pid 289] mkdir("./2608", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9957 ./strace-static-x86_64: Process 15755 attached [pid 15755] set_robust_list(0x555556f746a0, 24) = 0 [pid 15755] chdir("./2608") = 0 [pid 15755] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15755] setpgid(0, 0) = 0 [pid 15755] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15755] write(3, "1000", 4) = 4 [pid 15755] close(3) = 0 [pid 15755] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15755] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15755] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15755] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15755] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15755] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15755] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15755] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[9958]}, 88) = 9958 [pid 15755] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15755] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15755] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15756 attached [pid 15756] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15756] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15756] memfd_create("syzkaller", 0) = 3 [pid 15756] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15756] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15756] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15756] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15756] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15756] close(3) = 0 [pid 15756] mkdir("./file1", 0777) = 0 [pid 15756] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15756] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15756] chdir("./file1") = 0 [pid 15756] ioctl(4, LOOP_CLR_FD) = 0 [pid 15756] close(4) = 0 [pid 15756] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15755] <... futex resumed>) = 0 [pid 15755] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15755] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15756] <... futex resumed>) = 1 [pid 15756] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15756] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15755] <... futex resumed>) = 0 [pid 15755] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15755] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15755] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15755] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15756] <... futex resumed>) = 1 [pid 15755] rt_sigprocmask(SIG_BLOCK, ~[], [pid 15756] memfd_create("syzkaller", 0) = 4 [pid 15756] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15756] close(4) = 0 [pid 15756] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15756] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15755] <... rt_sigprocmask resumed>[], 8) = 0 [pid 15755] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0}./strace-static-x86_64: Process 15759 attached => {parent_tid=[9959]}, 88) = 9959 [pid 15755] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15755] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15759] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 15755] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15755] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15756] <... futex resumed>) = 0 [pid 15756] memfd_create("syzkaller", 0) = 4 [pid 15756] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 15759] <... set_robust_list resumed>) = 0 [pid 15756] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 15756] close(4) = 0 [pid 15756] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15755] <... futex resumed>) = 0 [pid 15755] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15755] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15756] <... futex resumed>) = 1 [pid 15756] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 15759] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15759] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0) = 0 [pid 15756] <... open resumed>) = 4 [pid 15756] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15755] <... futex resumed>) = 0 [pid 15755] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15755] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15756] <... futex resumed>) = 1 [pid 15756] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 15759] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15756] <... mount resumed>) = 0 [pid 15756] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15755] <... futex resumed>) = 0 [pid 15755] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15755] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15756] <... futex resumed>) = 1 [pid 15756] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 15756] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15755] <... futex resumed>) = 0 [pid 15755] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15755] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15756] <... futex resumed>) = 1 [pid 15756] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 15759] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15756] <... write resumed>) = 262144 [pid 15756] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15755] <... futex resumed>) = 0 [pid 15755] close(3) = 0 [pid 15755] close(4) = 0 [pid 15755] close(5 [pid 15756] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15755] <... close resumed>) = 0 [pid 15755] close(6) = -1 EBADF (Bad file descriptor) [pid 15755] close(7) = -1 EBADF (Bad file descriptor) [pid 15755] close(8) = -1 EBADF (Bad file descriptor) [pid 15755] close(9) = -1 EBADF (Bad file descriptor) [pid 15755] close(10) = -1 EBADF (Bad file descriptor) [pid 15755] close(11) = -1 EBADF (Bad file descriptor) [pid 15755] close(12) = -1 EBADF (Bad file descriptor) [pid 15755] close(13) = -1 EBADF (Bad file descriptor) [pid 15755] close(14) = -1 EBADF (Bad file descriptor) [pid 15755] close(15) = -1 EBADF (Bad file descriptor) [pid 15755] close(16) = -1 EBADF (Bad file descriptor) [pid 15755] close(17) = -1 EBADF (Bad file descriptor) [pid 15755] close(18) = -1 EBADF (Bad file descriptor) [pid 15755] close(19) = -1 EBADF (Bad file descriptor) [pid 15755] close(20) = -1 EBADF (Bad file descriptor) [pid 15755] close(21) = -1 EBADF (Bad file descriptor) [pid 15755] close(22) = -1 EBADF (Bad file descriptor) [pid 15755] close(23) = -1 EBADF (Bad file descriptor) [pid 15755] close(24) = -1 EBADF (Bad file descriptor) [pid 15755] close(25) = -1 EBADF (Bad file descriptor) [pid 15755] close(26) = -1 EBADF (Bad file descriptor) [pid 15755] close(27) = -1 EBADF (Bad file descriptor) [pid 15755] close(28) = -1 EBADF (Bad file descriptor) [pid 15755] close(29) = -1 EBADF (Bad file descriptor) [pid 15755] exit_group(0) = ? [pid 15759] <... futex resumed>) = ? [pid 15759] +++ exited with 0 +++ [pid 15756] <... futex resumed>) = 231 [pid 15756] +++ exited with 0 +++ [pid 15755] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9957, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2608", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2608", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2608/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2608/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2608/binderfs") = 0 [ 313.509617][T15756] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2608/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2608/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2608/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2608/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2608/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2608/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2608") = 0 [pid 289] mkdir("./2609", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9960 ./strace-static-x86_64: Process 15760 attached [pid 15760] set_robust_list(0x555556f746a0, 24) = 0 [pid 15760] chdir("./2609") = 0 [pid 15760] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15760] setpgid(0, 0) = 0 [pid 15760] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15760] write(3, "1000", 4) = 4 [pid 15760] close(3) = 0 [pid 15760] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15760] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15760] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15760] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15760] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15760] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15760] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15760] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[9961]}, 88) = 9961 [pid 15760] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15760] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15760] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15761 attached [pid 15761] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15761] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15761] memfd_create("syzkaller", 0) = 3 [pid 15761] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15761] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15761] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15761] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15761] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15761] close(3) = 0 [pid 15761] mkdir("./file1", 0777) = 0 [pid 15761] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15761] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15761] chdir("./file1") = 0 [pid 15761] ioctl(4, LOOP_CLR_FD) = 0 [pid 15761] close(4) = 0 [pid 15761] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15760] <... futex resumed>) = 0 [pid 15760] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15760] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15761] <... futex resumed>) = 1 [pid 15761] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15761] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15760] <... futex resumed>) = 0 [pid 15760] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15760] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15760] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15760] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15760] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15760] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[9962]}, 88) = 9962 [pid 15760] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15760] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15760] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15760] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 15760] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15760] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15760] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[9963]}, 88) = 9963 [pid 15760] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15760] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15760] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15761] <... futex resumed>) = 1 [pid 15761] memfd_create("syzkaller", 0) = 4 [pid 15761] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15761] close(4) = 0 [pid 15761] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15761] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 15764 attached [pid 15764] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 15764] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15764] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0) = 0 [pid 15764] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15764] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 15765 attached [pid 15765] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 15765] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15765] memfd_create("syzkaller", 0) = 4 [pid 15765] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15765] close(4) = 0 [pid 15765] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15760] <... futex resumed>) = 0 [pid 15760] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15760] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15761] <... futex resumed>) = 0 [pid 15761] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 15765] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15761] <... open resumed>) = 4 [pid 15761] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15760] <... futex resumed>) = 0 [pid 15760] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15760] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15761] <... futex resumed>) = 1 [pid 15761] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 15761] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15760] <... futex resumed>) = 0 [pid 15760] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15760] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15761] <... futex resumed>) = 1 [pid 15761] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 15761] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15760] <... futex resumed>) = 0 [pid 15760] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15760] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15761] <... futex resumed>) = 1 [pid 15761] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 15761] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15760] <... futex resumed>) = 0 [pid 15760] close(3) = 0 [pid 15760] close(4) = 0 [pid 15760] close(5) = 0 [pid 15760] close(6) = -1 EBADF (Bad file descriptor) [pid 15760] close(7) = -1 EBADF (Bad file descriptor) [pid 15760] close(8) = -1 EBADF (Bad file descriptor) [pid 15760] close(9) = -1 EBADF (Bad file descriptor) [pid 15760] close(10) = -1 EBADF (Bad file descriptor) [pid 15760] close(11) = -1 EBADF (Bad file descriptor) [pid 15760] close(12) = -1 EBADF (Bad file descriptor) [pid 15760] close(13) = -1 EBADF (Bad file descriptor) [pid 15760] close(14) = -1 EBADF (Bad file descriptor) [pid 15760] close(15) = -1 EBADF (Bad file descriptor) [pid 15760] close(16) = -1 EBADF (Bad file descriptor) [pid 15760] close(17) = -1 EBADF (Bad file descriptor) [pid 15760] close(18) = -1 EBADF (Bad file descriptor) [pid 15760] close(19) = -1 EBADF (Bad file descriptor) [pid 15760] close(20) = -1 EBADF (Bad file descriptor) [pid 15760] close(21) = -1 EBADF (Bad file descriptor) [pid 15760] close(22) = -1 EBADF (Bad file descriptor) [pid 15760] close(23) = -1 EBADF (Bad file descriptor) [pid 15760] close(24) = -1 EBADF (Bad file descriptor) [pid 15760] close(25) = -1 EBADF (Bad file descriptor) [pid 15760] close(26) = -1 EBADF (Bad file descriptor) [pid 15760] close(27) = -1 EBADF (Bad file descriptor) [pid 15760] close(28) = -1 EBADF (Bad file descriptor) [pid 15760] close(29) = -1 EBADF (Bad file descriptor) [pid 15760] exit_group(0) = ? [pid 15764] <... futex resumed>) = ? [pid 15764] +++ exited with 0 +++ [pid 15765] <... futex resumed>) = ? [pid 15765] +++ exited with 0 +++ [pid 15761] <... futex resumed>) = ? [pid 15761] +++ exited with 0 +++ [pid 15760] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9960, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2609", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2609", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2609/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2609/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2609/binderfs") = 0 [ 313.663592][T15761] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2609/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2609/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2609/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2609/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2609/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2609/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2609") = 0 [pid 289] mkdir("./2610", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9964 ./strace-static-x86_64: Process 15766 attached [pid 15766] set_robust_list(0x555556f746a0, 24) = 0 [pid 15766] chdir("./2610") = 0 [pid 15766] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15766] setpgid(0, 0) = 0 [pid 15766] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15766] write(3, "1000", 4) = 4 [pid 15766] close(3) = 0 [pid 15766] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15766] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15766] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15766] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15766] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15766] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15766] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15766] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[9965]}, 88) = 9965 ./strace-static-x86_64: Process 15767 attached [pid 15766] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15766] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15766] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15767] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15767] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15767] memfd_create("syzkaller", 0) = 3 [pid 15767] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15767] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15767] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15767] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15767] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15767] close(3) = 0 [pid 15767] mkdir("./file1", 0777) = 0 [pid 15767] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15767] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15767] chdir("./file1") = 0 [pid 15767] ioctl(4, LOOP_CLR_FD) = 0 [pid 15767] close(4) = 0 [pid 15767] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15767] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15766] <... futex resumed>) = 0 [pid 15766] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15766] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15767] <... futex resumed>) = 0 [pid 15767] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15767] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15766] <... futex resumed>) = 0 [pid 15766] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15766] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15766] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15766] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15766] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15766] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[9966]}, 88) = 9966 [pid 15766] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15766] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15766] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15766] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 15766] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15766] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15766] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[9967]}, 88) = 9967 [pid 15766] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15766] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15766] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15767] <... futex resumed>) = 1 [pid 15767] memfd_create("syzkaller", 0) = 4 [pid 15767] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0./strace-static-x86_64: Process 15771 attached ./strace-static-x86_64: Process 15770 attached [pid 15770] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 15771] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 15770] <... set_robust_list resumed>) = 0 [pid 15770] rt_sigprocmask(SIG_SETMASK, [], [pid 15771] rt_sigprocmask(SIG_SETMASK, [], [pid 15770] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15771] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15770] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 15771] memfd_create("syzkaller", 0) = 5 [pid 15770] <... setxattr resumed>) = 0 [pid 15771] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 15770] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15771] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 15770] <... futex resumed>) = 0 [pid 15767] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 15767] close(4) = 0 [pid 15767] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15767] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15771] close(5) = 0 [pid 15771] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15770] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15766] <... futex resumed>) = 0 [pid 15766] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15766] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15767] <... futex resumed>) = 0 [pid 15767] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 15771] <... futex resumed>) = 1 [pid 15771] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15767] <... open resumed>) = 4 [pid 15767] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15766] <... futex resumed>) = 0 [pid 15766] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15766] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15767] <... futex resumed>) = 1 [pid 15767] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 15767] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15766] <... futex resumed>) = 0 [pid 15766] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15766] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15767] <... futex resumed>) = 1 [pid 15767] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 15767] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15766] <... futex resumed>) = 0 [pid 15766] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15767] <... futex resumed>) = 1 [pid 15766] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15767] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 15767] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15766] <... futex resumed>) = 0 [pid 15766] close(3) = 0 [pid 15766] close(4) = 0 [pid 15766] close(5) = 0 [pid 15766] close(6) = -1 EBADF (Bad file descriptor) [pid 15766] close(7) = -1 EBADF (Bad file descriptor) [pid 15766] close(8) = -1 EBADF (Bad file descriptor) [pid 15766] close(9) = -1 EBADF (Bad file descriptor) [pid 15766] close(10) = -1 EBADF (Bad file descriptor) [pid 15766] close(11) = -1 EBADF (Bad file descriptor) [pid 15766] close(12) = -1 EBADF (Bad file descriptor) [pid 15766] close(13) = -1 EBADF (Bad file descriptor) [pid 15766] close(14) = -1 EBADF (Bad file descriptor) [pid 15766] close(15) = -1 EBADF (Bad file descriptor) [pid 15766] close(16) = -1 EBADF (Bad file descriptor) [pid 15766] close(17) = -1 EBADF (Bad file descriptor) [pid 15766] close(18) = -1 EBADF (Bad file descriptor) [pid 15766] close(19) = -1 EBADF (Bad file descriptor) [pid 15766] close(20) = -1 EBADF (Bad file descriptor) [pid 15766] close(21) = -1 EBADF (Bad file descriptor) [pid 15766] close(22) = -1 EBADF (Bad file descriptor) [pid 15766] close(23) = -1 EBADF (Bad file descriptor) [pid 15766] close(24) = -1 EBADF (Bad file descriptor) [pid 15766] close(25) = -1 EBADF (Bad file descriptor) [pid 15766] close(26) = -1 EBADF (Bad file descriptor) [pid 15766] close(27) = -1 EBADF (Bad file descriptor) [pid 15766] close(28) = -1 EBADF (Bad file descriptor) [pid 15766] close(29) = -1 EBADF (Bad file descriptor) [pid 15766] exit_group(0) = ? [pid 15771] <... futex resumed>) = ? [pid 15771] +++ exited with 0 +++ [pid 15770] <... futex resumed>) = ? [pid 15770] +++ exited with 0 +++ [pid 15767] <... futex resumed>) = ? [pid 15767] +++ exited with 0 +++ [pid 15766] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9964, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2610", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2610", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2610/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2610/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2610/binderfs") = 0 [pid 289] umount2("./2610/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2610/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2610/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2610/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2610/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2610/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2610") = 0 [pid 289] mkdir("./2611", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9968 ./strace-static-x86_64: Process 15772 attached [pid 15772] set_robust_list(0x555556f746a0, 24) = 0 [pid 15772] chdir("./2611") = 0 [pid 15772] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15772] setpgid(0, 0) = 0 [pid 15772] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15772] write(3, "1000", 4) = 4 [pid 15772] close(3) = 0 [pid 15772] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15772] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15772] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15772] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15772] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15772] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15772] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15772] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[9969]}, 88) = 9969 [pid 15772] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15772] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15772] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15773 attached [pid 15773] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15773] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15773] memfd_create("syzkaller", 0) = 3 [pid 15773] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15773] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15773] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15773] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15773] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15773] close(3) = 0 [pid 15773] mkdir("./file1", 0777) = 0 [ 313.781645][T15767] EXT4-fs (loop0): 1 truncate cleaned up [pid 15773] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15773] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15773] chdir("./file1") = 0 [pid 15773] ioctl(4, LOOP_CLR_FD) = 0 [pid 15773] close(4) = 0 [pid 15773] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15772] <... futex resumed>) = 0 [pid 15772] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15772] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15773] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15773] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15772] <... futex resumed>) = 0 [pid 15773] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15772] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15772] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15772] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15772] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15772] rt_sigprocmask(SIG_BLOCK, ~[], [pid 15773] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15772] <... rt_sigprocmask resumed>[], 8) = 0 [pid 15772] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[9970]}, 88) = 9970 [pid 15772] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15772] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15772] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15772] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 15772] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15772] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15772] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[9971]}, 88) = 9971 [pid 15772] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15772] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15772] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15777 attached [pid 15777] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 15777] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15777] memfd_create("syzkaller", 0) = 4 [pid 15777] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15777] close(4) = 0 [pid 15777] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15772] <... futex resumed>) = 0 [pid 15772] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 15776 attached [pid 15777] <... futex resumed>) = 1 [pid 15773] memfd_create("syzkaller", 0 [pid 15772] <... futex resumed>) = 0 [pid 15772] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15777] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 15776] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 15773] <... memfd_create resumed>) = 4 [pid 15776] <... set_robust_list resumed>) = 0 [pid 15773] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 15776] rt_sigprocmask(SIG_SETMASK, [], [pid 15773] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 15773] close(4 [pid 15776] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15777] <... open resumed>) = 5 [pid 15776] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 15773] <... close resumed>) = 0 [pid 15777] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15772] <... futex resumed>) = 0 [pid 15772] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15772] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15777] <... futex resumed>) = 1 [pid 15777] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 15773] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15773] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15777] <... mount resumed>) = 0 [pid 15777] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15772] <... futex resumed>) = 0 [pid 15772] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15772] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15777] <... futex resumed>) = 1 [pid 15777] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15773] <... futex resumed>) = 0 [pid 15776] <... setxattr resumed>) = 0 [pid 15776] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15776] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15773] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 4 [pid 15773] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15772] <... futex resumed>) = 0 [pid 15773] <... futex resumed>) = 1 [pid 15772] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15773] write(4, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 15772] <... futex resumed>) = 0 [pid 15772] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15773] <... write resumed>) = 262144 [pid 15773] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15772] <... futex resumed>) = 0 [pid 15772] close(3) = 0 [pid 15772] close(4) = 0 [pid 15773] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15772] close(5) = 0 [pid 15772] close(6) = -1 EBADF (Bad file descriptor) [pid 15772] close(7) = -1 EBADF (Bad file descriptor) [pid 15772] close(8) = -1 EBADF (Bad file descriptor) [pid 15772] close(9) = -1 EBADF (Bad file descriptor) [pid 15772] close(10) = -1 EBADF (Bad file descriptor) [pid 15772] close(11) = -1 EBADF (Bad file descriptor) [pid 15772] close(12) = -1 EBADF (Bad file descriptor) [pid 15772] close(13) = -1 EBADF (Bad file descriptor) [pid 15772] close(14) = -1 EBADF (Bad file descriptor) [pid 15772] close(15) = -1 EBADF (Bad file descriptor) [pid 15772] close(16) = -1 EBADF (Bad file descriptor) [pid 15772] close(17) = -1 EBADF (Bad file descriptor) [pid 15772] close(18) = -1 EBADF (Bad file descriptor) [pid 15772] close(19) = -1 EBADF (Bad file descriptor) [pid 15772] close(20) = -1 EBADF (Bad file descriptor) [pid 15772] close(21) = -1 EBADF (Bad file descriptor) [pid 15772] close(22) = -1 EBADF (Bad file descriptor) [pid 15772] close(23) = -1 EBADF (Bad file descriptor) [pid 15772] close(24) = -1 EBADF (Bad file descriptor) [pid 15772] close(25) = -1 EBADF (Bad file descriptor) [pid 15772] close(26) = -1 EBADF (Bad file descriptor) [pid 15772] close(27) = -1 EBADF (Bad file descriptor) [pid 15772] close(28) = -1 EBADF (Bad file descriptor) [pid 15772] close(29) = -1 EBADF (Bad file descriptor) [pid 15772] exit_group(0) = ? [pid 15777] <... futex resumed>) = ? [pid 15777] +++ exited with 0 +++ [pid 15776] <... futex resumed>) = ? [pid 15776] +++ exited with 0 +++ [pid 15773] <... futex resumed>) = ? [pid 15773] +++ exited with 0 +++ [pid 15772] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9968, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 289] umount2("./2611", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2611", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2611/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2611/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2611/binderfs") = 0 [ 313.840711][T15773] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2611/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2611/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2611/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2611/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2611/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2611/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2611") = 0 [pid 289] mkdir("./2612", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9972 ./strace-static-x86_64: Process 15778 attached [pid 15778] set_robust_list(0x555556f746a0, 24) = 0 [pid 15778] chdir("./2612") = 0 [pid 15778] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15778] setpgid(0, 0) = 0 [pid 15778] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15778] write(3, "1000", 4) = 4 [pid 15778] close(3) = 0 [pid 15778] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15778] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15778] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15778] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15778] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15778] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15778] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15778] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0}./strace-static-x86_64: Process 15779 attached => {parent_tid=[9973]}, 88) = 9973 [pid 15778] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15778] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15778] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15779] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15779] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15779] memfd_create("syzkaller", 0) = 3 [pid 15779] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15779] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15779] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15779] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15779] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15779] close(3) = 0 [pid 15779] mkdir("./file1", 0777) = 0 [pid 15779] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15779] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15779] chdir("./file1") = 0 [pid 15779] ioctl(4, LOOP_CLR_FD) = 0 [pid 15779] close(4) = 0 [pid 15779] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15778] <... futex resumed>) = 0 [pid 15779] setxattr("./file1", NULL, NULL, 0, 0 [pid 15778] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15779] <... setxattr resumed>) = -1 EFAULT (Bad address) [pid 15778] <... futex resumed>) = 0 [pid 15779] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15778] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15779] <... futex resumed>) = 0 [pid 15778] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15779] memfd_create("syzkaller", 0 [pid 15778] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15779] <... memfd_create resumed>) = 4 [pid 15778] <... futex resumed>) = 0 [pid 15779] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 15778] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15779] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 15778] <... futex resumed>) = 0 [pid 15779] close(4 [pid 15778] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 15779] <... close resumed>) = 0 [pid 15778] <... mmap resumed>) = 0x7fbc5ef0c000 [pid 15779] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15778] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE [pid 15779] <... futex resumed>) = 0 [pid 15778] <... mprotect resumed>) = 0 [pid 15779] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15778] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15778] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[9974]}, 88) = 9974 [pid 15778] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15778] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15778] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15779] <... futex resumed>) = 0 [pid 15778] <... futex resumed>) = 1 [pid 15779] memfd_create("syzkaller", 0 [pid 15778] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15779] <... memfd_create resumed>) = 4 [pid 15779] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15779] close(4) = 0 [pid 15779] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15778] <... futex resumed>) = 0 [pid 15779] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 15778] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15778] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 15782 attached [pid 15782] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 15782] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15782] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0) = 0 [pid 15782] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15782] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15779] <... open resumed>) = 4 [pid 15779] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15778] <... futex resumed>) = 0 [pid 15779] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 15778] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15779] <... mount resumed>) = 0 [pid 15778] <... futex resumed>) = 0 [pid 15779] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15778] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15779] <... futex resumed>) = 0 [pid 15778] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15779] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15778] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15779] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15778] <... futex resumed>) = 0 [pid 15779] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 15778] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15779] <... open resumed>) = 5 [pid 15779] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15778] <... futex resumed>) = 0 [pid 15779] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15778] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15779] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15778] <... futex resumed>) = 0 [pid 15779] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 15778] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15779] <... write resumed>) = 262144 [pid 15779] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15778] <... futex resumed>) = 0 [pid 15779] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15778] close(3) = 0 [pid 15778] close(4) = 0 [pid 15778] close(5) = 0 [pid 15778] close(6) = -1 EBADF (Bad file descriptor) [pid 15778] close(7) = -1 EBADF (Bad file descriptor) [pid 15778] close(8) = -1 EBADF (Bad file descriptor) [pid 15778] close(9) = -1 EBADF (Bad file descriptor) [pid 15778] close(10) = -1 EBADF (Bad file descriptor) [pid 15778] close(11) = -1 EBADF (Bad file descriptor) [pid 15778] close(12) = -1 EBADF (Bad file descriptor) [pid 15778] close(13) = -1 EBADF (Bad file descriptor) [pid 15778] close(14) = -1 EBADF (Bad file descriptor) [pid 15778] close(15) = -1 EBADF (Bad file descriptor) [pid 15778] close(16) = -1 EBADF (Bad file descriptor) [pid 15778] close(17) = -1 EBADF (Bad file descriptor) [pid 15778] close(18) = -1 EBADF (Bad file descriptor) [pid 15778] close(19) = -1 EBADF (Bad file descriptor) [pid 15778] close(20) = -1 EBADF (Bad file descriptor) [pid 15778] close(21) = -1 EBADF (Bad file descriptor) [pid 15778] close(22) = -1 EBADF (Bad file descriptor) [pid 15778] close(23) = -1 EBADF (Bad file descriptor) [pid 15778] close(24) = -1 EBADF (Bad file descriptor) [pid 15778] close(25) = -1 EBADF (Bad file descriptor) [pid 15778] close(26) = -1 EBADF (Bad file descriptor) [pid 15778] close(27) = -1 EBADF (Bad file descriptor) [pid 15778] close(28) = -1 EBADF (Bad file descriptor) [pid 15778] close(29) = -1 EBADF (Bad file descriptor) [pid 15778] exit_group(0) = ? [pid 15779] <... futex resumed>) = ? [pid 15779] +++ exited with 0 +++ [pid 15782] <... futex resumed>) = ? [pid 15782] +++ exited with 0 +++ [pid 15778] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9972, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 289] umount2("./2612", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2612", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2612/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2612/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2612/binderfs") = 0 [pid 289] umount2("./2612/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2612/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2612/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2612/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2612/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2612/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2612") = 0 [pid 289] mkdir("./2613", 0777) = 0 [ 313.981247][T15779] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9975 ./strace-static-x86_64: Process 15783 attached [pid 15783] set_robust_list(0x555556f746a0, 24) = 0 [pid 15783] chdir("./2613") = 0 [pid 15783] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15783] setpgid(0, 0) = 0 [pid 15783] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15783] write(3, "1000", 4) = 4 [pid 15783] close(3) = 0 [pid 15783] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15783] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15783] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15783] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15783] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15783] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15783] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15783] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[9976]}, 88) = 9976 [pid 15783] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15783] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15783] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15784 attached [pid 15784] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15784] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15784] memfd_create("syzkaller", 0) = 3 [pid 15784] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15784] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15784] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15784] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15784] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15784] close(3) = 0 [pid 15784] mkdir("./file1", 0777) = 0 [pid 15784] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15784] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15784] chdir("./file1") = 0 [pid 15784] ioctl(4, LOOP_CLR_FD) = 0 [pid 15784] close(4) = 0 [pid 15784] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15783] <... futex resumed>) = 0 [pid 15783] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15783] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15784] <... futex resumed>) = 1 [pid 15784] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15784] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15783] <... futex resumed>) = 0 [pid 15783] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15783] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15783] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15783] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15783] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15783] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[9977]}, 88) = 9977 [pid 15783] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15783] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15783] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15783] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 15783] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15783] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15783] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[9978]}, 88) = 9978 [pid 15783] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15783] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15783] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15784] <... futex resumed>) = 1 [pid 15784] memfd_create("syzkaller", 0) = 4 [pid 15784] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15784] close(4) = 0 [pid 15784] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15784] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 15787 attached [pid 15787] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 15787] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15787] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0) = 0 [pid 15787] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15787] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 15788 attached [pid 15788] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 15788] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15788] memfd_create("syzkaller", 0) = 4 [pid 15788] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15788] close(4) = 0 [pid 15788] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15783] <... futex resumed>) = 0 [pid 15783] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15784] <... futex resumed>) = 0 [pid 15783] <... futex resumed>) = 1 [pid 15784] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 15783] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15788] <... futex resumed>) = 1 [pid 15784] <... open resumed>) = 4 [pid 15784] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15783] <... futex resumed>) = 0 [pid 15784] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 15783] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15784] <... mount resumed>) = 0 [pid 15783] <... futex resumed>) = 0 [pid 15784] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15783] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15784] <... futex resumed>) = 0 [pid 15783] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15784] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 15783] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15784] <... open resumed>) = 5 [pid 15783] <... futex resumed>) = 0 [pid 15784] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15783] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15784] <... futex resumed>) = 0 [pid 15783] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15784] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 15783] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15788] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15783] <... futex resumed>) = 0 [pid 15783] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15784] <... write resumed>) = 262144 [pid 15784] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15783] <... futex resumed>) = 0 [pid 15784] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15783] close(3) = 0 [pid 15783] close(4) = 0 [pid 15783] close(5) = 0 [pid 15783] close(6) = -1 EBADF (Bad file descriptor) [pid 15783] close(7) = -1 EBADF (Bad file descriptor) [pid 15783] close(8) = -1 EBADF (Bad file descriptor) [pid 15783] close(9) = -1 EBADF (Bad file descriptor) [pid 15783] close(10) = -1 EBADF (Bad file descriptor) [pid 15783] close(11) = -1 EBADF (Bad file descriptor) [pid 15783] close(12) = -1 EBADF (Bad file descriptor) [pid 15783] close(13) = -1 EBADF (Bad file descriptor) [pid 15783] close(14) = -1 EBADF (Bad file descriptor) [pid 15783] close(15) = -1 EBADF (Bad file descriptor) [pid 15783] close(16) = -1 EBADF (Bad file descriptor) [pid 15783] close(17) = -1 EBADF (Bad file descriptor) [pid 15783] close(18) = -1 EBADF (Bad file descriptor) [pid 15783] close(19) = -1 EBADF (Bad file descriptor) [pid 15783] close(20) = -1 EBADF (Bad file descriptor) [pid 15783] close(21) = -1 EBADF (Bad file descriptor) [pid 15783] close(22) = -1 EBADF (Bad file descriptor) [pid 15783] close(23) = -1 EBADF (Bad file descriptor) [pid 15783] close(24) = -1 EBADF (Bad file descriptor) [pid 15783] close(25) = -1 EBADF (Bad file descriptor) [pid 15783] close(26) = -1 EBADF (Bad file descriptor) [pid 15783] close(27) = -1 EBADF (Bad file descriptor) [pid 15783] close(28) = -1 EBADF (Bad file descriptor) [pid 15783] close(29) = -1 EBADF (Bad file descriptor) [pid 15783] exit_group(0) = ? [pid 15788] <... futex resumed>) = ? [pid 15788] +++ exited with 0 +++ [pid 15787] <... futex resumed>) = ? [pid 15784] <... futex resumed>) = ? [pid 15787] +++ exited with 0 +++ [pid 15784] +++ exited with 0 +++ [pid 15783] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9975, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2613", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2613", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2613/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2613/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2613/binderfs") = 0 [ 314.052364][T15784] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2613/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2613/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2613/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2613/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2613/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2613/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2613") = 0 [pid 289] mkdir("./2614", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9979 ./strace-static-x86_64: Process 15789 attached [pid 15789] set_robust_list(0x555556f746a0, 24) = 0 [pid 15789] chdir("./2614") = 0 [pid 15789] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15789] setpgid(0, 0) = 0 [pid 15789] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15789] write(3, "1000", 4) = 4 [pid 15789] close(3) = 0 [pid 15789] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15789] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15789] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15789] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15789] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15789] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15789] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15789] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0}./strace-static-x86_64: Process 15790 attached => {parent_tid=[9980]}, 88) = 9980 [pid 15790] set_robust_list(0x7fbc6730d9a0, 24 [pid 15789] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15790] <... set_robust_list resumed>) = 0 [pid 15789] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15790] rt_sigprocmask(SIG_SETMASK, [], [pid 15789] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15790] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15790] memfd_create("syzkaller", 0) = 3 [pid 15790] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15790] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15790] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15790] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15790] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15790] close(3) = 0 [pid 15790] mkdir("./file1", 0777) = 0 [pid 15790] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15790] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15790] chdir("./file1") = 0 [pid 15790] ioctl(4, LOOP_CLR_FD) = 0 [pid 15790] close(4) = 0 [pid 15790] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15789] <... futex resumed>) = 0 [pid 15789] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15789] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15790] <... futex resumed>) = 1 [pid 15790] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15790] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15789] <... futex resumed>) = 0 [pid 15789] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15789] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15789] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15789] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15789] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15789] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[9981]}, 88) = 9981 [pid 15789] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15789] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15789] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15789] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 15789] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15789] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15789] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[9982]}, 88) = 9982 [pid 15789] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15789] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15789] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15790] <... futex resumed>) = 1 [pid 15790] memfd_create("syzkaller", 0) = 4 [pid 15790] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15790] close(4) = 0 [pid 15790] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15790] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 15793 attached [pid 15793] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 15793] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15793] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0) = 0 ./strace-static-x86_64: Process 15794 attached [pid 15794] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 15794] rt_sigprocmask(SIG_SETMASK, [], [pid 15793] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15794] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15794] memfd_create("syzkaller", 0) = 4 [pid 15794] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15794] close(4) = 0 [pid 15794] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15794] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15793] <... futex resumed>) = 0 [pid 15793] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15789] <... futex resumed>) = 0 [pid 15789] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15789] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15790] <... futex resumed>) = 0 [pid 15790] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 15790] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15789] <... futex resumed>) = 0 [pid 15789] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15789] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15790] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 15790] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15789] <... futex resumed>) = 0 [pid 15789] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15789] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15790] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 15790] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15789] <... futex resumed>) = 0 [pid 15789] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15789] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15790] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 15790] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15789] <... futex resumed>) = 0 [pid 15790] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15789] close(3) = 0 [pid 15789] close(4) = 0 [pid 15789] close(5) = 0 [pid 15789] close(6) = -1 EBADF (Bad file descriptor) [pid 15789] close(7) = -1 EBADF (Bad file descriptor) [pid 15789] close(8) = -1 EBADF (Bad file descriptor) [pid 15789] close(9) = -1 EBADF (Bad file descriptor) [pid 15789] close(10) = -1 EBADF (Bad file descriptor) [pid 15789] close(11) = -1 EBADF (Bad file descriptor) [pid 15789] close(12) = -1 EBADF (Bad file descriptor) [pid 15789] close(13) = -1 EBADF (Bad file descriptor) [pid 15789] close(14) = -1 EBADF (Bad file descriptor) [pid 15789] close(15) = -1 EBADF (Bad file descriptor) [pid 15789] close(16) = -1 EBADF (Bad file descriptor) [pid 15789] close(17) = -1 EBADF (Bad file descriptor) [pid 15789] close(18) = -1 EBADF (Bad file descriptor) [pid 15789] close(19) = -1 EBADF (Bad file descriptor) [pid 15789] close(20) = -1 EBADF (Bad file descriptor) [pid 15789] close(21) = -1 EBADF (Bad file descriptor) [pid 15789] close(22) = -1 EBADF (Bad file descriptor) [pid 15789] close(23) = -1 EBADF (Bad file descriptor) [pid 15789] close(24) = -1 EBADF (Bad file descriptor) [pid 15789] close(25) = -1 EBADF (Bad file descriptor) [pid 15789] close(26) = -1 EBADF (Bad file descriptor) [pid 15789] close(27) = -1 EBADF (Bad file descriptor) [pid 15789] close(28) = -1 EBADF (Bad file descriptor) [pid 15789] close(29) = -1 EBADF (Bad file descriptor) [pid 15789] exit_group(0) = ? [pid 15794] <... futex resumed>) = ? [pid 15794] +++ exited with 0 +++ [pid 15793] <... futex resumed>) = ? [pid 15793] +++ exited with 0 +++ [pid 15790] <... futex resumed>) = ? [pid 15790] +++ exited with 0 +++ [pid 15789] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9979, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2614", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2614", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2614/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2614/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2614/binderfs") = 0 [ 314.215049][T15790] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2614/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2614/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2614/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2614/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2614/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2614/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2614") = 0 [pid 289] mkdir("./2615", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9983 ./strace-static-x86_64: Process 15795 attached [pid 15795] set_robust_list(0x555556f746a0, 24) = 0 [pid 15795] chdir("./2615") = 0 [pid 15795] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15795] setpgid(0, 0) = 0 [pid 15795] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15795] write(3, "1000", 4) = 4 [pid 15795] close(3) = 0 [pid 15795] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15795] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15795] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15795] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15795] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15795] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15795] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15795] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0}./strace-static-x86_64: Process 15796 attached [pid 15796] set_robust_list(0x7fbc6730d9a0, 24 [pid 15795] <... clone3 resumed> => {parent_tid=[9984]}, 88) = 9984 [pid 15795] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15795] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15795] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15796] <... set_robust_list resumed>) = 0 [pid 15796] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15796] memfd_create("syzkaller", 0) = 3 [pid 15796] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15796] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15796] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15796] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15796] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15796] close(3) = 0 [pid 15796] mkdir("./file1", 0777) = 0 [pid 15796] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15796] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15796] chdir("./file1") = 0 [pid 15796] ioctl(4, LOOP_CLR_FD) = 0 [pid 15796] close(4) = 0 [pid 15796] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15795] <... futex resumed>) = 0 [pid 15795] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15795] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15796] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15796] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15795] <... futex resumed>) = 0 [pid 15795] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15795] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15795] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15795] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15795] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15795] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} [pid 15796] memfd_create("syzkaller", 0 [pid 15795] <... clone3 resumed> => {parent_tid=[9985]}, 88) = 9985 [pid 15795] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15795] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15795] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15795] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 15795] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15795] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15795] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[9986]}, 88) = 9986 [pid 15795] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15795] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15795] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15800 attached [pid 15800] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 15800] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15800] memfd_create("syzkaller", 0) = 4 [pid 15800] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15800] close(4) = 0 [pid 15800] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15795] <... futex resumed>) = 0 [pid 15795] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15795] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15800] <... futex resumed>) = 1 [pid 15800] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 15800] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15795] <... futex resumed>) = 0 [pid 15795] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15795] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15800] <... futex resumed>) = 1 [pid 15800] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 15800] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15795] <... futex resumed>) = 0 [pid 15795] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15795] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15800] <... futex resumed>) = 1 [pid 15800] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 15800] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15795] <... futex resumed>) = 0 [pid 15795] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15795] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15800] <... futex resumed>) = 1 [pid 15800] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 15796] <... memfd_create resumed>) = 6 [pid 15796] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15796] close(6) = 0 [pid 15796] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15796] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 15799 attached [pid 15799] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 15799] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15799] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 15800] <... write resumed>) = 262144 [pid 15800] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15799] <... setxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 15795] <... futex resumed>) = 0 [pid 15800] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15799] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15799] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15795] close(3) = 0 [pid 15795] close(4) = 0 [pid 15795] close(5) = 0 [pid 15795] close(6) = -1 EBADF (Bad file descriptor) [pid 15795] close(7) = -1 EBADF (Bad file descriptor) [pid 15795] close(8) = -1 EBADF (Bad file descriptor) [pid 15795] close(9) = -1 EBADF (Bad file descriptor) [pid 15795] close(10) = -1 EBADF (Bad file descriptor) [pid 15795] close(11) = -1 EBADF (Bad file descriptor) [pid 15795] close(12) = -1 EBADF (Bad file descriptor) [pid 15795] close(13) = -1 EBADF (Bad file descriptor) [pid 15795] close(14) = -1 EBADF (Bad file descriptor) [pid 15795] close(15) = -1 EBADF (Bad file descriptor) [pid 15795] close(16) = -1 EBADF (Bad file descriptor) [pid 15795] close(17) = -1 EBADF (Bad file descriptor) [pid 15795] close(18) = -1 EBADF (Bad file descriptor) [pid 15795] close(19) = -1 EBADF (Bad file descriptor) [pid 15795] close(20) = -1 EBADF (Bad file descriptor) [pid 15795] close(21) = -1 EBADF (Bad file descriptor) [pid 15795] close(22) = -1 EBADF (Bad file descriptor) [pid 15795] close(23) = -1 EBADF (Bad file descriptor) [pid 15795] close(24) = -1 EBADF (Bad file descriptor) [pid 15795] close(25) = -1 EBADF (Bad file descriptor) [pid 15795] close(26) = -1 EBADF (Bad file descriptor) [pid 15795] close(27) = -1 EBADF (Bad file descriptor) [pid 15795] close(28) = -1 EBADF (Bad file descriptor) [pid 15795] close(29) = -1 EBADF (Bad file descriptor) [pid 15795] exit_group(0 [pid 15800] <... futex resumed>) = ? [pid 15796] <... futex resumed>) = ? [pid 15795] <... exit_group resumed>) = ? [pid 15800] +++ exited with 0 +++ [pid 15796] +++ exited with 0 +++ [pid 15799] <... futex resumed>) = ? [pid 15799] +++ exited with 0 +++ [pid 15795] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9983, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2615", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2615", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2615/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2615/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2615/binderfs") = 0 [ 314.354960][T15796] EXT4-fs (loop0): 1 truncate cleaned up [ 314.374933][T15799] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5886: Corrupt filesystem [pid 289] umount2("./2615/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2615/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2615/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2615/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2615/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2615/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2615") = 0 [pid 289] mkdir("./2616", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9987 ./strace-static-x86_64: Process 15802 attached [pid 15802] set_robust_list(0x555556f746a0, 24) = 0 [pid 15802] chdir("./2616") = 0 [pid 15802] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15802] setpgid(0, 0) = 0 [pid 15802] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15802] write(3, "1000", 4) = 4 [pid 15802] close(3) = 0 [pid 15802] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15802] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15802] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15802] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15802] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15802] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15802] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15802] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[9988]}, 88) = 9988 [pid 15802] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15802] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15802] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15803 attached [pid 15803] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15803] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15803] memfd_create("syzkaller", 0) = 3 [pid 15803] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15803] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15803] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15803] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15803] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15803] close(3) = 0 [pid 15803] mkdir("./file1", 0777) = 0 [pid 15803] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15803] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15803] chdir("./file1") = 0 [pid 15803] ioctl(4, LOOP_CLR_FD) = 0 [pid 15803] close(4) = 0 [pid 15803] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15802] <... futex resumed>) = 0 [pid 15803] setxattr("./file1", NULL, NULL, 0, 0 [pid 15802] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15802] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15803] <... setxattr resumed>) = -1 EFAULT (Bad address) [pid 15803] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15802] <... futex resumed>) = 0 [pid 15802] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15803] memfd_create("syzkaller", 0 [pid 15802] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15803] <... memfd_create resumed>) = 4 [pid 15802] <... futex resumed>) = 0 [pid 15803] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 15802] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 15803] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 15802] <... mmap resumed>) = 0x7fbc5ef0c000 [pid 15802] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15803] close(4 [pid 15802] rt_sigprocmask(SIG_BLOCK, ~[], [pid 15803] <... close resumed>) = 0 [pid 15803] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15802] <... rt_sigprocmask resumed>[], 8) = 0 [pid 15802] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0}./strace-static-x86_64: Process 15806 attached => {parent_tid=[9989]}, 88) = 9989 [pid 15806] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 15802] rt_sigprocmask(SIG_SETMASK, [], [pid 15806] <... set_robust_list resumed>) = 0 [pid 15802] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15806] rt_sigprocmask(SIG_SETMASK, [], [pid 15802] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15806] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15802] <... futex resumed>) = 0 [pid 15802] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15802] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15806] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0) = 0 [pid 15803] <... futex resumed>) = 1 [pid 15802] <... futex resumed>) = 0 [pid 15806] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15802] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=49000000} [pid 15806] <... futex resumed>) = 0 [pid 15806] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15803] memfd_create("syzkaller", 0) = 4 [pid 15803] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15803] close(4) = 0 [pid 15803] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15802] <... futex resumed>) = 0 [pid 15802] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15802] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15803] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 15803] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15802] <... futex resumed>) = 0 [pid 15802] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15802] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15803] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 15803] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15802] <... futex resumed>) = 0 [pid 15802] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15802] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15803] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 15803] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15802] <... futex resumed>) = 0 [pid 15802] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15802] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15803] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 15803] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15802] <... futex resumed>) = 0 [pid 15802] close(3 [pid 15803] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15802] <... close resumed>) = 0 [pid 15802] close(4) = 0 [pid 15802] close(5) = 0 [pid 15802] close(6) = -1 EBADF (Bad file descriptor) [pid 15802] close(7) = -1 EBADF (Bad file descriptor) [pid 15802] close(8) = -1 EBADF (Bad file descriptor) [pid 15802] close(9) = -1 EBADF (Bad file descriptor) [pid 15802] close(10) = -1 EBADF (Bad file descriptor) [pid 15802] close(11) = -1 EBADF (Bad file descriptor) [pid 15802] close(12) = -1 EBADF (Bad file descriptor) [pid 15802] close(13) = -1 EBADF (Bad file descriptor) [pid 15802] close(14) = -1 EBADF (Bad file descriptor) [pid 15802] close(15) = -1 EBADF (Bad file descriptor) [pid 15802] close(16) = -1 EBADF (Bad file descriptor) [pid 15802] close(17) = -1 EBADF (Bad file descriptor) [pid 15802] close(18) = -1 EBADF (Bad file descriptor) [pid 15802] close(19) = -1 EBADF (Bad file descriptor) [pid 15802] close(20) = -1 EBADF (Bad file descriptor) [pid 15802] close(21) = -1 EBADF (Bad file descriptor) [pid 15802] close(22) = -1 EBADF (Bad file descriptor) [pid 15802] close(23) = -1 EBADF (Bad file descriptor) [pid 15802] close(24) = -1 EBADF (Bad file descriptor) [pid 15802] close(25) = -1 EBADF (Bad file descriptor) [pid 15802] close(26) = -1 EBADF (Bad file descriptor) [pid 15802] close(27) = -1 EBADF (Bad file descriptor) [pid 15802] close(28) = -1 EBADF (Bad file descriptor) [pid 15802] close(29) = -1 EBADF (Bad file descriptor) [pid 15802] exit_group(0) = ? [pid 15803] <... futex resumed>) = ? [pid 15803] +++ exited with 0 +++ [pid 15806] <... futex resumed>) = ? [pid 15806] +++ exited with 0 +++ [pid 15802] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9987, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2616", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2616", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2616/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2616/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2616/binderfs") = 0 [ 314.492801][T15803] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2616/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2616/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2616/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2616/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2616/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2616/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2616") = 0 [pid 289] mkdir("./2617", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9990 ./strace-static-x86_64: Process 15807 attached [pid 15807] set_robust_list(0x555556f746a0, 24) = 0 [pid 15807] chdir("./2617") = 0 [pid 15807] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15807] setpgid(0, 0) = 0 [pid 15807] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15807] write(3, "1000", 4) = 4 [pid 15807] close(3) = 0 [pid 15807] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15807] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15807] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15807] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15807] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15807] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15807] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15807] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[9991]}, 88) = 9991 [pid 15807] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15807] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15807] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15808 attached [pid 15808] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15808] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15808] memfd_create("syzkaller", 0) = 3 [pid 15808] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15808] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15808] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15808] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15808] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15808] close(3) = 0 [pid 15808] mkdir("./file1", 0777) = 0 [pid 15808] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15808] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15808] chdir("./file1") = 0 [pid 15808] ioctl(4, LOOP_CLR_FD) = 0 [pid 15808] close(4) = 0 [pid 15808] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15807] <... futex resumed>) = 0 [pid 15807] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15807] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15808] <... futex resumed>) = 1 [pid 15808] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15808] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15807] <... futex resumed>) = 0 [pid 15807] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15807] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15807] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15807] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15807] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15807] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[9992]}, 88) = 9992 [pid 15807] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15807] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15807] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15807] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 15807] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15807] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15807] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[9993]}, 88) = 9993 [pid 15807] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15807] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15807] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15808] <... futex resumed>) = 1 [pid 15808] memfd_create("syzkaller", 0) = 4 [pid 15808] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15808] close(4) = 0 [pid 15808] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15808] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 15811 attached [pid 15811] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 15811] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15811] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0) = 0 ./strace-static-x86_64: Process 15812 attached [pid 15811] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15812] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 15812] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15812] memfd_create("syzkaller", 0) = 4 [pid 15811] <... futex resumed>) = 0 [pid 15812] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15812] close(4) = 0 [pid 15812] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15807] <... futex resumed>) = 0 [pid 15812] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15807] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15808] <... futex resumed>) = 0 [pid 15807] <... futex resumed>) = 1 [pid 15808] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 15807] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15811] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15808] <... open resumed>) = 4 [pid 15808] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15807] <... futex resumed>) = 0 [pid 15807] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15807] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15808] <... futex resumed>) = 1 [pid 15808] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 15808] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15807] <... futex resumed>) = 0 [pid 15807] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15807] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15808] <... futex resumed>) = 1 [pid 15808] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 15808] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15807] <... futex resumed>) = 0 [pid 15807] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15807] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15808] <... futex resumed>) = 1 [pid 15808] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 15808] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15807] <... futex resumed>) = 0 [pid 15808] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15807] close(3) = 0 [pid 15807] close(4) = 0 [pid 15807] close(5) = 0 [pid 15807] close(6) = -1 EBADF (Bad file descriptor) [pid 15807] close(7) = -1 EBADF (Bad file descriptor) [pid 15807] close(8) = -1 EBADF (Bad file descriptor) [pid 15807] close(9) = -1 EBADF (Bad file descriptor) [pid 15807] close(10) = -1 EBADF (Bad file descriptor) [pid 15807] close(11) = -1 EBADF (Bad file descriptor) [pid 15807] close(12) = -1 EBADF (Bad file descriptor) [pid 15807] close(13) = -1 EBADF (Bad file descriptor) [pid 15807] close(14) = -1 EBADF (Bad file descriptor) [pid 15807] close(15) = -1 EBADF (Bad file descriptor) [pid 15807] close(16) = -1 EBADF (Bad file descriptor) [pid 15807] close(17) = -1 EBADF (Bad file descriptor) [pid 15807] close(18) = -1 EBADF (Bad file descriptor) [pid 15807] close(19) = -1 EBADF (Bad file descriptor) [pid 15807] close(20) = -1 EBADF (Bad file descriptor) [pid 15807] close(21) = -1 EBADF (Bad file descriptor) [pid 15807] close(22) = -1 EBADF (Bad file descriptor) [pid 15807] close(23) = -1 EBADF (Bad file descriptor) [pid 15807] close(24) = -1 EBADF (Bad file descriptor) [pid 15807] close(25) = -1 EBADF (Bad file descriptor) [pid 15807] close(26) = -1 EBADF (Bad file descriptor) [pid 15807] close(27) = -1 EBADF (Bad file descriptor) [pid 15807] close(28) = -1 EBADF (Bad file descriptor) [pid 15807] close(29) = -1 EBADF (Bad file descriptor) [pid 15807] exit_group(0) = ? [pid 15812] <... futex resumed>) = ? [pid 15811] <... futex resumed>) = ? [pid 15808] <... futex resumed>) = ? [pid 15812] +++ exited with 0 +++ [pid 15811] +++ exited with 0 +++ [pid 15808] +++ exited with 0 +++ [pid 15807] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9990, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2617", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2617", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2617/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2617/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2617/binderfs") = 0 [ 314.618023][T15808] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2617/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2617/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2617/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2617/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2617/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2617/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2617") = 0 [pid 289] mkdir("./2618", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 9994 ./strace-static-x86_64: Process 15813 attached [pid 15813] set_robust_list(0x555556f746a0, 24) = 0 [pid 15813] chdir("./2618") = 0 [pid 15813] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15813] setpgid(0, 0) = 0 [pid 15813] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15813] write(3, "1000", 4) = 4 [pid 15813] close(3) = 0 [pid 15813] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15813] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15813] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15813] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15813] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15813] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15813] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15813] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[9995]}, 88) = 9995 [pid 15813] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15813] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15813] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15814 attached [pid 15814] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15814] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15814] memfd_create("syzkaller", 0) = 3 [pid 15814] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15814] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15814] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15814] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15814] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15814] close(3) = 0 [pid 15814] mkdir("./file1", 0777) = 0 [pid 15814] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15814] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15814] chdir("./file1") = 0 [pid 15814] ioctl(4, LOOP_CLR_FD) = 0 [pid 15814] close(4) = 0 [pid 15814] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15813] <... futex resumed>) = 0 [pid 15813] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15813] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15814] <... futex resumed>) = 1 [pid 15814] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15814] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15813] <... futex resumed>) = 0 [pid 15813] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15813] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15813] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15813] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15813] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15813] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[9996]}, 88) = 9996 [pid 15813] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15813] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15813] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15813] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 15813] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15813] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15813] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[9997]}, 88) = 9997 [pid 15813] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15813] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15813] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15814] <... futex resumed>) = 1 [pid 15814] memfd_create("syzkaller", 0) = 4 [pid 15814] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15814] close(4) = 0 [pid 15814] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15814] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 15817 attached [pid 15817] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 15817] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 15818 attached NULL, 8) = 0 [pid 15818] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 15817] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 15818] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15818] memfd_create("syzkaller", 0 [pid 15817] <... setxattr resumed>) = 0 [pid 15818] <... memfd_create resumed>) = 4 [pid 15818] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15818] close(4) = 0 [pid 15818] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15813] <... futex resumed>) = 0 [pid 15813] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15813] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15814] <... futex resumed>) = 0 [pid 15814] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 15814] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15813] <... futex resumed>) = 0 [pid 15813] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15813] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15814] <... futex resumed>) = 1 [pid 15814] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 15814] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15813] <... futex resumed>) = 0 [pid 15813] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15813] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15814] <... futex resumed>) = 1 [pid 15814] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 15814] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15813] <... futex resumed>) = 0 [pid 15813] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15813] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15814] <... futex resumed>) = 1 [pid 15814] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 15817] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15818] <... futex resumed>) = 1 [pid 15817] <... futex resumed>) = 0 [pid 15817] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15818] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15814] <... write resumed>) = 262144 [pid 15814] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15813] <... futex resumed>) = 0 [pid 15814] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15813] close(3) = 0 [pid 15813] close(4) = 0 [pid 15813] close(5) = 0 [pid 15813] close(6) = -1 EBADF (Bad file descriptor) [pid 15813] close(7) = -1 EBADF (Bad file descriptor) [pid 15813] close(8) = -1 EBADF (Bad file descriptor) [pid 15813] close(9) = -1 EBADF (Bad file descriptor) [pid 15813] close(10) = -1 EBADF (Bad file descriptor) [pid 15813] close(11) = -1 EBADF (Bad file descriptor) [pid 15813] close(12) = -1 EBADF (Bad file descriptor) [pid 15813] close(13) = -1 EBADF (Bad file descriptor) [pid 15813] close(14) = -1 EBADF (Bad file descriptor) [pid 15813] close(15) = -1 EBADF (Bad file descriptor) [pid 15813] close(16) = -1 EBADF (Bad file descriptor) [pid 15813] close(17) = -1 EBADF (Bad file descriptor) [pid 15813] close(18) = -1 EBADF (Bad file descriptor) [pid 15813] close(19) = -1 EBADF (Bad file descriptor) [pid 15813] close(20) = -1 EBADF (Bad file descriptor) [pid 15813] close(21) = -1 EBADF (Bad file descriptor) [pid 15813] close(22) = -1 EBADF (Bad file descriptor) [pid 15813] close(23) = -1 EBADF (Bad file descriptor) [pid 15813] close(24) = -1 EBADF (Bad file descriptor) [pid 15813] close(25) = -1 EBADF (Bad file descriptor) [pid 15813] close(26) = -1 EBADF (Bad file descriptor) [pid 15813] close(27) = -1 EBADF (Bad file descriptor) [pid 15813] close(28) = -1 EBADF (Bad file descriptor) [pid 15813] close(29) = -1 EBADF (Bad file descriptor) [pid 15813] exit_group(0) = ? [pid 15817] <... futex resumed>) = ? [pid 15818] <... futex resumed>) = ? [pid 15817] +++ exited with 0 +++ [pid 15814] <... futex resumed>) = ? [pid 15818] +++ exited with 0 +++ [pid 15814] +++ exited with 0 +++ [pid 15813] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9994, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2618", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2618", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2618/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2618/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2618/binderfs") = 0 [ 314.709646][T15814] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2618/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2618/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2618/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2618/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2618/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2618/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2618") = 0 [pid 289] mkdir("./2619", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 15819 attached , child_tidptr=0x555556f74690) = 9998 [pid 15819] set_robust_list(0x555556f746a0, 24) = 0 [pid 15819] chdir("./2619") = 0 [pid 15819] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15819] setpgid(0, 0) = 0 [pid 15819] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15819] write(3, "1000", 4) = 4 [pid 15819] close(3) = 0 [pid 15819] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15819] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15819] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15819] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15819] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15819] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15819] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15819] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0}./strace-static-x86_64: Process 15820 attached [pid 15820] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15820] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15820] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15819] <... clone3 resumed> => {parent_tid=[9999]}, 88) = 9999 [pid 15819] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15819] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15820] <... futex resumed>) = 0 [pid 15819] <... futex resumed>) = 1 [pid 15820] memfd_create("syzkaller", 0) = 3 [pid 15820] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15819] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15820] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15820] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15820] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15820] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15820] close(3) = 0 [pid 15820] mkdir("./file1", 0777) = 0 [pid 15820] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15820] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15820] chdir("./file1") = 0 [pid 15820] ioctl(4, LOOP_CLR_FD) = 0 [pid 15820] close(4) = 0 [pid 15820] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15819] <... futex resumed>) = 0 [pid 15820] setxattr("./file1", NULL, NULL, 0, 0 [pid 15819] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15820] <... setxattr resumed>) = -1 EFAULT (Bad address) [pid 15819] <... futex resumed>) = 0 [pid 15820] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15819] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15820] <... futex resumed>) = 0 [pid 15819] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15820] memfd_create("syzkaller", 0 [pid 15819] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15820] <... memfd_create resumed>) = 4 [pid 15819] <... futex resumed>) = 0 [pid 15820] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 15819] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15820] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 15819] <... futex resumed>) = 0 [pid 15820] close(4 [pid 15819] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 15820] <... close resumed>) = 0 [pid 15819] <... mmap resumed>) = 0x7fbc5ef0c000 [pid 15820] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15819] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE [pid 15820] <... futex resumed>) = 0 [pid 15819] <... mprotect resumed>) = 0 [pid 15820] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15819] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15819] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[10000]}, 88) = 10000 [pid 15819] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15819] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15819] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15820] <... futex resumed>) = 0 [pid 15819] <... futex resumed>) = 1 [pid 15820] memfd_create("syzkaller", 0 [pid 15819] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15820] <... memfd_create resumed>) = 4 [pid 15820] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15820] close(4) = 0 [pid 15820] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15819] <... futex resumed>) = 0 [pid 15820] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15819] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15820] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15819] <... futex resumed>) = 0 [pid 15820] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 15819] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 15823 attached [pid 15823] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 15823] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15823] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0) = 0 [pid 15820] <... open resumed>) = 4 [pid 15823] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15820] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15823] <... futex resumed>) = 0 [pid 15820] <... futex resumed>) = 1 [pid 15819] <... futex resumed>) = 0 [pid 15820] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15819] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15820] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15819] <... futex resumed>) = 0 [pid 15820] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 15819] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15823] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15820] <... mount resumed>) = 0 [pid 15820] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15819] <... futex resumed>) = 0 [pid 15820] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15819] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15820] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15819] <... futex resumed>) = 0 [pid 15820] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 15819] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15820] <... open resumed>) = 5 [pid 15820] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15819] <... futex resumed>) = 0 [pid 15820] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15819] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15820] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15819] <... futex resumed>) = 0 [pid 15820] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 15819] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15820] <... write resumed>) = 262144 [pid 15820] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15819] <... futex resumed>) = 0 [pid 15819] close(3) = 0 [pid 15819] close(4) = 0 [pid 15819] close(5) = 0 [pid 15819] close(6) = -1 EBADF (Bad file descriptor) [pid 15819] close(7) = -1 EBADF (Bad file descriptor) [pid 15819] close(8) = -1 EBADF (Bad file descriptor) [pid 15819] close(9) = -1 EBADF (Bad file descriptor) [pid 15819] close(10) = -1 EBADF (Bad file descriptor) [pid 15819] close(11 [pid 15820] <... futex resumed>) = 1 [pid 15819] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 15820] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15819] close(12) = -1 EBADF (Bad file descriptor) [pid 15819] close(13) = -1 EBADF (Bad file descriptor) [pid 15819] close(14) = -1 EBADF (Bad file descriptor) [pid 15819] close(15) = -1 EBADF (Bad file descriptor) [pid 15819] close(16) = -1 EBADF (Bad file descriptor) [pid 15819] close(17) = -1 EBADF (Bad file descriptor) [pid 15819] close(18) = -1 EBADF (Bad file descriptor) [pid 15819] close(19) = -1 EBADF (Bad file descriptor) [pid 15819] close(20) = -1 EBADF (Bad file descriptor) [pid 15819] close(21) = -1 EBADF (Bad file descriptor) [pid 15819] close(22) = -1 EBADF (Bad file descriptor) [pid 15819] close(23) = -1 EBADF (Bad file descriptor) [pid 15819] close(24) = -1 EBADF (Bad file descriptor) [pid 15819] close(25) = -1 EBADF (Bad file descriptor) [pid 15819] close(26) = -1 EBADF (Bad file descriptor) [pid 15819] close(27) = -1 EBADF (Bad file descriptor) [pid 15819] close(28) = -1 EBADF (Bad file descriptor) [pid 15819] close(29) = -1 EBADF (Bad file descriptor) [pid 15819] exit_group(0 [pid 15820] <... futex resumed>) = ? [pid 15819] <... exit_group resumed>) = ? [pid 15823] <... futex resumed>) = ? [pid 15820] +++ exited with 0 +++ [pid 15823] +++ exited with 0 +++ [pid 15819] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9998, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2619", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2619", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2619/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2619/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2619/binderfs") = 0 [ 314.867800][T15820] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2619/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2619/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2619/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2619/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2619/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2619/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2619") = 0 [pid 289] mkdir("./2620", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10001 ./strace-static-x86_64: Process 15824 attached [pid 15824] set_robust_list(0x555556f746a0, 24) = 0 [pid 15824] chdir("./2620") = 0 [pid 15824] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15824] setpgid(0, 0) = 0 [pid 15824] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15824] write(3, "1000", 4) = 4 [pid 15824] close(3) = 0 [pid 15824] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15824] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15824] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15824] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15824] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15824] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15824] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15824] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10002]}, 88) = 10002 [pid 15824] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15824] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15824] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15825 attached [pid 15825] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15825] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15825] memfd_create("syzkaller", 0) = 3 [pid 15825] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15825] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15825] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15825] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15825] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15825] close(3) = 0 [pid 15825] mkdir("./file1", 0777) = 0 [pid 15825] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15825] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15825] chdir("./file1") = 0 [pid 15825] ioctl(4, LOOP_CLR_FD) = 0 [pid 15825] close(4) = 0 [pid 15825] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15824] <... futex resumed>) = 0 [pid 15824] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15824] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15825] <... futex resumed>) = 1 [pid 15825] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15825] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15824] <... futex resumed>) = 0 [pid 15824] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15824] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15824] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15824] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15824] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15824] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[10003]}, 88) = 10003 [pid 15824] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15824] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15824] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15824] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 15824] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15824] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15824] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[10004]}, 88) = 10004 [pid 15824] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15824] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15824] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15825] <... futex resumed>) = 1 [pid 15825] memfd_create("syzkaller", 0) = 4 [pid 15825] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15825] close(4) = 0 [pid 15825] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15825] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 15829 attached [pid 15829] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 15829] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15829] memfd_create("syzkaller", 0) = 4 ./strace-static-x86_64: Process 15828 attached [pid 15829] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 15828] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 15829] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 15829] close(4) = 0 [pid 15829] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15824] <... futex resumed>) = 0 [pid 15829] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15824] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15828] <... set_robust_list resumed>) = 0 [pid 15824] <... futex resumed>) = 1 [pid 15828] rt_sigprocmask(SIG_SETMASK, [], [pid 15824] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15828] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15828] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 15825] <... futex resumed>) = 0 [pid 15828] <... setxattr resumed>) = 0 [pid 15828] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15825] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 15828] <... futex resumed>) = 0 [pid 15828] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15825] <... open resumed>) = 4 [pid 15825] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15824] <... futex resumed>) = 0 [pid 15824] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15825] <... futex resumed>) = 1 [pid 15824] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15825] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 15825] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15824] <... futex resumed>) = 0 [pid 15825] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 15824] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15824] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15825] <... open resumed>) = 5 [pid 15825] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15824] <... futex resumed>) = 0 [pid 15825] <... futex resumed>) = 1 [pid 15824] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15825] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 15824] <... futex resumed>) = 0 [pid 15824] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15825] <... write resumed>) = 262144 [pid 15825] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15824] <... futex resumed>) = 0 [pid 15824] close(3) = 0 [pid 15824] close(4) = 0 [pid 15824] close(5 [pid 15825] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15824] <... close resumed>) = 0 [pid 15824] close(6) = -1 EBADF (Bad file descriptor) [pid 15824] close(7) = -1 EBADF (Bad file descriptor) [pid 15824] close(8) = -1 EBADF (Bad file descriptor) [pid 15824] close(9) = -1 EBADF (Bad file descriptor) [pid 15824] close(10) = -1 EBADF (Bad file descriptor) [pid 15824] close(11) = -1 EBADF (Bad file descriptor) [pid 15824] close(12) = -1 EBADF (Bad file descriptor) [pid 15824] close(13) = -1 EBADF (Bad file descriptor) [pid 15824] close(14) = -1 EBADF (Bad file descriptor) [pid 15824] close(15) = -1 EBADF (Bad file descriptor) [pid 15824] close(16) = -1 EBADF (Bad file descriptor) [pid 15824] close(17) = -1 EBADF (Bad file descriptor) [pid 15824] close(18) = -1 EBADF (Bad file descriptor) [pid 15824] close(19) = -1 EBADF (Bad file descriptor) [pid 15824] close(20) = -1 EBADF (Bad file descriptor) [pid 15824] close(21) = -1 EBADF (Bad file descriptor) [pid 15824] close(22) = -1 EBADF (Bad file descriptor) [pid 15824] close(23) = -1 EBADF (Bad file descriptor) [pid 15824] close(24) = -1 EBADF (Bad file descriptor) [pid 15824] close(25) = -1 EBADF (Bad file descriptor) [pid 15824] close(26) = -1 EBADF (Bad file descriptor) [pid 15824] close(27) = -1 EBADF (Bad file descriptor) [pid 15824] close(28) = -1 EBADF (Bad file descriptor) [pid 15824] close(29) = -1 EBADF (Bad file descriptor) [pid 15824] exit_group(0) = ? [pid 15829] <... futex resumed>) = ? [pid 15829] +++ exited with 0 +++ [pid 15828] <... futex resumed>) = ? [pid 15828] +++ exited with 0 +++ [pid 15825] <... futex resumed>) = ? [pid 15825] +++ exited with 0 +++ [pid 15824] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10001, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2620", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2620", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2620/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2620/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2620/binderfs") = 0 [ 315.009640][T15825] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2620/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2620/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2620/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2620/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2620/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2620/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2620") = 0 [pid 289] mkdir("./2621", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 15830 attached , child_tidptr=0x555556f74690) = 10005 [pid 15830] set_robust_list(0x555556f746a0, 24) = 0 [pid 15830] chdir("./2621") = 0 [pid 15830] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15830] setpgid(0, 0) = 0 [pid 15830] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15830] write(3, "1000", 4) = 4 [pid 15830] close(3) = 0 [pid 15830] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15830] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15830] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15830] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15830] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15830] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15830] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15830] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0}./strace-static-x86_64: Process 15831 attached => {parent_tid=[10006]}, 88) = 10006 [pid 15831] set_robust_list(0x7fbc6730d9a0, 24 [pid 15830] rt_sigprocmask(SIG_SETMASK, [], [pid 15831] <... set_robust_list resumed>) = 0 [pid 15830] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15831] rt_sigprocmask(SIG_SETMASK, [], [pid 15830] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15831] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15830] <... futex resumed>) = 0 [pid 15830] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15831] memfd_create("syzkaller", 0) = 3 [pid 15831] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15831] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15831] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15831] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15831] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15831] close(3) = 0 [pid 15831] mkdir("./file1", 0777) = 0 [pid 15831] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15831] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15831] chdir("./file1") = 0 [pid 15831] ioctl(4, LOOP_CLR_FD) = 0 [pid 15831] close(4) = 0 [pid 15831] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15830] <... futex resumed>) = 0 [pid 15830] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15830] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15831] <... futex resumed>) = 1 [pid 15831] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15831] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15830] <... futex resumed>) = 0 [pid 15830] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15830] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15830] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15830] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15830] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15830] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[10007]}, 88) = 10007 [pid 15830] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15830] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15830] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15830] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 15830] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15830] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15830] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0}./strace-static-x86_64: Process 15835 attached ./strace-static-x86_64: Process 15834 attached => {parent_tid=[10008]}, 88) = 10008 [pid 15835] set_robust_list(0x7fbc5ef0b9a0, 24 [pid 15834] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 15835] <... set_robust_list resumed>) = 0 [pid 15834] <... set_robust_list resumed>) = 0 [pid 15834] rt_sigprocmask(SIG_SETMASK, [], [pid 15835] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15834] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15835] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15834] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 15830] rt_sigprocmask(SIG_SETMASK, [], [pid 15834] <... setxattr resumed>) = 0 [pid 15830] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15834] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15830] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15834] <... futex resumed>) = 0 [pid 15834] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15830] <... futex resumed>) = 1 [pid 15830] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15835] <... futex resumed>) = 0 [pid 15831] <... futex resumed>) = 1 [pid 15835] memfd_create("syzkaller", 0) = 4 [pid 15835] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15835] close(4) = 0 [pid 15835] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15830] <... futex resumed>) = 0 [pid 15830] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15830] futex(0x7fbc673d96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15835] <... futex resumed>) = 1 [pid 15835] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15834] <... futex resumed>) = 0 [pid 15834] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 15831] memfd_create("syzkaller", 0) = 5 [pid 15831] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15831] close(5) = 0 [pid 15834] <... open resumed>) = 4 [pid 15831] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15834] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15831] <... futex resumed>) = 0 [pid 15830] <... futex resumed>) = 0 [pid 15830] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15830] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15834] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15831] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = -1 ENOENT (No such file or directory) [pid 15831] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15830] <... futex resumed>) = 0 [pid 15830] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15830] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15831] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = -1 ENOENT (No such file or directory) [pid 15831] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15830] <... futex resumed>) = 0 [pid 15830] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15830] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15831] write(-1, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 EBADF (Bad file descriptor) [pid 15831] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15830] <... futex resumed>) = 0 [pid 15830] close(3 [pid 15831] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15830] <... close resumed>) = 0 [pid 15830] close(4) = 0 [pid 15830] close(5) = -1 EBADF (Bad file descriptor) [pid 15830] close(6) = -1 EBADF (Bad file descriptor) [pid 15830] close(7) = -1 EBADF (Bad file descriptor) [pid 15830] close(8) = -1 EBADF (Bad file descriptor) [pid 15830] close(9) = -1 EBADF (Bad file descriptor) [pid 15830] close(10) = -1 EBADF (Bad file descriptor) [pid 15830] close(11) = -1 EBADF (Bad file descriptor) [pid 15830] close(12) = -1 EBADF (Bad file descriptor) [pid 15830] close(13) = -1 EBADF (Bad file descriptor) [pid 15830] close(14) = -1 EBADF (Bad file descriptor) [pid 15830] close(15) = -1 EBADF (Bad file descriptor) [pid 15830] close(16) = -1 EBADF (Bad file descriptor) [pid 15830] close(17) = -1 EBADF (Bad file descriptor) [pid 15830] close(18) = -1 EBADF (Bad file descriptor) [pid 15830] close(19) = -1 EBADF (Bad file descriptor) [pid 15830] close(20) = -1 EBADF (Bad file descriptor) [pid 15830] close(21) = -1 EBADF (Bad file descriptor) [pid 15830] close(22) = -1 EBADF (Bad file descriptor) [pid 15830] close(23) = -1 EBADF (Bad file descriptor) [pid 15830] close(24) = -1 EBADF (Bad file descriptor) [pid 15830] close(25) = -1 EBADF (Bad file descriptor) [pid 15830] close(26) = -1 EBADF (Bad file descriptor) [pid 15830] close(27) = -1 EBADF (Bad file descriptor) [pid 15830] close(28) = -1 EBADF (Bad file descriptor) [pid 15830] close(29) = -1 EBADF (Bad file descriptor) [pid 15830] exit_group(0) = ? [pid 15835] <... futex resumed>) = ? [pid 15834] <... futex resumed>) = ? [pid 15835] +++ exited with 0 +++ [pid 15834] +++ exited with 0 +++ [pid 15831] <... futex resumed>) = ? [pid 15831] +++ exited with 0 +++ [pid 15830] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10005, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2621", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2621", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2621/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2621/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2621/binderfs") = 0 [pid 289] umount2("./2621/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2621/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2621/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2621/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2621/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2621/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2621") = 0 [pid 289] mkdir("./2622", 0777) = 0 [ 315.105091][T15831] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10009 ./strace-static-x86_64: Process 15836 attached [pid 15836] set_robust_list(0x555556f746a0, 24) = 0 [pid 15836] chdir("./2622") = 0 [pid 15836] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15836] setpgid(0, 0) = 0 [pid 15836] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15836] write(3, "1000", 4) = 4 [pid 15836] close(3) = 0 [pid 15836] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15836] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15836] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15836] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15836] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15836] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15836] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15836] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0}./strace-static-x86_64: Process 15837 attached => {parent_tid=[10010]}, 88) = 10010 [pid 15836] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15836] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15836] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15837] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15837] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15837] memfd_create("syzkaller", 0) = 3 [pid 15837] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15837] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15837] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15837] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15837] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15837] close(3) = 0 [pid 15837] mkdir("./file1", 0777) = 0 [pid 15837] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15837] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15837] chdir("./file1") = 0 [pid 15837] ioctl(4, LOOP_CLR_FD) = 0 [pid 15837] close(4) = 0 [pid 15837] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15836] <... futex resumed>) = 0 [pid 15836] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15836] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15837] <... futex resumed>) = 1 [pid 15837] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15837] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15836] <... futex resumed>) = 0 [pid 15836] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15836] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15836] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15836] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15836] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15836] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[10011]}, 88) = 10011 [pid 15836] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15836] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15836] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15836] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 15836] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15836] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15836] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[10012]}, 88) = 10012 [pid 15836] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15836] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15836] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15837] <... futex resumed>) = 1 ./strace-static-x86_64: Process 15841 attached [pid 15837] memfd_create("syzkaller", 0) = 4 [pid 15837] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15837] close(4) = 0 [pid 15837] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15837] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 15840 attached [pid 15840] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 15840] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15840] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 15841] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 15841] rt_sigprocmask(SIG_SETMASK, [], [pid 15840] <... setxattr resumed>) = 0 [pid 15840] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15840] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15841] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15841] memfd_create("syzkaller", 0) = 4 [pid 15841] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15841] close(4) = 0 [pid 15841] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15836] <... futex resumed>) = 0 [pid 15836] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15836] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15837] <... futex resumed>) = 0 [pid 15837] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 15841] <... futex resumed>) = 1 [pid 15837] <... open resumed>) = 4 [pid 15837] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15836] <... futex resumed>) = 0 [pid 15836] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15836] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15837] <... futex resumed>) = 1 [pid 15837] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 15837] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15836] <... futex resumed>) = 0 [pid 15836] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15836] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15837] <... futex resumed>) = 1 [pid 15837] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 15837] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15836] <... futex resumed>) = 0 [pid 15836] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15836] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15837] <... futex resumed>) = 1 [pid 15837] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 15841] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15837] <... write resumed>) = 262144 [pid 15837] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15836] <... futex resumed>) = 0 [pid 15836] close(3 [pid 15837] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15836] <... close resumed>) = 0 [pid 15836] close(4) = 0 [pid 15836] close(5) = 0 [pid 15836] close(6) = -1 EBADF (Bad file descriptor) [pid 15836] close(7) = -1 EBADF (Bad file descriptor) [pid 15836] close(8) = -1 EBADF (Bad file descriptor) [pid 15836] close(9) = -1 EBADF (Bad file descriptor) [pid 15836] close(10) = -1 EBADF (Bad file descriptor) [pid 15836] close(11) = -1 EBADF (Bad file descriptor) [pid 15836] close(12) = -1 EBADF (Bad file descriptor) [pid 15836] close(13) = -1 EBADF (Bad file descriptor) [pid 15836] close(14) = -1 EBADF (Bad file descriptor) [pid 15836] close(15) = -1 EBADF (Bad file descriptor) [pid 15836] close(16) = -1 EBADF (Bad file descriptor) [pid 15836] close(17) = -1 EBADF (Bad file descriptor) [pid 15836] close(18) = -1 EBADF (Bad file descriptor) [pid 15836] close(19) = -1 EBADF (Bad file descriptor) [pid 15836] close(20) = -1 EBADF (Bad file descriptor) [pid 15836] close(21) = -1 EBADF (Bad file descriptor) [pid 15836] close(22) = -1 EBADF (Bad file descriptor) [pid 15836] close(23) = -1 EBADF (Bad file descriptor) [pid 15836] close(24) = -1 EBADF (Bad file descriptor) [pid 15836] close(25) = -1 EBADF (Bad file descriptor) [pid 15836] close(26) = -1 EBADF (Bad file descriptor) [pid 15836] close(27) = -1 EBADF (Bad file descriptor) [pid 15836] close(28) = -1 EBADF (Bad file descriptor) [pid 15836] close(29) = -1 EBADF (Bad file descriptor) [pid 15836] exit_group(0 [pid 15841] <... futex resumed>) = ? [pid 15840] <... futex resumed>) = ? [pid 15836] <... exit_group resumed>) = ? [pid 15841] +++ exited with 0 +++ [pid 15840] +++ exited with 0 +++ [pid 15837] <... futex resumed>) = ? [pid 15837] +++ exited with 0 +++ [pid 15836] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10009, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 289] umount2("./2622", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2622", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2622/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2622/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2622/binderfs") = 0 [ 315.184235][T15837] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2622/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2622/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2622/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2622/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2622/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2622/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2622") = 0 [pid 289] mkdir("./2623", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10013 ./strace-static-x86_64: Process 15842 attached [pid 15842] set_robust_list(0x555556f746a0, 24) = 0 [pid 15842] chdir("./2623") = 0 [pid 15842] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15842] setpgid(0, 0) = 0 [pid 15842] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15842] write(3, "1000", 4) = 4 [pid 15842] close(3) = 0 [pid 15842] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15842] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15842] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15842] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15842] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15842] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15842] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15842] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10014]}, 88) = 10014 ./strace-static-x86_64: Process 15843 attached [pid 15842] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15842] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15842] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15843] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15843] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15843] memfd_create("syzkaller", 0) = 3 [pid 15843] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15843] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15843] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15843] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15843] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15843] close(3) = 0 [pid 15843] mkdir("./file1", 0777) = 0 [pid 15843] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15843] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15843] chdir("./file1") = 0 [pid 15843] ioctl(4, LOOP_CLR_FD) = 0 [pid 15843] close(4) = 0 [pid 15843] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15842] <... futex resumed>) = 0 [pid 15842] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15842] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15843] <... futex resumed>) = 1 [pid 15843] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15843] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15842] <... futex resumed>) = 0 [pid 15842] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15842] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15842] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15842] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15842] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15842] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[10015]}, 88) = 10015 [pid 15842] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15842] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15842] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15842] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 15842] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15842] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15842] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[10016]}, 88) = 10016 [pid 15842] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15842] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15842] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15843] <... futex resumed>) = 1 [pid 15843] memfd_create("syzkaller", 0) = 4 [pid 15843] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15843] close(4) = 0 [pid 15843] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15843] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 15847 attached [pid 15847] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 15847] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15847] memfd_create("syzkaller", 0) = 4 [pid 15847] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15847] close(4) = 0 [pid 15847] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15842] <... futex resumed>) = 0 [pid 15842] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15842] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15843] <... futex resumed>) = 0 [pid 15843] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 15843] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15842] <... futex resumed>) = 0 [pid 15842] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15842] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15843] <... futex resumed>) = 1 [pid 15843] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 15843] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15842] <... futex resumed>) = 0 [pid 15842] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15842] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15843] <... futex resumed>) = 1 [pid 15843] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 15843] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15842] <... futex resumed>) = 0 [pid 15842] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15842] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15843] <... futex resumed>) = 1 [pid 15843] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651./strace-static-x86_64: Process 15846 attached [pid 15846] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 15846] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15846] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 15847] <... futex resumed>) = 1 [pid 15847] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15843] <... write resumed>) = 262144 [pid 15843] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15842] <... futex resumed>) = 0 [pid 15843] <... futex resumed>) = 1 [pid 15843] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15846] <... setxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 15846] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15842] close(3) = 0 [pid 15842] close(4) = 0 [pid 15842] close(5 [pid 15846] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15842] <... close resumed>) = 0 [pid 15842] close(6) = -1 EBADF (Bad file descriptor) [pid 15842] close(7) = -1 EBADF (Bad file descriptor) [pid 15842] close(8) = -1 EBADF (Bad file descriptor) [pid 15842] close(9) = -1 EBADF (Bad file descriptor) [pid 15842] close(10) = -1 EBADF (Bad file descriptor) [pid 15842] close(11) = -1 EBADF (Bad file descriptor) [pid 15842] close(12) = -1 EBADF (Bad file descriptor) [pid 15842] close(13) = -1 EBADF (Bad file descriptor) [pid 15842] close(14) = -1 EBADF (Bad file descriptor) [pid 15842] close(15) = -1 EBADF (Bad file descriptor) [pid 15842] close(16) = -1 EBADF (Bad file descriptor) [pid 15842] close(17) = -1 EBADF (Bad file descriptor) [pid 15842] close(18) = -1 EBADF (Bad file descriptor) [pid 15842] close(19) = -1 EBADF (Bad file descriptor) [pid 15842] close(20) = -1 EBADF (Bad file descriptor) [pid 15842] close(21) = -1 EBADF (Bad file descriptor) [pid 15842] close(22) = -1 EBADF (Bad file descriptor) [pid 15842] close(23) = -1 EBADF (Bad file descriptor) [pid 15842] close(24) = -1 EBADF (Bad file descriptor) [pid 15842] close(25) = -1 EBADF (Bad file descriptor) [pid 15842] close(26) = -1 EBADF (Bad file descriptor) [pid 15842] close(27) = -1 EBADF (Bad file descriptor) [pid 15842] close(28) = -1 EBADF (Bad file descriptor) [pid 15842] close(29) = -1 EBADF (Bad file descriptor) [pid 15842] exit_group(0) = ? [pid 15847] <... futex resumed>) = ? [pid 15847] +++ exited with 0 +++ [pid 15843] <... futex resumed>) = ? [pid 15843] +++ exited with 0 +++ [pid 15846] <... futex resumed>) = ? [pid 15846] +++ exited with 0 +++ [pid 15842] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10013, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2623", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2623", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2623/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2623/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2623/binderfs") = 0 [ 315.272810][T15843] EXT4-fs (loop0): 1 truncate cleaned up [ 315.287849][T15846] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5886: Corrupt filesystem [pid 289] umount2("./2623/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2623/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2623/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2623/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2623/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2623/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2623") = 0 [pid 289] mkdir("./2624", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10017 ./strace-static-x86_64: Process 15848 attached [pid 15848] set_robust_list(0x555556f746a0, 24) = 0 [pid 15848] chdir("./2624") = 0 [pid 15848] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15848] setpgid(0, 0) = 0 [pid 15848] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15848] write(3, "1000", 4) = 4 [pid 15848] close(3) = 0 [pid 15848] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15848] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15848] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15848] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15848] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15848] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15848] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15848] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0}./strace-static-x86_64: Process 15849 attached => {parent_tid=[10018]}, 88) = 10018 [pid 15849] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15849] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15849] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15848] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15848] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15849] <... futex resumed>) = 0 [pid 15848] <... futex resumed>) = 1 [pid 15849] memfd_create("syzkaller", 0 [pid 15848] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15849] <... memfd_create resumed>) = 3 [pid 15849] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15849] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15849] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15849] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15849] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15849] close(3) = 0 [pid 15849] mkdir("./file1", 0777) = 0 [pid 15849] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15849] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15849] chdir("./file1") = 0 [pid 15849] ioctl(4, LOOP_CLR_FD) = 0 [pid 15849] close(4) = 0 [pid 15849] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15849] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15848] <... futex resumed>) = 0 [pid 15848] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15848] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15849] <... futex resumed>) = 0 [pid 15849] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15849] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15848] <... futex resumed>) = 0 [pid 15848] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15848] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15848] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15848] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15848] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15848] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0}./strace-static-x86_64: Process 15852 attached => {parent_tid=[10019]}, 88) = 10019 [pid 15852] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 15848] rt_sigprocmask(SIG_SETMASK, [], [pid 15852] <... set_robust_list resumed>) = 0 [pid 15848] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15852] rt_sigprocmask(SIG_SETMASK, [], [pid 15848] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15852] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15848] <... futex resumed>) = 0 [pid 15852] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 15848] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15852] <... setxattr resumed>) = 0 [pid 15848] <... futex resumed>) = 0 [pid 15848] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 15852] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15848] <... mmap resumed>) = 0x7fbc5eeeb000 [pid 15852] <... futex resumed>) = 0 [pid 15848] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE [pid 15852] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15848] <... mprotect resumed>) = 0 [pid 15848] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15848] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0}./strace-static-x86_64: Process 15853 attached [pid 15853] set_robust_list(0x7fbc5ef0b9a0, 24 [pid 15848] <... clone3 resumed> => {parent_tid=[10020]}, 88) = 10020 [pid 15853] <... set_robust_list resumed>) = 0 [pid 15848] rt_sigprocmask(SIG_SETMASK, [], [pid 15853] rt_sigprocmask(SIG_SETMASK, [], [pid 15848] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15853] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15848] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15853] memfd_create("syzkaller", 0 [pid 15848] <... futex resumed>) = 0 [pid 15853] <... memfd_create resumed>) = 4 [pid 15848] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15853] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 15849] <... futex resumed>) = 1 [pid 15849] memfd_create("syzkaller", 0) = 5 [pid 15849] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15849] close(5) = 0 [pid 15849] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15849] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15853] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 15853] close(4) = 0 [pid 15853] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15848] <... futex resumed>) = 0 [pid 15853] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15848] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15849] <... futex resumed>) = 0 [pid 15848] <... futex resumed>) = 1 [pid 15848] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15849] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 15849] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15848] <... futex resumed>) = 0 [pid 15849] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 15848] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15848] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15849] <... mount resumed>) = 0 [pid 15849] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15848] <... futex resumed>) = 0 [pid 15849] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 15848] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15848] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15849] <... open resumed>) = 5 [pid 15849] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15848] <... futex resumed>) = 0 [pid 15849] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 15848] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15848] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15849] <... write resumed>) = 262144 [pid 15849] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15848] <... futex resumed>) = 0 [pid 15848] close(3) = 0 [pid 15848] close(4) = 0 [pid 15848] close(5 [pid 15849] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15848] <... close resumed>) = 0 [pid 15848] close(6) = -1 EBADF (Bad file descriptor) [pid 15848] close(7) = -1 EBADF (Bad file descriptor) [pid 15848] close(8) = -1 EBADF (Bad file descriptor) [pid 15848] close(9) = -1 EBADF (Bad file descriptor) [pid 15848] close(10) = -1 EBADF (Bad file descriptor) [pid 15848] close(11) = -1 EBADF (Bad file descriptor) [pid 15848] close(12) = -1 EBADF (Bad file descriptor) [pid 15848] close(13) = -1 EBADF (Bad file descriptor) [pid 15848] close(14) = -1 EBADF (Bad file descriptor) [pid 15848] close(15) = -1 EBADF (Bad file descriptor) [pid 15848] close(16) = -1 EBADF (Bad file descriptor) [pid 15848] close(17) = -1 EBADF (Bad file descriptor) [pid 15848] close(18) = -1 EBADF (Bad file descriptor) [pid 15848] close(19) = -1 EBADF (Bad file descriptor) [pid 15848] close(20) = -1 EBADF (Bad file descriptor) [pid 15848] close(21) = -1 EBADF (Bad file descriptor) [pid 15848] close(22) = -1 EBADF (Bad file descriptor) [pid 15848] close(23) = -1 EBADF (Bad file descriptor) [pid 15848] close(24) = -1 EBADF (Bad file descriptor) [pid 15848] close(25) = -1 EBADF (Bad file descriptor) [pid 15848] close(26) = -1 EBADF (Bad file descriptor) [pid 15848] close(27) = -1 EBADF (Bad file descriptor) [pid 15848] close(28) = -1 EBADF (Bad file descriptor) [pid 15848] close(29) = -1 EBADF (Bad file descriptor) [pid 15848] exit_group(0 [pid 15852] <... futex resumed>) = ? [pid 15849] <... futex resumed>) = ? [pid 15848] <... exit_group resumed>) = ? [pid 15852] +++ exited with 0 +++ [pid 15853] <... futex resumed>) = ? [pid 15853] +++ exited with 0 +++ [pid 15849] +++ exited with 0 +++ [pid 15848] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10017, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2624", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2624", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2624/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2624/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2624/binderfs") = 0 [ 315.430413][T15849] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2624/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2624/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2624/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2624/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2624/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2624/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2624") = 0 [pid 289] mkdir("./2625", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10021 ./strace-static-x86_64: Process 15855 attached [pid 15855] set_robust_list(0x555556f746a0, 24) = 0 [pid 15855] chdir("./2625") = 0 [pid 15855] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15855] setpgid(0, 0) = 0 [pid 15855] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15855] write(3, "1000", 4) = 4 [pid 15855] close(3) = 0 [pid 15855] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15855] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15855] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15855] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15855] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15855] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15855] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15855] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10022]}, 88) = 10022 [pid 15855] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15855] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15855] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15856 attached [pid 15856] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15856] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15856] memfd_create("syzkaller", 0) = 3 [pid 15856] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15856] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15856] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15856] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15856] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15856] close(3) = 0 [pid 15856] mkdir("./file1", 0777) = 0 [pid 15856] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15856] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15856] chdir("./file1") = 0 [pid 15856] ioctl(4, LOOP_CLR_FD) = 0 [pid 15856] close(4) = 0 [pid 15856] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15855] <... futex resumed>) = 0 [pid 15855] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15855] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15856] <... futex resumed>) = 1 [pid 15856] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15856] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15855] <... futex resumed>) = 0 [pid 15855] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15855] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15855] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15855] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15855] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15855] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[10023]}, 88) = 10023 [pid 15855] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15855] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15855] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15855] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 15855] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15855] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15855] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[10024]}, 88) = 10024 [pid 15855] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15855] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15855] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15856] <... futex resumed>) = 1 ./strace-static-x86_64: Process 15860 attached [pid 15860] set_robust_list(0x7fbc5ef0b9a0, 24 [pid 15856] memfd_create("syzkaller", 0) = 4 [pid 15856] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15856] close(4) = 0 [pid 15856] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15856] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 15859 attached [pid 15859] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 15859] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15859] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 15860] <... set_robust_list resumed>) = 0 [pid 15860] rt_sigprocmask(SIG_SETMASK, [], [pid 15859] <... setxattr resumed>) = 0 [pid 15860] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15859] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15860] memfd_create("syzkaller", 0 [pid 15859] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15860] <... memfd_create resumed>) = 4 [pid 15860] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15860] close(4) = 0 [pid 15860] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15855] <... futex resumed>) = 0 [pid 15855] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15855] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15856] <... futex resumed>) = 0 [pid 15856] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 15856] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15855] <... futex resumed>) = 0 [pid 15855] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15855] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15856] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 15856] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15855] <... futex resumed>) = 0 [pid 15855] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15855] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15856] <... futex resumed>) = 1 [pid 15856] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 15860] <... futex resumed>) = 1 [pid 15856] <... open resumed>) = 5 [pid 15860] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15856] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15855] <... futex resumed>) = 0 [pid 15855] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15856] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 15855] <... futex resumed>) = 0 [pid 15855] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15856] <... write resumed>) = 262144 [pid 15856] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15855] <... futex resumed>) = 0 [pid 15855] close(3) = 0 [pid 15855] close(4) = 0 [pid 15855] close(5 [pid 15856] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15855] <... close resumed>) = 0 [pid 15855] close(6) = -1 EBADF (Bad file descriptor) [pid 15855] close(7) = -1 EBADF (Bad file descriptor) [pid 15855] close(8) = -1 EBADF (Bad file descriptor) [pid 15855] close(9) = -1 EBADF (Bad file descriptor) [pid 15855] close(10) = -1 EBADF (Bad file descriptor) [pid 15855] close(11) = -1 EBADF (Bad file descriptor) [pid 15855] close(12) = -1 EBADF (Bad file descriptor) [pid 15855] close(13) = -1 EBADF (Bad file descriptor) [pid 15855] close(14) = -1 EBADF (Bad file descriptor) [pid 15855] close(15) = -1 EBADF (Bad file descriptor) [pid 15855] close(16) = -1 EBADF (Bad file descriptor) [pid 15855] close(17) = -1 EBADF (Bad file descriptor) [pid 15855] close(18) = -1 EBADF (Bad file descriptor) [pid 15855] close(19) = -1 EBADF (Bad file descriptor) [pid 15855] close(20) = -1 EBADF (Bad file descriptor) [pid 15855] close(21) = -1 EBADF (Bad file descriptor) [pid 15855] close(22) = -1 EBADF (Bad file descriptor) [pid 15855] close(23) = -1 EBADF (Bad file descriptor) [pid 15855] close(24) = -1 EBADF (Bad file descriptor) [pid 15855] close(25) = -1 EBADF (Bad file descriptor) [pid 15855] close(26) = -1 EBADF (Bad file descriptor) [pid 15855] close(27) = -1 EBADF (Bad file descriptor) [pid 15855] close(28) = -1 EBADF (Bad file descriptor) [pid 15855] close(29) = -1 EBADF (Bad file descriptor) [pid 15855] exit_group(0) = ? [pid 15859] <... futex resumed>) = ? [pid 15859] +++ exited with 0 +++ [pid 15860] <... futex resumed>) = 231 [pid 15856] <... futex resumed>) = ? [pid 15856] +++ exited with 0 +++ [pid 15860] +++ exited with 0 +++ [pid 15855] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10021, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2625", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2625", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2625/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2625/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2625/binderfs") = 0 [ 315.578776][T15856] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2625/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2625/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2625/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2625/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2625/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2625/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2625") = 0 [pid 289] mkdir("./2626", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10025 ./strace-static-x86_64: Process 15861 attached [pid 15861] set_robust_list(0x555556f746a0, 24) = 0 [pid 15861] chdir("./2626") = 0 [pid 15861] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15861] setpgid(0, 0) = 0 [pid 15861] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15861] write(3, "1000", 4) = 4 [pid 15861] close(3) = 0 [pid 15861] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15861] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15861] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15861] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15861] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15861] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15861] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15861] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10026]}, 88) = 10026 [pid 15861] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15861] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15861] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15862 attached [pid 15862] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15862] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15862] memfd_create("syzkaller", 0) = 3 [pid 15862] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15862] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15862] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15862] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15862] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15862] close(3) = 0 [pid 15862] mkdir("./file1", 0777) = 0 [pid 15862] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15862] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15862] chdir("./file1") = 0 [pid 15862] ioctl(4, LOOP_CLR_FD) = 0 [pid 15862] close(4) = 0 [pid 15862] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15861] <... futex resumed>) = 0 [pid 15861] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15861] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15862] <... futex resumed>) = 1 [pid 15862] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15862] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15861] <... futex resumed>) = 0 [pid 15861] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15861] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15861] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15861] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15861] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15861] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[10027]}, 88) = 10027 [pid 15861] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15861] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15861] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15861] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 15861] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15861] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15861] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[10028]}, 88) = 10028 [pid 15861] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15861] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15861] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15862] <... futex resumed>) = 1 [pid 15862] memfd_create("syzkaller", 0) = 4 [pid 15862] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15862] close(4) = 0 [pid 15862] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15862] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 15866 attached [pid 15866] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 15866] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15866] memfd_create("syzkaller", 0) = 4 [pid 15866] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15866] close(4) = 0 [pid 15866] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15861] <... futex resumed>) = 0 [pid 15861] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15861] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15862] <... futex resumed>) = 0 [pid 15862] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 15862] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15861] <... futex resumed>) = 0 [pid 15861] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15861] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15862] <... futex resumed>) = 1 [pid 15862] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL./strace-static-x86_64: Process 15865 attached [pid 15866] <... futex resumed>) = 1 [pid 15862] <... mount resumed>) = 0 [pid 15866] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15865] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 15865] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15865] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0) = 0 [pid 15862] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15861] <... futex resumed>) = 0 [pid 15861] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15865] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15862] <... futex resumed>) = 1 [pid 15861] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15865] <... futex resumed>) = 0 [pid 15865] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15862] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 15862] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15862] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15861] <... futex resumed>) = 0 [pid 15861] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15861] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15862] <... futex resumed>) = 0 [pid 15862] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 15862] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15862] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15861] <... futex resumed>) = 0 [pid 15861] close(3) = 0 [pid 15861] close(4) = 0 [pid 15861] close(5) = 0 [pid 15861] close(6) = -1 EBADF (Bad file descriptor) [pid 15861] close(7) = -1 EBADF (Bad file descriptor) [pid 15861] close(8) = -1 EBADF (Bad file descriptor) [pid 15861] close(9) = -1 EBADF (Bad file descriptor) [pid 15861] close(10) = -1 EBADF (Bad file descriptor) [pid 15861] close(11) = -1 EBADF (Bad file descriptor) [pid 15861] close(12) = -1 EBADF (Bad file descriptor) [pid 15861] close(13) = -1 EBADF (Bad file descriptor) [pid 15861] close(14) = -1 EBADF (Bad file descriptor) [pid 15861] close(15) = -1 EBADF (Bad file descriptor) [pid 15861] close(16) = -1 EBADF (Bad file descriptor) [pid 15861] close(17) = -1 EBADF (Bad file descriptor) [pid 15861] close(18) = -1 EBADF (Bad file descriptor) [pid 15861] close(19) = -1 EBADF (Bad file descriptor) [pid 15861] close(20) = -1 EBADF (Bad file descriptor) [pid 15861] close(21) = -1 EBADF (Bad file descriptor) [pid 15861] close(22) = -1 EBADF (Bad file descriptor) [pid 15861] close(23) = -1 EBADF (Bad file descriptor) [pid 15861] close(24) = -1 EBADF (Bad file descriptor) [pid 15861] close(25) = -1 EBADF (Bad file descriptor) [pid 15861] close(26) = -1 EBADF (Bad file descriptor) [pid 15861] close(27) = -1 EBADF (Bad file descriptor) [pid 15861] close(28) = -1 EBADF (Bad file descriptor) [pid 15861] close(29) = -1 EBADF (Bad file descriptor) [pid 15861] exit_group(0) = ? [pid 15866] <... futex resumed>) = ? [pid 15866] +++ exited with 0 +++ [pid 15862] <... futex resumed>) = ? [pid 15862] +++ exited with 0 +++ [pid 15865] <... futex resumed>) = ? [pid 15865] +++ exited with 0 +++ [pid 15861] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10025, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2626", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2626", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2626/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2626/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2626/binderfs") = 0 [ 315.659925][T15862] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2626/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2626/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2626/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2626/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2626/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2626/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2626") = 0 [pid 289] mkdir("./2627", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10029 ./strace-static-x86_64: Process 15867 attached [pid 15867] set_robust_list(0x555556f746a0, 24) = 0 [pid 15867] chdir("./2627") = 0 [pid 15867] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15867] setpgid(0, 0) = 0 [pid 15867] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15867] write(3, "1000", 4) = 4 [pid 15867] close(3) = 0 [pid 15867] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15867] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15867] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15867] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15867] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15867] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15867] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15867] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10030]}, 88) = 10030 [pid 15867] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15867] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15867] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15868 attached [pid 15868] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15868] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15868] memfd_create("syzkaller", 0) = 3 [pid 15868] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15868] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15868] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15868] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15868] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15868] close(3) = 0 [pid 15868] mkdir("./file1", 0777) = 0 [pid 15868] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15868] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15868] chdir("./file1") = 0 [pid 15868] ioctl(4, LOOP_CLR_FD) = 0 [pid 15868] close(4) = 0 [pid 15868] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15867] <... futex resumed>) = 0 [pid 15867] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15867] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15868] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15868] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15867] <... futex resumed>) = 0 [pid 15867] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15867] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15867] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15867] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15867] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15867] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[10031]}, 88) = 10031 [pid 15867] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 15871 attached [pid 15868] <... futex resumed>) = 1 [pid 15867] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15871] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 15868] memfd_create("syzkaller", 0 [pid 15871] <... set_robust_list resumed>) = 0 [pid 15868] <... memfd_create resumed>) = 4 [pid 15871] rt_sigprocmask(SIG_SETMASK, [], [pid 15867] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15868] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15868] close(4) = 0 [pid 15867] <... futex resumed>) = 0 [pid 15868] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15868] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15871] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15871] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 15867] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15868] <... futex resumed>) = 0 [pid 15871] <... setxattr resumed>) = 0 [pid 15867] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15868] memfd_create("syzkaller", 0) = 4 [pid 15868] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 15871] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15868] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 15868] close(4) = 0 [pid 15868] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15867] <... futex resumed>) = 0 [pid 15867] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15867] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15868] <... futex resumed>) = 1 [pid 15868] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 15871] <... futex resumed>) = 0 [pid 15871] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15868] <... open resumed>) = 4 [pid 15868] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15867] <... futex resumed>) = 0 [pid 15867] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15868] <... futex resumed>) = 1 [pid 15867] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15868] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 15868] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15867] <... futex resumed>) = 0 [pid 15867] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15867] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15868] <... futex resumed>) = 1 [pid 15868] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 15868] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15867] <... futex resumed>) = 0 [pid 15867] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15867] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15868] <... futex resumed>) = 1 [pid 15868] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 15868] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15867] <... futex resumed>) = 0 [pid 15867] close(3) = 0 [pid 15867] close(4) = 0 [pid 15867] close(5) = 0 [pid 15867] close(6) = -1 EBADF (Bad file descriptor) [pid 15867] close(7) = -1 EBADF (Bad file descriptor) [pid 15867] close(8) = -1 EBADF (Bad file descriptor) [pid 15867] close(9) = -1 EBADF (Bad file descriptor) [pid 15867] close(10) = -1 EBADF (Bad file descriptor) [pid 15867] close(11) = -1 EBADF (Bad file descriptor) [pid 15867] close(12) = -1 EBADF (Bad file descriptor) [pid 15867] close(13) = -1 EBADF (Bad file descriptor) [pid 15867] close(14) = -1 EBADF (Bad file descriptor) [pid 15867] close(15) = -1 EBADF (Bad file descriptor) [pid 15867] close(16) = -1 EBADF (Bad file descriptor) [pid 15867] close(17) = -1 EBADF (Bad file descriptor) [pid 15867] close(18) = -1 EBADF (Bad file descriptor) [pid 15867] close(19) = -1 EBADF (Bad file descriptor) [pid 15867] close(20) = -1 EBADF (Bad file descriptor) [pid 15867] close(21) = -1 EBADF (Bad file descriptor) [pid 15867] close(22) = -1 EBADF (Bad file descriptor) [pid 15867] close(23) = -1 EBADF (Bad file descriptor) [pid 15867] close(24) = -1 EBADF (Bad file descriptor) [pid 15867] close(25) = -1 EBADF (Bad file descriptor) [pid 15867] close(26) = -1 EBADF (Bad file descriptor) [pid 15867] close(27) = -1 EBADF (Bad file descriptor) [pid 15867] close(28) = -1 EBADF (Bad file descriptor) [pid 15867] close(29) = -1 EBADF (Bad file descriptor) [pid 15867] exit_group(0) = ? [pid 15871] <... futex resumed>) = ? [pid 15871] +++ exited with 0 +++ [pid 15868] <... futex resumed>) = ? [pid 15868] +++ exited with 0 +++ [pid 15867] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10029, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2627", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2627", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2627/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2627/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2627/binderfs") = 0 [ 315.752994][T15868] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2627/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2627/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2627/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2627/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2627/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2627/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2627") = 0 [pid 289] mkdir("./2628", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10032 ./strace-static-x86_64: Process 15872 attached [pid 15872] set_robust_list(0x555556f746a0, 24) = 0 [pid 15872] chdir("./2628") = 0 [pid 15872] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15872] setpgid(0, 0) = 0 [pid 15872] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15872] write(3, "1000", 4) = 4 [pid 15872] close(3) = 0 [pid 15872] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15872] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15872] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15872] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15872] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15872] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15872] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15872] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10033]}, 88) = 10033 ./strace-static-x86_64: Process 15873 attached [pid 15872] rt_sigprocmask(SIG_SETMASK, [], [pid 15873] set_robust_list(0x7fbc6730d9a0, 24 [pid 15872] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15872] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15872] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15873] <... set_robust_list resumed>) = 0 [pid 15873] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15873] memfd_create("syzkaller", 0) = 3 [pid 15873] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15873] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15873] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15873] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15873] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15873] close(3) = 0 [pid 15873] mkdir("./file1", 0777) = 0 [pid 15873] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15873] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15873] chdir("./file1") = 0 [pid 15873] ioctl(4, LOOP_CLR_FD) = 0 [pid 15873] close(4) = 0 [pid 15873] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15873] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15872] <... futex resumed>) = 0 [pid 15872] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15872] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15873] <... futex resumed>) = 0 [pid 15873] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15873] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15872] <... futex resumed>) = 0 [pid 15872] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15872] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15872] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15872] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15872] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15872] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[10034]}, 88) = 10034 ./strace-static-x86_64: Process 15876 attached [pid 15872] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15872] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15872] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15872] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 15872] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15872] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15872] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[10035]}, 88) = 10035 [pid 15872] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15872] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15872] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15873] memfd_create("syzkaller", 0) = 4 [pid 15873] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15873] close(4) = 0 [pid 15873] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15873] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15876] set_robust_list(0x7fbc5ef2c9a0, 24./strace-static-x86_64: Process 15877 attached ) = 0 [pid 15876] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15876] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 15877] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 15877] rt_sigprocmask(SIG_SETMASK, [], [pid 15876] <... setxattr resumed>) = 0 [pid 15877] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15876] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15876] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15877] memfd_create("syzkaller", 0) = 4 [pid 15877] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15877] close(4) = 0 [pid 15877] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15877] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15872] <... futex resumed>) = 0 [pid 15872] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15872] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15873] <... futex resumed>) = 0 [pid 15873] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 15873] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15872] <... futex resumed>) = 0 [pid 15872] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15873] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 15872] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15873] <... mount resumed>) = 0 [pid 15873] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15872] <... futex resumed>) = 0 [pid 15873] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 15872] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15872] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15873] <... open resumed>) = 5 [pid 15873] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15872] <... futex resumed>) = 0 [pid 15873] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 15872] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15872] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15873] <... write resumed>) = 262144 [pid 15873] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15873] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15872] <... futex resumed>) = 0 [pid 15872] close(3) = 0 [pid 15872] close(4) = 0 [pid 15872] close(5) = 0 [pid 15872] close(6) = -1 EBADF (Bad file descriptor) [pid 15872] close(7) = -1 EBADF (Bad file descriptor) [pid 15872] close(8) = -1 EBADF (Bad file descriptor) [pid 15872] close(9) = -1 EBADF (Bad file descriptor) [pid 15872] close(10) = -1 EBADF (Bad file descriptor) [pid 15872] close(11) = -1 EBADF (Bad file descriptor) [pid 15872] close(12) = -1 EBADF (Bad file descriptor) [pid 15872] close(13) = -1 EBADF (Bad file descriptor) [pid 15872] close(14) = -1 EBADF (Bad file descriptor) [pid 15872] close(15) = -1 EBADF (Bad file descriptor) [pid 15872] close(16) = -1 EBADF (Bad file descriptor) [pid 15872] close(17) = -1 EBADF (Bad file descriptor) [pid 15872] close(18) = -1 EBADF (Bad file descriptor) [pid 15872] close(19) = -1 EBADF (Bad file descriptor) [pid 15872] close(20) = -1 EBADF (Bad file descriptor) [pid 15872] close(21) = -1 EBADF (Bad file descriptor) [pid 15872] close(22) = -1 EBADF (Bad file descriptor) [pid 15872] close(23) = -1 EBADF (Bad file descriptor) [pid 15872] close(24) = -1 EBADF (Bad file descriptor) [pid 15872] close(25) = -1 EBADF (Bad file descriptor) [pid 15872] close(26) = -1 EBADF (Bad file descriptor) [pid 15872] close(27) = -1 EBADF (Bad file descriptor) [pid 15872] close(28) = -1 EBADF (Bad file descriptor) [pid 15872] close(29) = -1 EBADF (Bad file descriptor) [pid 15872] exit_group(0 [pid 15876] <... futex resumed>) = ? [pid 15873] <... futex resumed>) = ? [pid 15872] <... exit_group resumed>) = ? [pid 15877] <... futex resumed>) = ? [pid 15873] +++ exited with 0 +++ [pid 15876] +++ exited with 0 +++ [pid 15877] +++ exited with 0 +++ [pid 15872] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10032, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2628", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2628", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2628/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2628/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2628/binderfs") = 0 [ 315.861965][T15873] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2628/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2628/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2628/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2628/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2628/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2628/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2628") = 0 [pid 289] mkdir("./2629", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10036 ./strace-static-x86_64: Process 15878 attached [pid 15878] set_robust_list(0x555556f746a0, 24) = 0 [pid 15878] chdir("./2629") = 0 [pid 15878] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15878] setpgid(0, 0) = 0 [pid 15878] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15878] write(3, "1000", 4) = 4 [pid 15878] close(3) = 0 [pid 15878] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15878] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15878] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15878] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15878] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15878] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15878] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15878] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10037]}, 88) = 10037 ./strace-static-x86_64: Process 15879 attached [pid 15878] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15878] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15878] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15879] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15879] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15879] memfd_create("syzkaller", 0) = 3 [pid 15879] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15879] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15879] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15879] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15879] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15879] close(3) = 0 [pid 15879] mkdir("./file1", 0777) = 0 [pid 15879] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15879] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15879] chdir("./file1") = 0 [pid 15879] ioctl(4, LOOP_CLR_FD) = 0 [pid 15879] close(4) = 0 [pid 15879] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15878] <... futex resumed>) = 0 [pid 15879] setxattr("./file1", NULL, NULL, 0, 0 [pid 15878] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15878] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15879] <... setxattr resumed>) = -1 EFAULT (Bad address) [pid 15879] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15878] <... futex resumed>) = 0 [pid 15879] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15878] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15879] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15878] <... futex resumed>) = 0 [pid 15879] memfd_create("syzkaller", 0 [pid 15878] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15879] <... memfd_create resumed>) = 4 [pid 15878] <... futex resumed>) = 0 [pid 15879] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 15878] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 15879] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 15878] <... mmap resumed>) = 0x7fbc5ef0c000 [pid 15879] close(4 [pid 15878] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE [pid 15879] <... close resumed>) = 0 [pid 15878] <... mprotect resumed>) = 0 [pid 15879] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15878] rt_sigprocmask(SIG_BLOCK, ~[], [pid 15879] <... futex resumed>) = 0 [pid 15878] <... rt_sigprocmask resumed>[], 8) = 0 [pid 15879] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15878] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[10038]}, 88) = 10038 [pid 15878] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15878] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15878] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15879] <... futex resumed>) = 0 [pid 15878] <... futex resumed>) = 1 [pid 15879] memfd_create("syzkaller", 0 [pid 15878] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15879] <... memfd_create resumed>) = 4 [pid 15879] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15879] close(4) = 0 [pid 15879] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 15882 attached ) = 1 [pid 15878] <... futex resumed>) = 0 [pid 15882] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 15879] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 15878] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15882] <... set_robust_list resumed>) = 0 [pid 15878] <... futex resumed>) = 0 [pid 15882] rt_sigprocmask(SIG_SETMASK, [], [pid 15879] <... open resumed>) = 4 [pid 15878] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15879] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15878] <... futex resumed>) = 0 [pid 15878] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15879] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 15878] <... futex resumed>) = 0 [pid 15882] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15879] <... mount resumed>) = 0 [pid 15878] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15879] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15878] <... futex resumed>) = 0 [pid 15879] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 15878] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15879] <... open resumed>) = 5 [pid 15878] <... futex resumed>) = 0 [pid 15879] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15879] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15882] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 15878] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15882] <... setxattr resumed>) = 0 [pid 15878] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15878] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15879] <... futex resumed>) = 0 [pid 15878] <... futex resumed>) = 1 [pid 15882] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15878] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15879] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 15882] <... futex resumed>) = 0 [pid 15882] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15879] <... write resumed>) = 262144 [pid 15879] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15878] <... futex resumed>) = 0 [pid 15879] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15878] close(3) = 0 [pid 15878] close(4) = 0 [pid 15878] close(5) = 0 [pid 15878] close(6) = -1 EBADF (Bad file descriptor) [pid 15878] close(7) = -1 EBADF (Bad file descriptor) [pid 15878] close(8) = -1 EBADF (Bad file descriptor) [pid 15878] close(9) = -1 EBADF (Bad file descriptor) [pid 15878] close(10) = -1 EBADF (Bad file descriptor) [pid 15878] close(11) = -1 EBADF (Bad file descriptor) [pid 15878] close(12) = -1 EBADF (Bad file descriptor) [pid 15878] close(13) = -1 EBADF (Bad file descriptor) [pid 15878] close(14) = -1 EBADF (Bad file descriptor) [pid 15878] close(15) = -1 EBADF (Bad file descriptor) [pid 15878] close(16) = -1 EBADF (Bad file descriptor) [pid 15878] close(17) = -1 EBADF (Bad file descriptor) [pid 15878] close(18) = -1 EBADF (Bad file descriptor) [pid 15878] close(19) = -1 EBADF (Bad file descriptor) [pid 15878] close(20) = -1 EBADF (Bad file descriptor) [pid 15878] close(21) = -1 EBADF (Bad file descriptor) [pid 15878] close(22) = -1 EBADF (Bad file descriptor) [pid 15878] close(23) = -1 EBADF (Bad file descriptor) [pid 15878] close(24) = -1 EBADF (Bad file descriptor) [pid 15878] close(25) = -1 EBADF (Bad file descriptor) [pid 15878] close(26) = -1 EBADF (Bad file descriptor) [pid 15878] close(27) = -1 EBADF (Bad file descriptor) [pid 15878] close(28) = -1 EBADF (Bad file descriptor) [pid 15878] close(29) = -1 EBADF (Bad file descriptor) [pid 15878] exit_group(0 [pid 15882] <... futex resumed>) = ? [pid 15879] <... futex resumed>) = ? [pid 15878] <... exit_group resumed>) = ? [pid 15882] +++ exited with 0 +++ [pid 15879] +++ exited with 0 +++ [pid 15878] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10036, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2629", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2629", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2629/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2629/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2629/binderfs") = 0 [ 316.030792][T15879] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2629/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2629/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2629/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2629/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2629/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2629/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2629") = 0 [pid 289] mkdir("./2630", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10039 ./strace-static-x86_64: Process 15883 attached [pid 15883] set_robust_list(0x555556f746a0, 24) = 0 [pid 15883] chdir("./2630") = 0 [pid 15883] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15883] setpgid(0, 0) = 0 [pid 15883] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15883] write(3, "1000", 4) = 4 [pid 15883] close(3) = 0 [pid 15883] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15883] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15883] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15883] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15883] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15883] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15883] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15883] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10040]}, 88) = 10040 ./strace-static-x86_64: Process 15884 attached [pid 15884] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15884] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15884] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15883] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15883] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15884] <... futex resumed>) = 0 [pid 15883] <... futex resumed>) = 1 [pid 15884] memfd_create("syzkaller", 0 [pid 15883] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15884] <... memfd_create resumed>) = 3 [pid 15884] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15884] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15884] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15884] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15884] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15884] close(3) = 0 [pid 15884] mkdir("./file1", 0777) = 0 [pid 15884] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15884] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15884] chdir("./file1") = 0 [pid 15884] ioctl(4, LOOP_CLR_FD) = 0 [pid 15884] close(4) = 0 [pid 15884] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15883] <... futex resumed>) = 0 [pid 15883] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15883] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15884] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15884] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15883] <... futex resumed>) = 0 [pid 15884] <... futex resumed>) = 1 [pid 15883] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15884] memfd_create("syzkaller", 0 [pid 15883] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15883] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 15884] <... memfd_create resumed>) = 4 [pid 15883] <... mmap resumed>) = 0x7fbc5ef0c000 [pid 15883] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE [pid 15884] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 15883] <... mprotect resumed>) = 0 [pid 15884] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 15883] rt_sigprocmask(SIG_BLOCK, ~[], [pid 15884] close(4 [pid 15883] <... rt_sigprocmask resumed>[], 8) = 0 [pid 15883] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} [pid 15884] <... close resumed>) = 0 [pid 15884] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 15887 attached ) = 0 [pid 15883] <... clone3 resumed> => {parent_tid=[10041]}, 88) = 10041 [pid 15887] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 15884] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15883] rt_sigprocmask(SIG_SETMASK, [], [pid 15887] rt_sigprocmask(SIG_SETMASK, [], [pid 15883] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15887] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15883] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15887] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 15883] <... futex resumed>) = 0 [pid 15883] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15884] <... futex resumed>) = 0 [pid 15883] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15884] memfd_create("syzkaller", 0 [pid 15887] <... setxattr resumed>) = 0 [pid 15887] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15887] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15884] <... memfd_create resumed>) = 4 [pid 15884] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15884] close(4) = 0 [pid 15884] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15883] <... futex resumed>) = 0 [pid 15883] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15884] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 15883] <... futex resumed>) = 0 [pid 15883] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15884] <... open resumed>) = 4 [pid 15884] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15883] <... futex resumed>) = 0 [pid 15883] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15884] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 15883] <... futex resumed>) = 0 [pid 15883] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15884] <... mount resumed>) = 0 [pid 15884] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15883] <... futex resumed>) = 0 [pid 15884] <... futex resumed>) = 1 [pid 15883] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15884] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 15883] <... futex resumed>) = 0 [pid 15883] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15884] <... open resumed>) = 5 [pid 15884] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15883] <... futex resumed>) = 0 [pid 15883] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15884] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 15883] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15884] <... write resumed>) = 262144 [pid 15884] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15883] <... futex resumed>) = 0 [pid 15883] close(3) = 0 [pid 15883] close(4) = 0 [pid 15883] close(5 [pid 15884] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15883] <... close resumed>) = 0 [pid 15883] close(6) = -1 EBADF (Bad file descriptor) [pid 15883] close(7) = -1 EBADF (Bad file descriptor) [pid 15883] close(8) = -1 EBADF (Bad file descriptor) [pid 15883] close(9) = -1 EBADF (Bad file descriptor) [pid 15883] close(10) = -1 EBADF (Bad file descriptor) [pid 15883] close(11) = -1 EBADF (Bad file descriptor) [pid 15883] close(12) = -1 EBADF (Bad file descriptor) [pid 15883] close(13) = -1 EBADF (Bad file descriptor) [pid 15883] close(14) = -1 EBADF (Bad file descriptor) [pid 15883] close(15) = -1 EBADF (Bad file descriptor) [pid 15883] close(16) = -1 EBADF (Bad file descriptor) [pid 15883] close(17) = -1 EBADF (Bad file descriptor) [pid 15883] close(18) = -1 EBADF (Bad file descriptor) [pid 15883] close(19) = -1 EBADF (Bad file descriptor) [pid 15883] close(20) = -1 EBADF (Bad file descriptor) [pid 15883] close(21) = -1 EBADF (Bad file descriptor) [pid 15883] close(22) = -1 EBADF (Bad file descriptor) [pid 15883] close(23) = -1 EBADF (Bad file descriptor) [pid 15883] close(24) = -1 EBADF (Bad file descriptor) [pid 15883] close(25) = -1 EBADF (Bad file descriptor) [pid 15883] close(26) = -1 EBADF (Bad file descriptor) [pid 15883] close(27) = -1 EBADF (Bad file descriptor) [pid 15883] close(28) = -1 EBADF (Bad file descriptor) [pid 15883] close(29) = -1 EBADF (Bad file descriptor) [pid 15883] exit_group(0 [pid 15887] <... futex resumed>) = ? [pid 15883] <... exit_group resumed>) = ? [pid 15887] +++ exited with 0 +++ [pid 15884] <... futex resumed>) = ? [pid 15884] +++ exited with 0 +++ [pid 15883] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10039, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2630", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2630", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2630/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2630/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2630/binderfs") = 0 [ 316.186357][T15884] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2630/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2630/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2630/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2630/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2630/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2630/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2630") = 0 [pid 289] mkdir("./2631", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10042 ./strace-static-x86_64: Process 15888 attached [pid 15888] set_robust_list(0x555556f746a0, 24) = 0 [pid 15888] chdir("./2631") = 0 [pid 15888] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15888] setpgid(0, 0) = 0 [pid 15888] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15888] write(3, "1000", 4) = 4 [pid 15888] close(3) = 0 [pid 15888] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15888] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15888] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15888] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15888] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15888] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15888] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15888] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10043]}, 88) = 10043 [pid 15888] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15888] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15888] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15889 attached [pid 15889] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15889] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15889] memfd_create("syzkaller", 0) = 3 [pid 15889] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15889] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15889] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15889] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15889] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15889] close(3) = 0 [pid 15889] mkdir("./file1", 0777) = 0 [pid 15889] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15889] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15889] chdir("./file1") = 0 [pid 15889] ioctl(4, LOOP_CLR_FD) = 0 [pid 15889] close(4) = 0 [pid 15889] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15888] <... futex resumed>) = 0 [pid 15889] setxattr("./file1", NULL, NULL, 0, 0 [pid 15888] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15889] <... setxattr resumed>) = -1 EFAULT (Bad address) [pid 15888] <... futex resumed>) = 0 [pid 15889] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15888] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15889] <... futex resumed>) = 0 [pid 15888] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15889] memfd_create("syzkaller", 0 [pid 15888] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15889] <... memfd_create resumed>) = 4 [pid 15888] <... futex resumed>) = 0 [pid 15889] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 15888] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15889] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 15888] <... futex resumed>) = 0 [pid 15889] close(4 [pid 15888] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 15889] <... close resumed>) = 0 [pid 15888] <... mmap resumed>) = 0x7fbc5ef0c000 [pid 15889] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15888] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE [pid 15889] <... futex resumed>) = 0 [pid 15888] <... mprotect resumed>) = 0 [pid 15889] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15888] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15888] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[10044]}, 88) = 10044 [pid 15888] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15888] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15888] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15889] <... futex resumed>) = 0 [pid 15888] <... futex resumed>) = 1 [pid 15889] memfd_create("syzkaller", 0 [pid 15888] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15889] <... memfd_create resumed>) = 4 [pid 15889] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15889] close(4) = 0 [pid 15889] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15888] <... futex resumed>) = 0 [pid 15889] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 15888] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15888] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 15892 attached [pid 15892] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 15892] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15892] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 15889] <... open resumed>) = 4 [pid 15889] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15888] <... futex resumed>) = 0 [pid 15889] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 15888] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15889] <... mount resumed>) = 0 [pid 15888] <... futex resumed>) = 0 [pid 15889] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15888] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15889] <... futex resumed>) = 0 [pid 15888] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15889] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 15888] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15889] <... open resumed>) = 5 [pid 15888] <... futex resumed>) = 0 [pid 15889] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15888] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15889] <... futex resumed>) = 0 [pid 15888] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15889] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 15888] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15888] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15889] <... write resumed>) = 262144 [pid 15889] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15888] <... futex resumed>) = 0 [pid 15889] <... futex resumed>) = 1 [pid 15889] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15892] <... setxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 15892] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15892] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15888] close(3) = 0 [pid 15888] close(4) = 0 [pid 15888] close(5) = 0 [pid 15888] close(6) = -1 EBADF (Bad file descriptor) [pid 15888] close(7) = -1 EBADF (Bad file descriptor) [pid 15888] close(8) = -1 EBADF (Bad file descriptor) [pid 15888] close(9) = -1 EBADF (Bad file descriptor) [pid 15888] close(10) = -1 EBADF (Bad file descriptor) [pid 15888] close(11) = -1 EBADF (Bad file descriptor) [pid 15888] close(12) = -1 EBADF (Bad file descriptor) [pid 15888] close(13) = -1 EBADF (Bad file descriptor) [pid 15888] close(14) = -1 EBADF (Bad file descriptor) [pid 15888] close(15) = -1 EBADF (Bad file descriptor) [pid 15888] close(16) = -1 EBADF (Bad file descriptor) [pid 15888] close(17) = -1 EBADF (Bad file descriptor) [pid 15888] close(18) = -1 EBADF (Bad file descriptor) [pid 15888] close(19) = -1 EBADF (Bad file descriptor) [pid 15888] close(20) = -1 EBADF (Bad file descriptor) [pid 15888] close(21) = -1 EBADF (Bad file descriptor) [pid 15888] close(22) = -1 EBADF (Bad file descriptor) [pid 15888] close(23) = -1 EBADF (Bad file descriptor) [pid 15888] close(24) = -1 EBADF (Bad file descriptor) [pid 15888] close(25) = -1 EBADF (Bad file descriptor) [pid 15888] close(26) = -1 EBADF (Bad file descriptor) [pid 15888] close(27) = -1 EBADF (Bad file descriptor) [pid 15888] close(28) = -1 EBADF (Bad file descriptor) [pid 15888] close(29) = -1 EBADF (Bad file descriptor) [pid 15888] exit_group(0) = ? [pid 15889] <... futex resumed>) = ? [pid 15889] +++ exited with 0 +++ [pid 15892] <... futex resumed>) = ? [pid 15892] +++ exited with 0 +++ [pid 15888] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10042, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 289] umount2("./2631", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2631", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2631/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2631/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2631/binderfs") = 0 [pid 289] umount2("./2631/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2631/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2631/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2631/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2631/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2631/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2631") = 0 [pid 289] mkdir("./2632", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10045 ./strace-static-x86_64: Process 15893 attached [pid 15893] set_robust_list(0x555556f746a0, 24) = 0 [pid 15893] chdir("./2632") = 0 [pid 15893] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15893] setpgid(0, 0) = 0 [pid 15893] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15893] write(3, "1000", 4) = 4 [pid 15893] close(3) = 0 [pid 15893] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15893] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15893] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15893] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15893] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15893] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15893] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15893] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10046]}, 88) = 10046 [pid 15893] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15893] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15893] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15894 attached [pid 15894] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15894] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15894] memfd_create("syzkaller", 0) = 3 [pid 15894] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15894] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15894] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15894] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15894] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15894] close(3) = 0 [pid 15894] mkdir("./file1", 0777) = 0 [ 316.339874][T15889] EXT4-fs (loop0): 1 truncate cleaned up [ 316.350429][T15892] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5886: Corrupt filesystem [pid 15894] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15894] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15894] chdir("./file1") = 0 [pid 15894] ioctl(4, LOOP_CLR_FD) = 0 [pid 15894] close(4) = 0 [pid 15894] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15893] <... futex resumed>) = 0 [pid 15893] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15893] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15894] <... futex resumed>) = 1 [pid 15894] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15894] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15893] <... futex resumed>) = 0 [pid 15893] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15893] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15893] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15893] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15893] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15893] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[10047]}, 88) = 10047 [pid 15893] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15893] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15893] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15893] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 15893] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15893] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 ./strace-static-x86_64: Process 15897 attached [pid 15893] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} [pid 15894] <... futex resumed>) = 1 [pid 15897] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 15893] <... clone3 resumed> => {parent_tid=[10048]}, 88) = 10048 [pid 15894] memfd_create("syzkaller", 0 [pid 15893] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15893] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15893] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15898 attached [pid 15898] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 15898] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15898] memfd_create("syzkaller", 0) = 4 [pid 15898] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15898] close(4) = 0 [pid 15898] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15893] <... futex resumed>) = 0 [pid 15893] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15893] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15898] <... futex resumed>) = 1 [pid 15898] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 15898] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15893] <... futex resumed>) = 0 [pid 15893] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15893] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15898] <... futex resumed>) = 1 [pid 15898] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 15898] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15893] <... futex resumed>) = 0 [pid 15893] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15893] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15898] <... futex resumed>) = 1 [pid 15898] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 15894] <... memfd_create resumed>) = 5 [pid 15897] <... set_robust_list resumed>) = 0 [pid 15898] <... open resumed>) = 6 [pid 15894] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 15897] rt_sigprocmask(SIG_SETMASK, [], [pid 15898] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15893] <... futex resumed>) = 0 [pid 15893] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15893] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15898] <... futex resumed>) = 1 [pid 15898] write(6, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 15897] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15894] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 15897] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 15894] close(5 [pid 15898] <... write resumed>) = 262144 [pid 15894] <... close resumed>) = 0 [pid 15894] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15894] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15898] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15898] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15893] <... futex resumed>) = 0 [pid 15897] <... setxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 15897] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15897] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15893] close(3) = 0 [pid 15893] close(4) = 0 [pid 15893] close(5) = -1 EBADF (Bad file descriptor) [pid 15893] close(6) = 0 [pid 15893] close(7) = -1 EBADF (Bad file descriptor) [pid 15893] close(8) = -1 EBADF (Bad file descriptor) [pid 15893] close(9) = -1 EBADF (Bad file descriptor) [pid 15893] close(10) = -1 EBADF (Bad file descriptor) [pid 15893] close(11) = -1 EBADF (Bad file descriptor) [pid 15893] close(12) = -1 EBADF (Bad file descriptor) [pid 15893] close(13) = -1 EBADF (Bad file descriptor) [pid 15893] close(14) = -1 EBADF (Bad file descriptor) [pid 15893] close(15) = -1 EBADF (Bad file descriptor) [pid 15893] close(16) = -1 EBADF (Bad file descriptor) [pid 15893] close(17) = -1 EBADF (Bad file descriptor) [pid 15893] close(18) = -1 EBADF (Bad file descriptor) [pid 15893] close(19) = -1 EBADF (Bad file descriptor) [pid 15893] close(20) = -1 EBADF (Bad file descriptor) [pid 15893] close(21) = -1 EBADF (Bad file descriptor) [pid 15893] close(22) = -1 EBADF (Bad file descriptor) [pid 15893] close(23) = -1 EBADF (Bad file descriptor) [pid 15893] close(24) = -1 EBADF (Bad file descriptor) [pid 15893] close(25) = -1 EBADF (Bad file descriptor) [pid 15893] close(26) = -1 EBADF (Bad file descriptor) [pid 15893] close(27) = -1 EBADF (Bad file descriptor) [pid 15893] close(28) = -1 EBADF (Bad file descriptor) [pid 15893] close(29) = -1 EBADF (Bad file descriptor) [pid 15893] exit_group(0) = ? [pid 15894] <... futex resumed>) = ? [pid 15894] +++ exited with 0 +++ [pid 15897] <... futex resumed>) = ? [pid 15898] <... futex resumed>) = ? [pid 15897] +++ exited with 0 +++ [pid 15898] +++ exited with 0 +++ [pid 15893] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10045, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2632", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2632", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2632/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2632/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2632/binderfs") = 0 [ 316.398914][T15894] EXT4-fs (loop0): 1 truncate cleaned up [ 316.413872][T15897] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5886: Corrupt filesystem [pid 289] umount2("./2632/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2632/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2632/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2632/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2632/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2632/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2632") = 0 [pid 289] mkdir("./2633", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10049 ./strace-static-x86_64: Process 15900 attached [pid 15900] set_robust_list(0x555556f746a0, 24) = 0 [pid 15900] chdir("./2633") = 0 [pid 15900] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15900] setpgid(0, 0) = 0 [pid 15900] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15900] write(3, "1000", 4) = 4 [pid 15900] close(3) = 0 [pid 15900] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15900] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15900] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15900] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15900] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15900] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15900] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15900] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10050]}, 88) = 10050 [pid 15900] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15900] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15900] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15901 attached [pid 15901] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15901] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15901] memfd_create("syzkaller", 0) = 3 [pid 15901] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15901] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15901] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15901] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15901] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15901] close(3) = 0 [pid 15901] mkdir("./file1", 0777) = 0 [pid 15901] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15901] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15901] chdir("./file1") = 0 [pid 15901] ioctl(4, LOOP_CLR_FD) = 0 [pid 15901] close(4) = 0 [pid 15901] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15900] <... futex resumed>) = 0 [pid 15900] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15900] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15901] <... futex resumed>) = 1 [pid 15901] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15901] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15900] <... futex resumed>) = 0 [pid 15900] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15900] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15900] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15900] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15900] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15900] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[10051]}, 88) = 10051 [pid 15900] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15900] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15900] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15900] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 15900] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15900] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15900] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[10052]}, 88) = 10052 [pid 15900] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15900] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15900] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15901] <... futex resumed>) = 1 ./strace-static-x86_64: Process 15905 attached ./strace-static-x86_64: Process 15904 attached [pid 15901] memfd_create("syzkaller", 0 [pid 15905] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 15905] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15905] memfd_create("syzkaller", 0) = 4 [pid 15905] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15905] close(4) = 0 [pid 15905] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15905] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15900] <... futex resumed>) = 0 [pid 15905] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15900] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15905] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 15900] <... futex resumed>) = 0 [pid 15900] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15904] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 15905] <... open resumed>) = 4 [pid 15905] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15900] <... futex resumed>) = 0 [pid 15905] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15900] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15905] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15900] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15905] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 15904] <... set_robust_list resumed>) = 0 [pid 15905] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15900] <... futex resumed>) = 0 [pid 15905] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 15900] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15905] <... open resumed>) = 5 [pid 15905] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15900] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15905] <... futex resumed>) = 0 [pid 15900] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15905] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15900] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15905] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15900] <... futex resumed>) = 0 [pid 15900] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15905] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 15904] rt_sigprocmask(SIG_SETMASK, [], [pid 15901] <... memfd_create resumed>) = 6 [pid 15904] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15901] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 15904] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 15901] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 15905] <... write resumed>) = 262144 [pid 15905] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15905] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15901] close(6) = 0 [pid 15901] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15901] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15900] <... futex resumed>) = 0 [pid 15904] <... setxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 15904] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15904] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15900] close(3) = 0 [pid 15900] close(4) = 0 [pid 15900] close(5) = 0 [pid 15900] close(6) = -1 EBADF (Bad file descriptor) [pid 15900] close(7) = -1 EBADF (Bad file descriptor) [pid 15900] close(8) = -1 EBADF (Bad file descriptor) [pid 15900] close(9) = -1 EBADF (Bad file descriptor) [pid 15900] close(10) = -1 EBADF (Bad file descriptor) [pid 15900] close(11) = -1 EBADF (Bad file descriptor) [pid 15900] close(12) = -1 EBADF (Bad file descriptor) [pid 15900] close(13) = -1 EBADF (Bad file descriptor) [pid 15900] close(14) = -1 EBADF (Bad file descriptor) [pid 15900] close(15) = -1 EBADF (Bad file descriptor) [pid 15900] close(16) = -1 EBADF (Bad file descriptor) [pid 15900] close(17) = -1 EBADF (Bad file descriptor) [pid 15900] close(18) = -1 EBADF (Bad file descriptor) [pid 15900] close(19) = -1 EBADF (Bad file descriptor) [pid 15900] close(20) = -1 EBADF (Bad file descriptor) [pid 15900] close(21) = -1 EBADF (Bad file descriptor) [pid 15900] close(22) = -1 EBADF (Bad file descriptor) [pid 15900] close(23) = -1 EBADF (Bad file descriptor) [pid 15900] close(24) = -1 EBADF (Bad file descriptor) [pid 15900] close(25) = -1 EBADF (Bad file descriptor) [pid 15900] close(26) = -1 EBADF (Bad file descriptor) [pid 15900] close(27) = -1 EBADF (Bad file descriptor) [pid 15900] close(28) = -1 EBADF (Bad file descriptor) [pid 15900] close(29) = -1 EBADF (Bad file descriptor) [pid 15900] exit_group(0) = ? [pid 15905] <... futex resumed>) = ? [pid 15904] <... futex resumed>) = ? [pid 15904] +++ exited with 0 +++ [pid 15905] +++ exited with 0 +++ [pid 15901] <... futex resumed>) = ? [pid 15901] +++ exited with 0 +++ [pid 15900] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10049, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2633", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2633", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2633/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2633/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2633/binderfs") = 0 [pid 289] umount2("./2633/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2633/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2633/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2633/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2633/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2633/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2633") = 0 [pid 289] mkdir("./2634", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10053 ./strace-static-x86_64: Process 15906 attached [pid 15906] set_robust_list(0x555556f746a0, 24) = 0 [pid 15906] chdir("./2634") = 0 [pid 15906] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15906] setpgid(0, 0) = 0 [pid 15906] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15906] write(3, "1000", 4) = 4 [pid 15906] close(3) = 0 [pid 15906] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15906] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15906] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15906] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15906] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15906] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15906] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15906] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10054]}, 88) = 10054 [pid 15906] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 15907 attached [pid 15906] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15906] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15907] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15907] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15907] memfd_create("syzkaller", 0) = 3 [pid 15907] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15907] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15907] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15907] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15907] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15907] close(3) = 0 [pid 15907] mkdir("./file1", 0777) = 0 [ 316.537744][T15901] EXT4-fs (loop0): 1 truncate cleaned up [ 316.551239][T15904] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5886: Corrupt filesystem [pid 15907] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15907] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15907] chdir("./file1") = 0 [pid 15907] ioctl(4, LOOP_CLR_FD) = 0 [pid 15907] close(4) = 0 [pid 15907] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15906] <... futex resumed>) = 0 [pid 15906] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15906] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15907] <... futex resumed>) = 1 [pid 15907] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15907] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15906] <... futex resumed>) = 0 [pid 15906] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15906] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15906] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15906] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15906] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15906] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[10055]}, 88) = 10055 [pid 15906] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15906] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15906] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15906] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 15906] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15906] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15906] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[10056]}, 88) = 10056 [pid 15906] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15906] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15906] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15907] <... futex resumed>) = 1 [pid 15907] memfd_create("syzkaller", 0) = 4 [pid 15907] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15907] close(4) = 0 [pid 15907] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15907] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 15910 attached [pid 15910] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 15910] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15910] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0./strace-static-x86_64: Process 15911 attached [pid 15911] set_robust_list(0x7fbc5ef0b9a0, 24 [pid 15910] <... setxattr resumed>) = 0 [pid 15910] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15910] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15911] <... set_robust_list resumed>) = 0 [pid 15911] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15911] memfd_create("syzkaller", 0) = 4 [pid 15911] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15911] close(4) = 0 [pid 15911] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15906] <... futex resumed>) = 0 [pid 15906] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15906] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15907] <... futex resumed>) = 0 [pid 15907] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 15911] <... futex resumed>) = 1 [pid 15911] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15907] <... open resumed>) = 4 [pid 15907] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15906] <... futex resumed>) = 0 [pid 15907] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 15906] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15907] <... mount resumed>) = 0 [pid 15906] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15907] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15906] <... futex resumed>) = 0 [pid 15906] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15906] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15907] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 15907] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15906] <... futex resumed>) = 0 [pid 15906] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15906] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15907] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 15907] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15906] <... futex resumed>) = 0 [pid 15907] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15906] close(3) = 0 [pid 15906] close(4) = 0 [pid 15906] close(5) = 0 [pid 15906] close(6) = -1 EBADF (Bad file descriptor) [pid 15906] close(7) = -1 EBADF (Bad file descriptor) [pid 15906] close(8) = -1 EBADF (Bad file descriptor) [pid 15906] close(9) = -1 EBADF (Bad file descriptor) [pid 15906] close(10) = -1 EBADF (Bad file descriptor) [pid 15906] close(11) = -1 EBADF (Bad file descriptor) [pid 15906] close(12) = -1 EBADF (Bad file descriptor) [pid 15906] close(13) = -1 EBADF (Bad file descriptor) [pid 15906] close(14) = -1 EBADF (Bad file descriptor) [pid 15906] close(15) = -1 EBADF (Bad file descriptor) [pid 15906] close(16) = -1 EBADF (Bad file descriptor) [pid 15906] close(17) = -1 EBADF (Bad file descriptor) [pid 15906] close(18) = -1 EBADF (Bad file descriptor) [pid 15906] close(19) = -1 EBADF (Bad file descriptor) [pid 15906] close(20) = -1 EBADF (Bad file descriptor) [pid 15906] close(21) = -1 EBADF (Bad file descriptor) [pid 15906] close(22) = -1 EBADF (Bad file descriptor) [pid 15906] close(23) = -1 EBADF (Bad file descriptor) [pid 15906] close(24) = -1 EBADF (Bad file descriptor) [pid 15906] close(25) = -1 EBADF (Bad file descriptor) [pid 15906] close(26) = -1 EBADF (Bad file descriptor) [pid 15906] close(27) = -1 EBADF (Bad file descriptor) [pid 15906] close(28) = -1 EBADF (Bad file descriptor) [pid 15906] close(29) = -1 EBADF (Bad file descriptor) [pid 15906] exit_group(0) = ? [pid 15911] <... futex resumed>) = ? [pid 15910] <... futex resumed>) = ? [pid 15911] +++ exited with 0 +++ [pid 15910] +++ exited with 0 +++ [pid 15907] <... futex resumed>) = ? [pid 15907] +++ exited with 0 +++ [pid 15906] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10053, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2634", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2634", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2634/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2634/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2634/binderfs") = 0 [ 316.591974][T15907] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2634/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2634/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2634/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2634/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2634/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2634/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2634") = 0 [pid 289] mkdir("./2635", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10057 ./strace-static-x86_64: Process 15912 attached [pid 15912] set_robust_list(0x555556f746a0, 24) = 0 [pid 15912] chdir("./2635") = 0 [pid 15912] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15912] setpgid(0, 0) = 0 [pid 15912] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15912] write(3, "1000", 4) = 4 [pid 15912] close(3) = 0 [pid 15912] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15912] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15912] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15912] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15912] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15912] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15912] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15912] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10058]}, 88) = 10058 [pid 15912] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15912] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15912] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15913 attached [pid 15913] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15913] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15913] memfd_create("syzkaller", 0) = 3 [pid 15913] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15913] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15913] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15913] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15913] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15913] close(3) = 0 [pid 15913] mkdir("./file1", 0777) = 0 [pid 15913] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15913] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15913] chdir("./file1") = 0 [pid 15913] ioctl(4, LOOP_CLR_FD) = 0 [pid 15913] close(4) = 0 [pid 15913] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15912] <... futex resumed>) = 0 [pid 15912] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15912] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15913] <... futex resumed>) = 1 [pid 15913] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15913] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15912] <... futex resumed>) = 0 [pid 15912] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15912] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15912] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15912] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15912] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15912] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[10059]}, 88) = 10059 [pid 15912] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15913] <... futex resumed>) = 1 [pid 15912] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 15916 attached [pid 15913] memfd_create("syzkaller", 0 [pid 15912] <... futex resumed>) = 0 [pid 15913] <... memfd_create resumed>) = 4 [pid 15912] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15913] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 15912] <... futex resumed>) = 0 [pid 15916] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 15913] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 15912] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 15912] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE [pid 15916] <... set_robust_list resumed>) = 0 [pid 15913] close(4 [pid 15912] <... mprotect resumed>) = 0 [pid 15912] rt_sigprocmask(SIG_BLOCK, ~[], [pid 15916] rt_sigprocmask(SIG_SETMASK, [], [pid 15913] <... close resumed>) = 0 [pid 15912] <... rt_sigprocmask resumed>[], 8) = 0 [pid 15912] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} [pid 15916] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15913] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 15917 attached [pid 15916] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 15913] <... futex resumed>) = 0 [pid 15917] set_robust_list(0x7fbc5ef0b9a0, 24 [pid 15912] <... clone3 resumed> => {parent_tid=[10060]}, 88) = 10060 [pid 15917] <... set_robust_list resumed>) = 0 [pid 15912] rt_sigprocmask(SIG_SETMASK, [], [pid 15917] rt_sigprocmask(SIG_SETMASK, [], [pid 15912] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15917] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15912] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15917] memfd_create("syzkaller", 0 [pid 15912] <... futex resumed>) = 0 [pid 15917] <... memfd_create resumed>) = 4 [pid 15912] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15917] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15916] <... setxattr resumed>) = 0 [pid 15913] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15917] close(4) = 0 [pid 15916] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15917] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15916] <... futex resumed>) = 0 [pid 15917] <... futex resumed>) = 1 [pid 15916] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15912] <... futex resumed>) = 0 [pid 15917] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15912] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15913] <... futex resumed>) = 0 [pid 15912] <... futex resumed>) = 1 [pid 15913] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 15912] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15913] <... open resumed>) = 4 [pid 15913] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15912] <... futex resumed>) = 0 [pid 15912] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15913] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 15912] <... futex resumed>) = 0 [pid 15912] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15913] <... mount resumed>) = 0 [pid 15913] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15912] <... futex resumed>) = 0 [pid 15913] <... futex resumed>) = 1 [pid 15912] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15913] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 15912] <... futex resumed>) = 0 [pid 15912] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15913] <... open resumed>) = 5 [pid 15913] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15912] <... futex resumed>) = 0 [pid 15913] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15912] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15913] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15912] <... futex resumed>) = 0 [pid 15913] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 15912] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15913] <... write resumed>) = 262144 [pid 15913] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15912] <... futex resumed>) = 0 [pid 15912] close(3) = 0 [pid 15912] close(4) = 0 [pid 15912] close(5 [pid 15913] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15912] <... close resumed>) = 0 [pid 15912] close(6) = -1 EBADF (Bad file descriptor) [pid 15912] close(7) = -1 EBADF (Bad file descriptor) [pid 15912] close(8) = -1 EBADF (Bad file descriptor) [pid 15912] close(9) = -1 EBADF (Bad file descriptor) [pid 15912] close(10) = -1 EBADF (Bad file descriptor) [pid 15912] close(11) = -1 EBADF (Bad file descriptor) [pid 15912] close(12) = -1 EBADF (Bad file descriptor) [pid 15912] close(13) = -1 EBADF (Bad file descriptor) [pid 15912] close(14) = -1 EBADF (Bad file descriptor) [pid 15912] close(15) = -1 EBADF (Bad file descriptor) [pid 15912] close(16) = -1 EBADF (Bad file descriptor) [pid 15912] close(17) = -1 EBADF (Bad file descriptor) [pid 15912] close(18) = -1 EBADF (Bad file descriptor) [pid 15912] close(19) = -1 EBADF (Bad file descriptor) [pid 15912] close(20) = -1 EBADF (Bad file descriptor) [pid 15912] close(21) = -1 EBADF (Bad file descriptor) [pid 15912] close(22) = -1 EBADF (Bad file descriptor) [pid 15912] close(23) = -1 EBADF (Bad file descriptor) [pid 15912] close(24) = -1 EBADF (Bad file descriptor) [pid 15912] close(25) = -1 EBADF (Bad file descriptor) [pid 15912] close(26) = -1 EBADF (Bad file descriptor) [pid 15912] close(27) = -1 EBADF (Bad file descriptor) [pid 15912] close(28) = -1 EBADF (Bad file descriptor) [pid 15912] close(29) = -1 EBADF (Bad file descriptor) [pid 15912] exit_group(0 [pid 15913] <... futex resumed>) = ? [pid 15916] <... futex resumed>) = ? [pid 15912] <... exit_group resumed>) = ? [pid 15917] <... futex resumed>) = 231 [pid 15916] +++ exited with 0 +++ [pid 15913] +++ exited with 0 +++ [pid 15917] +++ exited with 0 +++ [pid 15912] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10057, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2635", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2635", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2635/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2635/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2635/binderfs") = 0 [ 316.689179][T15913] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2635/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2635/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2635/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2635/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2635/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2635/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2635") = 0 [pid 289] mkdir("./2636", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10061 ./strace-static-x86_64: Process 15918 attached [pid 15918] set_robust_list(0x555556f746a0, 24) = 0 [pid 15918] chdir("./2636") = 0 [pid 15918] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15918] setpgid(0, 0) = 0 [pid 15918] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15918] write(3, "1000", 4) = 4 [pid 15918] close(3) = 0 [pid 15918] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15918] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15918] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15918] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15918] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15918] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15918] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15918] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10062]}, 88) = 10062 [pid 15918] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15918] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15918] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15919 attached [pid 15919] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15919] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15919] memfd_create("syzkaller", 0) = 3 [pid 15919] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15919] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15919] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15919] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15919] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15919] close(3) = 0 [pid 15919] mkdir("./file1", 0777) = 0 [pid 15919] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15919] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15919] chdir("./file1") = 0 [pid 15919] ioctl(4, LOOP_CLR_FD) = 0 [pid 15919] close(4) = 0 [pid 15919] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15918] <... futex resumed>) = 0 [pid 15918] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15918] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15919] <... futex resumed>) = 1 [pid 15919] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15919] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15918] <... futex resumed>) = 0 [pid 15918] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15918] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15918] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15918] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15918] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15918] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[10063]}, 88) = 10063 [pid 15918] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15918] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15918] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 15922 attached [pid 15918] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 15918] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15918] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15918] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} [pid 15922] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 15919] memfd_create("syzkaller", 0 [pid 15922] <... set_robust_list resumed>) = 0 [pid 15919] <... memfd_create resumed>) = 4 [pid 15918] <... clone3 resumed> => {parent_tid=[10064]}, 88) = 10064 ./strace-static-x86_64: Process 15923 attached [pid 15922] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15922] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0) = 0 [pid 15919] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15919] close(4) = 0 [pid 15919] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15919] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15922] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15922] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15918] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15918] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15918] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15923] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 15923] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15923] memfd_create("syzkaller", 0) = 4 [pid 15923] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15923] close(4) = 0 [pid 15923] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15918] <... futex resumed>) = 0 [pid 15918] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15918] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15919] <... futex resumed>) = 0 [pid 15919] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 15923] <... futex resumed>) = 1 [pid 15923] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15919] <... open resumed>) = 4 [pid 15919] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15918] <... futex resumed>) = 0 [pid 15919] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 15918] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15918] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15919] <... mount resumed>) = 0 [pid 15919] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15919] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15918] <... futex resumed>) = 0 [pid 15918] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15919] <... futex resumed>) = 0 [pid 15918] <... futex resumed>) = 1 [pid 15919] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 15918] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15919] <... open resumed>) = 5 [pid 15919] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15918] <... futex resumed>) = 0 [pid 15919] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 15918] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15918] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15919] <... write resumed>) = 262144 [pid 15919] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15918] <... futex resumed>) = 0 [pid 15918] close(3) = 0 [pid 15918] close(4) = 0 [pid 15918] close(5) = 0 [pid 15918] close(6) = -1 EBADF (Bad file descriptor) [pid 15918] close(7) = -1 EBADF (Bad file descriptor) [pid 15918] close(8) = -1 EBADF (Bad file descriptor) [pid 15918] close(9) = -1 EBADF (Bad file descriptor) [pid 15918] close(10) = -1 EBADF (Bad file descriptor) [pid 15918] close(11) = -1 EBADF (Bad file descriptor) [pid 15918] close(12) = -1 EBADF (Bad file descriptor) [pid 15918] close(13) = -1 EBADF (Bad file descriptor) [pid 15918] close(14) = -1 EBADF (Bad file descriptor) [pid 15918] close(15) = -1 EBADF (Bad file descriptor) [pid 15918] close(16) = -1 EBADF (Bad file descriptor) [pid 15918] close(17) = -1 EBADF (Bad file descriptor) [pid 15918] close(18) = -1 EBADF (Bad file descriptor) [pid 15918] close(19) = -1 EBADF (Bad file descriptor) [pid 15918] close(20) = -1 EBADF (Bad file descriptor) [pid 15918] close(21) = -1 EBADF (Bad file descriptor) [pid 15918] close(22) = -1 EBADF (Bad file descriptor) [pid 15918] close(23) = -1 EBADF (Bad file descriptor) [pid 15918] close(24) = -1 EBADF (Bad file descriptor) [pid 15918] close(25) = -1 EBADF (Bad file descriptor) [pid 15918] close(26) = -1 EBADF (Bad file descriptor) [pid 15918] close(27) = -1 EBADF (Bad file descriptor) [pid 15918] close(28) = -1 EBADF (Bad file descriptor) [pid 15918] close(29) = -1 EBADF (Bad file descriptor) [pid 15918] exit_group(0) = ? [pid 15923] <... futex resumed>) = ? [pid 15923] +++ exited with 0 +++ [pid 15922] <... futex resumed>) = ? [pid 15922] +++ exited with 0 +++ [pid 15919] <... futex resumed>) = ? [pid 15919] +++ exited with 0 +++ [pid 15918] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10061, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2636", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2636", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2636/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2636/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2636/binderfs") = 0 [ 316.821695][T15919] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2636/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2636/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2636/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2636/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2636/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2636/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2636") = 0 [pid 289] mkdir("./2637", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10065 ./strace-static-x86_64: Process 15924 attached [pid 15924] set_robust_list(0x555556f746a0, 24) = 0 [pid 15924] chdir("./2637") = 0 [pid 15924] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15924] setpgid(0, 0) = 0 [pid 15924] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15924] write(3, "1000", 4) = 4 [pid 15924] close(3) = 0 [pid 15924] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15924] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15924] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15924] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15924] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15924] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15924] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15924] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10066]}, 88) = 10066 [pid 15924] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15924] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15924] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15925 attached [pid 15925] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15925] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15925] memfd_create("syzkaller", 0) = 3 [pid 15925] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15925] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15925] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15925] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15925] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15925] close(3) = 0 [pid 15925] mkdir("./file1", 0777) = 0 [pid 15925] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15925] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15925] chdir("./file1") = 0 [pid 15925] ioctl(4, LOOP_CLR_FD) = 0 [pid 15925] close(4) = 0 [pid 15925] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15924] <... futex resumed>) = 0 [pid 15924] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15924] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15925] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15925] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15924] <... futex resumed>) = 0 [pid 15924] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15924] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15924] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15924] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15924] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15924] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0}./strace-static-x86_64: Process 15928 attached [pid 15928] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 15928] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15928] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15925] <... futex resumed>) = 1 [pid 15924] <... clone3 resumed> => {parent_tid=[10067]}, 88) = 10067 [pid 15924] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15924] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15928] <... futex resumed>) = 0 [pid 15924] <... futex resumed>) = 1 [pid 15928] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0) = 0 [pid 15928] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15928] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15925] memfd_create("syzkaller", 0 [pid 15924] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15924] futex(0x7fbc673d96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15928] <... futex resumed>) = 0 [pid 15925] <... memfd_create resumed>) = 4 [pid 15928] memfd_create("syzkaller", 0 [pid 15925] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 15928] <... memfd_create resumed>) = 5 [pid 15925] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 15928] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 15925] close(4 [pid 15928] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 15925] <... close resumed>) = 0 [pid 15928] close(5 [pid 15925] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15928] <... close resumed>) = 0 [pid 15925] <... futex resumed>) = 0 [pid 15928] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15925] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15928] <... futex resumed>) = 1 [pid 15924] <... futex resumed>) = 0 [pid 15924] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15924] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15928] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15925] <... futex resumed>) = 0 [pid 15925] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 15925] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15924] <... futex resumed>) = 0 [pid 15924] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15924] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15925] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 15925] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15924] <... futex resumed>) = 0 [pid 15924] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15924] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15925] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 15925] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15924] <... futex resumed>) = 0 [pid 15924] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15924] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15925] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 15925] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15924] <... futex resumed>) = 0 [pid 15924] close(3 [pid 15925] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15924] <... close resumed>) = 0 [pid 15924] close(4) = 0 [pid 15924] close(5) = 0 [pid 15924] close(6) = -1 EBADF (Bad file descriptor) [pid 15924] close(7) = -1 EBADF (Bad file descriptor) [pid 15924] close(8) = -1 EBADF (Bad file descriptor) [pid 15924] close(9) = -1 EBADF (Bad file descriptor) [pid 15924] close(10) = -1 EBADF (Bad file descriptor) [pid 15924] close(11) = -1 EBADF (Bad file descriptor) [pid 15924] close(12) = -1 EBADF (Bad file descriptor) [pid 15924] close(13) = -1 EBADF (Bad file descriptor) [pid 15924] close(14) = -1 EBADF (Bad file descriptor) [pid 15924] close(15) = -1 EBADF (Bad file descriptor) [pid 15924] close(16) = -1 EBADF (Bad file descriptor) [pid 15924] close(17) = -1 EBADF (Bad file descriptor) [pid 15924] close(18) = -1 EBADF (Bad file descriptor) [pid 15924] close(19) = -1 EBADF (Bad file descriptor) [pid 15924] close(20) = -1 EBADF (Bad file descriptor) [pid 15924] close(21) = -1 EBADF (Bad file descriptor) [pid 15924] close(22) = -1 EBADF (Bad file descriptor) [pid 15924] close(23) = -1 EBADF (Bad file descriptor) [pid 15924] close(24) = -1 EBADF (Bad file descriptor) [pid 15924] close(25) = -1 EBADF (Bad file descriptor) [pid 15924] close(26) = -1 EBADF (Bad file descriptor) [pid 15924] close(27) = -1 EBADF (Bad file descriptor) [pid 15924] close(28) = -1 EBADF (Bad file descriptor) [pid 15924] close(29) = -1 EBADF (Bad file descriptor) [pid 15924] exit_group(0) = ? [pid 15928] <... futex resumed>) = ? [pid 15925] <... futex resumed>) = ? [pid 15928] +++ exited with 0 +++ [pid 15925] +++ exited with 0 +++ [pid 15924] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10065, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2637", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2637", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2637/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2637/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2637/binderfs") = 0 [ 316.943493][T15925] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2637/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2637/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2637/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2637/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2637/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2637/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2637") = 0 [pid 289] mkdir("./2638", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10068 ./strace-static-x86_64: Process 15929 attached [pid 15929] set_robust_list(0x555556f746a0, 24) = 0 [pid 15929] chdir("./2638") = 0 [pid 15929] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15929] setpgid(0, 0) = 0 [pid 15929] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15929] write(3, "1000", 4) = 4 [pid 15929] close(3) = 0 [pid 15929] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15929] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15929] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15929] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15929] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15929] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15929] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15929] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0}./strace-static-x86_64: Process 15930 attached [pid 15930] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15930] rt_sigprocmask(SIG_SETMASK, [], [pid 15929] <... clone3 resumed> => {parent_tid=[10069]}, 88) = 10069 [pid 15930] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15929] rt_sigprocmask(SIG_SETMASK, [], [pid 15930] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15929] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15929] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15930] <... futex resumed>) = 0 [pid 15930] memfd_create("syzkaller", 0) = 3 [pid 15930] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15929] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15930] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15930] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15930] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15930] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15930] close(3) = 0 [pid 15930] mkdir("./file1", 0777) = 0 [pid 15930] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15930] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15930] chdir("./file1") = 0 [pid 15930] ioctl(4, LOOP_CLR_FD) = 0 [pid 15930] close(4) = 0 [pid 15930] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15929] <... futex resumed>) = 0 [pid 15929] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15929] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15930] <... futex resumed>) = 1 [pid 15930] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15930] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15929] <... futex resumed>) = 0 [pid 15929] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15929] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15929] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15929] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15929] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15929] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0}./strace-static-x86_64: Process 15933 attached => {parent_tid=[10070]}, 88) = 10070 [pid 15929] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15929] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15929] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15929] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 15929] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15929] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15929] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[10071]}, 88) = 10071 [pid 15929] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15929] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15929] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15930] <... futex resumed>) = 1 [pid 15930] memfd_create("syzkaller", 0) = 4 ./strace-static-x86_64: Process 15934 attached [pid 15933] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 15930] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15930] close(4) = 0 [pid 15930] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15930] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15933] <... set_robust_list resumed>) = 0 [pid 15934] set_robust_list(0x7fbc5ef0b9a0, 24 [pid 15933] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15933] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 15934] <... set_robust_list resumed>) = 0 [pid 15933] <... setxattr resumed>) = 0 [pid 15933] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15933] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15934] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15934] memfd_create("syzkaller", 0) = 4 [pid 15934] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15934] close(4) = 0 [pid 15934] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15929] <... futex resumed>) = 0 [pid 15929] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15929] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15930] <... futex resumed>) = 0 [pid 15930] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 15934] <... futex resumed>) = 1 [pid 15934] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15930] <... open resumed>) = 4 [pid 15930] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15929] <... futex resumed>) = 0 [pid 15930] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 15929] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15930] <... mount resumed>) = 0 [pid 15930] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15930] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15929] <... futex resumed>) = 1 [pid 15929] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 15929] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15929] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15930] <... futex resumed>) = 0 [pid 15930] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 15930] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15929] <... futex resumed>) = 0 [pid 15929] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15929] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15930] <... futex resumed>) = 1 [pid 15930] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 15930] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15929] <... futex resumed>) = 0 [pid 15929] close(3) = 0 [pid 15929] close(4) = 0 [pid 15929] close(5) = 0 [pid 15929] close(6) = -1 EBADF (Bad file descriptor) [pid 15929] close(7) = -1 EBADF (Bad file descriptor) [pid 15929] close(8) = -1 EBADF (Bad file descriptor) [pid 15929] close(9) = -1 EBADF (Bad file descriptor) [pid 15929] close(10) = -1 EBADF (Bad file descriptor) [pid 15929] close(11) = -1 EBADF (Bad file descriptor) [pid 15929] close(12) = -1 EBADF (Bad file descriptor) [pid 15929] close(13) = -1 EBADF (Bad file descriptor) [pid 15929] close(14) = -1 EBADF (Bad file descriptor) [pid 15929] close(15) = -1 EBADF (Bad file descriptor) [pid 15929] close(16) = -1 EBADF (Bad file descriptor) [pid 15929] close(17) = -1 EBADF (Bad file descriptor) [pid 15929] close(18) = -1 EBADF (Bad file descriptor) [pid 15929] close(19) = -1 EBADF (Bad file descriptor) [pid 15929] close(20) = -1 EBADF (Bad file descriptor) [pid 15929] close(21) = -1 EBADF (Bad file descriptor) [pid 15929] close(22) = -1 EBADF (Bad file descriptor) [pid 15929] close(23) = -1 EBADF (Bad file descriptor) [pid 15929] close(24) = -1 EBADF (Bad file descriptor) [pid 15929] close(25) = -1 EBADF (Bad file descriptor) [pid 15929] close(26) = -1 EBADF (Bad file descriptor) [pid 15929] close(27) = -1 EBADF (Bad file descriptor) [pid 15929] close(28) = -1 EBADF (Bad file descriptor) [pid 15929] close(29) = -1 EBADF (Bad file descriptor) [pid 15929] exit_group(0 [pid 15933] <... futex resumed>) = ? [pid 15929] <... exit_group resumed>) = ? [pid 15933] +++ exited with 0 +++ [pid 15934] <... futex resumed>) = ? [pid 15934] +++ exited with 0 +++ [pid 15930] <... futex resumed>) = ? [pid 15930] +++ exited with 0 +++ [pid 15929] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10068, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2638", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2638", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2638/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2638/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2638/binderfs") = 0 [ 317.065227][T15930] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2638/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2638/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2638/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2638/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2638/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2638/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2638") = 0 [pid 289] mkdir("./2639", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10072 ./strace-static-x86_64: Process 15935 attached [pid 15935] set_robust_list(0x555556f746a0, 24) = 0 [pid 15935] chdir("./2639") = 0 [pid 15935] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15935] setpgid(0, 0) = 0 [pid 15935] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15935] write(3, "1000", 4) = 4 [pid 15935] close(3) = 0 [pid 15935] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15935] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15935] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15935] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15935] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15935] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15935] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15935] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10073]}, 88) = 10073 [pid 15935] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15935] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15935] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15936 attached [pid 15936] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15936] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15936] memfd_create("syzkaller", 0) = 3 [pid 15936] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15936] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15936] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15936] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15936] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15936] close(3) = 0 [pid 15936] mkdir("./file1", 0777) = 0 [pid 15936] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15936] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15936] chdir("./file1") = 0 [pid 15936] ioctl(4, LOOP_CLR_FD) = 0 [pid 15936] close(4) = 0 [pid 15936] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15935] <... futex resumed>) = 0 [pid 15935] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15935] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15936] <... futex resumed>) = 1 [pid 15936] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15936] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15935] <... futex resumed>) = 0 [pid 15935] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15935] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15935] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15935] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15935] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15935] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[10074]}, 88) = 10074 [pid 15935] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15935] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15935] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15935] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 15935] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15935] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15935] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[10075]}, 88) = 10075 [pid 15935] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15935] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15935] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15936] <... futex resumed>) = 1 [pid 15936] memfd_create("syzkaller", 0) = 4 [pid 15936] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15936] close(4) = 0 [pid 15936] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15936] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 15939 attached [pid 15939] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 15939] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15939] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0) = 0 [pid 15939] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15939] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 15940 attached [pid 15940] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 15940] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15940] memfd_create("syzkaller", 0) = 4 [pid 15940] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15940] close(4) = 0 [pid 15940] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15935] <... futex resumed>) = 0 [pid 15935] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15936] <... futex resumed>) = 0 [pid 15935] <... futex resumed>) = 1 [pid 15936] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 15935] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15940] <... futex resumed>) = 1 [pid 15940] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15936] <... open resumed>) = 4 [pid 15936] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15935] <... futex resumed>) = 0 [pid 15936] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15935] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15935] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15936] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15936] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 15936] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15935] <... futex resumed>) = 0 [pid 15936] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 15935] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15936] <... open resumed>) = 5 [pid 15935] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15936] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15935] <... futex resumed>) = 0 [pid 15935] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15936] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 15935] <... futex resumed>) = 0 [pid 15935] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15936] <... write resumed>) = 262144 [pid 15936] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15935] <... futex resumed>) = 0 [pid 15935] close(3) = 0 [pid 15935] close(4) = 0 [pid 15935] close(5 [pid 15936] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15935] <... close resumed>) = 0 [pid 15935] close(6) = -1 EBADF (Bad file descriptor) [pid 15935] close(7) = -1 EBADF (Bad file descriptor) [pid 15935] close(8) = -1 EBADF (Bad file descriptor) [pid 15935] close(9) = -1 EBADF (Bad file descriptor) [pid 15935] close(10) = -1 EBADF (Bad file descriptor) [pid 15935] close(11) = -1 EBADF (Bad file descriptor) [pid 15935] close(12) = -1 EBADF (Bad file descriptor) [pid 15935] close(13) = -1 EBADF (Bad file descriptor) [pid 15935] close(14) = -1 EBADF (Bad file descriptor) [pid 15935] close(15) = -1 EBADF (Bad file descriptor) [pid 15935] close(16) = -1 EBADF (Bad file descriptor) [pid 15935] close(17) = -1 EBADF (Bad file descriptor) [pid 15935] close(18) = -1 EBADF (Bad file descriptor) [pid 15935] close(19) = -1 EBADF (Bad file descriptor) [pid 15935] close(20) = -1 EBADF (Bad file descriptor) [pid 15935] close(21) = -1 EBADF (Bad file descriptor) [pid 15935] close(22) = -1 EBADF (Bad file descriptor) [pid 15935] close(23) = -1 EBADF (Bad file descriptor) [pid 15935] close(24) = -1 EBADF (Bad file descriptor) [pid 15935] close(25) = -1 EBADF (Bad file descriptor) [pid 15935] close(26) = -1 EBADF (Bad file descriptor) [pid 15935] close(27) = -1 EBADF (Bad file descriptor) [pid 15935] close(28) = -1 EBADF (Bad file descriptor) [pid 15935] close(29) = -1 EBADF (Bad file descriptor) [pid 15935] exit_group(0) = ? [pid 15939] <... futex resumed>) = ? [pid 15940] <... futex resumed>) = ? [pid 15940] +++ exited with 0 +++ [pid 15939] +++ exited with 0 +++ [pid 15936] <... futex resumed>) = ? [pid 15936] +++ exited with 0 +++ [pid 15935] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10072, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2639", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2639", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2639/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2639/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2639/binderfs") = 0 [ 317.149041][T15936] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2639/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2639/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2639/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2639/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2639/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2639/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2639") = 0 [pid 289] mkdir("./2640", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10076 ./strace-static-x86_64: Process 15941 attached [pid 15941] set_robust_list(0x555556f746a0, 24) = 0 [pid 15941] chdir("./2640") = 0 [pid 15941] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15941] setpgid(0, 0) = 0 [pid 15941] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15941] write(3, "1000", 4) = 4 [pid 15941] close(3) = 0 [pid 15941] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15941] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15941] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15941] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15941] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15941] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15941] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15941] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10077]}, 88) = 10077 [pid 15941] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15941] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15941] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15942 attached [pid 15942] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15942] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15942] memfd_create("syzkaller", 0) = 3 [pid 15942] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15942] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15942] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15942] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15942] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15942] close(3) = 0 [pid 15942] mkdir("./file1", 0777) = 0 [pid 15942] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15942] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15942] chdir("./file1") = 0 [pid 15942] ioctl(4, LOOP_CLR_FD) = 0 [pid 15942] close(4) = 0 [pid 15942] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15941] <... futex resumed>) = 0 [pid 15941] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15941] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15942] <... futex resumed>) = 1 [pid 15942] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15942] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15941] <... futex resumed>) = 0 [pid 15941] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15941] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15941] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15941] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15941] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15941] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[10078]}, 88) = 10078 [pid 15941] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15941] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15941] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15941] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 15941] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15941] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15941] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[10079]}, 88) = 10079 [pid 15941] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15941] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15941] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15942] <... futex resumed>) = 1 [pid 15942] memfd_create("syzkaller", 0) = 4 [pid 15942] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15942] close(4) = 0 [pid 15942] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15942] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 15945 attached [pid 15945] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 15945] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 15946 attached NULL, 8) = 0 [pid 15946] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 15946] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15946] memfd_create("syzkaller", 0) = 4 [pid 15946] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15946] close(4) = 0 [pid 15946] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15941] <... futex resumed>) = 0 [pid 15941] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15941] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15942] <... futex resumed>) = 0 [pid 15942] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 15946] <... futex resumed>) = 1 [pid 15945] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 15942] <... open resumed>) = 4 [pid 15946] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15942] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15945] <... setxattr resumed>) = 0 [pid 15941] <... futex resumed>) = 0 [pid 15941] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15941] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15942] <... futex resumed>) = 1 [pid 15942] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 15942] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15941] <... futex resumed>) = 0 [pid 15941] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15941] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15942] <... futex resumed>) = 1 [pid 15942] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 15942] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15941] <... futex resumed>) = 0 [pid 15941] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15941] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15942] <... futex resumed>) = 1 [pid 15942] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 15945] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15945] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15942] <... write resumed>) = 262144 [pid 15942] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15941] <... futex resumed>) = 0 [pid 15941] close(3) = 0 [pid 15941] close(4) = 0 [pid 15941] close(5 [pid 15942] <... futex resumed>) = 1 [pid 15941] <... close resumed>) = 0 [pid 15941] close(6) = -1 EBADF (Bad file descriptor) [pid 15941] close(7) = -1 EBADF (Bad file descriptor) [pid 15941] close(8) = -1 EBADF (Bad file descriptor) [pid 15941] close(9) = -1 EBADF (Bad file descriptor) [pid 15941] close(10) = -1 EBADF (Bad file descriptor) [pid 15941] close(11) = -1 EBADF (Bad file descriptor) [pid 15941] close(12) = -1 EBADF (Bad file descriptor) [pid 15941] close(13) = -1 EBADF (Bad file descriptor) [pid 15941] close(14) = -1 EBADF (Bad file descriptor) [pid 15941] close(15) = -1 EBADF (Bad file descriptor) [pid 15941] close(16) = -1 EBADF (Bad file descriptor) [pid 15941] close(17) = -1 EBADF (Bad file descriptor) [pid 15941] close(18) = -1 EBADF (Bad file descriptor) [pid 15941] close(19) = -1 EBADF (Bad file descriptor) [pid 15941] close(20) = -1 EBADF (Bad file descriptor) [pid 15941] close(21) = -1 EBADF (Bad file descriptor) [pid 15941] close(22) = -1 EBADF (Bad file descriptor) [pid 15941] close(23) = -1 EBADF (Bad file descriptor) [pid 15941] close(24) = -1 EBADF (Bad file descriptor) [pid 15941] close(25) = -1 EBADF (Bad file descriptor) [pid 15941] close(26) = -1 EBADF (Bad file descriptor) [pid 15941] close(27) = -1 EBADF (Bad file descriptor) [pid 15941] close(28) = -1 EBADF (Bad file descriptor) [pid 15941] close(29) = -1 EBADF (Bad file descriptor) [pid 15941] exit_group(0) = ? [pid 15946] <... futex resumed>) = ? [pid 15946] +++ exited with 0 +++ [pid 15945] <... futex resumed>) = ? [pid 15945] +++ exited with 0 +++ [pid 15942] +++ exited with 0 +++ [pid 15941] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10076, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] umount2("./2640", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2640", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2640/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2640/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2640/binderfs") = 0 [pid 289] umount2("./2640/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2640/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2640/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2640/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2640/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [ 317.259074][T15942] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2640/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2640") = 0 [pid 289] mkdir("./2641", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10080 ./strace-static-x86_64: Process 15947 attached [pid 15947] set_robust_list(0x555556f746a0, 24) = 0 [pid 15947] chdir("./2641") = 0 [pid 15947] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15947] setpgid(0, 0) = 0 [pid 15947] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15947] write(3, "1000", 4) = 4 [pid 15947] close(3) = 0 [pid 15947] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15947] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15947] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15947] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15947] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15947] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15947] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15947] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10081]}, 88) = 10081 [pid 15947] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 15948 attached [pid 15947] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15947] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15948] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15948] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15948] memfd_create("syzkaller", 0) = 3 [pid 15948] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15948] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15948] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15948] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15948] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15948] close(3) = 0 [pid 15948] mkdir("./file1", 0777) = 0 [pid 15948] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15948] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15948] chdir("./file1") = 0 [pid 15948] ioctl(4, LOOP_CLR_FD) = 0 [pid 15948] close(4) = 0 [pid 15948] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15948] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15947] <... futex resumed>) = 0 [pid 15947] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15947] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15948] <... futex resumed>) = 0 [pid 15948] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15948] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15947] <... futex resumed>) = 0 [pid 15947] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15947] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15947] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15947] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15947] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15947] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[10082]}, 88) = 10082 [pid 15947] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15947] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15947] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15947] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 15947] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15947] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15947] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[10083]}, 88) = 10083 [pid 15947] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15947] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15947] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15948] <... futex resumed>) = 1 [pid 15948] memfd_create("syzkaller", 0) = 4 [pid 15948] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15948] close(4) = 0 [pid 15948] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15948] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 15951 attached [pid 15951] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 15951] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15951] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0./strace-static-x86_64: Process 15952 attached [pid 15952] set_robust_list(0x7fbc5ef0b9a0, 24 [pid 15951] <... setxattr resumed>) = 0 [pid 15951] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15951] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15952] <... set_robust_list resumed>) = 0 [pid 15952] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15952] memfd_create("syzkaller", 0) = 4 [pid 15952] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15952] close(4) = 0 [pid 15952] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15947] <... futex resumed>) = 0 [pid 15947] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15947] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15948] <... futex resumed>) = 0 [pid 15948] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 15948] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15947] <... futex resumed>) = 0 [pid 15947] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15947] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15948] <... futex resumed>) = 1 [pid 15948] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 15948] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15947] <... futex resumed>) = 0 [pid 15947] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15947] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15948] <... futex resumed>) = 1 [pid 15948] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 15948] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15947] <... futex resumed>) = 0 [pid 15947] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15947] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15948] <... futex resumed>) = 1 [pid 15948] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 15952] <... futex resumed>) = 1 [pid 15952] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15948] <... write resumed>) = 262144 [pid 15948] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15947] <... futex resumed>) = 0 [pid 15948] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15947] close(3) = 0 [pid 15947] close(4) = 0 [pid 15947] close(5) = 0 [pid 15947] close(6) = -1 EBADF (Bad file descriptor) [pid 15947] close(7) = -1 EBADF (Bad file descriptor) [pid 15947] close(8) = -1 EBADF (Bad file descriptor) [pid 15947] close(9) = -1 EBADF (Bad file descriptor) [pid 15947] close(10) = -1 EBADF (Bad file descriptor) [pid 15947] close(11) = -1 EBADF (Bad file descriptor) [pid 15947] close(12) = -1 EBADF (Bad file descriptor) [pid 15947] close(13) = -1 EBADF (Bad file descriptor) [pid 15947] close(14) = -1 EBADF (Bad file descriptor) [pid 15947] close(15) = -1 EBADF (Bad file descriptor) [pid 15947] close(16) = -1 EBADF (Bad file descriptor) [pid 15947] close(17) = -1 EBADF (Bad file descriptor) [pid 15947] close(18) = -1 EBADF (Bad file descriptor) [pid 15947] close(19) = -1 EBADF (Bad file descriptor) [pid 15947] close(20) = -1 EBADF (Bad file descriptor) [pid 15947] close(21) = -1 EBADF (Bad file descriptor) [pid 15947] close(22) = -1 EBADF (Bad file descriptor) [pid 15947] close(23) = -1 EBADF (Bad file descriptor) [pid 15947] close(24) = -1 EBADF (Bad file descriptor) [pid 15947] close(25) = -1 EBADF (Bad file descriptor) [pid 15947] close(26) = -1 EBADF (Bad file descriptor) [pid 15947] close(27) = -1 EBADF (Bad file descriptor) [pid 15947] close(28) = -1 EBADF (Bad file descriptor) [pid 15947] close(29) = -1 EBADF (Bad file descriptor) [pid 15947] exit_group(0) = ? [pid 15948] <... futex resumed>) = ? [pid 15948] +++ exited with 0 +++ [pid 15952] <... futex resumed>) = ? [pid 15951] <... futex resumed>) = ? [pid 15951] +++ exited with 0 +++ [pid 15952] +++ exited with 0 +++ [pid 15947] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10080, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2641", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2641", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2641/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2641/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2641/binderfs") = 0 [pid 289] umount2("./2641/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2641/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2641/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2641/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2641/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2641/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2641") = 0 [pid 289] mkdir("./2642", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10084 ./strace-static-x86_64: Process 15953 attached [pid 15953] set_robust_list(0x555556f746a0, 24) = 0 [pid 15953] chdir("./2642") = 0 [pid 15953] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15953] setpgid(0, 0) = 0 [pid 15953] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15953] write(3, "1000", 4) = 4 [pid 15953] close(3) = 0 [pid 15953] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15953] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15953] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15953] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15953] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15953] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15953] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15953] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10085]}, 88) = 10085 [pid 15953] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15953] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15953] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15954 attached [pid 15954] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15954] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15954] memfd_create("syzkaller", 0) = 3 [pid 15954] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15954] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15954] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15954] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15954] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15954] close(3) = 0 [pid 15954] mkdir("./file1", 0777) = 0 [ 317.333763][T15948] EXT4-fs (loop0): 1 truncate cleaned up [pid 15954] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15954] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15954] chdir("./file1") = 0 [pid 15954] ioctl(4, LOOP_CLR_FD) = 0 [pid 15954] close(4) = 0 [pid 15954] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15953] <... futex resumed>) = 0 [pid 15954] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15953] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15954] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15953] <... futex resumed>) = 0 [pid 15954] setxattr("./file1", NULL, NULL, 0, 0 [pid 15953] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15954] <... setxattr resumed>) = -1 EFAULT (Bad address) [pid 15954] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15953] <... futex resumed>) = 0 [pid 15954] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15953] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15954] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15953] <... futex resumed>) = 0 [pid 15954] memfd_create("syzkaller", 0 [pid 15953] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15954] <... memfd_create resumed>) = 4 [pid 15953] <... futex resumed>) = 0 [pid 15954] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 15953] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 15954] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 15953] <... mmap resumed>) = 0x7fbc5ef0c000 [pid 15954] close(4 [pid 15953] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE [pid 15954] <... close resumed>) = 0 [pid 15953] <... mprotect resumed>) = 0 [pid 15954] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15953] rt_sigprocmask(SIG_BLOCK, ~[], [pid 15954] <... futex resumed>) = 0 [pid 15953] <... rt_sigprocmask resumed>[], 8) = 0 [pid 15954] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15953] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[10086]}, 88) = 10086 [pid 15953] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15953] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15953] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15954] <... futex resumed>) = 0 [pid 15953] <... futex resumed>) = 1 [pid 15954] memfd_create("syzkaller", 0 [pid 15953] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15954] <... memfd_create resumed>) = 4 [pid 15954] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15954] close(4) = 0 [pid 15954] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15953] <... futex resumed>) = 0 [pid 15954] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15953] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15954] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15953] <... futex resumed>) = 0 [pid 15954] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 15953] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15954] <... open resumed>) = 4 [pid 15954] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15953] <... futex resumed>) = 0 [pid 15954] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15953] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15954] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15953] <... futex resumed>) = 0 [pid 15954] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 15953] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15954] <... mount resumed>) = 0 [pid 15954] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15953] <... futex resumed>) = 0 [pid 15954] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15953] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15954] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15953] <... futex resumed>) = 0 [pid 15954] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 15953] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15954] <... open resumed>) = 5 [pid 15954] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15953] <... futex resumed>) = 0 [pid 15954] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15953] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15954] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15953] <... futex resumed>) = 0 [pid 15954] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 15953] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 15957 attached [pid 15957] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 15957] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15957] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 15954] <... write resumed>) = 262144 [pid 15954] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15953] <... futex resumed>) = 0 [pid 15954] <... futex resumed>) = 1 [pid 15954] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15957] <... setxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 15957] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15957] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15953] close(3) = 0 [pid 15953] close(4) = 0 [pid 15953] close(5) = 0 [pid 15953] close(6) = -1 EBADF (Bad file descriptor) [pid 15953] close(7) = -1 EBADF (Bad file descriptor) [pid 15953] close(8) = -1 EBADF (Bad file descriptor) [pid 15953] close(9) = -1 EBADF (Bad file descriptor) [pid 15953] close(10) = -1 EBADF (Bad file descriptor) [pid 15953] close(11) = -1 EBADF (Bad file descriptor) [pid 15953] close(12) = -1 EBADF (Bad file descriptor) [pid 15953] close(13) = -1 EBADF (Bad file descriptor) [pid 15953] close(14) = -1 EBADF (Bad file descriptor) [pid 15953] close(15) = -1 EBADF (Bad file descriptor) [pid 15953] close(16) = -1 EBADF (Bad file descriptor) [pid 15953] close(17) = -1 EBADF (Bad file descriptor) [pid 15953] close(18) = -1 EBADF (Bad file descriptor) [pid 15953] close(19) = -1 EBADF (Bad file descriptor) [pid 15953] close(20) = -1 EBADF (Bad file descriptor) [pid 15953] close(21) = -1 EBADF (Bad file descriptor) [pid 15953] close(22) = -1 EBADF (Bad file descriptor) [pid 15953] close(23) = -1 EBADF (Bad file descriptor) [pid 15953] close(24) = -1 EBADF (Bad file descriptor) [pid 15953] close(25) = -1 EBADF (Bad file descriptor) [pid 15953] close(26) = -1 EBADF (Bad file descriptor) [pid 15953] close(27) = -1 EBADF (Bad file descriptor) [pid 15953] close(28) = -1 EBADF (Bad file descriptor) [pid 15953] close(29) = -1 EBADF (Bad file descriptor) [pid 15953] exit_group(0) = ? [pid 15954] <... futex resumed>) = ? [pid 15954] +++ exited with 0 +++ [pid 15957] <... futex resumed>) = ? [pid 15957] +++ exited with 0 +++ [pid 15953] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10084, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] umount2("./2642", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2642", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2642/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2642/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2642/binderfs") = 0 [ 317.388783][T15954] EXT4-fs (loop0): 1 truncate cleaned up [ 317.400473][T15957] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5886: Corrupt filesystem [pid 289] umount2("./2642/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2642/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2642/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2642/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2642/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2642/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2642") = 0 [pid 289] mkdir("./2643", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10087 ./strace-static-x86_64: Process 15959 attached [pid 15959] set_robust_list(0x555556f746a0, 24) = 0 [pid 15959] chdir("./2643") = 0 [pid 15959] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15959] setpgid(0, 0) = 0 [pid 15959] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15959] write(3, "1000", 4) = 4 [pid 15959] close(3) = 0 [pid 15959] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15959] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15959] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15959] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15959] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15959] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15959] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15959] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10088]}, 88) = 10088 [pid 15959] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15959] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15959] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15960 attached [pid 15960] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15960] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15960] memfd_create("syzkaller", 0) = 3 [pid 15960] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15960] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15960] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15960] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15960] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15960] close(3) = 0 [pid 15960] mkdir("./file1", 0777) = 0 [pid 15960] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15960] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15960] chdir("./file1") = 0 [pid 15960] ioctl(4, LOOP_CLR_FD) = 0 [pid 15960] close(4) = 0 [pid 15960] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15959] <... futex resumed>) = 0 [pid 15959] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15959] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15960] <... futex resumed>) = 1 [pid 15960] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15960] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15959] <... futex resumed>) = 0 [pid 15959] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15959] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15959] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15959] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15959] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15959] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[10089]}, 88) = 10089 [pid 15959] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15959] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15959] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15959] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 15959] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15959] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15959] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[10090]}, 88) = 10090 [pid 15959] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15959] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15959] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15960] <... futex resumed>) = 1 [pid 15960] memfd_create("syzkaller", 0) = 4 ./strace-static-x86_64: Process 15964 attached ./strace-static-x86_64: Process 15963 attached [pid 15960] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 15963] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 15963] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15963] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 15964] set_robust_list(0x7fbc5ef0b9a0, 24 [pid 15963] <... setxattr resumed>) = 0 [pid 15960] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 15964] <... set_robust_list resumed>) = 0 [pid 15964] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15964] memfd_create("syzkaller", 0) = 5 [pid 15964] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15964] close(5) = 0 [pid 15964] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15959] <... futex resumed>) = 0 [pid 15964] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 15959] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15959] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15963] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15960] close(4 [pid 15964] <... open resumed>) = 5 [pid 15964] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15959] <... futex resumed>) = 0 [pid 15964] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15963] <... futex resumed>) = 0 [pid 15959] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15963] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 15959] futex(0x7fbc673d96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15960] <... close resumed>) = 0 [pid 15963] <... mount resumed>) = 0 [pid 15960] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15960] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15963] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15959] <... futex resumed>) = 0 [pid 15963] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15959] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15959] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15960] <... futex resumed>) = 0 [pid 15960] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 4 [pid 15960] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15959] <... futex resumed>) = 0 [pid 15960] write(4, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 15959] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15959] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15960] <... write resumed>) = 262144 [pid 15960] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15959] <... futex resumed>) = 0 [pid 15959] close(3) = 0 [pid 15959] close(4) = 0 [pid 15959] close(5) = 0 [pid 15959] close(6) = -1 EBADF (Bad file descriptor) [pid 15959] close(7) = -1 EBADF (Bad file descriptor) [pid 15959] close(8) = -1 EBADF (Bad file descriptor) [pid 15959] close(9) = -1 EBADF (Bad file descriptor) [pid 15959] close(10) = -1 EBADF (Bad file descriptor) [pid 15959] close(11) = -1 EBADF (Bad file descriptor) [pid 15959] close(12) = -1 EBADF (Bad file descriptor) [pid 15959] close(13) = -1 EBADF (Bad file descriptor) [pid 15959] close(14) = -1 EBADF (Bad file descriptor) [pid 15959] close(15) = -1 EBADF (Bad file descriptor) [pid 15959] close(16) = -1 EBADF (Bad file descriptor) [pid 15959] close(17) = -1 EBADF (Bad file descriptor) [pid 15959] close(18) = -1 EBADF (Bad file descriptor) [pid 15959] close(19) = -1 EBADF (Bad file descriptor) [pid 15959] close(20) = -1 EBADF (Bad file descriptor) [pid 15959] close(21) = -1 EBADF (Bad file descriptor) [pid 15959] close(22) = -1 EBADF (Bad file descriptor) [pid 15959] close(23) = -1 EBADF (Bad file descriptor) [pid 15959] close(24) = -1 EBADF (Bad file descriptor) [pid 15959] close(25) = -1 EBADF (Bad file descriptor) [pid 15959] close(26) = -1 EBADF (Bad file descriptor) [pid 15959] close(27) = -1 EBADF (Bad file descriptor) [pid 15959] close(28) = -1 EBADF (Bad file descriptor) [pid 15959] close(29) = -1 EBADF (Bad file descriptor) [pid 15959] exit_group(0 [pid 15963] <... futex resumed>) = ? [pid 15959] <... exit_group resumed>) = ? [pid 15963] +++ exited with 0 +++ [pid 15964] <... futex resumed>) = ? [pid 15964] +++ exited with 0 +++ [pid 15960] <... futex resumed>) = ? [pid 15960] +++ exited with 0 +++ [pid 15959] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10087, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2643", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2643", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2643/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2643/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2643/binderfs") = 0 [ 317.489266][T15960] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2643/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2643/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2643/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2643/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2643/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2643/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2643") = 0 [pid 289] mkdir("./2644", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10091 ./strace-static-x86_64: Process 15965 attached [pid 15965] set_robust_list(0x555556f746a0, 24) = 0 [pid 15965] chdir("./2644") = 0 [pid 15965] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15965] setpgid(0, 0) = 0 [pid 15965] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15965] write(3, "1000", 4) = 4 [pid 15965] close(3) = 0 [pid 15965] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15965] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15965] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15965] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15965] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15965] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15965] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15965] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10092]}, 88) = 10092 [pid 15965] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15965] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15965] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15966 attached [pid 15966] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15966] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15966] memfd_create("syzkaller", 0) = 3 [pid 15966] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15966] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15966] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15966] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15966] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15966] close(3) = 0 [pid 15966] mkdir("./file1", 0777) = 0 [pid 15966] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15966] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15966] chdir("./file1") = 0 [pid 15966] ioctl(4, LOOP_CLR_FD) = 0 [pid 15966] close(4) = 0 [pid 15966] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15965] <... futex resumed>) = 0 [pid 15965] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15965] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15966] <... futex resumed>) = 1 [pid 15966] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15966] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15965] <... futex resumed>) = 0 [pid 15965] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15966] memfd_create("syzkaller", 0 [pid 15965] <... futex resumed>) = 0 [pid 15965] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15965] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 15966] <... memfd_create resumed>) = 4 [pid 15966] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 15965] <... mmap resumed>) = 0x7fbc5ef0c000 [pid 15965] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE [pid 15966] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 15965] <... mprotect resumed>) = 0 [pid 15966] close(4 [pid 15965] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15965] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} [pid 15966] <... close resumed>) = 0 [pid 15966] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15965] <... clone3 resumed> => {parent_tid=[10093]}, 88) = 10093 [pid 15965] rt_sigprocmask(SIG_SETMASK, [], [pid 15966] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 15969 attached [pid 15965] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15965] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15965] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15969] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 15965] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15969] <... set_robust_list resumed>) = 0 [pid 15966] <... futex resumed>) = 0 [pid 15966] memfd_create("syzkaller", 0) = 4 [pid 15966] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15969] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15966] close(4) = 0 [pid 15966] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15965] <... futex resumed>) = 0 [pid 15965] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15965] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15966] <... futex resumed>) = 1 [pid 15969] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 15966] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 15969] <... setxattr resumed>) = 0 [pid 15969] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15966] <... open resumed>) = 4 [pid 15966] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15965] <... futex resumed>) = 0 [pid 15965] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15965] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15966] <... futex resumed>) = 1 [pid 15966] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 15969] <... futex resumed>) = 0 [pid 15966] <... mount resumed>) = 0 [pid 15966] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15965] <... futex resumed>) = 0 [pid 15965] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15969] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15965] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15966] <... futex resumed>) = 1 [pid 15966] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 15966] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15965] <... futex resumed>) = 0 [pid 15965] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15965] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15966] <... futex resumed>) = 1 [pid 15966] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 15966] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15965] <... futex resumed>) = 0 [pid 15965] close(3 [pid 15966] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15965] <... close resumed>) = 0 [pid 15965] close(4) = 0 [pid 15965] close(5) = 0 [pid 15965] close(6) = -1 EBADF (Bad file descriptor) [pid 15965] close(7) = -1 EBADF (Bad file descriptor) [pid 15965] close(8) = -1 EBADF (Bad file descriptor) [pid 15965] close(9) = -1 EBADF (Bad file descriptor) [pid 15965] close(10) = -1 EBADF (Bad file descriptor) [pid 15965] close(11) = -1 EBADF (Bad file descriptor) [pid 15965] close(12) = -1 EBADF (Bad file descriptor) [pid 15965] close(13) = -1 EBADF (Bad file descriptor) [pid 15965] close(14) = -1 EBADF (Bad file descriptor) [pid 15965] close(15) = -1 EBADF (Bad file descriptor) [pid 15965] close(16) = -1 EBADF (Bad file descriptor) [pid 15965] close(17) = -1 EBADF (Bad file descriptor) [pid 15965] close(18) = -1 EBADF (Bad file descriptor) [pid 15965] close(19) = -1 EBADF (Bad file descriptor) [pid 15965] close(20) = -1 EBADF (Bad file descriptor) [pid 15965] close(21) = -1 EBADF (Bad file descriptor) [pid 15965] close(22) = -1 EBADF (Bad file descriptor) [pid 15965] close(23) = -1 EBADF (Bad file descriptor) [pid 15965] close(24) = -1 EBADF (Bad file descriptor) [pid 15965] close(25) = -1 EBADF (Bad file descriptor) [pid 15965] close(26) = -1 EBADF (Bad file descriptor) [pid 15965] close(27) = -1 EBADF (Bad file descriptor) [pid 15965] close(28) = -1 EBADF (Bad file descriptor) [pid 15965] close(29) = -1 EBADF (Bad file descriptor) [pid 15965] exit_group(0) = ? [pid 15969] <... futex resumed>) = ? [pid 15969] +++ exited with 0 +++ [pid 15966] <... futex resumed>) = ? [pid 15966] +++ exited with 0 +++ [pid 15965] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10091, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2644", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2644", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2644/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2644/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2644/binderfs") = 0 [pid 289] umount2("./2644/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2644/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2644/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2644/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2644/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2644/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2644") = 0 [ 317.619172][T15966] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] mkdir("./2645", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10094 ./strace-static-x86_64: Process 15970 attached [pid 15970] set_robust_list(0x555556f746a0, 24) = 0 [pid 15970] chdir("./2645") = 0 [pid 15970] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15970] setpgid(0, 0) = 0 [pid 15970] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15970] write(3, "1000", 4) = 4 [pid 15970] close(3) = 0 [pid 15970] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15970] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15970] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15970] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15970] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15970] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15970] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15970] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10095]}, 88) = 10095 [pid 15970] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15970] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15970] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15971 attached [pid 15971] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15971] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15971] memfd_create("syzkaller", 0) = 3 [pid 15971] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15971] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15971] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15971] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15971] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15971] close(3) = 0 [pid 15971] mkdir("./file1", 0777) = 0 [pid 15971] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15971] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15971] chdir("./file1") = 0 [pid 15971] ioctl(4, LOOP_CLR_FD) = 0 [pid 15971] close(4) = 0 [pid 15971] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15970] <... futex resumed>) = 0 [pid 15970] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15970] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15971] <... futex resumed>) = 1 [pid 15971] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15971] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15970] <... futex resumed>) = 0 [pid 15970] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15970] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15970] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15970] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15970] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15970] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0}./strace-static-x86_64: Process 15974 attached [pid 15974] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 15970] <... clone3 resumed> => {parent_tid=[10096]}, 88) = 10096 [pid 15974] <... set_robust_list resumed>) = 0 [pid 15970] rt_sigprocmask(SIG_SETMASK, [], [pid 15974] rt_sigprocmask(SIG_SETMASK, [], [pid 15970] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15974] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15970] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15974] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 15970] <... futex resumed>) = 0 [pid 15970] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15974] <... setxattr resumed>) = 0 [pid 15970] <... futex resumed>) = 0 [pid 15970] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 15970] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15970] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15970] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} [pid 15974] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15971] <... futex resumed>) = 1 [pid 15971] memfd_create("syzkaller", 0 [pid 15970] <... clone3 resumed> => {parent_tid=[10097]}, 88) = 10097 ./strace-static-x86_64: Process 15975 attached [pid 15974] <... futex resumed>) = 0 [pid 15970] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15970] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15970] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15971] <... memfd_create resumed>) = 4 [pid 15971] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15971] close(4 [pid 15975] set_robust_list(0x7fbc5ef0b9a0, 24 [pid 15974] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15971] <... close resumed>) = 0 [pid 15975] <... set_robust_list resumed>) = 0 [pid 15975] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15975] memfd_create("syzkaller", 0) = 4 [pid 15975] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15975] close(4) = 0 [pid 15975] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15970] <... futex resumed>) = 0 [pid 15970] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15970] futex(0x7fbc673d96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15974] <... futex resumed>) = 0 [pid 15974] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 15971] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15975] <... futex resumed>) = 1 [pid 15971] <... futex resumed>) = 0 [pid 15971] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15974] <... open resumed>) = 4 [pid 15974] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15970] <... futex resumed>) = 0 [pid 15970] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15970] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15971] <... futex resumed>) = 0 [pid 15971] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 15975] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15971] <... mount resumed>) = 0 [pid 15971] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15974] <... futex resumed>) = 1 [pid 15970] <... futex resumed>) = 0 [pid 15970] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15970] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15971] <... futex resumed>) = 1 [pid 15971] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 15971] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15970] <... futex resumed>) = 0 [pid 15970] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15970] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15971] <... futex resumed>) = 1 [pid 15971] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 15974] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15971] <... write resumed>) = 262144 [pid 15971] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15970] <... futex resumed>) = 0 [pid 15970] close(3) = 0 [pid 15970] close(4) = 0 [pid 15970] close(5 [pid 15971] <... futex resumed>) = 1 [pid 15970] <... close resumed>) = 0 [pid 15971] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15970] close(6) = -1 EBADF (Bad file descriptor) [pid 15970] close(7) = -1 EBADF (Bad file descriptor) [pid 15970] close(8) = -1 EBADF (Bad file descriptor) [pid 15970] close(9) = -1 EBADF (Bad file descriptor) [pid 15970] close(10) = -1 EBADF (Bad file descriptor) [pid 15970] close(11) = -1 EBADF (Bad file descriptor) [pid 15970] close(12) = -1 EBADF (Bad file descriptor) [pid 15970] close(13) = -1 EBADF (Bad file descriptor) [pid 15970] close(14) = -1 EBADF (Bad file descriptor) [pid 15970] close(15) = -1 EBADF (Bad file descriptor) [pid 15970] close(16) = -1 EBADF (Bad file descriptor) [pid 15970] close(17) = -1 EBADF (Bad file descriptor) [pid 15970] close(18) = -1 EBADF (Bad file descriptor) [pid 15970] close(19) = -1 EBADF (Bad file descriptor) [pid 15970] close(20) = -1 EBADF (Bad file descriptor) [pid 15970] close(21) = -1 EBADF (Bad file descriptor) [pid 15970] close(22) = -1 EBADF (Bad file descriptor) [pid 15970] close(23) = -1 EBADF (Bad file descriptor) [pid 15970] close(24) = -1 EBADF (Bad file descriptor) [pid 15970] close(25) = -1 EBADF (Bad file descriptor) [pid 15970] close(26) = -1 EBADF (Bad file descriptor) [pid 15970] close(27) = -1 EBADF (Bad file descriptor) [pid 15970] close(28) = -1 EBADF (Bad file descriptor) [pid 15970] close(29) = -1 EBADF (Bad file descriptor) [pid 15970] exit_group(0) = ? [pid 15971] <... futex resumed>) = ? [pid 15971] +++ exited with 0 +++ [pid 15974] <... futex resumed>) = ? [pid 15974] +++ exited with 0 +++ [pid 15975] <... futex resumed>) = ? [pid 15975] +++ exited with 0 +++ [pid 15970] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10094, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 289] umount2("./2645", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2645", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2645/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2645/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2645/binderfs") = 0 [ 317.689410][T15971] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2645/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2645/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2645/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2645/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2645/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2645/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2645") = 0 [pid 289] mkdir("./2646", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10098 ./strace-static-x86_64: Process 15976 attached [pid 15976] set_robust_list(0x555556f746a0, 24) = 0 [pid 15976] chdir("./2646") = 0 [pid 15976] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15976] setpgid(0, 0) = 0 [pid 15976] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15976] write(3, "1000", 4) = 4 [pid 15976] close(3) = 0 [pid 15976] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15976] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15976] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15976] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15976] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15976] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15976] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15976] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10099]}, 88) = 10099 [pid 15976] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15976] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15976] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15977 attached [pid 15977] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15977] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15977] memfd_create("syzkaller", 0) = 3 [pid 15977] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15977] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15977] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15977] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15977] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15977] close(3) = 0 [pid 15977] mkdir("./file1", 0777) = 0 [pid 15977] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15977] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15977] chdir("./file1") = 0 [pid 15977] ioctl(4, LOOP_CLR_FD) = 0 [pid 15977] close(4) = 0 [pid 15977] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15976] <... futex resumed>) = 0 [pid 15976] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15976] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15977] <... futex resumed>) = 1 [pid 15977] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15977] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15976] <... futex resumed>) = 0 [pid 15976] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15976] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15976] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15976] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15976] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15976] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[10100]}, 88) = 10100 [pid 15976] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15976] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15976] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15976] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 15976] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15976] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15976] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[10101]}, 88) = 10101 [pid 15976] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15976] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15976] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15977] <... futex resumed>) = 1 [pid 15977] memfd_create("syzkaller", 0) = 4 [pid 15977] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15977] close(4) = 0 [pid 15977] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15977] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 15980 attached ./strace-static-x86_64: Process 15981 attached [pid 15980] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 15980] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15980] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0) = 0 [pid 15980] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15980] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15981] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 15981] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15981] memfd_create("syzkaller", 0) = 4 [pid 15981] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15981] close(4) = 0 [pid 15981] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15976] <... futex resumed>) = 0 [pid 15976] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15976] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15977] <... futex resumed>) = 0 [pid 15977] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 15977] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15976] <... futex resumed>) = 0 [pid 15976] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15976] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15977] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 15981] <... futex resumed>) = 1 [pid 15981] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15977] <... mount resumed>) = 0 [pid 15977] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15976] <... futex resumed>) = 0 [pid 15976] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15976] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15977] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 15977] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15976] <... futex resumed>) = 0 [pid 15976] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15976] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15977] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 15977] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15976] <... futex resumed>) = 0 [pid 15976] close(3) = 0 [pid 15976] close(4) = 0 [pid 15976] close(5) = 0 [pid 15976] close(6) = -1 EBADF (Bad file descriptor) [pid 15976] close(7) = -1 EBADF (Bad file descriptor) [pid 15976] close(8) = -1 EBADF (Bad file descriptor) [pid 15976] close(9) = -1 EBADF (Bad file descriptor) [pid 15976] close(10) = -1 EBADF (Bad file descriptor) [pid 15976] close(11) = -1 EBADF (Bad file descriptor) [pid 15976] close(12) = -1 EBADF (Bad file descriptor) [pid 15976] close(13) = -1 EBADF (Bad file descriptor) [pid 15976] close(14) = -1 EBADF (Bad file descriptor) [pid 15976] close(15) = -1 EBADF (Bad file descriptor) [pid 15976] close(16) = -1 EBADF (Bad file descriptor) [pid 15976] close(17) = -1 EBADF (Bad file descriptor) [pid 15976] close(18) = -1 EBADF (Bad file descriptor) [pid 15976] close(19) = -1 EBADF (Bad file descriptor) [pid 15976] close(20) = -1 EBADF (Bad file descriptor) [pid 15976] close(21) = -1 EBADF (Bad file descriptor) [pid 15976] close(22) = -1 EBADF (Bad file descriptor) [pid 15976] close(23) = -1 EBADF (Bad file descriptor) [pid 15976] close(24) = -1 EBADF (Bad file descriptor) [pid 15976] close(25) = -1 EBADF (Bad file descriptor) [pid 15976] close(26) = -1 EBADF (Bad file descriptor) [pid 15976] close(27) = -1 EBADF (Bad file descriptor) [pid 15976] close(28) = -1 EBADF (Bad file descriptor) [pid 15976] close(29) = -1 EBADF (Bad file descriptor) [pid 15976] exit_group(0) = ? [pid 15977] <... futex resumed>) = ? [pid 15977] +++ exited with 0 +++ [pid 15980] <... futex resumed>) = ? [pid 15980] +++ exited with 0 +++ [pid 15981] <... futex resumed>) = ? [pid 15981] +++ exited with 0 +++ [pid 15976] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10098, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2646", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2646", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2646/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2646/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2646/binderfs") = 0 [ 317.823036][T15977] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2646/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2646/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2646/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2646/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2646/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2646/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2646") = 0 [pid 289] mkdir("./2647", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10102 ./strace-static-x86_64: Process 15982 attached [pid 15982] set_robust_list(0x555556f746a0, 24) = 0 [pid 15982] chdir("./2647") = 0 [pid 15982] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15982] setpgid(0, 0) = 0 [pid 15982] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15982] write(3, "1000", 4) = 4 [pid 15982] close(3) = 0 [pid 15982] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15982] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15982] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15982] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15982] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15982] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15982] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15982] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0}./strace-static-x86_64: Process 15983 attached [pid 15983] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15983] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15983] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15982] <... clone3 resumed> => {parent_tid=[10103]}, 88) = 10103 [pid 15982] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15982] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15983] <... futex resumed>) = 0 [pid 15983] memfd_create("syzkaller", 0 [pid 15982] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15983] <... memfd_create resumed>) = 3 [pid 15983] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15983] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15983] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15983] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15983] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15983] close(3) = 0 [pid 15983] mkdir("./file1", 0777) = 0 [pid 15983] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15983] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15983] chdir("./file1") = 0 [pid 15983] ioctl(4, LOOP_CLR_FD) = 0 [pid 15983] close(4) = 0 [pid 15983] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15982] <... futex resumed>) = 0 [pid 15982] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15982] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15983] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15983] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15982] <... futex resumed>) = 0 [pid 15982] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15982] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15982] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15982] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15982] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15982] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[10104]}, 88) = 10104 [pid 15982] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15982] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15982] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15982] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 15982] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15982] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15982] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0}./strace-static-x86_64: Process 15986 attached [pid 15986] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 15986] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15986] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 15982] <... clone3 resumed> => {parent_tid=[10105]}, 88) = 10105 [pid 15982] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 15987 attached [pid 15986] <... setxattr resumed>) = 0 [pid 15982] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15987] set_robust_list(0x7fbc5ef0b9a0, 24 [pid 15986] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15982] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15987] <... set_robust_list resumed>) = 0 [pid 15986] <... futex resumed>) = 0 [pid 15982] <... futex resumed>) = 0 [pid 15987] rt_sigprocmask(SIG_SETMASK, [], [pid 15986] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15982] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15987] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15983] <... futex resumed>) = 1 [pid 15987] memfd_create("syzkaller", 0 [pid 15983] memfd_create("syzkaller", 0 [pid 15987] <... memfd_create resumed>) = 4 [pid 15983] <... memfd_create resumed>) = 5 [pid 15987] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 15983] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 15987] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 15983] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 15987] close(4 [pid 15983] close(5 [pid 15987] <... close resumed>) = 0 [pid 15983] <... close resumed>) = 0 [pid 15987] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 15983] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15987] <... futex resumed>) = 1 [pid 15983] <... futex resumed>) = 0 [pid 15982] <... futex resumed>) = 0 [pid 15987] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15983] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15982] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15983] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15982] <... futex resumed>) = 0 [pid 15983] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 15982] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15983] <... open resumed>) = 4 [pid 15983] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15982] <... futex resumed>) = 0 [pid 15982] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15982] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15983] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 15983] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15982] <... futex resumed>) = 0 [pid 15982] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15982] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15983] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 15983] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15982] <... futex resumed>) = 0 [pid 15983] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 15982] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15982] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15983] <... write resumed>) = 262144 [pid 15983] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15982] <... futex resumed>) = 0 [pid 15982] close(3) = 0 [pid 15982] close(4) = 0 [pid 15982] close(5 [pid 15983] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15982] <... close resumed>) = 0 [pid 15982] close(6) = -1 EBADF (Bad file descriptor) [pid 15982] close(7) = -1 EBADF (Bad file descriptor) [pid 15982] close(8) = -1 EBADF (Bad file descriptor) [pid 15982] close(9) = -1 EBADF (Bad file descriptor) [pid 15982] close(10) = -1 EBADF (Bad file descriptor) [pid 15982] close(11) = -1 EBADF (Bad file descriptor) [pid 15982] close(12) = -1 EBADF (Bad file descriptor) [pid 15982] close(13) = -1 EBADF (Bad file descriptor) [pid 15982] close(14) = -1 EBADF (Bad file descriptor) [pid 15982] close(15) = -1 EBADF (Bad file descriptor) [pid 15982] close(16) = -1 EBADF (Bad file descriptor) [pid 15982] close(17) = -1 EBADF (Bad file descriptor) [pid 15982] close(18) = -1 EBADF (Bad file descriptor) [pid 15982] close(19) = -1 EBADF (Bad file descriptor) [pid 15982] close(20) = -1 EBADF (Bad file descriptor) [pid 15982] close(21) = -1 EBADF (Bad file descriptor) [pid 15982] close(22) = -1 EBADF (Bad file descriptor) [pid 15982] close(23) = -1 EBADF (Bad file descriptor) [pid 15982] close(24) = -1 EBADF (Bad file descriptor) [pid 15982] close(25) = -1 EBADF (Bad file descriptor) [pid 15982] close(26) = -1 EBADF (Bad file descriptor) [pid 15982] close(27) = -1 EBADF (Bad file descriptor) [pid 15982] close(28) = -1 EBADF (Bad file descriptor) [pid 15982] close(29) = -1 EBADF (Bad file descriptor) [pid 15982] exit_group(0) = ? [pid 15986] <... futex resumed>) = 231 [pid 15987] <... futex resumed>) = ? [pid 15983] <... futex resumed>) = ? [pid 15986] +++ exited with 0 +++ [pid 15983] +++ exited with 0 +++ [pid 15987] +++ exited with 0 +++ [pid 15982] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10102, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2647", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2647", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2647/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2647/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2647/binderfs") = 0 [ 317.945096][T15983] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2647/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2647/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2647/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2647/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2647/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2647/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2647") = 0 [pid 289] mkdir("./2648", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10106 ./strace-static-x86_64: Process 15988 attached [pid 15988] set_robust_list(0x555556f746a0, 24) = 0 [pid 15988] chdir("./2648") = 0 [pid 15988] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15988] setpgid(0, 0) = 0 [pid 15988] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15988] write(3, "1000", 4) = 4 [pid 15988] close(3) = 0 [pid 15988] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15988] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15988] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15988] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15988] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15988] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15988] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15988] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0}./strace-static-x86_64: Process 15989 attached => {parent_tid=[10107]}, 88) = 10107 [pid 15988] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15988] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15988] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15989] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15989] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15989] memfd_create("syzkaller", 0) = 3 [pid 15989] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15989] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15989] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15989] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15989] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15989] close(3) = 0 [pid 15989] mkdir("./file1", 0777) = 0 [pid 15989] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15989] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15989] chdir("./file1") = 0 [pid 15989] ioctl(4, LOOP_CLR_FD) = 0 [pid 15989] close(4) = 0 [pid 15989] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15988] <... futex resumed>) = 0 [pid 15988] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15988] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15989] <... futex resumed>) = 1 [pid 15989] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 15989] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15988] <... futex resumed>) = 0 [pid 15988] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15988] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15988] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 15988] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15988] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15988] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[10108]}, 88) = 10108 [pid 15988] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15988] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15988] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15988] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 15988] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15988] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15988] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[10109]}, 88) = 10109 [pid 15988] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15988] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 15993 attached ./strace-static-x86_64: Process 15992 attached [pid 15988] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15993] set_robust_list(0x7fbc5ef0b9a0, 24 [pid 15992] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 15993] <... set_robust_list resumed>) = 0 [pid 15992] <... set_robust_list resumed>) = 0 [pid 15992] rt_sigprocmask(SIG_SETMASK, [], [pid 15993] rt_sigprocmask(SIG_SETMASK, [], [pid 15992] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15993] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15992] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 15993] memfd_create("syzkaller", 0 [pid 15992] <... setxattr resumed>) = 0 [pid 15993] <... memfd_create resumed>) = 4 [pid 15992] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15993] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 15992] <... futex resumed>) = 0 [pid 15993] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 15993] close(4 [pid 15992] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15993] <... close resumed>) = 0 [pid 15993] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15988] <... futex resumed>) = 0 [pid 15993] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15988] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15992] <... futex resumed>) = 0 [pid 15989] <... futex resumed>) = 1 [pid 15988] futex(0x7fbc673d96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15992] open("inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 15989] memfd_create("syzkaller", 0) = 5 [pid 15992] <... open resumed>) = 4 [pid 15989] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15992] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15989] close(5 [pid 15992] <... futex resumed>) = 1 [pid 15988] <... futex resumed>) = 0 [pid 15988] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15988] futex(0x7fbc673d96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15992] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 15989] <... close resumed>) = 0 [pid 15992] <... mount resumed>) = -1 ENOENT (No such file or directory) [pid 15989] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15992] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15989] <... futex resumed>) = 0 [pid 15992] <... futex resumed>) = 1 [pid 15989] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15988] <... futex resumed>) = 0 [pid 15988] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15988] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15992] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15989] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15989] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = -1 ENOENT (No such file or directory) [pid 15989] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15988] <... futex resumed>) = 0 [pid 15988] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15988] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15989] write(-1, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 EBADF (Bad file descriptor) [pid 15989] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15988] <... futex resumed>) = 0 [pid 15988] close(3) = 0 [pid 15988] close(4) = 0 [pid 15988] close(5) = -1 EBADF (Bad file descriptor) [pid 15988] close(6) = -1 EBADF (Bad file descriptor) [pid 15988] close(7) = -1 EBADF (Bad file descriptor) [pid 15988] close(8) = -1 EBADF (Bad file descriptor) [pid 15988] close(9) = -1 EBADF (Bad file descriptor) [pid 15988] close(10) = -1 EBADF (Bad file descriptor) [pid 15988] close(11) = -1 EBADF (Bad file descriptor) [pid 15989] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15988] close(12) = -1 EBADF (Bad file descriptor) [pid 15988] close(13) = -1 EBADF (Bad file descriptor) [pid 15988] close(14) = -1 EBADF (Bad file descriptor) [pid 15988] close(15) = -1 EBADF (Bad file descriptor) [pid 15988] close(16) = -1 EBADF (Bad file descriptor) [pid 15988] close(17) = -1 EBADF (Bad file descriptor) [pid 15988] close(18) = -1 EBADF (Bad file descriptor) [pid 15988] close(19) = -1 EBADF (Bad file descriptor) [pid 15988] close(20) = -1 EBADF (Bad file descriptor) [pid 15988] close(21) = -1 EBADF (Bad file descriptor) [pid 15988] close(22) = -1 EBADF (Bad file descriptor) [pid 15988] close(23) = -1 EBADF (Bad file descriptor) [pid 15988] close(24) = -1 EBADF (Bad file descriptor) [pid 15988] close(25) = -1 EBADF (Bad file descriptor) [pid 15988] close(26) = -1 EBADF (Bad file descriptor) [pid 15988] close(27) = -1 EBADF (Bad file descriptor) [pid 15988] close(28) = -1 EBADF (Bad file descriptor) [pid 15988] close(29) = -1 EBADF (Bad file descriptor) [pid 15988] exit_group(0) = ? [pid 15992] <... futex resumed>) = ? [pid 15989] <... futex resumed>) = ? [pid 15989] +++ exited with 0 +++ [pid 15992] +++ exited with 0 +++ [pid 15993] <... futex resumed>) = ? [pid 15993] +++ exited with 0 +++ [pid 15988] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10106, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 289] umount2("./2648", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2648", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2648/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2648/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2648/binderfs") = 0 [ 318.064519][T15989] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2648/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2648/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2648/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2648/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2648/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2648/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2648") = 0 [pid 289] mkdir("./2649", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10110 ./strace-static-x86_64: Process 15994 attached [pid 15994] set_robust_list(0x555556f746a0, 24) = 0 [pid 15994] chdir("./2649") = 0 [pid 15994] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15994] setpgid(0, 0) = 0 [pid 15994] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15994] write(3, "1000", 4) = 4 [pid 15994] close(3) = 0 [pid 15994] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15994] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15994] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15994] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15994] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15994] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15994] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15994] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10111]}, 88) = 10111 [pid 15994] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15994] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15994] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 15995 attached [pid 15995] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 15995] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15995] memfd_create("syzkaller", 0) = 3 [pid 15995] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 15995] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 15995] munmap(0x7fbc5eeed000, 262144) = 0 [pid 15995] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 15995] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 15995] close(3) = 0 [pid 15995] mkdir("./file1", 0777) = 0 [pid 15995] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 15995] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 15995] chdir("./file1") = 0 [pid 15995] ioctl(4, LOOP_CLR_FD) = 0 [pid 15995] close(4) = 0 [pid 15995] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15995] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15994] <... futex resumed>) = 0 [pid 15994] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15995] <... futex resumed>) = 0 [pid 15994] <... futex resumed>) = 1 [pid 15995] setxattr("./file1", NULL, NULL, 0, 0 [pid 15994] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15995] <... setxattr resumed>) = -1 EFAULT (Bad address) [pid 15995] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15994] <... futex resumed>) = 0 [pid 15995] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15994] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15995] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15994] <... futex resumed>) = 0 [pid 15995] memfd_create("syzkaller", 0 [pid 15994] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15995] <... memfd_create resumed>) = 4 [pid 15994] <... futex resumed>) = 0 [pid 15995] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 15994] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 15995] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 15994] <... mmap resumed>) = 0x7fbc5ef0c000 [pid 15995] close(4 [pid 15994] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE [pid 15995] <... close resumed>) = 0 [pid 15994] <... mprotect resumed>) = 0 [pid 15995] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15994] rt_sigprocmask(SIG_BLOCK, ~[], [pid 15995] <... futex resumed>) = 0 [pid 15994] <... rt_sigprocmask resumed>[], 8) = 0 [pid 15995] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15994] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0}./strace-static-x86_64: Process 15998 attached => {parent_tid=[10112]}, 88) = 10112 [pid 15994] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15994] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15994] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15995] <... futex resumed>) = 0 [pid 15994] <... futex resumed>) = 1 [pid 15995] memfd_create("syzkaller", 0 [pid 15994] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 15995] <... memfd_create resumed>) = 4 [pid 15995] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 15995] close(4 [pid 15998] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 15995] <... close resumed>) = 0 [pid 15995] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15994] <... futex resumed>) = 0 [pid 15995] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15994] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15995] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15994] <... futex resumed>) = 0 [pid 15995] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 15994] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15998] <... set_robust_list resumed>) = 0 [pid 15995] <... open resumed>) = 4 [pid 15995] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15994] <... futex resumed>) = 0 [pid 15995] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15994] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15995] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15994] <... futex resumed>) = 0 [pid 15995] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 15994] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15995] <... mount resumed>) = 0 [pid 15995] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15994] <... futex resumed>) = 0 [pid 15998] rt_sigprocmask(SIG_SETMASK, [], [pid 15995] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15994] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15995] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15994] <... futex resumed>) = 0 [pid 15995] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 15994] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15995] <... open resumed>) = 5 [pid 15998] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 15995] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15994] <... futex resumed>) = 0 [pid 15995] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15994] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 15995] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 15994] <... futex resumed>) = 0 [pid 15995] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 15994] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 15998] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 15995] <... write resumed>) = 262144 [pid 15995] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15994] <... futex resumed>) = 0 [pid 15995] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15998] <... setxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 15998] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15998] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15994] close(3) = 0 [pid 15994] close(4) = 0 [pid 15994] close(5) = 0 [pid 15994] close(6) = -1 EBADF (Bad file descriptor) [pid 15994] close(7) = -1 EBADF (Bad file descriptor) [pid 15994] close(8) = -1 EBADF (Bad file descriptor) [pid 15994] close(9) = -1 EBADF (Bad file descriptor) [pid 15994] close(10) = -1 EBADF (Bad file descriptor) [pid 15994] close(11) = -1 EBADF (Bad file descriptor) [pid 15994] close(12) = -1 EBADF (Bad file descriptor) [pid 15994] close(13) = -1 EBADF (Bad file descriptor) [pid 15994] close(14) = -1 EBADF (Bad file descriptor) [pid 15994] close(15) = -1 EBADF (Bad file descriptor) [pid 15994] close(16) = -1 EBADF (Bad file descriptor) [pid 15994] close(17) = -1 EBADF (Bad file descriptor) [pid 15994] close(18) = -1 EBADF (Bad file descriptor) [pid 15994] close(19) = -1 EBADF (Bad file descriptor) [pid 15994] close(20) = -1 EBADF (Bad file descriptor) [pid 15994] close(21) = -1 EBADF (Bad file descriptor) [pid 15994] close(22) = -1 EBADF (Bad file descriptor) [pid 15994] close(23) = -1 EBADF (Bad file descriptor) [pid 15994] close(24) = -1 EBADF (Bad file descriptor) [pid 15994] close(25) = -1 EBADF (Bad file descriptor) [pid 15994] close(26) = -1 EBADF (Bad file descriptor) [pid 15994] close(27) = -1 EBADF (Bad file descriptor) [pid 15994] close(28) = -1 EBADF (Bad file descriptor) [pid 15994] close(29) = -1 EBADF (Bad file descriptor) [pid 15994] exit_group(0 [pid 15995] <... futex resumed>) = ? [pid 15994] <... exit_group resumed>) = ? [pid 15998] <... futex resumed>) = ? [pid 15995] +++ exited with 0 +++ [pid 15998] +++ exited with 0 +++ [pid 15994] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10110, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2649", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2649", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2649/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2649/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2649/binderfs") = 0 [ 318.180160][T15995] EXT4-fs (loop0): 1 truncate cleaned up [ 318.200552][T15998] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5886: Corrupt filesystem [pid 289] umount2("./2649/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2649/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2649/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2649/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2649/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2649/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2649") = 0 [pid 289] mkdir("./2650", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10113 ./strace-static-x86_64: Process 15999 attached [pid 15999] set_robust_list(0x555556f746a0, 24) = 0 [pid 15999] chdir("./2650") = 0 [pid 15999] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 15999] setpgid(0, 0) = 0 [pid 15999] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 15999] write(3, "1000", 4) = 4 [pid 15999] close(3) = 0 [pid 15999] symlink("/dev/binderfs", "./binderfs") = 0 [pid 15999] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15999] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 15999] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 15999] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 15999] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 15999] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 15999] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10114]}, 88) = 10114 [pid 15999] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15999] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15999] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 16000 attached [pid 16000] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 16000] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16000] memfd_create("syzkaller", 0) = 3 [pid 16000] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 16000] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16000] munmap(0x7fbc5eeed000, 262144) = 0 [pid 16000] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16000] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16000] close(3) = 0 [pid 16000] mkdir("./file1", 0777) = 0 [pid 16000] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16000] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16000] chdir("./file1") = 0 [pid 16000] ioctl(4, LOOP_CLR_FD) = 0 [pid 16000] close(4) = 0 [pid 16000] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15999] <... futex resumed>) = 0 [pid 16000] setxattr("./file1", NULL, NULL, 0, 0 [pid 15999] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15999] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16000] <... setxattr resumed>) = -1 EFAULT (Bad address) [pid 16000] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15999] <... futex resumed>) = 0 [pid 15999] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16000] memfd_create("syzkaller", 0 [pid 15999] <... futex resumed>) = 0 [pid 15999] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16000] <... memfd_create resumed>) = 4 [pid 15999] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 16000] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 15999] <... mmap resumed>) = 0x7fbc5ef0c000 [pid 15999] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE [pid 16000] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 15999] <... mprotect resumed>) = 0 [pid 16000] close(4 [pid 15999] rt_sigprocmask(SIG_BLOCK, ~[], [pid 16000] <... close resumed>) = 0 [pid 16000] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 15999] <... rt_sigprocmask resumed>[], 8) = 0 [pid 15999] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} [pid 16000] <... futex resumed>) = 0 ./strace-static-x86_64: Process 16003 attached [pid 16000] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16003] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 16003] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16003] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15999] <... clone3 resumed> => {parent_tid=[10115]}, 88) = 10115 [pid 15999] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 15999] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16003] <... futex resumed>) = 0 [pid 15999] <... futex resumed>) = 1 [pid 15999] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15999] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16003] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 16000] <... futex resumed>) = 0 [pid 16000] memfd_create("syzkaller", 0 [pid 16003] <... setxattr resumed>) = 0 [pid 16000] <... memfd_create resumed>) = 4 [pid 16003] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16003] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16000] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16000] close(4) = 0 [pid 16000] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15999] <... futex resumed>) = 0 [pid 15999] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15999] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16000] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 16000] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15999] <... futex resumed>) = 0 [pid 15999] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15999] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16000] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 16000] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15999] <... futex resumed>) = 0 [pid 15999] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15999] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16000] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 16000] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15999] <... futex resumed>) = 0 [pid 15999] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 15999] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16000] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 16000] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 15999] <... futex resumed>) = 0 [pid 16000] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 15999] close(3) = 0 [pid 15999] close(4) = 0 [pid 15999] close(5) = 0 [pid 15999] close(6) = -1 EBADF (Bad file descriptor) [pid 15999] close(7) = -1 EBADF (Bad file descriptor) [pid 15999] close(8) = -1 EBADF (Bad file descriptor) [pid 15999] close(9) = -1 EBADF (Bad file descriptor) [pid 15999] close(10) = -1 EBADF (Bad file descriptor) [pid 15999] close(11) = -1 EBADF (Bad file descriptor) [pid 15999] close(12) = -1 EBADF (Bad file descriptor) [pid 15999] close(13) = -1 EBADF (Bad file descriptor) [pid 15999] close(14) = -1 EBADF (Bad file descriptor) [pid 15999] close(15) = -1 EBADF (Bad file descriptor) [pid 15999] close(16) = -1 EBADF (Bad file descriptor) [pid 15999] close(17) = -1 EBADF (Bad file descriptor) [pid 15999] close(18) = -1 EBADF (Bad file descriptor) [pid 15999] close(19) = -1 EBADF (Bad file descriptor) [pid 15999] close(20) = -1 EBADF (Bad file descriptor) [pid 15999] close(21) = -1 EBADF (Bad file descriptor) [pid 15999] close(22) = -1 EBADF (Bad file descriptor) [pid 15999] close(23) = -1 EBADF (Bad file descriptor) [pid 15999] close(24) = -1 EBADF (Bad file descriptor) [pid 15999] close(25) = -1 EBADF (Bad file descriptor) [pid 15999] close(26) = -1 EBADF (Bad file descriptor) [pid 15999] close(27) = -1 EBADF (Bad file descriptor) [pid 15999] close(28) = -1 EBADF (Bad file descriptor) [pid 15999] close(29) = -1 EBADF (Bad file descriptor) [pid 15999] exit_group(0) = ? [pid 16000] <... futex resumed>) = ? [pid 16000] +++ exited with 0 +++ [pid 16003] <... futex resumed>) = ? [pid 16003] +++ exited with 0 +++ [pid 15999] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10113, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2650", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2650", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2650/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2650/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2650/binderfs") = 0 [ 318.280648][T16000] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2650/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2650/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2650/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2650/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2650/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2650/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2650") = 0 [pid 289] mkdir("./2651", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10116 ./strace-static-x86_64: Process 16004 attached [pid 16004] set_robust_list(0x555556f746a0, 24) = 0 [pid 16004] chdir("./2651") = 0 [pid 16004] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16004] setpgid(0, 0) = 0 [pid 16004] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16004] write(3, "1000", 4) = 4 [pid 16004] close(3) = 0 [pid 16004] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16004] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16004] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 16004] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 16004] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 16004] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16004] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16004] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10117]}, 88) = 10117 [pid 16004] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16004] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16004] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 16005 attached [pid 16005] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 16005] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16005] memfd_create("syzkaller", 0) = 3 [pid 16005] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 16005] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16005] munmap(0x7fbc5eeed000, 262144) = 0 [pid 16005] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16005] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16005] close(3) = 0 [pid 16005] mkdir("./file1", 0777) = 0 [pid 16005] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16005] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16005] chdir("./file1") = 0 [pid 16005] ioctl(4, LOOP_CLR_FD) = 0 [pid 16005] close(4) = 0 [pid 16005] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16005] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16004] <... futex resumed>) = 0 [pid 16004] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16004] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16005] <... futex resumed>) = 0 [pid 16005] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 16005] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16005] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16004] <... futex resumed>) = 0 [pid 16004] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16004] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16004] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 16004] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16004] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16004] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[10118]}, 88) = 10118 [pid 16004] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 16008 attached [pid 16004] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16008] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 16004] <... futex resumed>) = 0 [pid 16008] <... set_robust_list resumed>) = 0 [pid 16008] rt_sigprocmask(SIG_SETMASK, [], [pid 16004] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 16008] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16004] <... futex resumed>) = 0 [pid 16008] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 16004] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 16004] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16004] rt_sigprocmask(SIG_BLOCK, ~[], [pid 16008] <... setxattr resumed>) = 0 [pid 16005] <... futex resumed>) = 0 [pid 16005] memfd_create("syzkaller", 0) = 4 [pid 16005] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16005] close(4) = 0 [pid 16005] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16005] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16004] <... rt_sigprocmask resumed>[], 8) = 0 [pid 16004] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} [pid 16008] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16004] <... clone3 resumed> => {parent_tid=[10119]}, 88) = 10119 [pid 16004] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16004] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16004] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 16009 attached [pid 16009] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 16009] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16009] memfd_create("syzkaller", 0) = 4 [pid 16009] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16009] close(4) = 0 [pid 16009] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 16004] <... futex resumed>) = 0 [pid 16004] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16005] <... futex resumed>) = 0 [pid 16004] <... futex resumed>) = 1 [pid 16005] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 16004] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16009] <... futex resumed>) = 1 [pid 16005] <... open resumed>) = 4 [pid 16005] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16004] <... futex resumed>) = 0 [pid 16005] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 16004] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16005] <... mount resumed>) = 0 [pid 16004] <... futex resumed>) = 0 [pid 16005] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16004] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16005] <... futex resumed>) = 0 [pid 16004] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 16005] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 16004] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16005] <... open resumed>) = 5 [pid 16004] <... futex resumed>) = 0 [pid 16005] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16004] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16005] <... futex resumed>) = 0 [pid 16004] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 16005] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 16004] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16008] <... futex resumed>) = 0 [pid 16004] <... futex resumed>) = 0 [pid 16004] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16009] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16008] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16005] <... write resumed>) = 262144 [pid 16005] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16004] <... futex resumed>) = 0 [pid 16004] close(3) = 0 [pid 16004] close(4) = 0 [pid 16004] close(5) = 0 [pid 16004] close(6) = -1 EBADF (Bad file descriptor) [pid 16004] close(7) = -1 EBADF (Bad file descriptor) [pid 16004] close(8) = -1 EBADF (Bad file descriptor) [pid 16004] close(9) = -1 EBADF (Bad file descriptor) [pid 16004] close(10) = -1 EBADF (Bad file descriptor) [pid 16004] close(11) = -1 EBADF (Bad file descriptor) [pid 16004] close(12) = -1 EBADF (Bad file descriptor) [pid 16004] close(13) = -1 EBADF (Bad file descriptor) [pid 16004] close(14) = -1 EBADF (Bad file descriptor) [pid 16004] close(15) = -1 EBADF (Bad file descriptor) [pid 16004] close(16) = -1 EBADF (Bad file descriptor) [pid 16004] close(17) = -1 EBADF (Bad file descriptor) [pid 16004] close(18) = -1 EBADF (Bad file descriptor) [pid 16004] close(19) = -1 EBADF (Bad file descriptor) [pid 16004] close(20) = -1 EBADF (Bad file descriptor) [pid 16004] close(21) = -1 EBADF (Bad file descriptor) [pid 16004] close(22) = -1 EBADF (Bad file descriptor) [pid 16004] close(23) = -1 EBADF (Bad file descriptor) [pid 16004] close(24) = -1 EBADF (Bad file descriptor) [pid 16004] close(25) = -1 EBADF (Bad file descriptor) [pid 16004] close(26) = -1 EBADF (Bad file descriptor) [pid 16004] close(27) = -1 EBADF (Bad file descriptor) [pid 16004] close(28) = -1 EBADF (Bad file descriptor) [pid 16004] close(29) = -1 EBADF (Bad file descriptor) [pid 16004] exit_group(0) = ? [pid 16005] <... futex resumed>) = ? [pid 16005] +++ exited with 0 +++ [pid 16009] <... futex resumed>) = ? [pid 16009] +++ exited with 0 +++ [pid 16008] <... futex resumed>) = ? [pid 16008] +++ exited with 0 +++ [pid 16004] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10116, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2651", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2651", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2651/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2651/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2651/binderfs") = 0 [ 318.421890][T16005] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2651/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2651/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2651/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2651/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2651/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2651/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2651") = 0 [pid 289] mkdir("./2652", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10120 ./strace-static-x86_64: Process 16011 attached [pid 16011] set_robust_list(0x555556f746a0, 24) = 0 [pid 16011] chdir("./2652") = 0 [pid 16011] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16011] setpgid(0, 0) = 0 [pid 16011] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16011] write(3, "1000", 4) = 4 [pid 16011] close(3) = 0 [pid 16011] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16011] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16011] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 16011] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 16011] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 16011] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16011] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16011] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10121]}, 88) = 10121 [pid 16011] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16011] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16011] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 16012 attached [pid 16012] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 16012] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16012] memfd_create("syzkaller", 0) = 3 [pid 16012] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 16012] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16012] munmap(0x7fbc5eeed000, 262144) = 0 [pid 16012] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16012] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16012] close(3) = 0 [pid 16012] mkdir("./file1", 0777) = 0 [pid 16012] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16012] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16012] chdir("./file1") = 0 [pid 16012] ioctl(4, LOOP_CLR_FD) = 0 [pid 16012] close(4) = 0 [pid 16012] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16011] <... futex resumed>) = 0 [pid 16011] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16011] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16012] <... futex resumed>) = 1 [pid 16012] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 16012] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16011] <... futex resumed>) = 0 [pid 16011] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16011] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16011] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 16011] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16011] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16011] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0}./strace-static-x86_64: Process 16015 attached => {parent_tid=[10122]}, 88) = 10122 [pid 16011] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16011] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16011] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16011] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 16011] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16011] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16011] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[10123]}, 88) = 10123 [pid 16012] <... futex resumed>) = 1 [pid 16011] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16011] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16011] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 16016 attached [pid 16016] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 16016] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16016] memfd_create("syzkaller", 0) = 4 [pid 16016] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 16012] memfd_create("syzkaller", 0 [pid 16015] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 16016] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 16016] close(4) = 0 [pid 16016] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 16011] <... futex resumed>) = 0 [pid 16011] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16011] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16016] <... futex resumed>) = 1 [pid 16016] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 16012] <... memfd_create resumed>) = 5 [pid 16015] <... set_robust_list resumed>) = 0 [pid 16015] rt_sigprocmask(SIG_SETMASK, [], [pid 16016] <... open resumed>) = 4 [pid 16015] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16015] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 16012] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 16016] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 16011] <... futex resumed>) = 0 [pid 16011] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16011] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16016] <... futex resumed>) = 1 [pid 16016] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 16012] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 16016] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 16011] <... futex resumed>) = 0 [pid 16011] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16011] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16016] <... futex resumed>) = 1 [pid 16016] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 16015] <... setxattr resumed>) = 0 [pid 16015] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16016] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 16015] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16011] <... futex resumed>) = 0 [pid 16011] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16011] futex(0x7fbc673d96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16015] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 16016] <... futex resumed>) = 1 [pid 16015] write(6, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 16016] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16012] close(5) = 0 [pid 16012] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16012] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16015] <... write resumed>) = 262144 [pid 16015] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16011] <... futex resumed>) = 0 [pid 16011] close(3) = 0 [pid 16011] close(4) = 0 [pid 16011] close(5) = -1 EBADF (Bad file descriptor) [pid 16011] close(6) = 0 [pid 16011] close(7) = -1 EBADF (Bad file descriptor) [pid 16011] close(8) = -1 EBADF (Bad file descriptor) [pid 16011] close(9) = -1 EBADF (Bad file descriptor) [pid 16011] close(10) = -1 EBADF (Bad file descriptor) [pid 16011] close(11) = -1 EBADF (Bad file descriptor) [pid 16011] close(12) = -1 EBADF (Bad file descriptor) [pid 16011] close(13) = -1 EBADF (Bad file descriptor) [pid 16011] close(14) = -1 EBADF (Bad file descriptor) [pid 16011] close(15) = -1 EBADF (Bad file descriptor) [pid 16011] close(16) = -1 EBADF (Bad file descriptor) [pid 16011] close(17) = -1 EBADF (Bad file descriptor) [pid 16011] close(18) = -1 EBADF (Bad file descriptor) [pid 16011] close(19) = -1 EBADF (Bad file descriptor) [pid 16011] close(20) = -1 EBADF (Bad file descriptor) [pid 16011] close(21) = -1 EBADF (Bad file descriptor) [pid 16011] close(22) = -1 EBADF (Bad file descriptor) [pid 16011] close(23) = -1 EBADF (Bad file descriptor) [pid 16011] close(24) = -1 EBADF (Bad file descriptor) [pid 16011] close(25) = -1 EBADF (Bad file descriptor) [pid 16011] close(26) = -1 EBADF (Bad file descriptor) [pid 16011] close(27) = -1 EBADF (Bad file descriptor) [pid 16011] close(28) = -1 EBADF (Bad file descriptor) [pid 16011] close(29) = -1 EBADF (Bad file descriptor) [pid 16011] exit_group(0) = ? [pid 16016] <... futex resumed>) = ? [pid 16016] +++ exited with 0 +++ [pid 16015] <... futex resumed>) = ? [pid 16015] +++ exited with 0 +++ [pid 16012] <... futex resumed>) = ? [pid 16012] +++ exited with 0 +++ [pid 16011] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10120, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2652", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2652", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2652/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2652/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2652/binderfs") = 0 [ 318.538206][T16012] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2652/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2652/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2652/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2652/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2652/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2652/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2652") = 0 [pid 289] mkdir("./2653", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10124 ./strace-static-x86_64: Process 16017 attached [pid 16017] set_robust_list(0x555556f746a0, 24) = 0 [pid 16017] chdir("./2653") = 0 [pid 16017] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16017] setpgid(0, 0) = 0 [pid 16017] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16017] write(3, "1000", 4) = 4 [pid 16017] close(3) = 0 [pid 16017] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16017] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16017] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 16017] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 16017] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 16017] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16017] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16017] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10125]}, 88) = 10125 [pid 16017] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16017] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16017] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 16018 attached [pid 16018] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 16018] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16018] memfd_create("syzkaller", 0) = 3 [pid 16018] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 16018] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16018] munmap(0x7fbc5eeed000, 262144) = 0 [pid 16018] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16018] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16018] close(3) = 0 [pid 16018] mkdir("./file1", 0777) = 0 [pid 16018] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16018] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16018] chdir("./file1") = 0 [pid 16018] ioctl(4, LOOP_CLR_FD) = 0 [pid 16018] close(4) = 0 [pid 16018] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16017] <... futex resumed>) = 0 [pid 16017] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16017] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16018] <... futex resumed>) = 1 [pid 16018] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 16018] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16017] <... futex resumed>) = 0 [pid 16017] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16017] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16017] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 16017] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16017] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16017] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[10126]}, 88) = 10126 [pid 16017] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16017] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16017] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16017] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 16017] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16017] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16017] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[10127]}, 88) = 10127 [pid 16017] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16017] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16017] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16018] <... futex resumed>) = 1 [pid 16018] memfd_create("syzkaller", 0) = 4 [pid 16018] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16018] close(4) = 0 [pid 16018] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16018] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 16021 attached [pid 16021] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 16021] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16021] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0./strace-static-x86_64: Process 16022 attached ) = 0 [pid 16022] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 16021] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16022] rt_sigprocmask(SIG_SETMASK, [], [pid 16021] <... futex resumed>) = 0 [pid 16022] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16021] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16022] memfd_create("syzkaller", 0) = 4 [pid 16022] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16022] close(4) = 0 [pid 16022] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 16017] <... futex resumed>) = 0 [pid 16017] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16017] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16018] <... futex resumed>) = 0 [pid 16018] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 16022] <... futex resumed>) = 1 [pid 16018] <... open resumed>) = 4 [pid 16018] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16017] <... futex resumed>) = 0 [pid 16017] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16017] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16018] <... futex resumed>) = 1 [pid 16018] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 16018] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16017] <... futex resumed>) = 0 [pid 16017] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16017] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16018] <... futex resumed>) = 1 [pid 16018] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 16018] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16017] <... futex resumed>) = 0 [pid 16017] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16017] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16018] <... futex resumed>) = 1 [pid 16018] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 16022] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16018] <... write resumed>) = 262144 [pid 16018] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16017] <... futex resumed>) = 0 [pid 16017] close(3) = 0 [pid 16017] close(4) = 0 [pid 16017] close(5) = 0 [pid 16017] close(6) = -1 EBADF (Bad file descriptor) [pid 16017] close(7) = -1 EBADF (Bad file descriptor) [pid 16017] close(8) = -1 EBADF (Bad file descriptor) [pid 16017] close(9) = -1 EBADF (Bad file descriptor) [pid 16017] close(10) = -1 EBADF (Bad file descriptor) [pid 16017] close(11) = -1 EBADF (Bad file descriptor) [pid 16017] close(12) = -1 EBADF (Bad file descriptor) [pid 16017] close(13) = -1 EBADF (Bad file descriptor) [pid 16017] close(14) = -1 EBADF (Bad file descriptor) [pid 16017] close(15) = -1 EBADF (Bad file descriptor) [pid 16017] close(16) = -1 EBADF (Bad file descriptor) [pid 16017] close(17) = -1 EBADF (Bad file descriptor) [pid 16017] close(18) = -1 EBADF (Bad file descriptor) [pid 16017] close(19) = -1 EBADF (Bad file descriptor) [pid 16017] close(20) = -1 EBADF (Bad file descriptor) [pid 16017] close(21) = -1 EBADF (Bad file descriptor) [pid 16017] close(22) = -1 EBADF (Bad file descriptor) [pid 16017] close(23) = -1 EBADF (Bad file descriptor) [pid 16017] close(24) = -1 EBADF (Bad file descriptor) [pid 16017] close(25) = -1 EBADF (Bad file descriptor) [pid 16017] close(26) = -1 EBADF (Bad file descriptor) [pid 16017] close(27) = -1 EBADF (Bad file descriptor) [pid 16017] close(28) = -1 EBADF (Bad file descriptor) [pid 16017] close(29) = -1 EBADF (Bad file descriptor) [pid 16017] exit_group(0) = ? [pid 16022] <... futex resumed>) = ? [pid 16022] +++ exited with 0 +++ [pid 16021] <... futex resumed>) = ? [pid 16021] +++ exited with 0 +++ [pid 16018] <... futex resumed>) = ? [pid 16018] +++ exited with 0 +++ [pid 16017] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10124, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2653", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2653", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2653/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2653/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2653/binderfs") = 0 [ 318.661241][T16018] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2653/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2653/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2653/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2653/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2653/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2653/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2653") = 0 [pid 289] mkdir("./2654", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10128 ./strace-static-x86_64: Process 16023 attached [pid 16023] set_robust_list(0x555556f746a0, 24) = 0 [pid 16023] chdir("./2654") = 0 [pid 16023] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16023] setpgid(0, 0) = 0 [pid 16023] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16023] write(3, "1000", 4) = 4 [pid 16023] close(3) = 0 [pid 16023] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16023] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16023] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 16023] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 16023] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 16023] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16023] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16023] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10129]}, 88) = 10129 [pid 16023] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16023] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16023] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 16024 attached [pid 16024] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 16024] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16024] memfd_create("syzkaller", 0) = 3 [pid 16024] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 16024] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16024] munmap(0x7fbc5eeed000, 262144) = 0 [pid 16024] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16024] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16024] close(3) = 0 [pid 16024] mkdir("./file1", 0777) = 0 [pid 16024] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16024] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16024] chdir("./file1") = 0 [pid 16024] ioctl(4, LOOP_CLR_FD) = 0 [pid 16024] close(4) = 0 [pid 16024] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16023] <... futex resumed>) = 0 [pid 16023] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16023] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16024] <... futex resumed>) = 1 [pid 16024] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 16024] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16023] <... futex resumed>) = 0 [pid 16023] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16023] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16023] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 16023] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16023] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16023] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[10130]}, 88) = 10130 [pid 16023] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16023] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16023] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 16027 attached [pid 16024] <... futex resumed>) = 1 [pid 16023] <... futex resumed>) = 0 [pid 16023] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 16023] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16023] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16023] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[10131]}, 88) = 10131 [pid 16023] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16023] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16023] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16027] set_robust_list(0x7fbc5ef2c9a0, 24./strace-static-x86_64: Process 16028 attached ) = 0 [pid 16024] memfd_create("syzkaller", 0 [pid 16028] set_robust_list(0x7fbc5ef0b9a0, 24 [pid 16027] rt_sigprocmask(SIG_SETMASK, [], [pid 16028] <... set_robust_list resumed>) = 0 [pid 16027] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16028] rt_sigprocmask(SIG_SETMASK, [], [pid 16027] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 16028] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16027] <... setxattr resumed>) = 0 [pid 16028] memfd_create("syzkaller", 0) = 5 [pid 16028] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16028] close(5) = 0 [pid 16028] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16028] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16027] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16027] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16024] <... memfd_create resumed>) = 4 [pid 16024] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16024] close(4) = 0 [pid 16024] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16024] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16023] <... futex resumed>) = 0 [pid 16023] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16023] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16024] <... futex resumed>) = 0 [pid 16024] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 16024] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16023] <... futex resumed>) = 0 [pid 16023] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16023] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16024] <... futex resumed>) = 1 [pid 16024] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 16024] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16023] <... futex resumed>) = 0 [pid 16023] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16023] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16024] <... futex resumed>) = 1 [pid 16024] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 16024] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16023] <... futex resumed>) = 0 [pid 16023] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16023] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16024] <... futex resumed>) = 1 [pid 16024] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 16024] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16023] <... futex resumed>) = 0 [pid 16023] close(3) = 0 [pid 16023] close(4) = 0 [pid 16023] close(5 [pid 16024] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16023] <... close resumed>) = 0 [pid 16023] close(6) = -1 EBADF (Bad file descriptor) [pid 16023] close(7) = -1 EBADF (Bad file descriptor) [pid 16023] close(8) = -1 EBADF (Bad file descriptor) [pid 16023] close(9) = -1 EBADF (Bad file descriptor) [pid 16023] close(10) = -1 EBADF (Bad file descriptor) [pid 16023] close(11) = -1 EBADF (Bad file descriptor) [pid 16023] close(12) = -1 EBADF (Bad file descriptor) [pid 16023] close(13) = -1 EBADF (Bad file descriptor) [pid 16023] close(14) = -1 EBADF (Bad file descriptor) [pid 16023] close(15) = -1 EBADF (Bad file descriptor) [pid 16023] close(16) = -1 EBADF (Bad file descriptor) [pid 16023] close(17) = -1 EBADF (Bad file descriptor) [pid 16023] close(18) = -1 EBADF (Bad file descriptor) [pid 16023] close(19) = -1 EBADF (Bad file descriptor) [pid 16023] close(20) = -1 EBADF (Bad file descriptor) [pid 16023] close(21) = -1 EBADF (Bad file descriptor) [pid 16023] close(22) = -1 EBADF (Bad file descriptor) [pid 16023] close(23) = -1 EBADF (Bad file descriptor) [pid 16023] close(24) = -1 EBADF (Bad file descriptor) [pid 16023] close(25) = -1 EBADF (Bad file descriptor) [pid 16023] close(26) = -1 EBADF (Bad file descriptor) [pid 16023] close(27) = -1 EBADF (Bad file descriptor) [pid 16023] close(28) = -1 EBADF (Bad file descriptor) [pid 16023] close(29) = -1 EBADF (Bad file descriptor) [pid 16023] exit_group(0) = ? [pid 16027] <... futex resumed>) = ? [pid 16027] +++ exited with 0 +++ [pid 16028] <... futex resumed>) = ? [pid 16024] <... futex resumed>) = ? [pid 16028] +++ exited with 0 +++ [pid 16024] +++ exited with 0 +++ [pid 16023] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10128, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2654", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2654", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2654/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2654/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2654/binderfs") = 0 [ 318.738801][T16024] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2654/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2654/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2654/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2654/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2654/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2654/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2654") = 0 [pid 289] mkdir("./2655", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10132 ./strace-static-x86_64: Process 16029 attached [pid 16029] set_robust_list(0x555556f746a0, 24) = 0 [pid 16029] chdir("./2655") = 0 [pid 16029] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16029] setpgid(0, 0) = 0 [pid 16029] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16029] write(3, "1000", 4) = 4 [pid 16029] close(3) = 0 [pid 16029] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16029] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16029] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 16029] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 16029] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 16029] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16029] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16029] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10133]}, 88) = 10133 [pid 16029] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16029] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16029] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 16030 attached [pid 16030] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 16030] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16030] memfd_create("syzkaller", 0) = 3 [pid 16030] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 16030] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16030] munmap(0x7fbc5eeed000, 262144) = 0 [pid 16030] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16030] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16030] close(3) = 0 [pid 16030] mkdir("./file1", 0777) = 0 [pid 16030] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16030] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16030] chdir("./file1") = 0 [pid 16030] ioctl(4, LOOP_CLR_FD) = 0 [pid 16030] close(4) = 0 [pid 16030] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16030] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16029] <... futex resumed>) = 0 [pid 16029] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16030] <... futex resumed>) = 0 [pid 16030] setxattr("./file1", NULL, NULL, 0, 0 [pid 16029] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16030] <... setxattr resumed>) = -1 EFAULT (Bad address) [pid 16030] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16029] <... futex resumed>) = 0 [pid 16030] memfd_create("syzkaller", 0 [pid 16029] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16029] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16030] <... memfd_create resumed>) = 4 [pid 16029] <... futex resumed>) = 0 [pid 16030] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16029] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 16030] close(4 [pid 16029] <... mmap resumed>) = 0x7fbc5ef0c000 [pid 16029] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE [pid 16030] <... close resumed>) = 0 [pid 16029] <... mprotect resumed>) = 0 [pid 16030] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16029] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16029] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[10134]}, 88) = 10134 [pid 16029] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16029] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16029] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16029] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 16033 attached [pid 16030] <... futex resumed>) = 1 [pid 16029] <... futex resumed>) = 0 [pid 16029] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=49000000} [pid 16033] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 16030] memfd_create("syzkaller", 0 [pid 16033] <... set_robust_list resumed>) = 0 [pid 16030] <... memfd_create resumed>) = 4 [pid 16030] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 16033] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16030] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 16030] close(4 [pid 16033] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 16030] <... close resumed>) = 0 [pid 16030] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16029] <... futex resumed>) = 0 [pid 16030] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 16029] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16029] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16033] <... setxattr resumed>) = 0 [pid 16033] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16033] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16030] <... open resumed>) = 4 [pid 16030] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16030] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16029] <... futex resumed>) = 0 [pid 16029] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16029] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16030] <... futex resumed>) = 0 [pid 16030] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 16030] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16029] <... futex resumed>) = 0 [pid 16029] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16029] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16030] <... futex resumed>) = 1 [pid 16030] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 16030] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16029] <... futex resumed>) = 0 [pid 16029] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16029] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16030] <... futex resumed>) = 1 [pid 16030] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 16030] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16029] <... futex resumed>) = 0 [pid 16029] close(3) = 0 [pid 16029] close(4) = 0 [pid 16029] close(5) = 0 [pid 16029] close(6) = -1 EBADF (Bad file descriptor) [pid 16029] close(7) = -1 EBADF (Bad file descriptor) [pid 16029] close(8) = -1 EBADF (Bad file descriptor) [pid 16029] close(9) = -1 EBADF (Bad file descriptor) [pid 16029] close(10) = -1 EBADF (Bad file descriptor) [pid 16029] close(11) = -1 EBADF (Bad file descriptor) [pid 16029] close(12) = -1 EBADF (Bad file descriptor) [pid 16029] close(13) = -1 EBADF (Bad file descriptor) [pid 16029] close(14) = -1 EBADF (Bad file descriptor) [pid 16029] close(15) = -1 EBADF (Bad file descriptor) [pid 16029] close(16) = -1 EBADF (Bad file descriptor) [pid 16029] close(17) = -1 EBADF (Bad file descriptor) [pid 16029] close(18) = -1 EBADF (Bad file descriptor) [pid 16029] close(19) = -1 EBADF (Bad file descriptor) [pid 16029] close(20) = -1 EBADF (Bad file descriptor) [pid 16029] close(21) = -1 EBADF (Bad file descriptor) [pid 16029] close(22) = -1 EBADF (Bad file descriptor) [pid 16029] close(23) = -1 EBADF (Bad file descriptor) [pid 16029] close(24) = -1 EBADF (Bad file descriptor) [pid 16029] close(25) = -1 EBADF (Bad file descriptor) [pid 16029] close(26) = -1 EBADF (Bad file descriptor) [pid 16029] close(27) = -1 EBADF (Bad file descriptor) [pid 16029] close(28) = -1 EBADF (Bad file descriptor) [pid 16029] close(29) = -1 EBADF (Bad file descriptor) [pid 16029] exit_group(0) = ? [pid 16033] <... futex resumed>) = ? [pid 16033] +++ exited with 0 +++ [pid 16030] +++ exited with 0 +++ [pid 16029] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10132, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2655", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2655", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2655/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2655/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2655/binderfs") = 0 [pid 289] umount2("./2655/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2655/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2655/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2655/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2655/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2655/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2655") = 0 [pid 289] mkdir("./2656", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10135 ./strace-static-x86_64: Process 16034 attached [pid 16034] set_robust_list(0x555556f746a0, 24) = 0 [pid 16034] chdir("./2656") = 0 [pid 16034] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16034] setpgid(0, 0) = 0 [pid 16034] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16034] write(3, "1000", 4) = 4 [pid 16034] close(3) = 0 [pid 16034] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16034] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16034] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 16034] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 16034] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 16034] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16034] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16034] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10136]}, 88) = 10136 [pid 16034] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16034] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16034] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 16035 attached [pid 16035] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 16035] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16035] memfd_create("syzkaller", 0) = 3 [pid 16035] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 16035] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16035] munmap(0x7fbc5eeed000, 262144) = 0 [pid 16035] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16035] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16035] close(3) = 0 [pid 16035] mkdir("./file1", 0777) = 0 [ 318.840207][T16030] EXT4-fs (loop0): 1 truncate cleaned up [pid 16035] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16035] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16035] chdir("./file1") = 0 [pid 16035] ioctl(4, LOOP_CLR_FD) = 0 [pid 16035] close(4) = 0 [pid 16035] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16034] <... futex resumed>) = 0 [pid 16034] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16034] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16035] <... futex resumed>) = 1 [pid 16035] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 16035] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16034] <... futex resumed>) = 0 [pid 16034] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16034] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16034] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 16034] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16034] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16034] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[10137]}, 88) = 10137 [pid 16034] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16034] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16034] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16034] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 16034] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16034] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16034] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[10138]}, 88) = 10138 [pid 16034] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16034] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16034] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16035] <... futex resumed>) = 1 [pid 16035] memfd_create("syzkaller", 0) = 4 [pid 16035] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16035] close(4) = 0 [pid 16035] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16035] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 16039 attached [pid 16039] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 16039] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16039] memfd_create("syzkaller", 0) = 4 [pid 16039] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16039] close(4) = 0 [pid 16039] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 16034] <... futex resumed>) = 0 [pid 16034] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16034] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16035] <... futex resumed>) = 0 [pid 16035] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 16039] <... futex resumed>) = 1 [pid 16039] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16035] <... open resumed>) = 4 [pid 16035] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16034] <... futex resumed>) = 0 [pid 16034] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16034] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16035] <... futex resumed>) = 1 [pid 16035] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 16035] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16034] <... futex resumed>) = 0 [pid 16034] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16034] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16035] <... futex resumed>) = 1 [pid 16035] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 16035] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16034] <... futex resumed>) = 0 [pid 16034] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16034] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16035] <... futex resumed>) = 1 [pid 16035] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651./strace-static-x86_64: Process 16038 attached [pid 16038] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 16038] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16038] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 16035] <... write resumed>) = 262144 [pid 16035] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16035] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16034] <... futex resumed>) = 0 [pid 16038] <... setxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 16038] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16034] close(3) = 0 [pid 16034] close(4) = 0 [pid 16034] close(5) = 0 [pid 16034] close(6) = -1 EBADF (Bad file descriptor) [pid 16034] close(7) = -1 EBADF (Bad file descriptor) [pid 16034] close(8) = -1 EBADF (Bad file descriptor) [pid 16034] close(9) = -1 EBADF (Bad file descriptor) [pid 16034] close(10) = -1 EBADF (Bad file descriptor) [pid 16034] close(11) = -1 EBADF (Bad file descriptor) [pid 16034] close(12) = -1 EBADF (Bad file descriptor) [pid 16034] close(13) = -1 EBADF (Bad file descriptor) [pid 16034] close(14) = -1 EBADF (Bad file descriptor) [pid 16034] close(15) = -1 EBADF (Bad file descriptor) [pid 16034] close(16) = -1 EBADF (Bad file descriptor) [pid 16034] close(17) = -1 EBADF (Bad file descriptor) [pid 16034] close(18) = -1 EBADF (Bad file descriptor) [pid 16034] close(19) = -1 EBADF (Bad file descriptor) [pid 16034] close(20) = -1 EBADF (Bad file descriptor) [pid 16034] close(21) = -1 EBADF (Bad file descriptor) [pid 16034] close(22) = -1 EBADF (Bad file descriptor) [pid 16034] close(23) = -1 EBADF (Bad file descriptor) [pid 16034] close(24) = -1 EBADF (Bad file descriptor) [pid 16034] close(25) = -1 EBADF (Bad file descriptor) [pid 16034] close(26) = -1 EBADF (Bad file descriptor) [pid 16034] close(27) = -1 EBADF (Bad file descriptor) [pid 16034] close(28) = -1 EBADF (Bad file descriptor) [pid 16034] close(29) = -1 EBADF (Bad file descriptor) [pid 16034] exit_group(0) = ? [pid 16039] <... futex resumed>) = ? [pid 16039] +++ exited with 0 +++ [pid 16035] <... futex resumed>) = ? [pid 16035] +++ exited with 0 +++ [pid 16038] +++ exited with 0 +++ [pid 16034] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10135, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 289] umount2("./2656", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2656", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2656/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2656/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2656/binderfs") = 0 [pid 289] umount2("./2656/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2656/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2656/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2656/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2656/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2656/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2656") = 0 [pid 289] mkdir("./2657", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10139 ./strace-static-x86_64: Process 16040 attached [pid 16040] set_robust_list(0x555556f746a0, 24) = 0 [pid 16040] chdir("./2657") = 0 [pid 16040] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16040] setpgid(0, 0) = 0 [pid 16040] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16040] write(3, "1000", 4) = 4 [pid 16040] close(3) = 0 [pid 16040] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16040] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16040] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 16040] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 16040] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 16040] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16040] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16040] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0}./strace-static-x86_64: Process 16041 attached => {parent_tid=[10140]}, 88) = 10140 [pid 16040] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16040] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16040] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16041] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 16041] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16041] memfd_create("syzkaller", 0) = 3 [pid 16041] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 16041] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16041] munmap(0x7fbc5eeed000, 262144) = 0 [pid 16041] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16041] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16041] close(3) = 0 [pid 16041] mkdir("./file1", 0777) = 0 [ 318.902397][T16035] EXT4-fs (loop0): 1 truncate cleaned up [ 318.915007][T16038] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5886: Corrupt filesystem [pid 16041] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16041] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16041] chdir("./file1") = 0 [pid 16041] ioctl(4, LOOP_CLR_FD) = 0 [pid 16041] close(4) = 0 [pid 16041] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16041] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16040] <... futex resumed>) = 0 [pid 16040] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16040] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16041] <... futex resumed>) = 0 [pid 16041] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 16041] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16040] <... futex resumed>) = 0 [pid 16040] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16040] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16040] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 16040] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16041] memfd_create("syzkaller", 0 [pid 16040] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16040] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0}./strace-static-x86_64: Process 16044 attached => {parent_tid=[10141]}, 88) = 10141 [pid 16044] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 16040] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16040] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16040] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16040] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 16040] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE [pid 16044] <... set_robust_list resumed>) = 0 [pid 16044] rt_sigprocmask(SIG_SETMASK, [], [pid 16040] <... mprotect resumed>) = 0 [pid 16040] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16040] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} [pid 16044] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16044] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 16040] <... clone3 resumed> => {parent_tid=[10142]}, 88) = 10142 [pid 16040] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16040] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16040] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16041] <... memfd_create resumed>) = 4 [pid 16041] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16041] close(4) = 0 [pid 16041] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16041] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 16045 attached [pid 16045] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 16045] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16045] memfd_create("syzkaller", 0 [pid 16044] <... setxattr resumed>) = 0 [pid 16045] <... memfd_create resumed>) = 4 [pid 16045] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16044] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16045] close(4) = 0 [pid 16044] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16045] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 16040] <... futex resumed>) = 0 [pid 16040] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16040] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16041] <... futex resumed>) = 0 [pid 16041] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 16045] <... futex resumed>) = 1 [pid 16045] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16041] <... open resumed>) = 4 [pid 16041] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16040] <... futex resumed>) = 0 [pid 16041] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16040] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16041] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 16040] <... futex resumed>) = 0 [pid 16041] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 16040] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16041] <... mount resumed>) = 0 [pid 16041] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16040] <... futex resumed>) = 0 [pid 16041] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16040] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16041] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 16040] <... futex resumed>) = 0 [pid 16041] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 16040] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16041] <... open resumed>) = 5 [pid 16041] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16040] <... futex resumed>) = 0 [pid 16041] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16040] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16041] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 16040] <... futex resumed>) = 0 [pid 16041] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 16040] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16041] <... write resumed>) = 262144 [pid 16041] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16040] <... futex resumed>) = 0 [pid 16040] close(3) = 0 [pid 16040] close(4) = 0 [pid 16040] close(5) = 0 [pid 16040] close(6) = -1 EBADF (Bad file descriptor) [pid 16040] close(7) = -1 EBADF (Bad file descriptor) [pid 16040] close(8) = -1 EBADF (Bad file descriptor) [pid 16040] close(9) = -1 EBADF (Bad file descriptor) [pid 16040] close(10) = -1 EBADF (Bad file descriptor) [pid 16040] close(11) = -1 EBADF (Bad file descriptor) [pid 16040] close(12) = -1 EBADF (Bad file descriptor) [pid 16040] close(13) = -1 EBADF (Bad file descriptor) [pid 16040] close(14) = -1 EBADF (Bad file descriptor) [pid 16040] close(15) = -1 EBADF (Bad file descriptor) [pid 16040] close(16) = -1 EBADF (Bad file descriptor) [pid 16040] close(17) = -1 EBADF (Bad file descriptor) [pid 16040] close(18) = -1 EBADF (Bad file descriptor) [pid 16040] close(19) = -1 EBADF (Bad file descriptor) [pid 16040] close(20) = -1 EBADF (Bad file descriptor) [pid 16040] close(21) = -1 EBADF (Bad file descriptor) [pid 16040] close(22) = -1 EBADF (Bad file descriptor) [pid 16040] close(23) = -1 EBADF (Bad file descriptor) [pid 16040] close(24) = -1 EBADF (Bad file descriptor) [pid 16040] close(25) = -1 EBADF (Bad file descriptor) [pid 16040] close(26) = -1 EBADF (Bad file descriptor) [pid 16040] close(27) = -1 EBADF (Bad file descriptor) [pid 16040] close(28) = -1 EBADF (Bad file descriptor) [pid 16040] close(29) = -1 EBADF (Bad file descriptor) [pid 16040] exit_group(0) = ? [pid 16041] <... futex resumed>) = ? [pid 16044] <... futex resumed>) = ? [pid 16044] +++ exited with 0 +++ [pid 16041] +++ exited with 0 +++ [pid 16045] <... futex resumed>) = ? [pid 16045] +++ exited with 0 +++ [pid 16040] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10139, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2657", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2657", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2657/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2657/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2657/binderfs") = 0 [pid 289] umount2("./2657/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2657/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2657/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2657/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2657/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2657/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2657") = 0 [pid 289] mkdir("./2658", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10143 ./strace-static-x86_64: Process 16046 attached [pid 16046] set_robust_list(0x555556f746a0, 24) = 0 [pid 16046] chdir("./2658") = 0 [pid 16046] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16046] setpgid(0, 0) = 0 [pid 16046] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16046] write(3, "1000", 4) = 4 [pid 16046] close(3) = 0 [pid 16046] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16046] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16046] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 16046] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 16046] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 16046] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16046] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16046] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10144]}, 88) = 10144 [pid 16046] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16046] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16046] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 16047 attached [pid 16047] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 16047] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16047] memfd_create("syzkaller", 0) = 3 [pid 16047] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 16047] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16047] munmap(0x7fbc5eeed000, 262144) = 0 [pid 16047] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16047] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16047] close(3) = 0 [pid 16047] mkdir("./file1", 0777) = 0 [ 318.949849][T16041] EXT4-fs (loop0): 1 truncate cleaned up [pid 16047] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16047] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16047] chdir("./file1") = 0 [pid 16047] ioctl(4, LOOP_CLR_FD) = 0 [pid 16047] close(4) = 0 [pid 16047] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16046] <... futex resumed>) = 0 [pid 16046] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16046] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16047] <... futex resumed>) = 1 [pid 16047] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 16047] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16046] <... futex resumed>) = 0 [pid 16046] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16046] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16046] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 16046] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16046] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16047] <... futex resumed>) = 1 [pid 16046] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} [pid 16047] memfd_create("syzkaller", 0) = 4 [pid 16047] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 16046] <... clone3 resumed> => {parent_tid=[10145]}, 88) = 10145 [pid 16047] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 16046] rt_sigprocmask(SIG_SETMASK, [], [pid 16047] close(4 [pid 16046] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16047] <... close resumed>) = 0 [pid 16046] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16047] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16046] <... futex resumed>) = 0 [pid 16047] <... futex resumed>) = 0 [pid 16046] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16047] memfd_create("syzkaller", 0 [pid 16046] <... futex resumed>) = 0 [pid 16047] <... memfd_create resumed>) = 4 [pid 16046] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16047] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16047] close(4) = 0 [pid 16047] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16046] <... futex resumed>) = 0 [pid 16046] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16046] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16047] <... futex resumed>) = 1 [pid 16047] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000./strace-static-x86_64: Process 16050 attached [pid 16050] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 16047] <... open resumed>) = 4 [pid 16047] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16046] <... futex resumed>) = 0 [pid 16046] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16046] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16047] <... futex resumed>) = 1 [pid 16047] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 16047] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16046] <... futex resumed>) = 0 [pid 16046] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16046] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16047] <... futex resumed>) = 1 [pid 16047] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 16047] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16050] <... set_robust_list resumed>) = 0 [pid 16046] <... futex resumed>) = 0 [pid 16046] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16046] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16047] <... futex resumed>) = 1 [pid 16047] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 16050] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16050] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 16047] <... write resumed>) = 262144 [pid 16047] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16046] <... futex resumed>) = 0 [pid 16047] <... futex resumed>) = 1 [pid 16047] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16050] <... setxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 16050] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16050] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16046] close(3) = 0 [pid 16046] close(4) = 0 [pid 16046] close(5) = 0 [pid 16046] close(6) = -1 EBADF (Bad file descriptor) [pid 16046] close(7) = -1 EBADF (Bad file descriptor) [pid 16046] close(8) = -1 EBADF (Bad file descriptor) [pid 16046] close(9) = -1 EBADF (Bad file descriptor) [pid 16046] close(10) = -1 EBADF (Bad file descriptor) [pid 16046] close(11) = -1 EBADF (Bad file descriptor) [pid 16046] close(12) = -1 EBADF (Bad file descriptor) [pid 16046] close(13) = -1 EBADF (Bad file descriptor) [pid 16046] close(14) = -1 EBADF (Bad file descriptor) [pid 16046] close(15) = -1 EBADF (Bad file descriptor) [pid 16046] close(16) = -1 EBADF (Bad file descriptor) [pid 16046] close(17) = -1 EBADF (Bad file descriptor) [pid 16046] close(18) = -1 EBADF (Bad file descriptor) [pid 16046] close(19) = -1 EBADF (Bad file descriptor) [pid 16046] close(20) = -1 EBADF (Bad file descriptor) [pid 16046] close(21) = -1 EBADF (Bad file descriptor) [pid 16046] close(22) = -1 EBADF (Bad file descriptor) [pid 16046] close(23) = -1 EBADF (Bad file descriptor) [pid 16046] close(24) = -1 EBADF (Bad file descriptor) [pid 16046] close(25) = -1 EBADF (Bad file descriptor) [pid 16046] close(26) = -1 EBADF (Bad file descriptor) [pid 16046] close(27) = -1 EBADF (Bad file descriptor) [pid 16046] close(28) = -1 EBADF (Bad file descriptor) [pid 16046] close(29) = -1 EBADF (Bad file descriptor) [pid 16046] exit_group(0) = ? [pid 16047] <... futex resumed>) = ? [pid 16047] +++ exited with 0 +++ [pid 16050] <... futex resumed>) = ? [pid 16050] +++ exited with 0 +++ [pid 16046] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10143, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2658", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2658", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2658/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2658/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2658/binderfs") = 0 [ 318.999266][T16047] EXT4-fs (loop0): 1 truncate cleaned up [ 319.014991][T16050] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5886: Corrupt filesystem [pid 289] umount2("./2658/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2658/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2658/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2658/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2658/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2658/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2658") = 0 [pid 289] mkdir("./2659", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10146 ./strace-static-x86_64: Process 16051 attached [pid 16051] set_robust_list(0x555556f746a0, 24) = 0 [pid 16051] chdir("./2659") = 0 [pid 16051] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16051] setpgid(0, 0) = 0 [pid 16051] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16051] write(3, "1000", 4) = 4 [pid 16051] close(3) = 0 [pid 16051] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16051] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16051] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 16051] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 16051] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 16051] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16051] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16051] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10147]}, 88) = 10147 [pid 16051] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16051] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16051] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 16052 attached [pid 16052] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 16052] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16052] memfd_create("syzkaller", 0) = 3 [pid 16052] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 16052] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16052] munmap(0x7fbc5eeed000, 262144) = 0 [pid 16052] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16052] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16052] close(3) = 0 [pid 16052] mkdir("./file1", 0777) = 0 [pid 16052] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16052] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16052] chdir("./file1") = 0 [pid 16052] ioctl(4, LOOP_CLR_FD) = 0 [pid 16052] close(4) = 0 [pid 16052] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16051] <... futex resumed>) = 0 [pid 16051] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16051] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16052] <... futex resumed>) = 1 [pid 16052] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 16052] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16051] <... futex resumed>) = 0 [pid 16051] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16051] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16051] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 16051] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16051] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16051] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[10148]}, 88) = 10148 [pid 16051] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16051] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16051] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16051] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 16051] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16051] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16051] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[10149]}, 88) = 10149 [pid 16051] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16051] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16051] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16052] <... futex resumed>) = 1 [pid 16052] memfd_create("syzkaller", 0) = 4 [pid 16052] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16052] close(4) = 0 ./strace-static-x86_64: Process 16056 attached ./strace-static-x86_64: Process 16055 attached [pid 16052] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16055] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 16056] set_robust_list(0x7fbc5ef0b9a0, 24 [pid 16055] <... set_robust_list resumed>) = 0 [pid 16052] <... futex resumed>) = 0 [pid 16055] rt_sigprocmask(SIG_SETMASK, [], [pid 16052] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16056] <... set_robust_list resumed>) = 0 [pid 16055] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16056] rt_sigprocmask(SIG_SETMASK, [], [pid 16055] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 16056] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16056] memfd_create("syzkaller", 0) = 4 [pid 16056] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16056] close(4) = 0 [pid 16055] <... setxattr resumed>) = 0 [pid 16056] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 16051] <... futex resumed>) = 0 [pid 16051] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16051] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16052] <... futex resumed>) = 0 [pid 16052] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 16056] <... futex resumed>) = 1 [pid 16056] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16052] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16055] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16051] <... futex resumed>) = 0 [pid 16051] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16051] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16055] <... futex resumed>) = 0 [pid 16052] <... futex resumed>) = 1 [pid 16052] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 16055] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16052] <... mount resumed>) = 0 [pid 16052] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16051] <... futex resumed>) = 0 [pid 16051] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16051] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16052] <... futex resumed>) = 1 [pid 16052] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 16052] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16051] <... futex resumed>) = 0 [pid 16051] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16051] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16052] <... futex resumed>) = 1 [pid 16052] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 16052] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16051] <... futex resumed>) = 0 [pid 16051] close(3) = 0 [pid 16051] close(4) = 0 [pid 16051] close(5) = 0 [pid 16051] close(6) = -1 EBADF (Bad file descriptor) [pid 16051] close(7) = -1 EBADF (Bad file descriptor) [pid 16051] close(8) = -1 EBADF (Bad file descriptor) [pid 16051] close(9) = -1 EBADF (Bad file descriptor) [pid 16051] close(10) = -1 EBADF (Bad file descriptor) [pid 16051] close(11) = -1 EBADF (Bad file descriptor) [pid 16051] close(12) = -1 EBADF (Bad file descriptor) [pid 16051] close(13) = -1 EBADF (Bad file descriptor) [pid 16051] close(14) = -1 EBADF (Bad file descriptor) [pid 16051] close(15) = -1 EBADF (Bad file descriptor) [pid 16051] close(16) = -1 EBADF (Bad file descriptor) [pid 16051] close(17) = -1 EBADF (Bad file descriptor) [pid 16051] close(18) = -1 EBADF (Bad file descriptor) [pid 16051] close(19) = -1 EBADF (Bad file descriptor) [pid 16051] close(20) = -1 EBADF (Bad file descriptor) [pid 16051] close(21) = -1 EBADF (Bad file descriptor) [pid 16051] close(22) = -1 EBADF (Bad file descriptor) [pid 16051] close(23) = -1 EBADF (Bad file descriptor) [pid 16051] close(24) = -1 EBADF (Bad file descriptor) [pid 16051] close(25) = -1 EBADF (Bad file descriptor) [pid 16051] close(26) = -1 EBADF (Bad file descriptor) [pid 16051] close(27) = -1 EBADF (Bad file descriptor) [pid 16051] close(28) = -1 EBADF (Bad file descriptor) [pid 16051] close(29) = -1 EBADF (Bad file descriptor) [pid 16051] exit_group(0) = ? [pid 16056] <... futex resumed>) = ? [pid 16056] +++ exited with 0 +++ [pid 16055] <... futex resumed>) = ? [pid 16055] +++ exited with 0 +++ [pid 16052] <... futex resumed>) = ? [pid 16052] +++ exited with 0 +++ [pid 16051] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10146, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2659", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2659", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2659/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2659/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2659/binderfs") = 0 [ 319.202897][T16052] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2659/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2659/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2659/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2659/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2659/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2659/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2659") = 0 [pid 289] mkdir("./2660", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10150 ./strace-static-x86_64: Process 16057 attached [pid 16057] set_robust_list(0x555556f746a0, 24) = 0 [pid 16057] chdir("./2660") = 0 [pid 16057] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16057] setpgid(0, 0) = 0 [pid 16057] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16057] write(3, "1000", 4) = 4 [pid 16057] close(3) = 0 [pid 16057] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16057] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16057] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 16057] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 16057] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 16057] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16057] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16057] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0}./strace-static-x86_64: Process 16058 attached => {parent_tid=[10151]}, 88) = 10151 [pid 16058] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 16058] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16058] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16057] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16057] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16058] <... futex resumed>) = 0 [pid 16058] memfd_create("syzkaller", 0) = 3 [pid 16058] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 16057] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16058] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16058] munmap(0x7fbc5eeed000, 262144) = 0 [pid 16058] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16058] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16058] close(3) = 0 [pid 16058] mkdir("./file1", 0777) = 0 [pid 16058] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16058] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16058] chdir("./file1") = 0 [pid 16058] ioctl(4, LOOP_CLR_FD) = 0 [pid 16058] close(4) = 0 [pid 16058] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16057] <... futex resumed>) = 0 [pid 16057] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16057] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16058] <... futex resumed>) = 1 [pid 16058] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 16058] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16057] <... futex resumed>) = 0 [pid 16057] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16058] <... futex resumed>) = 1 [pid 16057] <... futex resumed>) = 0 [pid 16057] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16057] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 16057] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16057] rt_sigprocmask(SIG_BLOCK, ~[], [pid 16058] memfd_create("syzkaller", 0 [pid 16057] <... rt_sigprocmask resumed>[], 8) = 0 [pid 16057] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} [pid 16058] <... memfd_create resumed>) = 4 ./strace-static-x86_64: Process 16061 attached [pid 16057] <... clone3 resumed> => {parent_tid=[10152]}, 88) = 10152 [pid 16057] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16057] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16061] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 16058] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 16057] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 16061] <... set_robust_list resumed>) = 0 [pid 16058] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 16057] <... futex resumed>) = 0 [pid 16057] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 16057] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16057] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16057] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} [pid 16061] rt_sigprocmask(SIG_SETMASK, [], [pid 16058] close(4./strace-static-x86_64: Process 16062 attached [pid 16057] <... clone3 resumed> => {parent_tid=[10153]}, 88) = 10153 [pid 16057] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16057] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16057] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16061] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16061] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 16058] <... close resumed>) = 0 [pid 16062] set_robust_list(0x7fbc5ef0b9a0, 24 [pid 16061] <... setxattr resumed>) = 0 [pid 16058] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16061] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16061] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16062] <... set_robust_list resumed>) = 0 [pid 16062] rt_sigprocmask(SIG_SETMASK, [], [pid 16058] <... futex resumed>) = 0 [pid 16062] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16058] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16062] memfd_create("syzkaller", 0) = 4 [pid 16062] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16062] close(4) = 0 [pid 16062] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 16057] <... futex resumed>) = 0 [pid 16057] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16058] <... futex resumed>) = 0 [pid 16057] <... futex resumed>) = 1 [pid 16058] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 16057] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16058] <... open resumed>) = 4 [pid 16058] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16057] <... futex resumed>) = 0 [pid 16058] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16057] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16058] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 16057] <... futex resumed>) = 0 [pid 16058] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 16057] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16058] <... mount resumed>) = 0 [pid 16058] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16057] <... futex resumed>) = 0 [pid 16058] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16057] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16058] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 16057] <... futex resumed>) = 0 [pid 16058] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 16057] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16058] <... open resumed>) = 5 [pid 16058] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16057] <... futex resumed>) = 0 [pid 16058] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16057] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16058] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 16057] <... futex resumed>) = 0 [pid 16058] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 16057] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16062] <... futex resumed>) = 1 [pid 16062] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16058] <... write resumed>) = 262144 [pid 16058] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16057] <... futex resumed>) = 0 [pid 16057] close(3 [pid 16058] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16057] <... close resumed>) = 0 [pid 16057] close(4) = 0 [pid 16057] close(5) = 0 [pid 16057] close(6) = -1 EBADF (Bad file descriptor) [pid 16057] close(7) = -1 EBADF (Bad file descriptor) [pid 16057] close(8) = -1 EBADF (Bad file descriptor) [pid 16057] close(9) = -1 EBADF (Bad file descriptor) [pid 16057] close(10) = -1 EBADF (Bad file descriptor) [pid 16057] close(11) = -1 EBADF (Bad file descriptor) [pid 16057] close(12) = -1 EBADF (Bad file descriptor) [pid 16057] close(13) = -1 EBADF (Bad file descriptor) [pid 16057] close(14) = -1 EBADF (Bad file descriptor) [pid 16057] close(15) = -1 EBADF (Bad file descriptor) [pid 16057] close(16) = -1 EBADF (Bad file descriptor) [pid 16057] close(17) = -1 EBADF (Bad file descriptor) [pid 16057] close(18) = -1 EBADF (Bad file descriptor) [pid 16057] close(19) = -1 EBADF (Bad file descriptor) [pid 16057] close(20) = -1 EBADF (Bad file descriptor) [pid 16057] close(21) = -1 EBADF (Bad file descriptor) [pid 16057] close(22) = -1 EBADF (Bad file descriptor) [pid 16057] close(23) = -1 EBADF (Bad file descriptor) [pid 16057] close(24) = -1 EBADF (Bad file descriptor) [pid 16057] close(25) = -1 EBADF (Bad file descriptor) [pid 16057] close(26) = -1 EBADF (Bad file descriptor) [pid 16057] close(27) = -1 EBADF (Bad file descriptor) [pid 16057] close(28) = -1 EBADF (Bad file descriptor) [pid 16057] close(29) = -1 EBADF (Bad file descriptor) [pid 16057] exit_group(0 [pid 16061] <... futex resumed>) = ? [pid 16058] <... futex resumed>) = ? [pid 16057] <... exit_group resumed>) = ? [pid 16061] +++ exited with 0 +++ [pid 16058] +++ exited with 0 +++ [pid 16062] <... futex resumed>) = ? [pid 16062] +++ exited with 0 +++ [pid 16057] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10150, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 289] umount2("./2660", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2660", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2660/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2660/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2660/binderfs") = 0 [ 319.340940][T16058] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2660/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2660/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2660/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2660/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2660/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2660/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2660") = 0 [pid 289] mkdir("./2661", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10154 ./strace-static-x86_64: Process 16063 attached [pid 16063] set_robust_list(0x555556f746a0, 24) = 0 [pid 16063] chdir("./2661") = 0 [pid 16063] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16063] setpgid(0, 0) = 0 [pid 16063] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16063] write(3, "1000", 4) = 4 [pid 16063] close(3) = 0 [pid 16063] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16063] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16063] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 16063] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 16063] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 16063] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16063] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16063] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0}./strace-static-x86_64: Process 16064 attached => {parent_tid=[10155]}, 88) = 10155 [pid 16063] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16063] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16063] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16064] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 16064] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16064] memfd_create("syzkaller", 0) = 3 [pid 16064] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 16064] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16064] munmap(0x7fbc5eeed000, 262144) = 0 [pid 16064] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16064] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16064] close(3) = 0 [pid 16064] mkdir("./file1", 0777) = 0 [pid 16064] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16064] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16064] chdir("./file1") = 0 [pid 16064] ioctl(4, LOOP_CLR_FD) = 0 [pid 16064] close(4) = 0 [pid 16064] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16064] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16063] <... futex resumed>) = 0 [pid 16063] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16064] <... futex resumed>) = 0 [pid 16063] <... futex resumed>) = 1 [pid 16064] setxattr("./file1", NULL, NULL, 0, 0 [pid 16063] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16064] <... setxattr resumed>) = -1 EFAULT (Bad address) [pid 16064] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16063] <... futex resumed>) = 0 [pid 16064] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16063] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16064] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 16063] <... futex resumed>) = 0 [pid 16063] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16063] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 16064] memfd_create("syzkaller", 0 [pid 16063] <... mmap resumed>) = 0x7fbc5ef0c000 [pid 16064] <... memfd_create resumed>) = 4 [pid 16063] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE [pid 16064] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 16063] <... mprotect resumed>) = 0 [pid 16064] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 16063] rt_sigprocmask(SIG_BLOCK, ~[], [pid 16064] close(4 [pid 16063] <... rt_sigprocmask resumed>[], 8) = 0 [pid 16064] <... close resumed>) = 0 [pid 16063] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} [pid 16064] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16064] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 16067 attached [pid 16063] <... clone3 resumed> => {parent_tid=[10156]}, 88) = 10156 [pid 16067] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 16063] rt_sigprocmask(SIG_SETMASK, [], [pid 16067] <... set_robust_list resumed>) = 0 [pid 16067] rt_sigprocmask(SIG_SETMASK, [], [pid 16063] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16067] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16063] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16067] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 16063] <... futex resumed>) = 0 [pid 16063] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16064] <... futex resumed>) = 0 [pid 16063] <... futex resumed>) = 1 [pid 16063] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16064] memfd_create("syzkaller", 0) = 4 [pid 16064] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 16067] <... setxattr resumed>) = 0 [pid 16067] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16067] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16064] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 16064] close(4) = 0 [pid 16064] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16063] <... futex resumed>) = 0 [pid 16064] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16063] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16064] <... futex resumed>) = 0 [pid 16063] <... futex resumed>) = 1 [pid 16064] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 16063] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16064] <... open resumed>) = 4 [pid 16064] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16063] <... futex resumed>) = 0 [pid 16064] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 16063] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16064] <... mount resumed>) = 0 [pid 16063] <... futex resumed>) = 0 [pid 16064] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16063] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16064] <... futex resumed>) = 0 [pid 16063] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 16064] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 16063] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16064] <... open resumed>) = 5 [pid 16063] <... futex resumed>) = 0 [pid 16064] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16063] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16064] <... futex resumed>) = 0 [pid 16063] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 16064] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 16063] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16063] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16064] <... write resumed>) = 262144 [pid 16064] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16063] <... futex resumed>) = 0 [pid 16063] close(3) = 0 [pid 16063] close(4) = 0 [pid 16063] close(5 [pid 16064] <... futex resumed>) = 1 [pid 16063] <... close resumed>) = 0 [pid 16063] close(6) = -1 EBADF (Bad file descriptor) [pid 16063] close(7) = -1 EBADF (Bad file descriptor) [pid 16063] close(8) = -1 EBADF (Bad file descriptor) [pid 16063] close(9) = -1 EBADF (Bad file descriptor) [pid 16063] close(10) = -1 EBADF (Bad file descriptor) [pid 16063] close(11) = -1 EBADF (Bad file descriptor) [pid 16063] close(12) = -1 EBADF (Bad file descriptor) [pid 16063] close(13) = -1 EBADF (Bad file descriptor) [pid 16063] close(14) = -1 EBADF (Bad file descriptor) [pid 16063] close(15) = -1 EBADF (Bad file descriptor) [pid 16063] close(16) = -1 EBADF (Bad file descriptor) [pid 16063] close(17) = -1 EBADF (Bad file descriptor) [pid 16063] close(18) = -1 EBADF (Bad file descriptor) [pid 16063] close(19) = -1 EBADF (Bad file descriptor) [pid 16063] close(20) = -1 EBADF (Bad file descriptor) [pid 16063] close(21) = -1 EBADF (Bad file descriptor) [pid 16063] close(22) = -1 EBADF (Bad file descriptor) [pid 16063] close(23) = -1 EBADF (Bad file descriptor) [pid 16063] close(24) = -1 EBADF (Bad file descriptor) [pid 16063] close(25) = -1 EBADF (Bad file descriptor) [pid 16063] close(26) = -1 EBADF (Bad file descriptor) [pid 16063] close(27) = -1 EBADF (Bad file descriptor) [pid 16063] close(28) = -1 EBADF (Bad file descriptor) [pid 16063] close(29) = -1 EBADF (Bad file descriptor) [pid 16063] exit_group(0) = ? [pid 16067] <... futex resumed>) = ? [pid 16067] +++ exited with 0 +++ [pid 16064] +++ exited with 0 +++ [pid 16063] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10154, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] umount2("./2661", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2661", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2661/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2661/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2661/binderfs") = 0 [ 319.425916][T16064] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2661/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2661/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2661/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2661/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2661/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2661/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2661") = 0 [pid 289] mkdir("./2662", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10157 ./strace-static-x86_64: Process 16069 attached [pid 16069] set_robust_list(0x555556f746a0, 24) = 0 [pid 16069] chdir("./2662") = 0 [pid 16069] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16069] setpgid(0, 0) = 0 [pid 16069] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16069] write(3, "1000", 4) = 4 [pid 16069] close(3) = 0 [pid 16069] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16069] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16069] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 16069] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 16069] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 16069] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16069] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16069] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10158]}, 88) = 10158 [pid 16069] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16069] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16069] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 16070 attached [pid 16070] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 16070] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16070] memfd_create("syzkaller", 0) = 3 [pid 16070] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 16070] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16070] munmap(0x7fbc5eeed000, 262144) = 0 [pid 16070] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16070] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16070] close(3) = 0 [pid 16070] mkdir("./file1", 0777) = 0 [pid 16070] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16070] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16070] chdir("./file1") = 0 [pid 16070] ioctl(4, LOOP_CLR_FD) = 0 [pid 16070] close(4) = 0 [pid 16070] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16069] <... futex resumed>) = 0 [pid 16070] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16069] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16070] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 16069] <... futex resumed>) = 0 [pid 16070] setxattr("./file1", NULL, NULL, 0, 0 [pid 16069] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16070] <... setxattr resumed>) = -1 EFAULT (Bad address) [pid 16070] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16069] <... futex resumed>) = 0 [pid 16070] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16069] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16070] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 16069] <... futex resumed>) = 0 [pid 16070] memfd_create("syzkaller", 0 [pid 16069] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16070] <... memfd_create resumed>) = 4 [pid 16069] <... futex resumed>) = 0 [pid 16070] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 16069] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 16070] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 16069] <... mmap resumed>) = 0x7fbc5ef0c000 [pid 16070] close(4 [pid 16069] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE [pid 16070] <... close resumed>) = 0 [pid 16069] <... mprotect resumed>) = 0 [pid 16070] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16069] rt_sigprocmask(SIG_BLOCK, ~[], [pid 16070] <... futex resumed>) = 0 [pid 16069] <... rt_sigprocmask resumed>[], 8) = 0 [pid 16070] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16069] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[10159]}, 88) = 10159 [pid 16069] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16069] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16069] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16070] <... futex resumed>) = 0 [pid 16069] <... futex resumed>) = 1 [pid 16070] memfd_create("syzkaller", 0 [pid 16069] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16070] <... memfd_create resumed>) = 4 [pid 16070] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16070] close(4) = 0 [pid 16070] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16069] <... futex resumed>) = 0 [pid 16070] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16069] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16070] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 16069] <... futex resumed>) = 0 [pid 16070] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 16069] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16070] <... open resumed>) = 4 [pid 16070] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16069] <... futex resumed>) = 0 [pid 16070] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16069] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16070] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 16069] <... futex resumed>) = 0 [pid 16070] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 16069] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16070] <... mount resumed>) = 0 [pid 16070] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16069] <... futex resumed>) = 0 [pid 16070] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16069] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16070] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 16069] <... futex resumed>) = 0 [pid 16070] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 16069] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16070] <... open resumed>) = 5 [pid 16070] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16069] <... futex resumed>) = 0 [pid 16070] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16069] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16070] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 16069] <... futex resumed>) = 0 [pid 16070] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 16069] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 16073 attached [pid 16073] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 16073] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16073] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 16070] <... write resumed>) = 262144 [pid 16070] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16070] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16069] <... futex resumed>) = 0 [pid 16073] <... setxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 16073] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16073] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16069] close(3) = 0 [pid 16069] close(4) = 0 [pid 16069] close(5) = 0 [pid 16069] close(6) = -1 EBADF (Bad file descriptor) [pid 16069] close(7) = -1 EBADF (Bad file descriptor) [pid 16069] close(8) = -1 EBADF (Bad file descriptor) [pid 16069] close(9) = -1 EBADF (Bad file descriptor) [pid 16069] close(10) = -1 EBADF (Bad file descriptor) [pid 16069] close(11) = -1 EBADF (Bad file descriptor) [pid 16069] close(12) = -1 EBADF (Bad file descriptor) [pid 16069] close(13) = -1 EBADF (Bad file descriptor) [pid 16069] close(14) = -1 EBADF (Bad file descriptor) [pid 16069] close(15) = -1 EBADF (Bad file descriptor) [pid 16069] close(16) = -1 EBADF (Bad file descriptor) [pid 16069] close(17) = -1 EBADF (Bad file descriptor) [pid 16069] close(18) = -1 EBADF (Bad file descriptor) [pid 16069] close(19) = -1 EBADF (Bad file descriptor) [pid 16069] close(20) = -1 EBADF (Bad file descriptor) [pid 16069] close(21) = -1 EBADF (Bad file descriptor) [pid 16069] close(22) = -1 EBADF (Bad file descriptor) [pid 16069] close(23) = -1 EBADF (Bad file descriptor) [pid 16069] close(24) = -1 EBADF (Bad file descriptor) [pid 16069] close(25) = -1 EBADF (Bad file descriptor) [pid 16069] close(26) = -1 EBADF (Bad file descriptor) [pid 16069] close(27) = -1 EBADF (Bad file descriptor) [pid 16069] close(28) = -1 EBADF (Bad file descriptor) [pid 16069] close(29) = -1 EBADF (Bad file descriptor) [pid 16069] exit_group(0 [pid 16073] <... futex resumed>) = ? [pid 16070] <... futex resumed>) = ? [pid 16069] <... exit_group resumed>) = ? [pid 16070] +++ exited with 0 +++ [pid 16073] +++ exited with 0 +++ [pid 16069] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10157, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2662", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2662", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2662/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2662/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2662/binderfs") = 0 [ 319.500787][T16070] EXT4-fs (loop0): 1 truncate cleaned up [ 319.515482][T16073] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5886: Corrupt filesystem [pid 289] umount2("./2662/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2662/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2662/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2662/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2662/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2662/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2662") = 0 [pid 289] mkdir("./2663", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10160 ./strace-static-x86_64: Process 16074 attached [pid 16074] set_robust_list(0x555556f746a0, 24) = 0 [pid 16074] chdir("./2663") = 0 [pid 16074] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16074] setpgid(0, 0) = 0 [pid 16074] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16074] write(3, "1000", 4) = 4 [pid 16074] close(3) = 0 [pid 16074] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16074] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16074] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 16074] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 16074] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 16074] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16074] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16074] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10161]}, 88) = 10161 [pid 16074] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16074] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16074] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 16075 attached [pid 16075] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 16075] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16075] memfd_create("syzkaller", 0) = 3 [pid 16075] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 16075] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16075] munmap(0x7fbc5eeed000, 262144) = 0 [pid 16075] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16075] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16075] close(3) = 0 [pid 16075] mkdir("./file1", 0777) = 0 [pid 16075] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16075] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16075] chdir("./file1") = 0 [pid 16075] ioctl(4, LOOP_CLR_FD) = 0 [pid 16075] close(4) = 0 [pid 16075] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16074] <... futex resumed>) = 0 [pid 16074] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16074] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16075] <... futex resumed>) = 1 [pid 16075] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 16075] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16074] <... futex resumed>) = 0 [pid 16074] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16074] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16074] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 16074] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16074] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16074] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[10162]}, 88) = 10162 [pid 16074] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16074] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16074] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16074] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 16074] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16074] rt_sigprocmask(SIG_BLOCK, ~[], ./strace-static-x86_64: Process 16078 attached [], 8) = 0 [pid 16074] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} [pid 16078] set_robust_list(0x7fbc5ef2c9a0, 24./strace-static-x86_64: Process 16079 attached [pid 16074] <... clone3 resumed> => {parent_tid=[10163]}, 88) = 10163 [pid 16074] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16074] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16074] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16075] <... futex resumed>) = 1 [pid 16075] memfd_create("syzkaller", 0) = 4 [pid 16075] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16075] close(4) = 0 [pid 16075] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16075] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16078] <... set_robust_list resumed>) = 0 [pid 16078] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16078] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0) = 0 [pid 16078] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16078] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16079] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 16079] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16079] memfd_create("syzkaller", 0) = 4 [pid 16079] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16079] close(4) = 0 [pid 16079] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 16074] <... futex resumed>) = 0 [pid 16074] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16074] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16075] <... futex resumed>) = 0 [pid 16075] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 16079] <... futex resumed>) = 1 [pid 16079] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16075] <... open resumed>) = 4 [pid 16075] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16074] <... futex resumed>) = 0 [pid 16074] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16074] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16075] <... futex resumed>) = 1 [pid 16075] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 16075] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16074] <... futex resumed>) = 0 [pid 16074] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16074] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16075] <... futex resumed>) = 1 [pid 16075] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 16075] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16074] <... futex resumed>) = 0 [pid 16074] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16074] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16075] <... futex resumed>) = 1 [pid 16075] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 16075] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16074] <... futex resumed>) = 0 [pid 16074] close(3 [pid 16075] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16074] <... close resumed>) = 0 [pid 16074] close(4) = 0 [pid 16074] close(5) = 0 [pid 16074] close(6) = -1 EBADF (Bad file descriptor) [pid 16074] close(7) = -1 EBADF (Bad file descriptor) [pid 16074] close(8) = -1 EBADF (Bad file descriptor) [pid 16074] close(9) = -1 EBADF (Bad file descriptor) [pid 16074] close(10) = -1 EBADF (Bad file descriptor) [pid 16074] close(11) = -1 EBADF (Bad file descriptor) [pid 16074] close(12) = -1 EBADF (Bad file descriptor) [pid 16074] close(13) = -1 EBADF (Bad file descriptor) [pid 16074] close(14) = -1 EBADF (Bad file descriptor) [pid 16074] close(15) = -1 EBADF (Bad file descriptor) [pid 16074] close(16) = -1 EBADF (Bad file descriptor) [pid 16074] close(17) = -1 EBADF (Bad file descriptor) [pid 16074] close(18) = -1 EBADF (Bad file descriptor) [pid 16074] close(19) = -1 EBADF (Bad file descriptor) [pid 16074] close(20) = -1 EBADF (Bad file descriptor) [pid 16074] close(21) = -1 EBADF (Bad file descriptor) [pid 16074] close(22) = -1 EBADF (Bad file descriptor) [pid 16074] close(23) = -1 EBADF (Bad file descriptor) [pid 16074] close(24) = -1 EBADF (Bad file descriptor) [pid 16074] close(25) = -1 EBADF (Bad file descriptor) [pid 16074] close(26) = -1 EBADF (Bad file descriptor) [pid 16074] close(27) = -1 EBADF (Bad file descriptor) [pid 16074] close(28) = -1 EBADF (Bad file descriptor) [pid 16074] close(29) = -1 EBADF (Bad file descriptor) [pid 16074] exit_group(0 [pid 16078] <... futex resumed>) = ? [pid 16074] <... exit_group resumed>) = ? [pid 16078] +++ exited with 0 +++ [pid 16075] <... futex resumed>) = ? [pid 16075] +++ exited with 0 +++ [pid 16079] <... futex resumed>) = ? [pid 16079] +++ exited with 0 +++ [pid 16074] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10160, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2663", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2663", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2663/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2663/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2663/binderfs") = 0 [ 319.622053][T16075] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2663/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2663/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2663/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2663/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2663/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2663/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2663") = 0 [pid 289] mkdir("./2664", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10164 ./strace-static-x86_64: Process 16080 attached [pid 16080] set_robust_list(0x555556f746a0, 24) = 0 [pid 16080] chdir("./2664") = 0 [pid 16080] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16080] setpgid(0, 0) = 0 [pid 16080] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16080] write(3, "1000", 4) = 4 [pid 16080] close(3) = 0 [pid 16080] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16080] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16080] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 16080] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 16080] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 16080] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16080] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16080] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10165]}, 88) = 10165 [pid 16080] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16080] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16080] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 16081 attached [pid 16081] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 16081] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16081] memfd_create("syzkaller", 0) = 3 [pid 16081] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 16081] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16081] munmap(0x7fbc5eeed000, 262144) = 0 [pid 16081] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16081] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16081] close(3) = 0 [pid 16081] mkdir("./file1", 0777) = 0 [pid 16081] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16081] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16081] chdir("./file1") = 0 [pid 16081] ioctl(4, LOOP_CLR_FD) = 0 [pid 16081] close(4) = 0 [pid 16081] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16080] <... futex resumed>) = 0 [pid 16081] <... futex resumed>) = 1 [pid 16081] setxattr("./file1", NULL, NULL, 0, 0 [pid 16080] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16081] <... setxattr resumed>) = -1 EFAULT (Bad address) [pid 16080] <... futex resumed>) = 0 [pid 16080] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16081] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16080] <... futex resumed>) = 0 [pid 16080] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16080] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16080] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 16080] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16080] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16080] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[10166]}, 88) = 10166 [pid 16080] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 16084 attached [pid 16084] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 16081] <... futex resumed>) = 1 [pid 16080] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16084] <... set_robust_list resumed>) = 0 [pid 16084] rt_sigprocmask(SIG_SETMASK, [], [pid 16081] memfd_create("syzkaller", 0 [pid 16080] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16084] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16084] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 16080] <... futex resumed>) = 0 [pid 16081] <... memfd_create resumed>) = 4 [pid 16080] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16080] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 16084] <... setxattr resumed>) = 0 [pid 16080] <... mmap resumed>) = 0x7fbc5eeeb000 [pid 16080] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16080] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16080] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[10167]}, 88) = 10167 [pid 16080] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16080] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16080] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16081] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16081] close(4) = 0 [pid 16081] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16081] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 16085 attached [pid 16085] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 16085] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16085] memfd_create("syzkaller", 0) = 4 [pid 16085] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16085] close(4) = 0 [pid 16085] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 16080] <... futex resumed>) = 0 [pid 16080] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16080] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16081] <... futex resumed>) = 0 [pid 16081] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 16085] <... futex resumed>) = 1 [pid 16081] <... open resumed>) = 4 [pid 16081] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16080] <... futex resumed>) = 0 [pid 16080] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16080] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16081] <... futex resumed>) = 1 [pid 16081] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 16081] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16080] <... futex resumed>) = 0 [pid 16080] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16080] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16081] <... futex resumed>) = 1 [pid 16081] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 16084] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16081] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16080] <... futex resumed>) = 0 [pid 16080] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16080] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16081] <... futex resumed>) = 1 [pid 16081] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 16084] <... futex resumed>) = 0 [pid 16085] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16084] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16081] <... write resumed>) = 262144 [pid 16081] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16080] <... futex resumed>) = 0 [pid 16080] close(3) = 0 [pid 16080] close(4) = 0 [pid 16080] close(5) = 0 [pid 16080] close(6) = -1 EBADF (Bad file descriptor) [pid 16080] close(7) = -1 EBADF (Bad file descriptor) [pid 16080] close(8) = -1 EBADF (Bad file descriptor) [pid 16080] close(9) = -1 EBADF (Bad file descriptor) [pid 16080] close(10) = -1 EBADF (Bad file descriptor) [pid 16080] close(11) = -1 EBADF (Bad file descriptor) [pid 16080] close(12) = -1 EBADF (Bad file descriptor) [pid 16080] close(13) = -1 EBADF (Bad file descriptor) [pid 16080] close(14) = -1 EBADF (Bad file descriptor) [pid 16080] close(15) = -1 EBADF (Bad file descriptor) [pid 16080] close(16) = -1 EBADF (Bad file descriptor) [pid 16080] close(17) = -1 EBADF (Bad file descriptor) [pid 16080] close(18) = -1 EBADF (Bad file descriptor) [pid 16080] close(19) = -1 EBADF (Bad file descriptor) [pid 16080] close(20) = -1 EBADF (Bad file descriptor) [pid 16080] close(21) = -1 EBADF (Bad file descriptor) [pid 16080] close(22) = -1 EBADF (Bad file descriptor) [pid 16080] close(23) = -1 EBADF (Bad file descriptor) [pid 16080] close(24) = -1 EBADF (Bad file descriptor) [pid 16080] close(25) = -1 EBADF (Bad file descriptor) [pid 16080] close(26) = -1 EBADF (Bad file descriptor) [pid 16080] close(27) = -1 EBADF (Bad file descriptor) [pid 16080] close(28) = -1 EBADF (Bad file descriptor) [pid 16080] close(29) = -1 EBADF (Bad file descriptor) [pid 16080] exit_group(0) = ? [pid 16085] <... futex resumed>) = ? [pid 16085] +++ exited with 0 +++ [pid 16084] <... futex resumed>) = ? [pid 16081] <... futex resumed>) = ? [pid 16084] +++ exited with 0 +++ [pid 16081] +++ exited with 0 +++ [pid 16080] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10164, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2664", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2664", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2664/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2664/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2664/binderfs") = 0 [ 319.782479][T16081] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2664/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2664/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2664/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2664/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2664/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2664/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2664") = 0 [pid 289] mkdir("./2665", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10168 ./strace-static-x86_64: Process 16086 attached [pid 16086] set_robust_list(0x555556f746a0, 24) = 0 [pid 16086] chdir("./2665") = 0 [pid 16086] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16086] setpgid(0, 0) = 0 [pid 16086] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16086] write(3, "1000", 4) = 4 [pid 16086] close(3) = 0 [pid 16086] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16086] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16086] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 16086] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 16086] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 16086] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16086] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16086] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10169]}, 88) = 10169 [pid 16086] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16086] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16086] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 16087 attached [pid 16087] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 16087] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16087] memfd_create("syzkaller", 0) = 3 [pid 16087] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 16087] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16087] munmap(0x7fbc5eeed000, 262144) = 0 [pid 16087] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16087] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16087] close(3) = 0 [pid 16087] mkdir("./file1", 0777) = 0 [pid 16087] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16087] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16087] chdir("./file1") = 0 [pid 16087] ioctl(4, LOOP_CLR_FD) = 0 [pid 16087] close(4) = 0 [pid 16087] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16086] <... futex resumed>) = 0 [pid 16086] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16086] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16087] <... futex resumed>) = 1 [pid 16087] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 16087] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16086] <... futex resumed>) = 0 [pid 16086] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16086] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16086] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 16086] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16086] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16086] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[10170]}, 88) = 10170 [pid 16086] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16086] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16086] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16086] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 16086] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16086] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16086] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[10171]}, 88) = 10171 [pid 16086] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16086] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16086] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16087] <... futex resumed>) = 1 [pid 16087] memfd_create("syzkaller", 0) = 4 [pid 16087] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16087] close(4) = 0 ./strace-static-x86_64: Process 16091 attached ./strace-static-x86_64: Process 16090 attached [pid 16087] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16091] set_robust_list(0x7fbc5ef0b9a0, 24 [pid 16090] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 16091] <... set_robust_list resumed>) = 0 [pid 16090] <... set_robust_list resumed>) = 0 [pid 16091] rt_sigprocmask(SIG_SETMASK, [], [pid 16090] rt_sigprocmask(SIG_SETMASK, [], [pid 16091] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16090] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16091] memfd_create("syzkaller", 0 [pid 16090] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 16091] <... memfd_create resumed>) = 4 [pid 16087] <... futex resumed>) = 0 [pid 16087] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16091] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 16090] <... setxattr resumed>) = 0 [pid 16091] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 16091] close(4) = 0 [pid 16091] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16086] <... futex resumed>) = 0 [pid 16091] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16086] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16087] <... futex resumed>) = 0 [pid 16086] <... futex resumed>) = 1 [pid 16087] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 16086] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16090] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16090] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16087] <... open resumed>) = 4 [pid 16087] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16086] <... futex resumed>) = 0 [pid 16087] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 16086] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16087] <... mount resumed>) = 0 [pid 16086] <... futex resumed>) = 0 [pid 16087] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16086] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16087] <... futex resumed>) = 0 [pid 16086] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 16087] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 16086] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16087] <... open resumed>) = 5 [pid 16086] <... futex resumed>) = 0 [pid 16087] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16086] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16087] <... futex resumed>) = 0 [pid 16086] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 16087] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 16086] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16086] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16087] <... write resumed>) = 262144 [pid 16087] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16086] <... futex resumed>) = 0 [pid 16087] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16086] close(3) = 0 [pid 16086] close(4) = 0 [pid 16086] close(5) = 0 [pid 16086] close(6) = -1 EBADF (Bad file descriptor) [pid 16086] close(7) = -1 EBADF (Bad file descriptor) [pid 16086] close(8) = -1 EBADF (Bad file descriptor) [pid 16086] close(9) = -1 EBADF (Bad file descriptor) [pid 16086] close(10) = -1 EBADF (Bad file descriptor) [pid 16086] close(11) = -1 EBADF (Bad file descriptor) [pid 16086] close(12) = -1 EBADF (Bad file descriptor) [pid 16086] close(13) = -1 EBADF (Bad file descriptor) [pid 16086] close(14) = -1 EBADF (Bad file descriptor) [pid 16086] close(15) = -1 EBADF (Bad file descriptor) [pid 16086] close(16) = -1 EBADF (Bad file descriptor) [pid 16086] close(17) = -1 EBADF (Bad file descriptor) [pid 16086] close(18) = -1 EBADF (Bad file descriptor) [pid 16086] close(19) = -1 EBADF (Bad file descriptor) [pid 16086] close(20) = -1 EBADF (Bad file descriptor) [pid 16086] close(21) = -1 EBADF (Bad file descriptor) [pid 16086] close(22) = -1 EBADF (Bad file descriptor) [pid 16086] close(23) = -1 EBADF (Bad file descriptor) [pid 16086] close(24) = -1 EBADF (Bad file descriptor) [pid 16086] close(25) = -1 EBADF (Bad file descriptor) [pid 16086] close(26) = -1 EBADF (Bad file descriptor) [pid 16086] close(27) = -1 EBADF (Bad file descriptor) [pid 16086] close(28) = -1 EBADF (Bad file descriptor) [pid 16086] close(29) = -1 EBADF (Bad file descriptor) [pid 16086] exit_group(0 [pid 16091] <... futex resumed>) = ? [pid 16090] <... futex resumed>) = ? [pid 16087] <... futex resumed>) = ? [pid 16086] <... exit_group resumed>) = ? [pid 16090] +++ exited with 0 +++ [pid 16087] +++ exited with 0 +++ [pid 16091] +++ exited with 0 +++ [pid 16086] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10168, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2665", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2665", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2665/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2665/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2665/binderfs") = 0 [ 319.859261][T16087] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2665/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2665/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2665/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2665/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2665/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2665/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2665") = 0 [pid 289] mkdir("./2666", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10172 ./strace-static-x86_64: Process 16092 attached [pid 16092] set_robust_list(0x555556f746a0, 24) = 0 [pid 16092] chdir("./2666") = 0 [pid 16092] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16092] setpgid(0, 0) = 0 [pid 16092] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16092] write(3, "1000", 4) = 4 [pid 16092] close(3) = 0 [pid 16092] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16092] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16092] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 16092] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 16092] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 16092] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16092] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16092] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10173]}, 88) = 10173 [pid 16092] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16092] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16092] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 16093 attached [pid 16093] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 16093] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16093] memfd_create("syzkaller", 0) = 3 [pid 16093] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 16093] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16093] munmap(0x7fbc5eeed000, 262144) = 0 [pid 16093] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16093] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16093] close(3) = 0 [pid 16093] mkdir("./file1", 0777) = 0 [pid 16093] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16093] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16093] chdir("./file1") = 0 [pid 16093] ioctl(4, LOOP_CLR_FD) = 0 [pid 16093] close(4) = 0 [pid 16093] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16092] <... futex resumed>) = 0 [pid 16092] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16092] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16093] <... futex resumed>) = 1 [pid 16093] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 16093] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16092] <... futex resumed>) = 0 [pid 16092] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16092] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16092] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 16092] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16092] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16092] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[10174]}, 88) = 10174 [pid 16092] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16092] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16092] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16092] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 16092] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16092] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16092] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[10175]}, 88) = 10175 [pid 16092] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16092] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16092] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16093] <... futex resumed>) = 1 ./strace-static-x86_64: Process 16097 attached ./strace-static-x86_64: Process 16096 attached [pid 16093] memfd_create("syzkaller", 0) = 4 [pid 16093] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16093] close(4) = 0 [pid 16093] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16093] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16096] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 16096] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16096] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 16097] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 16096] <... setxattr resumed>) = 0 [pid 16096] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16096] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16097] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16097] memfd_create("syzkaller", 0) = 4 [pid 16097] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16097] close(4) = 0 [pid 16097] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 16092] <... futex resumed>) = 0 [pid 16092] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16092] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16093] <... futex resumed>) = 0 [pid 16093] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 16093] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16092] <... futex resumed>) = 0 [pid 16092] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16092] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16093] <... futex resumed>) = 1 [pid 16093] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 16093] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16092] <... futex resumed>) = 0 [pid 16092] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16092] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16093] <... futex resumed>) = 1 [pid 16093] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 16093] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16092] <... futex resumed>) = 0 [pid 16092] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16092] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16093] <... futex resumed>) = 1 [pid 16093] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 16097] <... futex resumed>) = 1 [pid 16097] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16093] <... write resumed>) = 262144 [pid 16093] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16092] <... futex resumed>) = 0 [pid 16092] close(3) = 0 [pid 16092] close(4) = 0 [pid 16092] close(5) = 0 [pid 16092] close(6) = -1 EBADF (Bad file descriptor) [pid 16092] close(7) = -1 EBADF (Bad file descriptor) [pid 16092] close(8) = -1 EBADF (Bad file descriptor) [pid 16092] close(9) = -1 EBADF (Bad file descriptor) [pid 16092] close(10) = -1 EBADF (Bad file descriptor) [pid 16092] close(11) = -1 EBADF (Bad file descriptor) [pid 16092] close(12) = -1 EBADF (Bad file descriptor) [pid 16092] close(13) = -1 EBADF (Bad file descriptor) [pid 16092] close(14) = -1 EBADF (Bad file descriptor) [pid 16092] close(15) = -1 EBADF (Bad file descriptor) [pid 16092] close(16) = -1 EBADF (Bad file descriptor) [pid 16092] close(17) = -1 EBADF (Bad file descriptor) [pid 16092] close(18) = -1 EBADF (Bad file descriptor) [pid 16092] close(19) = -1 EBADF (Bad file descriptor) [pid 16092] close(20) = -1 EBADF (Bad file descriptor) [pid 16092] close(21) = -1 EBADF (Bad file descriptor) [pid 16092] close(22) = -1 EBADF (Bad file descriptor) [pid 16092] close(23) = -1 EBADF (Bad file descriptor) [pid 16092] close(24) = -1 EBADF (Bad file descriptor) [pid 16092] close(25) = -1 EBADF (Bad file descriptor) [pid 16092] close(26) = -1 EBADF (Bad file descriptor) [pid 16092] close(27) = -1 EBADF (Bad file descriptor) [pid 16092] close(28) = -1 EBADF (Bad file descriptor) [pid 16092] close(29) = -1 EBADF (Bad file descriptor) [pid 16092] exit_group(0 [pid 16097] <... futex resumed>) = ? [pid 16096] <... futex resumed>) = ? [pid 16092] <... exit_group resumed>) = ? [pid 16097] +++ exited with 0 +++ [pid 16096] +++ exited with 0 +++ [pid 16093] <... futex resumed>) = ? [pid 16093] +++ exited with 0 +++ [pid 16092] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10172, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] umount2("./2666", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2666", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2666/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2666/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2666/binderfs") = 0 [ 319.986009][T16093] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2666/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2666/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2666/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2666/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2666/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2666/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2666") = 0 [pid 289] mkdir("./2667", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10176 ./strace-static-x86_64: Process 16098 attached [pid 16098] set_robust_list(0x555556f746a0, 24) = 0 [pid 16098] chdir("./2667") = 0 [pid 16098] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16098] setpgid(0, 0) = 0 [pid 16098] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16098] write(3, "1000", 4) = 4 [pid 16098] close(3) = 0 [pid 16098] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16098] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16098] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 16098] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 16098] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 16098] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16098] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16098] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10177]}, 88) = 10177 [pid 16098] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16098] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16098] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 16099 attached [pid 16099] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 16099] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16099] memfd_create("syzkaller", 0) = 3 [pid 16099] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 16099] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16099] munmap(0x7fbc5eeed000, 262144) = 0 [pid 16099] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16099] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16099] close(3) = 0 [pid 16099] mkdir("./file1", 0777) = 0 [pid 16099] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16099] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16099] chdir("./file1") = 0 [pid 16099] ioctl(4, LOOP_CLR_FD) = 0 [pid 16099] close(4) = 0 [pid 16099] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16098] <... futex resumed>) = 0 [pid 16099] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16098] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16099] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 16098] <... futex resumed>) = 0 [pid 16099] setxattr("./file1", NULL, NULL, 0, 0 [pid 16098] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16099] <... setxattr resumed>) = -1 EFAULT (Bad address) [pid 16099] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16098] <... futex resumed>) = 0 [pid 16099] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16098] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16099] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 16098] <... futex resumed>) = 0 [pid 16099] memfd_create("syzkaller", 0 [pid 16098] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16099] <... memfd_create resumed>) = 4 [pid 16098] <... futex resumed>) = 0 [pid 16099] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 16098] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 16099] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 16098] <... mmap resumed>) = 0x7fbc5ef0c000 [pid 16099] close(4 [pid 16098] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE [pid 16099] <... close resumed>) = 0 [pid 16098] <... mprotect resumed>) = 0 [pid 16099] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16098] rt_sigprocmask(SIG_BLOCK, ~[], [pid 16099] <... futex resumed>) = 0 [pid 16098] <... rt_sigprocmask resumed>[], 8) = 0 [pid 16099] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16098] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[10178]}, 88) = 10178 [pid 16098] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16098] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16098] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16099] <... futex resumed>) = 0 [pid 16098] <... futex resumed>) = 1 [pid 16099] memfd_create("syzkaller", 0 [pid 16098] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16099] <... memfd_create resumed>) = 4 [pid 16099] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16099] close(4) = 0 [pid 16099] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16098] <... futex resumed>) = 0 [pid 16099] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16098] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16099] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 16098] <... futex resumed>) = 0 [pid 16099] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 16098] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 16102 attached [pid 16102] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 16102] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16102] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0) = 0 [pid 16102] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16102] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16099] <... open resumed>) = 4 [pid 16099] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16098] <... futex resumed>) = 0 [pid 16099] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16098] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16099] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 16098] <... futex resumed>) = 0 [pid 16099] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 16098] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16099] <... mount resumed>) = 0 [pid 16099] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16098] <... futex resumed>) = 0 [pid 16099] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16098] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16099] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 16098] <... futex resumed>) = 0 [pid 16099] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 16098] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16099] <... open resumed>) = 5 [pid 16099] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16098] <... futex resumed>) = 0 [pid 16099] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16098] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16099] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 16098] <... futex resumed>) = 0 [pid 16099] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 16098] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16099] <... write resumed>) = 262144 [pid 16099] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16098] <... futex resumed>) = 0 [pid 16098] close(3) = 0 [pid 16098] close(4) = 0 [pid 16098] close(5) = 0 [pid 16098] close(6) = -1 EBADF (Bad file descriptor) [pid 16098] close(7) = -1 EBADF (Bad file descriptor) [pid 16098] close(8) = -1 EBADF (Bad file descriptor) [pid 16099] <... futex resumed>) = 1 [pid 16098] close(9 [pid 16099] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16098] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 16098] close(10) = -1 EBADF (Bad file descriptor) [pid 16098] close(11) = -1 EBADF (Bad file descriptor) [pid 16098] close(12) = -1 EBADF (Bad file descriptor) [pid 16098] close(13) = -1 EBADF (Bad file descriptor) [pid 16098] close(14) = -1 EBADF (Bad file descriptor) [pid 16098] close(15) = -1 EBADF (Bad file descriptor) [pid 16098] close(16) = -1 EBADF (Bad file descriptor) [pid 16098] close(17) = -1 EBADF (Bad file descriptor) [pid 16098] close(18) = -1 EBADF (Bad file descriptor) [pid 16098] close(19) = -1 EBADF (Bad file descriptor) [pid 16098] close(20) = -1 EBADF (Bad file descriptor) [pid 16098] close(21) = -1 EBADF (Bad file descriptor) [pid 16098] close(22) = -1 EBADF (Bad file descriptor) [pid 16098] close(23) = -1 EBADF (Bad file descriptor) [pid 16098] close(24) = -1 EBADF (Bad file descriptor) [pid 16098] close(25) = -1 EBADF (Bad file descriptor) [pid 16098] close(26) = -1 EBADF (Bad file descriptor) [pid 16098] close(27) = -1 EBADF (Bad file descriptor) [pid 16098] close(28) = -1 EBADF (Bad file descriptor) [pid 16098] close(29) = -1 EBADF (Bad file descriptor) [pid 16098] exit_group(0 [pid 16099] <... futex resumed>) = ? [pid 16098] <... exit_group resumed>) = ? [pid 16099] +++ exited with 0 +++ [pid 16102] <... futex resumed>) = ? [pid 16102] +++ exited with 0 +++ [pid 16098] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10176, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2667", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2667", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2667/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2667/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2667/binderfs") = 0 [pid 289] umount2("./2667/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2667/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2667/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2667/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2667/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2667/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2667") = 0 [pid 289] mkdir("./2668", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10179 ./strace-static-x86_64: Process 16103 attached [pid 16103] set_robust_list(0x555556f746a0, 24) = 0 [pid 16103] chdir("./2668") = 0 [pid 16103] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16103] setpgid(0, 0) = 0 [pid 16103] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16103] write(3, "1000", 4) = 4 [pid 16103] close(3) = 0 [pid 16103] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16103] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16103] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 16103] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 16103] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 16103] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16103] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16103] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10180]}, 88) = 10180 [pid 16103] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16103] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16103] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 16104 attached [pid 16104] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 16104] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16104] memfd_create("syzkaller", 0) = 3 [pid 16104] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 16104] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16104] munmap(0x7fbc5eeed000, 262144) = 0 [pid 16104] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16104] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16104] close(3) = 0 [pid 16104] mkdir("./file1", 0777) = 0 [ 320.101071][T16099] EXT4-fs (loop0): 1 truncate cleaned up [pid 16104] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16104] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16104] chdir("./file1") = 0 [pid 16104] ioctl(4, LOOP_CLR_FD) = 0 [pid 16104] close(4) = 0 [pid 16104] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16103] <... futex resumed>) = 0 [pid 16103] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16103] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16104] <... futex resumed>) = 1 [pid 16104] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 16104] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16103] <... futex resumed>) = 0 [pid 16103] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16103] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16103] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 16103] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16103] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16103] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[10181]}, 88) = 10181 [pid 16103] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16103] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16103] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16103] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 16103] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16103] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16103] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0}./strace-static-x86_64: Process 16108 attached ./strace-static-x86_64: Process 16107 attached => {parent_tid=[10182]}, 88) = 10182 [pid 16103] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16103] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16103] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16104] memfd_create("syzkaller", 0) = 4 [pid 16104] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16104] close(4) = 0 [pid 16104] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16104] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16108] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 16108] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16108] memfd_create("syzkaller", 0) = 4 [pid 16108] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16108] close(4) = 0 [pid 16108] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 16103] <... futex resumed>) = 0 [pid 16103] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16103] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16104] <... futex resumed>) = 0 [pid 16104] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 16107] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 16104] <... open resumed>) = 4 [pid 16108] <... futex resumed>) = 1 [pid 16108] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16104] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16103] <... futex resumed>) = 0 [pid 16103] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16103] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16104] <... futex resumed>) = 1 [pid 16104] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 16104] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16103] <... futex resumed>) = 0 [pid 16103] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16103] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16104] <... futex resumed>) = 1 [pid 16104] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 16104] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16103] <... futex resumed>) = 0 [pid 16103] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16103] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16104] <... futex resumed>) = 1 [pid 16104] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 16107] <... set_robust_list resumed>) = 0 [pid 16107] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16107] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 16104] <... write resumed>) = 262144 [pid 16104] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16103] <... futex resumed>) = 0 [pid 16104] <... futex resumed>) = 1 [pid 16104] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16107] <... setxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 16107] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16103] close(3 [pid 16107] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16103] <... close resumed>) = 0 [pid 16103] close(4) = 0 [pid 16103] close(5) = 0 [pid 16103] close(6) = -1 EBADF (Bad file descriptor) [pid 16103] close(7) = -1 EBADF (Bad file descriptor) [pid 16103] close(8) = -1 EBADF (Bad file descriptor) [pid 16103] close(9) = -1 EBADF (Bad file descriptor) [pid 16103] close(10) = -1 EBADF (Bad file descriptor) [pid 16103] close(11) = -1 EBADF (Bad file descriptor) [pid 16103] close(12) = -1 EBADF (Bad file descriptor) [pid 16103] close(13) = -1 EBADF (Bad file descriptor) [pid 16103] close(14) = -1 EBADF (Bad file descriptor) [pid 16103] close(15) = -1 EBADF (Bad file descriptor) [pid 16103] close(16) = -1 EBADF (Bad file descriptor) [pid 16103] close(17) = -1 EBADF (Bad file descriptor) [pid 16103] close(18) = -1 EBADF (Bad file descriptor) [pid 16103] close(19) = -1 EBADF (Bad file descriptor) [pid 16103] close(20) = -1 EBADF (Bad file descriptor) [pid 16103] close(21) = -1 EBADF (Bad file descriptor) [pid 16103] close(22) = -1 EBADF (Bad file descriptor) [pid 16103] close(23) = -1 EBADF (Bad file descriptor) [pid 16103] close(24) = -1 EBADF (Bad file descriptor) [pid 16103] close(25) = -1 EBADF (Bad file descriptor) [pid 16103] close(26) = -1 EBADF (Bad file descriptor) [pid 16103] close(27) = -1 EBADF (Bad file descriptor) [pid 16103] close(28) = -1 EBADF (Bad file descriptor) [pid 16103] close(29) = -1 EBADF (Bad file descriptor) [pid 16103] exit_group(0) = ? [pid 16108] <... futex resumed>) = ? [pid 16108] +++ exited with 0 +++ [pid 16107] <... futex resumed>) = ? [pid 16104] <... futex resumed>) = ? [pid 16104] +++ exited with 0 +++ [pid 16107] +++ exited with 0 +++ [pid 16103] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10179, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2668", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2668", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2668/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2668/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2668/binderfs") = 0 [pid 289] umount2("./2668/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2668/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2668/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2668/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2668/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2668/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [ 320.160827][T16104] EXT4-fs (loop0): 1 truncate cleaned up [ 320.177823][T16107] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5886: Corrupt filesystem [pid 289] rmdir("./2668") = 0 [pid 289] mkdir("./2669", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10183 ./strace-static-x86_64: Process 16109 attached [pid 16109] set_robust_list(0x555556f746a0, 24) = 0 [pid 16109] chdir("./2669") = 0 [pid 16109] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16109] setpgid(0, 0) = 0 [pid 16109] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16109] write(3, "1000", 4) = 4 [pid 16109] close(3) = 0 [pid 16109] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16109] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16109] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 16109] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 16109] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 16109] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16109] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16109] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10184]}, 88) = 10184 [pid 16109] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16109] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16109] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 16110 attached [pid 16110] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 16110] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16110] memfd_create("syzkaller", 0) = 3 [pid 16110] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 16110] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16110] munmap(0x7fbc5eeed000, 262144) = 0 [pid 16110] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16110] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16110] close(3) = 0 [pid 16110] mkdir("./file1", 0777) = 0 [pid 16110] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16110] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16110] chdir("./file1") = 0 [pid 16110] ioctl(4, LOOP_CLR_FD) = 0 [pid 16110] close(4) = 0 [pid 16110] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16109] <... futex resumed>) = 0 [pid 16109] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16109] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16110] <... futex resumed>) = 1 [pid 16110] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 16110] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16109] <... futex resumed>) = 0 [pid 16109] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16109] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16109] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 16109] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16109] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16109] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[10185]}, 88) = 10185 [pid 16109] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16109] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16109] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16109] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 16109] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16109] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16109] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[10186]}, 88) = 10186 [pid 16109] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16109] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16109] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16110] <... futex resumed>) = 1 [pid 16110] memfd_create("syzkaller", 0) = 4 [pid 16110] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16110] close(4) = 0 [pid 16110] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16110] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 16113 attached ./strace-static-x86_64: Process 16114 attached [pid 16114] set_robust_list(0x7fbc5ef0b9a0, 24 [pid 16113] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 16114] <... set_robust_list resumed>) = 0 [pid 16114] rt_sigprocmask(SIG_SETMASK, [], [pid 16113] rt_sigprocmask(SIG_SETMASK, [], [pid 16114] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16113] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16113] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 16114] memfd_create("syzkaller", 0 [pid 16113] <... setxattr resumed>) = 0 [pid 16114] <... memfd_create resumed>) = 4 [pid 16113] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16113] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16114] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16114] close(4) = 0 [pid 16114] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 16109] <... futex resumed>) = 0 [pid 16109] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16109] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16110] <... futex resumed>) = 0 [pid 16110] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 16110] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16109] <... futex resumed>) = 0 [pid 16109] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16109] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16110] <... futex resumed>) = 1 [pid 16110] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 16110] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16109] <... futex resumed>) = 0 [pid 16109] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16109] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16110] <... futex resumed>) = 1 [pid 16110] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 16110] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16109] <... futex resumed>) = 0 [pid 16109] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16109] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16110] <... futex resumed>) = 1 [pid 16110] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 16114] <... futex resumed>) = 1 [pid 16114] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16110] <... write resumed>) = 262144 [pid 16110] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16109] <... futex resumed>) = 0 [pid 16109] close(3) = 0 [pid 16109] close(4) = 0 [pid 16109] close(5 [pid 16110] <... futex resumed>) = 1 [pid 16109] <... close resumed>) = 0 [pid 16109] close(6) = -1 EBADF (Bad file descriptor) [pid 16109] close(7) = -1 EBADF (Bad file descriptor) [pid 16109] close(8) = -1 EBADF (Bad file descriptor) [pid 16109] close(9) = -1 EBADF (Bad file descriptor) [pid 16109] close(10) = -1 EBADF (Bad file descriptor) [pid 16109] close(11) = -1 EBADF (Bad file descriptor) [pid 16109] close(12) = -1 EBADF (Bad file descriptor) [pid 16110] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16109] close(13) = -1 EBADF (Bad file descriptor) [pid 16109] close(14) = -1 EBADF (Bad file descriptor) [pid 16109] close(15) = -1 EBADF (Bad file descriptor) [pid 16109] close(16) = -1 EBADF (Bad file descriptor) [pid 16109] close(17) = -1 EBADF (Bad file descriptor) [pid 16109] close(18) = -1 EBADF (Bad file descriptor) [pid 16109] close(19) = -1 EBADF (Bad file descriptor) [pid 16109] close(20) = -1 EBADF (Bad file descriptor) [pid 16109] close(21) = -1 EBADF (Bad file descriptor) [pid 16109] close(22) = -1 EBADF (Bad file descriptor) [pid 16109] close(23) = -1 EBADF (Bad file descriptor) [pid 16109] close(24) = -1 EBADF (Bad file descriptor) [pid 16109] close(25) = -1 EBADF (Bad file descriptor) [pid 16109] close(26) = -1 EBADF (Bad file descriptor) [pid 16109] close(27) = -1 EBADF (Bad file descriptor) [pid 16109] close(28) = -1 EBADF (Bad file descriptor) [pid 16109] close(29) = -1 EBADF (Bad file descriptor) [pid 16109] exit_group(0 [pid 16114] <... futex resumed>) = ? [pid 16113] <... futex resumed>) = ? [pid 16110] <... futex resumed>) = ? [pid 16109] <... exit_group resumed>) = ? [pid 16114] +++ exited with 0 +++ [pid 16113] +++ exited with 0 +++ [pid 16110] +++ exited with 0 +++ [pid 16109] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10183, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2669", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2669", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2669/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2669/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2669/binderfs") = 0 [ 320.252680][T16110] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2669/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2669/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2669/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2669/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2669/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2669/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2669") = 0 [pid 289] mkdir("./2670", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10187 ./strace-static-x86_64: Process 16115 attached [pid 16115] set_robust_list(0x555556f746a0, 24) = 0 [pid 16115] chdir("./2670") = 0 [pid 16115] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16115] setpgid(0, 0) = 0 [pid 16115] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16115] write(3, "1000", 4) = 4 [pid 16115] close(3) = 0 [pid 16115] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16115] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16115] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 16115] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 16115] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 16115] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16115] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16115] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10188]}, 88) = 10188 ./strace-static-x86_64: Process 16116 attached [pid 16115] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16116] set_robust_list(0x7fbc6730d9a0, 24 [pid 16115] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16115] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16116] <... set_robust_list resumed>) = 0 [pid 16116] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16116] memfd_create("syzkaller", 0) = 3 [pid 16116] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 16116] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16116] munmap(0x7fbc5eeed000, 262144) = 0 [pid 16116] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16116] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16116] close(3) = 0 [pid 16116] mkdir("./file1", 0777) = 0 [pid 16116] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16116] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16116] chdir("./file1") = 0 [pid 16116] ioctl(4, LOOP_CLR_FD) = 0 [pid 16116] close(4) = 0 [pid 16116] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16115] <... futex resumed>) = 0 [pid 16115] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16115] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16116] <... futex resumed>) = 1 [pid 16116] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 16116] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16115] <... futex resumed>) = 0 [pid 16115] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16115] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16115] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 16115] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16115] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16115] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[10189]}, 88) = 10189 [pid 16115] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16115] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16115] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16115] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 16115] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16115] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16115] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0}./strace-static-x86_64: Process 16120 attached ./strace-static-x86_64: Process 16119 attached [pid 16120] set_robust_list(0x7fbc5ef0b9a0, 24 [pid 16119] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 16120] <... set_robust_list resumed>) = 0 [pid 16119] <... set_robust_list resumed>) = 0 [pid 16120] rt_sigprocmask(SIG_SETMASK, [], [pid 16119] rt_sigprocmask(SIG_SETMASK, [], [pid 16120] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16119] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16120] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16119] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0) = 0 [pid 16115] <... clone3 resumed> => {parent_tid=[10190]}, 88) = 10190 [pid 16115] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16115] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16115] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16120] <... futex resumed>) = 0 [pid 16120] memfd_create("syzkaller", 0 [pid 16119] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16120] <... memfd_create resumed>) = 4 [pid 16120] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16120] close(4) = 0 [pid 16120] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 16115] <... futex resumed>) = 0 [pid 16115] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16115] futex(0x7fbc673d96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16120] <... futex resumed>) = 1 [pid 16120] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16116] <... futex resumed>) = 1 [pid 16116] memfd_create("syzkaller", 0) = 4 [pid 16116] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16116] close(4) = 0 [pid 16116] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16116] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16119] <... futex resumed>) = 1 [pid 16115] <... futex resumed>) = 0 [pid 16115] futex(0x7fbc673d96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=49000000} [pid 16119] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 16119] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16115] <... futex resumed>) = 0 [pid 16115] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16116] <... futex resumed>) = 0 [pid 16115] <... futex resumed>) = 1 [pid 16116] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 16115] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16116] <... mount resumed>) = 0 [pid 16116] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16115] <... futex resumed>) = 0 [pid 16115] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16115] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16116] <... futex resumed>) = 1 [pid 16116] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 16116] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16115] <... futex resumed>) = 0 [pid 16115] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16115] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16116] <... futex resumed>) = 1 [pid 16116] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 16119] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16116] <... write resumed>) = 262144 [pid 16116] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16115] <... futex resumed>) = 0 [pid 16115] close(3) = 0 [pid 16115] close(4) = 0 [pid 16115] close(5 [pid 16116] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16115] <... close resumed>) = 0 [pid 16115] close(6) = -1 EBADF (Bad file descriptor) [pid 16115] close(7) = -1 EBADF (Bad file descriptor) [pid 16115] close(8) = -1 EBADF (Bad file descriptor) [pid 16115] close(9) = -1 EBADF (Bad file descriptor) [pid 16115] close(10) = -1 EBADF (Bad file descriptor) [pid 16115] close(11) = -1 EBADF (Bad file descriptor) [pid 16115] close(12) = -1 EBADF (Bad file descriptor) [pid 16115] close(13) = -1 EBADF (Bad file descriptor) [pid 16115] close(14) = -1 EBADF (Bad file descriptor) [pid 16115] close(15) = -1 EBADF (Bad file descriptor) [pid 16115] close(16) = -1 EBADF (Bad file descriptor) [pid 16115] close(17) = -1 EBADF (Bad file descriptor) [pid 16115] close(18) = -1 EBADF (Bad file descriptor) [pid 16115] close(19) = -1 EBADF (Bad file descriptor) [pid 16115] close(20) = -1 EBADF (Bad file descriptor) [pid 16115] close(21) = -1 EBADF (Bad file descriptor) [pid 16115] close(22) = -1 EBADF (Bad file descriptor) [pid 16115] close(23) = -1 EBADF (Bad file descriptor) [pid 16115] close(24) = -1 EBADF (Bad file descriptor) [pid 16115] close(25) = -1 EBADF (Bad file descriptor) [pid 16115] close(26) = -1 EBADF (Bad file descriptor) [pid 16115] close(27) = -1 EBADF (Bad file descriptor) [pid 16115] close(28) = -1 EBADF (Bad file descriptor) [pid 16115] close(29) = -1 EBADF (Bad file descriptor) [pid 16115] exit_group(0) = ? [pid 16120] <... futex resumed>) = 231 [pid 16120] +++ exited with 0 +++ [pid 16119] <... futex resumed>) = ? [pid 16119] +++ exited with 0 +++ [pid 16116] <... futex resumed>) = ? [pid 16116] +++ exited with 0 +++ [pid 16115] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10187, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2670", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2670", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2670/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2670/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2670/binderfs") = 0 [ 320.374271][T16116] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2670/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2670/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2670/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2670/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2670/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2670/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2670") = 0 [pid 289] mkdir("./2671", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10191 ./strace-static-x86_64: Process 16122 attached [pid 16122] set_robust_list(0x555556f746a0, 24) = 0 [pid 16122] chdir("./2671") = 0 [pid 16122] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16122] setpgid(0, 0) = 0 [pid 16122] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16122] write(3, "1000", 4) = 4 [pid 16122] close(3) = 0 [pid 16122] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16122] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16122] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 16122] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 16122] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 16122] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16122] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16122] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10192]}, 88) = 10192 [pid 16122] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16122] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16122] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 16123 attached [pid 16123] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 16123] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16123] memfd_create("syzkaller", 0) = 3 [pid 16123] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 16123] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16123] munmap(0x7fbc5eeed000, 262144) = 0 [pid 16123] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16123] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16123] close(3) = 0 [pid 16123] mkdir("./file1", 0777) = 0 [pid 16123] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16123] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16123] chdir("./file1") = 0 [pid 16123] ioctl(4, LOOP_CLR_FD) = 0 [pid 16123] close(4) = 0 [pid 16123] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16122] <... futex resumed>) = 0 [pid 16122] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16122] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16123] <... futex resumed>) = 1 [pid 16123] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 16123] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16122] <... futex resumed>) = 0 [pid 16122] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16122] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16122] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 16122] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16122] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16122] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[10193]}, 88) = 10193 [pid 16122] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16122] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16122] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16122] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 16122] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16122] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16122] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[10194]}, 88) = 10194 [pid 16122] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16122] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16122] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16123] <... futex resumed>) = 1 [pid 16123] memfd_create("syzkaller", 0) = 4 [pid 16123] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16123] close(4) = 0 [pid 16123] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16123] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 16126 attached [pid 16126] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 16126] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16126] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0./strace-static-x86_64: Process 16127 attached [pid 16127] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 16127] rt_sigprocmask(SIG_SETMASK, [], [pid 16126] <... setxattr resumed>) = 0 [pid 16126] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16126] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16127] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16127] memfd_create("syzkaller", 0) = 4 [pid 16127] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16127] close(4) = 0 [pid 16127] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 16122] <... futex resumed>) = 0 [pid 16122] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16122] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16123] <... futex resumed>) = 0 [pid 16123] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 16123] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16122] <... futex resumed>) = 0 [pid 16122] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16122] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16123] <... futex resumed>) = 1 [pid 16123] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 16127] <... futex resumed>) = 1 [pid 16123] <... mount resumed>) = 0 [pid 16127] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16123] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16122] <... futex resumed>) = 0 [pid 16123] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 16122] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16122] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16123] <... open resumed>) = 5 [pid 16123] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16122] <... futex resumed>) = 0 [pid 16122] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16123] <... futex resumed>) = 1 [pid 16122] <... futex resumed>) = 0 [pid 16122] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16123] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 16123] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16122] <... futex resumed>) = 0 [pid 16122] close(3) = 0 [pid 16122] close(4) = 0 [pid 16122] close(5 [pid 16123] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16122] <... close resumed>) = 0 [pid 16122] close(6) = -1 EBADF (Bad file descriptor) [pid 16122] close(7) = -1 EBADF (Bad file descriptor) [pid 16122] close(8) = -1 EBADF (Bad file descriptor) [pid 16122] close(9) = -1 EBADF (Bad file descriptor) [pid 16122] close(10) = -1 EBADF (Bad file descriptor) [pid 16122] close(11) = -1 EBADF (Bad file descriptor) [pid 16122] close(12) = -1 EBADF (Bad file descriptor) [pid 16122] close(13) = -1 EBADF (Bad file descriptor) [pid 16122] close(14) = -1 EBADF (Bad file descriptor) [pid 16122] close(15) = -1 EBADF (Bad file descriptor) [pid 16122] close(16) = -1 EBADF (Bad file descriptor) [pid 16122] close(17) = -1 EBADF (Bad file descriptor) [pid 16122] close(18) = -1 EBADF (Bad file descriptor) [pid 16122] close(19) = -1 EBADF (Bad file descriptor) [pid 16122] close(20) = -1 EBADF (Bad file descriptor) [pid 16122] close(21) = -1 EBADF (Bad file descriptor) [pid 16122] close(22) = -1 EBADF (Bad file descriptor) [pid 16122] close(23) = -1 EBADF (Bad file descriptor) [pid 16122] close(24) = -1 EBADF (Bad file descriptor) [pid 16122] close(25) = -1 EBADF (Bad file descriptor) [pid 16122] close(26) = -1 EBADF (Bad file descriptor) [pid 16122] close(27) = -1 EBADF (Bad file descriptor) [pid 16122] close(28) = -1 EBADF (Bad file descriptor) [pid 16122] close(29) = -1 EBADF (Bad file descriptor) [pid 16122] exit_group(0) = ? [pid 16123] <... futex resumed>) = ? [pid 16127] <... futex resumed>) = ? [pid 16126] <... futex resumed>) = ? [pid 16123] +++ exited with 0 +++ [pid 16126] +++ exited with 0 +++ [pid 16127] +++ exited with 0 +++ [pid 16122] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10191, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2671", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2671", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2671/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2671/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2671/binderfs") = 0 [ 320.478767][T16123] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2671/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2671/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2671/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2671/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2671/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2671/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2671") = 0 [pid 289] mkdir("./2672", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10195 ./strace-static-x86_64: Process 16128 attached [pid 16128] set_robust_list(0x555556f746a0, 24) = 0 [pid 16128] chdir("./2672") = 0 [pid 16128] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16128] setpgid(0, 0) = 0 [pid 16128] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16128] write(3, "1000", 4) = 4 [pid 16128] close(3) = 0 [pid 16128] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16128] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16128] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 16128] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 16128] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 16128] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16128] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16128] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10196]}, 88) = 10196 [pid 16128] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16128] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16128] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 16129 attached [pid 16129] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 16129] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16129] memfd_create("syzkaller", 0) = 3 [pid 16129] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 16129] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16129] munmap(0x7fbc5eeed000, 262144) = 0 [pid 16129] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16129] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16129] close(3) = 0 [pid 16129] mkdir("./file1", 0777) = 0 [pid 16129] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16129] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16129] chdir("./file1") = 0 [pid 16129] ioctl(4, LOOP_CLR_FD) = 0 [pid 16129] close(4) = 0 [pid 16129] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16128] <... futex resumed>) = 0 [pid 16129] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16128] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16129] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 16128] <... futex resumed>) = 0 [pid 16129] setxattr("./file1", NULL, NULL, 0, 0 [pid 16128] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16129] <... setxattr resumed>) = -1 EFAULT (Bad address) [pid 16129] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16128] <... futex resumed>) = 0 [pid 16129] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16128] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16129] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 16128] <... futex resumed>) = 0 [pid 16129] memfd_create("syzkaller", 0 [pid 16128] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16129] <... memfd_create resumed>) = 4 [pid 16128] <... futex resumed>) = 0 [pid 16129] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 16128] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 16129] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 16128] <... mmap resumed>) = 0x7fbc5ef0c000 [pid 16129] close(4 [pid 16128] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE [pid 16129] <... close resumed>) = 0 [pid 16128] <... mprotect resumed>) = 0 [pid 16129] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16128] rt_sigprocmask(SIG_BLOCK, ~[], [pid 16129] <... futex resumed>) = 0 [pid 16128] <... rt_sigprocmask resumed>[], 8) = 0 [pid 16129] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16128] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[10197]}, 88) = 10197 [pid 16128] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16128] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16128] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16129] <... futex resumed>) = 0 [pid 16128] <... futex resumed>) = 1 [pid 16129] memfd_create("syzkaller", 0 [pid 16128] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16129] <... memfd_create resumed>) = 4 [pid 16129] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16129] close(4) = 0 [pid 16129] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16128] <... futex resumed>) = 0 [pid 16129] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16128] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16129] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 16128] <... futex resumed>) = 0 [pid 16129] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 16128] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16129] <... open resumed>) = 4 [pid 16129] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16128] <... futex resumed>) = 0 [pid 16129] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16128] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16129] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 16128] <... futex resumed>) = 0 [pid 16129] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 16128] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16129] <... mount resumed>) = 0 [pid 16129] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16128] <... futex resumed>) = 0 [pid 16129] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16128] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16129] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 16128] <... futex resumed>) = 0 [pid 16129] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 16128] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16129] <... open resumed>) = 5 [pid 16129] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16128] <... futex resumed>) = 0 [pid 16129] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16128] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16129] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 16128] <... futex resumed>) = 0 [pid 16129] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 16128] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 16132 attached [pid 16132] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 16132] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16132] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 16129] <... write resumed>) = 262144 [pid 16129] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16128] <... futex resumed>) = 0 [pid 16129] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16132] <... setxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 16132] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16132] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16128] close(3) = 0 [pid 16128] close(4) = 0 [pid 16128] close(5) = 0 [pid 16128] close(6) = -1 EBADF (Bad file descriptor) [pid 16128] close(7) = -1 EBADF (Bad file descriptor) [pid 16128] close(8) = -1 EBADF (Bad file descriptor) [pid 16128] close(9) = -1 EBADF (Bad file descriptor) [pid 16128] close(10) = -1 EBADF (Bad file descriptor) [pid 16128] close(11) = -1 EBADF (Bad file descriptor) [pid 16128] close(12) = -1 EBADF (Bad file descriptor) [pid 16128] close(13) = -1 EBADF (Bad file descriptor) [pid 16128] close(14) = -1 EBADF (Bad file descriptor) [pid 16128] close(15) = -1 EBADF (Bad file descriptor) [pid 16128] close(16) = -1 EBADF (Bad file descriptor) [pid 16128] close(17) = -1 EBADF (Bad file descriptor) [pid 16128] close(18) = -1 EBADF (Bad file descriptor) [pid 16128] close(19) = -1 EBADF (Bad file descriptor) [pid 16128] close(20) = -1 EBADF (Bad file descriptor) [pid 16128] close(21) = -1 EBADF (Bad file descriptor) [pid 16128] close(22) = -1 EBADF (Bad file descriptor) [pid 16128] close(23) = -1 EBADF (Bad file descriptor) [pid 16128] close(24) = -1 EBADF (Bad file descriptor) [pid 16128] close(25) = -1 EBADF (Bad file descriptor) [pid 16128] close(26) = -1 EBADF (Bad file descriptor) [pid 16128] close(27) = -1 EBADF (Bad file descriptor) [pid 16128] close(28) = -1 EBADF (Bad file descriptor) [pid 16128] close(29) = -1 EBADF (Bad file descriptor) [pid 16128] exit_group(0 [pid 16129] <... futex resumed>) = ? [pid 16128] <... exit_group resumed>) = ? [pid 16129] +++ exited with 0 +++ [pid 16132] <... futex resumed>) = ? [pid 16132] +++ exited with 0 +++ [pid 16128] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10195, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2672", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2672", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2672/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2672/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2672/binderfs") = 0 [ 320.618904][T16129] EXT4-fs (loop0): 1 truncate cleaned up [ 320.635029][T16132] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5886: Corrupt filesystem [pid 289] umount2("./2672/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2672/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2672/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2672/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2672/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2672/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2672") = 0 [pid 289] mkdir("./2673", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10198 ./strace-static-x86_64: Process 16133 attached [pid 16133] set_robust_list(0x555556f746a0, 24) = 0 [pid 16133] chdir("./2673") = 0 [pid 16133] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16133] setpgid(0, 0) = 0 [pid 16133] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16133] write(3, "1000", 4) = 4 [pid 16133] close(3) = 0 [pid 16133] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16133] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16133] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 16133] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 16133] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 16133] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16133] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16133] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10199]}, 88) = 10199 [pid 16133] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16133] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16133] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 16134 attached [pid 16134] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 16134] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16134] memfd_create("syzkaller", 0) = 3 [pid 16134] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 16134] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16134] munmap(0x7fbc5eeed000, 262144) = 0 [pid 16134] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16134] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16134] close(3) = 0 [pid 16134] mkdir("./file1", 0777) = 0 [pid 16134] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16134] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16134] chdir("./file1") = 0 [pid 16134] ioctl(4, LOOP_CLR_FD) = 0 [pid 16134] close(4) = 0 [pid 16134] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16133] <... futex resumed>) = 0 [pid 16133] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16133] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16134] <... futex resumed>) = 1 [pid 16134] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 16134] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16133] <... futex resumed>) = 0 [pid 16133] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16133] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16133] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 16133] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16133] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16133] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0}./strace-static-x86_64: Process 16137 attached => {parent_tid=[10200]}, 88) = 10200 [pid 16133] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16133] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16133] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 16137] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 16133] <... futex resumed>) = 0 [pid 16133] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 16133] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16133] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16133] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[10201]}, 88) = 10201 [pid 16133] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16133] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16133] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16137] <... set_robust_list resumed>) = 0 ./strace-static-x86_64: Process 16138 attached [pid 16134] <... futex resumed>) = 1 [pid 16134] memfd_create("syzkaller", 0) = 4 [pid 16134] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16134] close(4) = 0 [pid 16134] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16134] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16137] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16137] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 16138] set_robust_list(0x7fbc5ef0b9a0, 24 [pid 16137] <... setxattr resumed>) = 0 [pid 16137] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16137] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16138] <... set_robust_list resumed>) = 0 [pid 16138] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16138] memfd_create("syzkaller", 0) = 4 [pid 16138] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16138] close(4) = 0 [pid 16138] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 16133] <... futex resumed>) = 0 [pid 16133] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16133] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16134] <... futex resumed>) = 0 [pid 16134] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 16138] <... futex resumed>) = 1 [pid 16138] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16134] <... open resumed>) = 4 [pid 16134] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16133] <... futex resumed>) = 0 [pid 16133] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16133] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16134] <... futex resumed>) = 1 [pid 16134] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 16134] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16133] <... futex resumed>) = 0 [pid 16133] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16133] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16134] <... futex resumed>) = 1 [pid 16134] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 16134] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16133] <... futex resumed>) = 0 [pid 16133] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16133] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16134] <... futex resumed>) = 1 [pid 16134] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 16134] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16133] <... futex resumed>) = 0 [pid 16133] close(3 [pid 16134] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16133] <... close resumed>) = 0 [pid 16133] close(4) = 0 [pid 16133] close(5) = 0 [pid 16133] close(6) = -1 EBADF (Bad file descriptor) [pid 16133] close(7) = -1 EBADF (Bad file descriptor) [pid 16133] close(8) = -1 EBADF (Bad file descriptor) [pid 16133] close(9) = -1 EBADF (Bad file descriptor) [pid 16133] close(10) = -1 EBADF (Bad file descriptor) [pid 16133] close(11) = -1 EBADF (Bad file descriptor) [pid 16133] close(12) = -1 EBADF (Bad file descriptor) [pid 16133] close(13) = -1 EBADF (Bad file descriptor) [pid 16133] close(14) = -1 EBADF (Bad file descriptor) [pid 16133] close(15) = -1 EBADF (Bad file descriptor) [pid 16133] close(16) = -1 EBADF (Bad file descriptor) [pid 16133] close(17) = -1 EBADF (Bad file descriptor) [pid 16133] close(18) = -1 EBADF (Bad file descriptor) [pid 16133] close(19) = -1 EBADF (Bad file descriptor) [pid 16133] close(20) = -1 EBADF (Bad file descriptor) [pid 16133] close(21) = -1 EBADF (Bad file descriptor) [pid 16133] close(22) = -1 EBADF (Bad file descriptor) [pid 16133] close(23) = -1 EBADF (Bad file descriptor) [pid 16133] close(24) = -1 EBADF (Bad file descriptor) [pid 16133] close(25) = -1 EBADF (Bad file descriptor) [pid 16133] close(26) = -1 EBADF (Bad file descriptor) [pid 16133] close(27) = -1 EBADF (Bad file descriptor) [pid 16133] close(28) = -1 EBADF (Bad file descriptor) [pid 16133] close(29) = -1 EBADF (Bad file descriptor) [pid 16133] exit_group(0) = ? [pid 16137] <... futex resumed>) = 230 [pid 16137] +++ exited with 0 +++ [pid 16138] <... futex resumed>) = ? [pid 16138] +++ exited with 0 +++ [pid 16134] <... futex resumed>) = ? [pid 16134] +++ exited with 0 +++ [pid 16133] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10198, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2673", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2673", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2673/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2673/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2673/binderfs") = 0 [ 320.742521][T16134] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2673/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2673/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2673/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2673/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2673/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2673/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2673") = 0 [pid 289] mkdir("./2674", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10202 ./strace-static-x86_64: Process 16139 attached [pid 16139] set_robust_list(0x555556f746a0, 24) = 0 [pid 16139] chdir("./2674") = 0 [pid 16139] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16139] setpgid(0, 0) = 0 [pid 16139] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16139] write(3, "1000", 4) = 4 [pid 16139] close(3) = 0 [pid 16139] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16139] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16139] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 16139] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 16139] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 16139] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16139] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16139] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10203]}, 88) = 10203 [pid 16139] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 16140 attached [pid 16140] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 16139] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16140] rt_sigprocmask(SIG_SETMASK, [], [pid 16139] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16139] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16140] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16140] memfd_create("syzkaller", 0) = 3 [pid 16140] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 16140] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16140] munmap(0x7fbc5eeed000, 262144) = 0 [pid 16140] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16140] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16140] close(3) = 0 [pid 16140] mkdir("./file1", 0777) = 0 [pid 16140] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16140] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16140] chdir("./file1") = 0 [pid 16140] ioctl(4, LOOP_CLR_FD) = 0 [pid 16140] close(4) = 0 [pid 16140] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16140] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16139] <... futex resumed>) = 0 [pid 16139] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16139] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16140] <... futex resumed>) = 0 [pid 16140] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 16140] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16139] <... futex resumed>) = 0 [pid 16139] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16139] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16139] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 16139] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16139] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16139] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[10204]}, 88) = 10204 [pid 16139] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16139] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16139] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16139] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 16139] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16139] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16139] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[10205]}, 88) = 10205 [pid 16139] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 16144 attached ./strace-static-x86_64: Process 16143 attached [pid 16144] set_robust_list(0x7fbc5ef0b9a0, 24 [pid 16143] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 16139] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16139] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16144] <... set_robust_list resumed>) = 0 [pid 16143] <... set_robust_list resumed>) = 0 [pid 16144] rt_sigprocmask(SIG_SETMASK, [], [pid 16143] rt_sigprocmask(SIG_SETMASK, [], [pid 16144] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16143] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16144] memfd_create("syzkaller", 0 [pid 16143] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 16140] <... futex resumed>) = 1 [pid 16140] memfd_create("syzkaller", 0) = 4 [pid 16140] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16140] close(4) = 0 [pid 16140] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16140] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16143] <... setxattr resumed>) = 0 [pid 16144] <... memfd_create resumed>) = 4 [pid 16144] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16144] close(4) = 0 [pid 16143] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16144] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 16139] <... futex resumed>) = 0 [pid 16139] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16139] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16140] <... futex resumed>) = 0 [pid 16140] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 16143] <... futex resumed>) = 0 [pid 16143] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16144] <... futex resumed>) = 1 [pid 16144] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16140] <... open resumed>) = 4 [pid 16140] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16139] <... futex resumed>) = 0 [pid 16139] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16139] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16140] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 16140] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16139] <... futex resumed>) = 0 [pid 16139] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16139] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16140] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 16140] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16139] <... futex resumed>) = 0 [pid 16139] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16139] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16140] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 16140] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16139] <... futex resumed>) = 0 [pid 16139] close(3) = 0 [pid 16139] close(4) = 0 [pid 16139] close(5) = 0 [pid 16139] close(6) = -1 EBADF (Bad file descriptor) [pid 16139] close(7) = -1 EBADF (Bad file descriptor) [pid 16139] close(8) = -1 EBADF (Bad file descriptor) [pid 16139] close(9) = -1 EBADF (Bad file descriptor) [pid 16139] close(10) = -1 EBADF (Bad file descriptor) [pid 16139] close(11) = -1 EBADF (Bad file descriptor) [pid 16139] close(12) = -1 EBADF (Bad file descriptor) [pid 16139] close(13) = -1 EBADF (Bad file descriptor) [pid 16139] close(14) = -1 EBADF (Bad file descriptor) [pid 16139] close(15) = -1 EBADF (Bad file descriptor) [pid 16139] close(16) = -1 EBADF (Bad file descriptor) [pid 16139] close(17) = -1 EBADF (Bad file descriptor) [pid 16139] close(18) = -1 EBADF (Bad file descriptor) [pid 16139] close(19) = -1 EBADF (Bad file descriptor) [pid 16139] close(20) = -1 EBADF (Bad file descriptor) [pid 16139] close(21) = -1 EBADF (Bad file descriptor) [pid 16139] close(22) = -1 EBADF (Bad file descriptor) [pid 16139] close(23) = -1 EBADF (Bad file descriptor) [pid 16139] close(24) = -1 EBADF (Bad file descriptor) [pid 16139] close(25) = -1 EBADF (Bad file descriptor) [pid 16139] close(26) = -1 EBADF (Bad file descriptor) [pid 16139] close(27) = -1 EBADF (Bad file descriptor) [pid 16139] close(28) = -1 EBADF (Bad file descriptor) [pid 16139] close(29) = -1 EBADF (Bad file descriptor) [pid 16139] exit_group(0 [pid 16144] <... futex resumed>) = ? [pid 16139] <... exit_group resumed>) = ? [pid 16144] +++ exited with 0 +++ [pid 16143] <... futex resumed>) = ? [pid 16143] +++ exited with 0 +++ [pid 16140] <... futex resumed>) = ? [pid 16140] +++ exited with 0 +++ [pid 16139] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10202, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2674", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2674", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2674/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2674/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2674/binderfs") = 0 [ 320.860968][T16140] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2674/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2674/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2674/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2674/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2674/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2674/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2674") = 0 [pid 289] mkdir("./2675", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10206 ./strace-static-x86_64: Process 16145 attached [pid 16145] set_robust_list(0x555556f746a0, 24) = 0 [pid 16145] chdir("./2675") = 0 [pid 16145] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16145] setpgid(0, 0) = 0 [pid 16145] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16145] write(3, "1000", 4) = 4 [pid 16145] close(3) = 0 [pid 16145] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16145] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16145] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 16145] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 16145] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 16145] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16145] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16145] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0}./strace-static-x86_64: Process 16146 attached => {parent_tid=[10207]}, 88) = 10207 [pid 16146] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 16146] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16145] rt_sigprocmask(SIG_SETMASK, [], [pid 16146] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16145] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16145] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16146] <... futex resumed>) = 0 [pid 16145] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16146] memfd_create("syzkaller", 0) = 3 [pid 16146] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 16146] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16146] munmap(0x7fbc5eeed000, 262144) = 0 [pid 16146] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16146] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16146] close(3) = 0 [pid 16146] mkdir("./file1", 0777) = 0 [pid 16146] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16146] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16146] chdir("./file1") = 0 [pid 16146] ioctl(4, LOOP_CLR_FD) = 0 [pid 16146] close(4) = 0 [pid 16146] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16145] <... futex resumed>) = 0 [pid 16145] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16145] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16146] <... futex resumed>) = 1 [pid 16146] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 16146] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16145] <... futex resumed>) = 0 [pid 16145] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16145] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16145] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 16145] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16145] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16145] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[10208]}, 88) = 10208 [pid 16145] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16145] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16145] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16145] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 16145] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16145] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16145] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[10209]}, 88) = 10209 [pid 16145] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16145] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16145] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16146] <... futex resumed>) = 1 [pid 16146] memfd_create("syzkaller", 0) = 4 [pid 16146] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16146] close(4) = 0 [pid 16146] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16146] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 16149 attached [pid 16149] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 16149] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16149] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0) = 0 [pid 16149] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16149] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 16150 attached [pid 16150] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 16150] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16150] memfd_create("syzkaller", 0) = 4 [pid 16150] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16150] close(4) = 0 [pid 16150] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 16145] <... futex resumed>) = 0 [pid 16145] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16146] <... futex resumed>) = 0 [pid 16145] <... futex resumed>) = 1 [pid 16146] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 16145] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16146] <... open resumed>) = 4 [pid 16146] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16145] <... futex resumed>) = 0 [pid 16146] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 16145] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16146] <... mount resumed>) = 0 [pid 16145] <... futex resumed>) = 0 [pid 16146] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16145] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16146] <... futex resumed>) = 0 [pid 16145] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 16146] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 16145] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16146] <... open resumed>) = 5 [pid 16145] <... futex resumed>) = 0 [pid 16146] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16145] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16146] <... futex resumed>) = 0 [pid 16145] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 16146] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 16145] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16145] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16150] <... futex resumed>) = 1 [pid 16150] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16146] <... write resumed>) = 262144 [pid 16146] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16145] <... futex resumed>) = 0 [pid 16145] close(3) = 0 [pid 16145] close(4) = 0 [pid 16145] close(5) = 0 [pid 16145] close(6) = -1 EBADF (Bad file descriptor) [pid 16145] close(7) = -1 EBADF (Bad file descriptor) [pid 16145] close(8) = -1 EBADF (Bad file descriptor) [pid 16145] close(9) = -1 EBADF (Bad file descriptor) [pid 16145] close(10) = -1 EBADF (Bad file descriptor) [pid 16145] close(11) = -1 EBADF (Bad file descriptor) [pid 16145] close(12) = -1 EBADF (Bad file descriptor) [pid 16145] close(13) = -1 EBADF (Bad file descriptor) [pid 16145] close(14) = -1 EBADF (Bad file descriptor) [pid 16145] close(15) = -1 EBADF (Bad file descriptor) [pid 16145] close(16) = -1 EBADF (Bad file descriptor) [pid 16145] close(17) = -1 EBADF (Bad file descriptor) [pid 16145] close(18) = -1 EBADF (Bad file descriptor) [pid 16145] close(19) = -1 EBADF (Bad file descriptor) [pid 16145] close(20) = -1 EBADF (Bad file descriptor) [pid 16145] close(21) = -1 EBADF (Bad file descriptor) [pid 16145] close(22) = -1 EBADF (Bad file descriptor) [pid 16145] close(23) = -1 EBADF (Bad file descriptor) [pid 16145] close(24) = -1 EBADF (Bad file descriptor) [pid 16145] close(25) = -1 EBADF (Bad file descriptor) [pid 16145] close(26) = -1 EBADF (Bad file descriptor) [pid 16145] close(27) = -1 EBADF (Bad file descriptor) [pid 16145] close(28) = -1 EBADF (Bad file descriptor) [pid 16145] close(29) = -1 EBADF (Bad file descriptor) [pid 16145] exit_group(0 [pid 16149] <... futex resumed>) = ? [pid 16145] <... exit_group resumed>) = ? [pid 16149] +++ exited with 0 +++ [pid 16146] <... futex resumed>) = ? [pid 16146] +++ exited with 0 +++ [pid 16150] <... futex resumed>) = ? [pid 16150] +++ exited with 0 +++ [pid 16145] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10206, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2675", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2675", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2675/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2675/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2675/binderfs") = 0 [ 320.992358][T16146] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2675/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2675/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2675/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2675/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2675/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2675/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2675") = 0 [pid 289] mkdir("./2676", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10210 ./strace-static-x86_64: Process 16151 attached [pid 16151] set_robust_list(0x555556f746a0, 24) = 0 [pid 16151] chdir("./2676") = 0 [pid 16151] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16151] setpgid(0, 0) = 0 [pid 16151] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16151] write(3, "1000", 4) = 4 [pid 16151] close(3) = 0 [pid 16151] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16151] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16151] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 16151] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 16151] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 16151] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16151] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16151] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10211]}, 88) = 10211 [pid 16151] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16151] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16151] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 16152 attached [pid 16152] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 16152] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16152] memfd_create("syzkaller", 0) = 3 [pid 16152] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 16152] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16152] munmap(0x7fbc5eeed000, 262144) = 0 [pid 16152] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16152] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16152] close(3) = 0 [pid 16152] mkdir("./file1", 0777) = 0 [pid 16152] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16152] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16152] chdir("./file1") = 0 [pid 16152] ioctl(4, LOOP_CLR_FD) = 0 [pid 16152] close(4) = 0 [pid 16152] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16151] <... futex resumed>) = 0 [pid 16152] setxattr("./file1", NULL, NULL, 0, 0 [pid 16151] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16152] <... setxattr resumed>) = -1 EFAULT (Bad address) [pid 16151] <... futex resumed>) = 0 [pid 16152] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16151] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16152] <... futex resumed>) = 0 [pid 16151] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 16152] memfd_create("syzkaller", 0 [pid 16151] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16152] <... memfd_create resumed>) = 4 [pid 16151] <... futex resumed>) = 0 [pid 16152] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 16151] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16152] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 16151] <... futex resumed>) = 0 [pid 16152] close(4 [pid 16151] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 16152] <... close resumed>) = 0 [pid 16151] <... mmap resumed>) = 0x7fbc5ef0c000 [pid 16152] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16151] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE [pid 16152] <... futex resumed>) = 0 [pid 16151] <... mprotect resumed>) = 0 [pid 16152] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16151] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16151] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[10212]}, 88) = 10212 [pid 16151] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16151] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16151] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16152] <... futex resumed>) = 0 [pid 16151] <... futex resumed>) = 1 [pid 16152] memfd_create("syzkaller", 0 [pid 16151] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16152] <... memfd_create resumed>) = 4 [pid 16152] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16152] close(4) = 0 [pid 16152] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16151] <... futex resumed>) = 0 [pid 16152] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16151] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16152] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 16151] <... futex resumed>) = 0 [pid 16152] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 16151] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16152] <... open resumed>) = 4 [pid 16152] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16151] <... futex resumed>) = 0 [pid 16152] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16151] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16152] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 16151] <... futex resumed>) = 0 [pid 16152] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 16151] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16152] <... mount resumed>) = 0 [pid 16152] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16151] <... futex resumed>) = 0 [pid 16152] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16151] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16152] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 16151] <... futex resumed>) = 0 [pid 16152] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 16151] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16152] <... open resumed>) = 5 [pid 16152] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16151] <... futex resumed>) = 0 [pid 16152] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16151] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16152] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 16151] <... futex resumed>) = 0 [pid 16152] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 16151] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 16155 attached [pid 16155] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 16155] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16155] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 16152] <... write resumed>) = 262144 [pid 16152] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16151] <... futex resumed>) = 0 [pid 16152] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16155] <... setxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 16155] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16155] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16151] close(3) = 0 [pid 16151] close(4) = 0 [pid 16151] close(5) = 0 [pid 16151] close(6) = -1 EBADF (Bad file descriptor) [pid 16151] close(7) = -1 EBADF (Bad file descriptor) [pid 16151] close(8) = -1 EBADF (Bad file descriptor) [pid 16151] close(9) = -1 EBADF (Bad file descriptor) [pid 16151] close(10) = -1 EBADF (Bad file descriptor) [pid 16151] close(11) = -1 EBADF (Bad file descriptor) [pid 16151] close(12) = -1 EBADF (Bad file descriptor) [pid 16151] close(13) = -1 EBADF (Bad file descriptor) [pid 16151] close(14) = -1 EBADF (Bad file descriptor) [pid 16151] close(15) = -1 EBADF (Bad file descriptor) [pid 16151] close(16) = -1 EBADF (Bad file descriptor) [pid 16151] close(17) = -1 EBADF (Bad file descriptor) [pid 16151] close(18) = -1 EBADF (Bad file descriptor) [pid 16151] close(19) = -1 EBADF (Bad file descriptor) [pid 16151] close(20) = -1 EBADF (Bad file descriptor) [pid 16151] close(21) = -1 EBADF (Bad file descriptor) [pid 16151] close(22) = -1 EBADF (Bad file descriptor) [pid 16151] close(23) = -1 EBADF (Bad file descriptor) [pid 16151] close(24) = -1 EBADF (Bad file descriptor) [pid 16151] close(25) = -1 EBADF (Bad file descriptor) [pid 16151] close(26) = -1 EBADF (Bad file descriptor) [pid 16151] close(27) = -1 EBADF (Bad file descriptor) [pid 16151] close(28) = -1 EBADF (Bad file descriptor) [pid 16151] close(29) = -1 EBADF (Bad file descriptor) [pid 16151] exit_group(0) = ? [pid 16152] <... futex resumed>) = ? [pid 16152] +++ exited with 0 +++ [pid 16155] <... futex resumed>) = ? [pid 16155] +++ exited with 0 +++ [pid 16151] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10210, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2676", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2676", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2676/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2676/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2676/binderfs") = 0 [ 321.100808][T16152] EXT4-fs (loop0): 1 truncate cleaned up [ 321.118048][T16155] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5886: Corrupt filesystem [pid 289] umount2("./2676/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2676/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2676/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2676/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2676/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2676/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2676") = 0 [pid 289] mkdir("./2677", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10213 ./strace-static-x86_64: Process 16156 attached [pid 16156] set_robust_list(0x555556f746a0, 24) = 0 [pid 16156] chdir("./2677") = 0 [pid 16156] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16156] setpgid(0, 0) = 0 [pid 16156] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16156] write(3, "1000", 4) = 4 [pid 16156] close(3) = 0 [pid 16156] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16156] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16156] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 16156] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 16156] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 16156] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16156] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16156] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10214]}, 88) = 10214 [pid 16156] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16156] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16156] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 16157 attached [pid 16157] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 16157] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16157] memfd_create("syzkaller", 0) = 3 [pid 16157] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 16157] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16157] munmap(0x7fbc5eeed000, 262144) = 0 [pid 16157] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16157] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16157] close(3) = 0 [pid 16157] mkdir("./file1", 0777) = 0 [pid 16157] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16157] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16157] chdir("./file1") = 0 [pid 16157] ioctl(4, LOOP_CLR_FD) = 0 [pid 16157] close(4) = 0 [pid 16157] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16156] <... futex resumed>) = 0 [pid 16156] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16156] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16157] <... futex resumed>) = 1 [pid 16157] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 16157] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16156] <... futex resumed>) = 0 [pid 16156] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16156] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16156] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 16156] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16156] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16156] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[10215]}, 88) = 10215 [pid 16156] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16156] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16156] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16156] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 16156] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16156] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16156] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[10216]}, 88) = 10216 [pid 16156] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16156] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16156] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16157] <... futex resumed>) = 1 [pid 16157] memfd_create("syzkaller", 0) = 4 [pid 16157] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16157] close(4) = 0 [pid 16157] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16157] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 16160 attached ./strace-static-x86_64: Process 16161 attached [pid 16161] set_robust_list(0x7fbc5ef0b9a0, 24 [pid 16160] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 16161] <... set_robust_list resumed>) = 0 [pid 16160] <... set_robust_list resumed>) = 0 [pid 16161] rt_sigprocmask(SIG_SETMASK, [], [pid 16160] rt_sigprocmask(SIG_SETMASK, [], [pid 16161] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16160] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16161] memfd_create("syzkaller", 0 [pid 16160] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 16161] <... memfd_create resumed>) = 4 [pid 16161] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16161] close(4) = 0 [pid 16161] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 16156] <... futex resumed>) = 0 [pid 16156] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16156] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16157] <... futex resumed>) = 0 [pid 16157] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 16157] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16156] <... futex resumed>) = 0 [pid 16156] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16156] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16157] <... futex resumed>) = 1 [pid 16157] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 16157] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16156] <... futex resumed>) = 0 [pid 16156] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16156] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16157] <... futex resumed>) = 1 [pid 16157] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 16157] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16156] <... futex resumed>) = 0 [pid 16156] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16156] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16157] <... futex resumed>) = 1 [ 321.218705][T16157] EXT4-fs (loop0): 1 truncate cleaned up [ 321.244470][T16160] ================================================================== [ 321.252563][T16160] BUG: KASAN: out-of-bounds in ext4_xattr_set_entry+0x1277/0x3a90 [ 321.260081][T16160] Read of size 18446744073709551552 at addr ffff88811c3252e8 by task syz-executor567/16160 [ 321.269891][T16160] [ 321.272053][T16160] CPU: 0 PID: 16160 Comm: syz-executor567 Not tainted 5.10.194-syzkaller-00508-ga27512601c2d #0 [ 321.282310][T16160] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023 [ 321.292185][T16160] Call Trace: [ 321.295390][T16160] dump_stack_lvl+0x1e2/0x24b [ 321.299835][T16160] ? bfq_pos_tree_add_move+0x43b/0x43b [ 321.305133][T16160] ? panic+0x80b/0x80b [ 321.309109][T16160] print_address_description+0x81/0x3b0 [ 321.314413][T16160] kasan_report+0x179/0x1c0 [pid 16157] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 16161] <... futex resumed>) = 1 [pid 16161] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16157] <... write resumed>) = 262144 [pid 16157] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16156] <... futex resumed>) = 0 [pid 16157] <... futex resumed>) = 1 [pid 16157] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16156] close(3) = 0 [pid 16156] close(4) = 0 [pid 16156] close(5) = 0 [pid 16156] close(6) = -1 EBADF (Bad file descriptor) [pid 16156] close(7) = -1 EBADF (Bad file descriptor) [pid 16156] close(8) = -1 EBADF (Bad file descriptor) [pid 16156] close(9) = -1 EBADF (Bad file descriptor) [pid 16156] close(10) = -1 EBADF (Bad file descriptor) [pid 16156] close(11) = -1 EBADF (Bad file descriptor) [pid 16156] close(12) = -1 EBADF (Bad file descriptor) [pid 16156] close(13) = -1 EBADF (Bad file descriptor) [pid 16156] close(14) = -1 EBADF (Bad file descriptor) [pid 16156] close(15) = -1 EBADF (Bad file descriptor) [pid 16156] close(16) = -1 EBADF (Bad file descriptor) [pid 16156] close(17) = -1 EBADF (Bad file descriptor) [pid 16156] close(18) = -1 EBADF (Bad file descriptor) [ 321.318779][T16160] ? ext4_xattr_set_entry+0x1277/0x3a90 [ 321.324136][T16160] ? ext4_xattr_set_entry+0x1277/0x3a90 [ 321.329680][T16160] kasan_check_range+0x293/0x2a0 [ 321.334451][T16160] ? ext4_xattr_set_entry+0x1277/0x3a90 [ 321.339830][T16160] memmove+0x2d/0x70 [ 321.343561][T16160] ext4_xattr_set_entry+0x1277/0x3a90 [ 321.348935][T16160] ? _raw_spin_unlock_irq+0x4e/0x70 [ 321.353912][T16160] ? ext4_xattr_ibody_set+0x390/0x390 [ 321.359125][T16160] ? __kasan_check_read+0x11/0x20 [ 321.364091][T16160] ? preempt_schedule_irq+0xe7/0x140 [pid 16156] close(19) = -1 EBADF (Bad file descriptor) [pid 16156] close(20) = -1 EBADF (Bad file descriptor) [pid 16156] close(21) = -1 EBADF (Bad file descriptor) [pid 16156] close(22) = -1 EBADF (Bad file descriptor) [pid 16156] close(23) = -1 EBADF (Bad file descriptor) [pid 16156] close(24) = -1 EBADF (Bad file descriptor) [pid 16156] close(25) = -1 EBADF (Bad file descriptor) [pid 16156] close(26) = -1 EBADF (Bad file descriptor) [pid 16156] close(27) = -1 EBADF (Bad file descriptor) [pid 16156] close(28) = -1 EBADF (Bad file descriptor) [pid 16156] close(29) = -1 EBADF (Bad file descriptor) [pid 16156] exit_group(0 [pid 16161] <... futex resumed>) = ? [pid 16157] <... futex resumed>) = ? [pid 16156] <... exit_group resumed>) = ? [pid 16161] +++ exited with 0 +++ [pid 16157] +++ exited with 0 +++ [ 321.369194][T16160] ? preempt_schedule_notrace+0x140/0x140 [ 321.374912][T16160] ? activate_task+0xb0/0xb0 [ 321.379258][T16160] ? irqentry_exit+0x4f/0x60 [ 321.383766][T16160] ? sysvec_reschedule_ipi+0x83/0x160 [ 321.388985][T16160] ext4_xattr_ibody_set+0x124/0x390 [ 321.394022][T16160] ext4_xattr_set_handle+0xc26/0x14e0 [ 321.399223][T16160] ? ext4_xattr_set_entry+0x3a90/0x3a90 [ 321.404605][T16160] ? __kasan_check_read+0x11/0x20 [ 321.409461][T16160] ext4_xattr_set+0x231/0x3d0 [ 321.413972][T16160] ? ext4_xattr_set_credits+0x290/0x290 [ 321.419501][T16160] ? selinux_inode_setxattr+0x621/0xcf0 [ 321.424956][T16160] ext4_xattr_trusted_set+0x3b/0x50 [ 321.429962][T16160] ? ext4_xattr_trusted_get+0x40/0x40 [ 321.435235][T16160] __vfs_setxattr+0x404/0x450 [ 321.439695][T16160] __vfs_setxattr_noperm+0x11d/0x4f0 [ 321.444813][T16160] __vfs_setxattr_locked+0x1f9/0x210 [ 321.449928][T16160] vfs_setxattr+0x112/0x2c0 [ 321.454377][T16160] ? check_stack_object+0x114/0x130 [ 321.459319][T16160] ? xattr_permission+0x380/0x380 [ 321.464170][T16160] setxattr+0x1ea/0x3f0 [ 321.468158][T16160] ? path_setxattr+0x240/0x240 [ 321.472765][T16160] ? __mnt_want_write+0x1f6/0x270 [ 321.477618][T16160] ? mnt_want_write+0x1ba/0x290 [ 321.482410][T16160] path_setxattr+0x169/0x240 [ 321.486823][T16160] ? simple_xattr_list_add+0x120/0x120 [ 321.492361][T16160] ? fpu__clear_all+0x20/0x20 [ 321.496797][T16160] __x64_sys_setxattr+0xc5/0xe0 [ 321.501490][T16160] do_syscall_64+0x34/0x70 [ 321.505744][T16160] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 321.511481][T16160] RIP: 0033:0x7fbc673511c9 [ 321.515739][T16160] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 321.535280][T16160] RSP: 002b:00007fbc5ef2c218 EFLAGS: 00000246 ORIG_RAX: 00000000000000bc [ 321.543518][T16160] RAX: ffffffffffffffda RBX: 00007fbc673d96d8 RCX: 00007fbc673511c9 [ 321.551333][T16160] RDX: 0000000000000000 RSI: 0000000020000240 RDI: 00000000200002c0 [ 321.559306][T16160] RBP: 00007fbc673d96d0 R08: 0000000000000000 R09: 0000000000000000 [ 321.567120][T16160] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbc673a5a90 [ 321.575005][T16160] R13: 0031656c69662f2e R14: 00007ffcb1f7dc20 R15: 6f6f6c2f7665642f [ 321.582914][T16160] [ 321.585079][T16160] The buggy address belongs to the page: [ 321.590561][T16160] page:ffffea000470c940 refcount:3 mapcount:0 mapping:ffff88810044ad10 index:0x2 pfn:0x11c325 [ 321.601182][T16160] aops:def_blk_aops ino:0 [ 321.605368][T16160] flags: 0x4000000000002026(referenced|uptodate|active|private) [ 321.612855][T16160] raw: 4000000000002026 dead000000000100 dead000000000122 ffff88810044ad10 [ 321.621253][T16160] raw: 0000000000000002 ffff88811f84e9d8 00000003ffffffff ffff888100144000 [ 321.629668][T16160] page dumped because: kasan: bad access detected [ 321.636015][T16160] page->mem_cgroup:ffff888100144000 [ 321.641039][T16160] page_owner tracks the page as allocated [ 321.646601][T16160] page last allocated via order 0, migratetype Movable, gfp_mask 0x108c48(GFP_NOFS|__GFP_NOFAIL|__GFP_HARDWALL|__GFP_MOVABLE), pid 16157, ts 321218578083, free_ts 321215858150 [ 321.663857][T16160] prep_new_page+0x166/0x180 [ 321.668247][T16160] get_page_from_freelist+0x2d8c/0x2f30 [ 321.673643][T16160] __alloc_pages_nodemask+0x435/0xaf0 [ 321.678863][T16160] pagecache_get_page+0x669/0x950 [ 321.683838][T16160] __getblk_gfp+0x221/0x7e0 [ 321.688160][T16160] __ext4_get_inode_loc+0x4c2/0xbf0 [ 321.693146][T16160] __ext4_iget+0x516/0x41f0 [ 321.697652][T16160] ext4_orphan_get+0x1e3/0x630 [ 321.702283][T16160] ext4_orphan_cleanup+0x696/0xd50 [ 321.707210][T16160] ext4_fill_super+0x888c/0x9150 [ 321.712026][T16160] mount_bdev+0x262/0x370 [ 321.716179][T16160] ext4_mount+0x34/0x40 [ 321.720136][T16160] legacy_get_tree+0xf1/0x190 [ 321.724651][T16160] vfs_get_tree+0x88/0x290 [ 321.728899][T16160] do_new_mount+0x28b/0xad0 [ 321.733267][T16160] path_mount+0x56f/0xcb0 [ 321.737404][T16160] page last free stack trace: [ 321.741921][T16160] free_unref_page_prepare+0x2ae/0x2d0 [ 321.747219][T16160] free_unref_page_list+0x122/0xb20 [ 321.752287][T16160] release_pages+0xea0/0xef0 [ 321.756689][T16160] free_pages_and_swap_cache+0x8a/0xa0 [ 321.761978][T16160] tlb_finish_mmu+0x177/0x320 [ 321.766558][T16160] unmap_region+0x31c/0x370 [ 321.771114][T16160] __do_munmap+0x699/0x8c0 [ 321.775339][T16160] __se_sys_munmap+0x120/0x1a0 [ 321.779939][T16160] __x64_sys_munmap+0x5b/0x70 [ 321.784461][T16160] do_syscall_64+0x34/0x70 [ 321.788707][T16160] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 321.794441][T16160] [ 321.796649][T16160] Memory state around the buggy address: [ 321.802069][T16160] ffff88811c325180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 321.809969][T16160] ffff88811c325200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 321.817875][T16160] >ffff88811c325280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 321.825768][T16160] ^ [ 321.833055][T16160] ffff88811c325300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 321.840970][T16160] ffff88811c325380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 321.849133][T16160] ================================================================== [ 321.857028][T16160] Disabling lock debugging due to kernel taint [pid 16160] <... setxattr resumed>) = ? [pid 16160] +++ exited with 0 +++ [pid 16156] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10213, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2677", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2677", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2677/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2677/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2677/binderfs") = 0 [ 321.863309][T16160] EXT4-fs warning (device loop0): ext4_update_dynamic_rev:1047: updating to rev 1 because of new feature flag, running e2fsck is recommended [pid 289] umount2("./2677/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2677/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2677/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2677/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2677/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2677/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2677") = 0 [pid 289] mkdir("./2678", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10217 ./strace-static-x86_64: Process 16163 attached [pid 16163] set_robust_list(0x555556f746a0, 24) = 0 [pid 16163] chdir("./2678") = 0 [pid 16163] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16163] setpgid(0, 0) = 0 [pid 16163] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16163] write(3, "1000", 4) = 4 [pid 16163] close(3) = 0 [pid 16163] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16163] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16163] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 16163] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 16163] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 16163] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16163] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16163] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10218]}, 88) = 10218 [pid 16163] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16163] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 16164 attached ) = 0 [pid 16163] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16164] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 16164] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16164] memfd_create("syzkaller", 0) = 3 [pid 16164] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 16164] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16164] munmap(0x7fbc5eeed000, 262144) = 0 [pid 16164] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16164] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16164] close(3) = 0 [pid 16164] mkdir("./file1", 0777) = 0 [pid 16164] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16164] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16164] chdir("./file1") = 0 [pid 16164] ioctl(4, LOOP_CLR_FD) = 0 [pid 16164] close(4) = 0 [pid 16164] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16163] <... futex resumed>) = 0 [pid 16163] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16163] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16164] <... futex resumed>) = 1 [pid 16164] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 16164] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16163] <... futex resumed>) = 0 [pid 16163] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16163] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16163] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 16163] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16163] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16163] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0}./strace-static-x86_64: Process 16167 attached => {parent_tid=[10219]}, 88) = 10219 [pid 16163] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16163] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16163] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16163] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 16167] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 16163] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16163] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16163] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} [pid 16167] <... set_robust_list resumed>) = 0 [pid 16163] <... clone3 resumed> => {parent_tid=[10220]}, 88) = 10220 [pid 16163] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16163] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16167] rt_sigprocmask(SIG_SETMASK, [], [pid 16163] <... futex resumed>) = 0 [pid 16163] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16164] <... futex resumed>) = 1 [pid 16164] memfd_create("syzkaller", 0) = 4 [pid 16167] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16164] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16164] close(4 [pid 16167] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 16164] <... close resumed>) = 0 [pid 16164] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16164] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 16168 attached [pid 16168] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 16168] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16168] memfd_create("syzkaller", 0) = 4 [pid 16168] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16168] close(4) = 0 [pid 16168] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 16163] <... futex resumed>) = 0 [pid 16163] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16163] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16164] <... futex resumed>) = 0 [pid 16164] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 16168] <... futex resumed>) = 1 [pid 16164] <... open resumed>) = 4 [pid 16164] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16163] <... futex resumed>) = 0 [pid 16163] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16163] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16164] <... futex resumed>) = 1 [pid 16164] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 16167] <... setxattr resumed>) = 0 [pid 16167] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16164] <... mount resumed>) = 0 [pid 16164] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16163] <... futex resumed>) = 0 [pid 16163] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16163] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16164] <... futex resumed>) = 1 [pid 16164] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 16167] <... futex resumed>) = 0 [pid 16164] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16163] <... futex resumed>) = 0 [pid 16164] <... futex resumed>) = 1 [pid 16163] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16164] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 16163] <... futex resumed>) = 0 [pid 16167] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16163] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16168] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16164] <... write resumed>) = 262144 [pid 16164] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16163] <... futex resumed>) = 0 [pid 16163] close(3) = 0 [pid 16163] close(4) = 0 [pid 16163] close(5) = 0 [pid 16163] close(6) = -1 EBADF (Bad file descriptor) [pid 16163] close(7) = -1 EBADF (Bad file descriptor) [pid 16163] close(8) = -1 EBADF (Bad file descriptor) [pid 16163] close(9) = -1 EBADF (Bad file descriptor) [pid 16163] close(10) = -1 EBADF (Bad file descriptor) [pid 16163] close(11) = -1 EBADF (Bad file descriptor) [pid 16163] close(12) = -1 EBADF (Bad file descriptor) [pid 16163] close(13) = -1 EBADF (Bad file descriptor) [pid 16163] close(14) = -1 EBADF (Bad file descriptor) [pid 16163] close(15) = -1 EBADF (Bad file descriptor) [pid 16163] close(16) = -1 EBADF (Bad file descriptor) [pid 16163] close(17) = -1 EBADF (Bad file descriptor) [pid 16163] close(18) = -1 EBADF (Bad file descriptor) [pid 16163] close(19) = -1 EBADF (Bad file descriptor) [pid 16163] close(20) = -1 EBADF (Bad file descriptor) [pid 16163] close(21) = -1 EBADF (Bad file descriptor) [pid 16163] close(22) = -1 EBADF (Bad file descriptor) [pid 16163] close(23) = -1 EBADF (Bad file descriptor) [pid 16163] close(24) = -1 EBADF (Bad file descriptor) [pid 16163] close(25) = -1 EBADF (Bad file descriptor) [pid 16163] close(26) = -1 EBADF (Bad file descriptor) [pid 16163] close(27) = -1 EBADF (Bad file descriptor) [pid 16163] close(28) = -1 EBADF (Bad file descriptor) [pid 16163] close(29) = -1 EBADF (Bad file descriptor) [pid 16163] exit_group(0) = ? [pid 16168] <... futex resumed>) = ? [pid 16168] +++ exited with 0 +++ [pid 16167] <... futex resumed>) = ? [pid 16164] <... futex resumed>) = ? [pid 16167] +++ exited with 0 +++ [pid 16164] +++ exited with 0 +++ [pid 16163] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10217, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] umount2("./2678", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2678", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2678/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2678/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2678/binderfs") = 0 [ 321.985845][T16164] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2678/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2678/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2678/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2678/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2678/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2678/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2678") = 0 [pid 289] mkdir("./2679", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10221 ./strace-static-x86_64: Process 16169 attached [pid 16169] set_robust_list(0x555556f746a0, 24) = 0 [pid 16169] chdir("./2679") = 0 [pid 16169] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16169] setpgid(0, 0) = 0 [pid 16169] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16169] write(3, "1000", 4) = 4 [pid 16169] close(3) = 0 [pid 16169] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16169] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16169] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 16169] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 16169] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 16169] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16169] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16169] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10222]}, 88) = 10222 [pid 16169] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16169] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16169] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 16170 attached [pid 16170] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 16170] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16170] memfd_create("syzkaller", 0) = 3 [pid 16170] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 16170] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16170] munmap(0x7fbc5eeed000, 262144) = 0 [pid 16170] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16170] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16170] close(3) = 0 [pid 16170] mkdir("./file1", 0777) = 0 [pid 16170] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16170] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16170] chdir("./file1") = 0 [pid 16170] ioctl(4, LOOP_CLR_FD) = 0 [pid 16170] close(4) = 0 [pid 16170] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16169] <... futex resumed>) = 0 [pid 16169] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16169] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16170] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 16170] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16169] <... futex resumed>) = 0 [pid 16169] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16169] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16169] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 16169] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16169] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16169] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[10223]}, 88) = 10223 [pid 16169] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16169] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16169] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 16173 attached ) = 0 [pid 16173] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 16170] memfd_create("syzkaller", 0 [pid 16169] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 16169] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16169] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16169] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[10224]}, 88) = 10224 [pid 16169] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16169] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16169] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 16174 attached [pid 16174] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 16174] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16174] memfd_create("syzkaller", 0) = 4 [pid 16174] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16174] close(4 [pid 16170] <... memfd_create resumed>) = 5 [pid 16173] <... set_robust_list resumed>) = 0 [pid 16174] <... close resumed>) = 0 [pid 16173] rt_sigprocmask(SIG_SETMASK, [], [pid 16170] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 16174] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 16173] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16170] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 16174] <... futex resumed>) = 1 [pid 16169] <... futex resumed>) = 0 [pid 16174] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 16169] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16169] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16173] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0) = 0 [pid 16170] close(5) = 0 [pid 16174] <... open resumed>) = 4 [pid 16173] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16170] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16174] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 16173] <... futex resumed>) = 0 [pid 16170] <... futex resumed>) = 0 [pid 16169] <... futex resumed>) = 0 [pid 16173] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16170] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16169] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16170] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 16169] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16174] <... futex resumed>) = 1 [pid 16170] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 16174] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16170] <... mount resumed>) = 0 [pid 16170] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16169] <... futex resumed>) = 0 [pid 16169] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16170] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 16169] <... futex resumed>) = 0 [pid 16169] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16170] <... open resumed>) = 5 [pid 16170] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16169] <... futex resumed>) = 0 [pid 16169] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16170] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 16169] <... futex resumed>) = 0 [pid 16169] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16170] <... write resumed>) = 262144 [pid 16170] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16169] <... futex resumed>) = 0 [pid 16169] close(3) = 0 [pid 16169] close(4) = 0 [pid 16169] close(5) = 0 [pid 16169] close(6) = -1 EBADF (Bad file descriptor) [pid 16169] close(7) = -1 EBADF (Bad file descriptor) [pid 16169] close(8) = -1 EBADF (Bad file descriptor) [pid 16169] close(9) = -1 EBADF (Bad file descriptor) [pid 16169] close(10) = -1 EBADF (Bad file descriptor) [pid 16169] close(11) = -1 EBADF (Bad file descriptor) [pid 16169] close(12) = -1 EBADF (Bad file descriptor) [pid 16169] close(13) = -1 EBADF (Bad file descriptor) [pid 16169] close(14) = -1 EBADF (Bad file descriptor) [pid 16169] close(15) = -1 EBADF (Bad file descriptor) [pid 16169] close(16) = -1 EBADF (Bad file descriptor) [pid 16169] close(17) = -1 EBADF (Bad file descriptor) [pid 16169] close(18) = -1 EBADF (Bad file descriptor) [pid 16169] close(19) = -1 EBADF (Bad file descriptor) [pid 16169] close(20) = -1 EBADF (Bad file descriptor) [pid 16169] close(21) = -1 EBADF (Bad file descriptor) [pid 16169] close(22) = -1 EBADF (Bad file descriptor) [pid 16169] close(23) = -1 EBADF (Bad file descriptor) [pid 16169] close(24) = -1 EBADF (Bad file descriptor) [pid 16169] close(25) = -1 EBADF (Bad file descriptor) [pid 16169] close(26) = -1 EBADF (Bad file descriptor) [pid 16169] close(27) = -1 EBADF (Bad file descriptor) [pid 16169] close(28) = -1 EBADF (Bad file descriptor) [pid 16169] close(29) = -1 EBADF (Bad file descriptor) [pid 16169] exit_group(0) = ? [pid 16174] <... futex resumed>) = ? [pid 16173] <... futex resumed>) = ? [pid 16173] +++ exited with 0 +++ [pid 16170] <... futex resumed>) = ? [pid 16170] +++ exited with 0 +++ [pid 16174] +++ exited with 0 +++ [pid 16169] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10221, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2679", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2679", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2679/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2679/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2679/binderfs") = 0 [ 322.098105][T16170] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2679/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2679/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2679/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2679/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2679/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2679/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2679") = 0 [pid 289] mkdir("./2680", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10225 ./strace-static-x86_64: Process 16175 attached [pid 16175] set_robust_list(0x555556f746a0, 24) = 0 [pid 16175] chdir("./2680") = 0 [pid 16175] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16175] setpgid(0, 0) = 0 [pid 16175] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16175] write(3, "1000", 4) = 4 [pid 16175] close(3) = 0 [pid 16175] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16175] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16175] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 16175] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 16175] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 16175] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16175] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16175] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10226]}, 88) = 10226 ./strace-static-x86_64: Process 16176 attached [pid 16175] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16175] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16175] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16176] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 16176] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16176] memfd_create("syzkaller", 0) = 3 [pid 16176] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 16176] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16176] munmap(0x7fbc5eeed000, 262144) = 0 [pid 16176] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16176] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16176] close(3) = 0 [pid 16176] mkdir("./file1", 0777) = 0 [pid 16176] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16176] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16176] chdir("./file1") = 0 [pid 16176] ioctl(4, LOOP_CLR_FD) = 0 [pid 16176] close(4) = 0 [pid 16176] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16176] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16175] <... futex resumed>) = 0 [pid 16175] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16175] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16176] <... futex resumed>) = 0 [pid 16176] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 16176] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16176] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16175] <... futex resumed>) = 0 [pid 16175] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16175] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16175] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 16175] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16175] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16175] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0}./strace-static-x86_64: Process 16179 attached => {parent_tid=[10227]}, 88) = 10227 [pid 16179] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 16175] rt_sigprocmask(SIG_SETMASK, [], [pid 16179] <... set_robust_list resumed>) = 0 [pid 16175] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16179] rt_sigprocmask(SIG_SETMASK, [], [pid 16175] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16179] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16175] <... futex resumed>) = 0 [pid 16179] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 16175] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 16179] <... setxattr resumed>) = 0 [pid 16175] <... futex resumed>) = 0 [pid 16179] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16175] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 16176] <... futex resumed>) = 0 [pid 16176] memfd_create("syzkaller", 0 [pid 16175] <... mmap resumed>) = 0x7fbc5eeeb000 [pid 16176] <... memfd_create resumed>) = 4 [pid 16176] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16176] close(4) = 0 [pid 16176] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16176] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16179] <... futex resumed>) = 0 [pid 16179] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16175] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16175] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16175] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0}./strace-static-x86_64: Process 16180 attached => {parent_tid=[10228]}, 88) = 10228 [pid 16175] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16175] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16175] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16180] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 16180] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16180] memfd_create("syzkaller", 0) = 4 [pid 16180] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16180] close(4) = 0 [pid 16180] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 16175] <... futex resumed>) = 0 [pid 16175] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16175] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16176] <... futex resumed>) = 0 [pid 16176] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 16180] <... futex resumed>) = 1 [pid 16180] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16176] <... open resumed>) = 4 [pid 16176] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16175] <... futex resumed>) = 0 [pid 16176] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16175] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16176] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 16175] <... futex resumed>) = 0 [pid 16176] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 16175] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16176] <... mount resumed>) = 0 [pid 16176] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16175] <... futex resumed>) = 0 [pid 16176] <... futex resumed>) = 1 [pid 16175] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16176] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 16175] <... futex resumed>) = 0 [pid 16175] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16176] <... open resumed>) = 5 [pid 16176] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16175] <... futex resumed>) = 0 [pid 16176] <... futex resumed>) = 1 [pid 16175] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16176] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 16175] <... futex resumed>) = 0 [pid 16175] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16176] <... write resumed>) = 262144 [pid 16176] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16175] <... futex resumed>) = 0 [pid 16175] close(3) = 0 [pid 16175] close(4) = 0 [pid 16175] close(5) = 0 [pid 16175] close(6) = -1 EBADF (Bad file descriptor) [pid 16175] close(7) = -1 EBADF (Bad file descriptor) [pid 16175] close(8) = -1 EBADF (Bad file descriptor) [pid 16175] close(9) = -1 EBADF (Bad file descriptor) [pid 16175] close(10) = -1 EBADF (Bad file descriptor) [pid 16175] close(11) = -1 EBADF (Bad file descriptor) [pid 16175] close(12) = -1 EBADF (Bad file descriptor) [pid 16175] close(13) = -1 EBADF (Bad file descriptor) [pid 16175] close(14) = -1 EBADF (Bad file descriptor) [pid 16175] close(15) = -1 EBADF (Bad file descriptor) [pid 16175] close(16) = -1 EBADF (Bad file descriptor) [pid 16175] close(17) = -1 EBADF (Bad file descriptor) [pid 16175] close(18) = -1 EBADF (Bad file descriptor) [pid 16175] close(19) = -1 EBADF (Bad file descriptor) [pid 16175] close(20) = -1 EBADF (Bad file descriptor) [pid 16175] close(21) = -1 EBADF (Bad file descriptor) [pid 16175] close(22) = -1 EBADF (Bad file descriptor) [pid 16175] close(23) = -1 EBADF (Bad file descriptor) [pid 16175] close(24) = -1 EBADF (Bad file descriptor) [pid 16175] close(25) = -1 EBADF (Bad file descriptor) [pid 16175] close(26) = -1 EBADF (Bad file descriptor) [pid 16175] close(27) = -1 EBADF (Bad file descriptor) [pid 16175] close(28) = -1 EBADF (Bad file descriptor) [pid 16175] close(29) = -1 EBADF (Bad file descriptor) [pid 16175] exit_group(0 [pid 16179] <... futex resumed>) = ? [pid 16175] <... exit_group resumed>) = ? [pid 16179] +++ exited with 0 +++ [pid 16180] <... futex resumed>) = ? [pid 16180] +++ exited with 0 +++ [pid 16176] +++ exited with 0 +++ [pid 16175] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10225, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2680", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2680", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2680/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2680/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2680/binderfs") = 0 [ 322.195185][T16176] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2680/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2680/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2680/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2680/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2680/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2680/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2680") = 0 [pid 289] mkdir("./2681", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10229 ./strace-static-x86_64: Process 16181 attached [pid 16181] set_robust_list(0x555556f746a0, 24) = 0 [pid 16181] chdir("./2681") = 0 [pid 16181] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16181] setpgid(0, 0) = 0 [pid 16181] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16181] write(3, "1000", 4) = 4 [pid 16181] close(3) = 0 [pid 16181] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16181] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16181] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 16181] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 16181] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 16181] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16181] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16181] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10230]}, 88) = 10230 [pid 16181] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16181] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16181] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 16182 attached [pid 16182] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 16182] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16182] memfd_create("syzkaller", 0) = 3 [pid 16182] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 16182] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16182] munmap(0x7fbc5eeed000, 262144) = 0 [pid 16182] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16182] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16182] close(3) = 0 [pid 16182] mkdir("./file1", 0777) = 0 [pid 16182] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16182] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16182] chdir("./file1") = 0 [pid 16182] ioctl(4, LOOP_CLR_FD) = 0 [pid 16182] close(4) = 0 [pid 16182] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16181] <... futex resumed>) = 0 [pid 16182] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16181] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16182] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 16181] <... futex resumed>) = 0 [pid 16182] setxattr("./file1", NULL, NULL, 0, 0 [pid 16181] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16182] <... setxattr resumed>) = -1 EFAULT (Bad address) [pid 16182] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16181] <... futex resumed>) = 0 [pid 16182] memfd_create("syzkaller", 0 [pid 16181] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16181] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16181] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 16182] <... memfd_create resumed>) = 4 [pid 16181] <... mmap resumed>) = 0x7fbc5ef0c000 [pid 16182] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 16181] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE [pid 16182] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 16181] <... mprotect resumed>) = 0 [pid 16182] close(4) = 0 [pid 16181] rt_sigprocmask(SIG_BLOCK, ~[], [pid 16182] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16181] <... rt_sigprocmask resumed>[], 8) = 0 [pid 16182] <... futex resumed>) = 0 [pid 16181] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} [pid 16182] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16181] <... clone3 resumed> => {parent_tid=[10231]}, 88) = 10231 [pid 16181] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16181] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16181] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16181] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16182] <... futex resumed>) = 0 [pid 16182] memfd_create("syzkaller", 0) = 4 [pid 16182] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16182] close(4) = 0 [pid 16182] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16181] <... futex resumed>) = 0 [pid 16181] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16181] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16182] <... futex resumed>) = 1 [pid 16182] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000./strace-static-x86_64: Process 16185 attached [pid 16185] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 16182] <... open resumed>) = 4 [pid 16185] <... set_robust_list resumed>) = 0 [pid 16182] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16185] rt_sigprocmask(SIG_SETMASK, [], [pid 16182] <... futex resumed>) = 1 [pid 16181] <... futex resumed>) = 0 [pid 16181] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16181] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16185] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16182] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 16185] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 16182] <... mount resumed>) = 0 [pid 16185] <... setxattr resumed>) = 0 [pid 16182] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16185] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16182] <... futex resumed>) = 1 [pid 16181] <... futex resumed>) = 0 [pid 16181] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16181] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16185] <... futex resumed>) = 0 [pid 16182] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 16185] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16182] <... open resumed>) = 5 [pid 16182] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16181] <... futex resumed>) = 0 [pid 16181] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16181] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16182] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 16182] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16181] <... futex resumed>) = 0 [pid 16182] <... futex resumed>) = 1 [pid 16182] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16181] close(3) = 0 [pid 16181] close(4) = 0 [pid 16181] close(5) = 0 [pid 16181] close(6) = -1 EBADF (Bad file descriptor) [pid 16181] close(7) = -1 EBADF (Bad file descriptor) [pid 16181] close(8) = -1 EBADF (Bad file descriptor) [pid 16181] close(9) = -1 EBADF (Bad file descriptor) [pid 16181] close(10) = -1 EBADF (Bad file descriptor) [pid 16181] close(11) = -1 EBADF (Bad file descriptor) [pid 16181] close(12) = -1 EBADF (Bad file descriptor) [pid 16181] close(13) = -1 EBADF (Bad file descriptor) [pid 16181] close(14) = -1 EBADF (Bad file descriptor) [pid 16181] close(15) = -1 EBADF (Bad file descriptor) [pid 16181] close(16) = -1 EBADF (Bad file descriptor) [pid 16181] close(17) = -1 EBADF (Bad file descriptor) [pid 16181] close(18) = -1 EBADF (Bad file descriptor) [pid 16181] close(19) = -1 EBADF (Bad file descriptor) [pid 16181] close(20) = -1 EBADF (Bad file descriptor) [pid 16181] close(21) = -1 EBADF (Bad file descriptor) [pid 16181] close(22) = -1 EBADF (Bad file descriptor) [pid 16181] close(23) = -1 EBADF (Bad file descriptor) [pid 16181] close(24) = -1 EBADF (Bad file descriptor) [pid 16181] close(25) = -1 EBADF (Bad file descriptor) [pid 16181] close(26) = -1 EBADF (Bad file descriptor) [pid 16181] close(27) = -1 EBADF (Bad file descriptor) [pid 16181] close(28) = -1 EBADF (Bad file descriptor) [pid 16181] close(29) = -1 EBADF (Bad file descriptor) [pid 16181] exit_group(0) = ? [pid 16185] <... futex resumed>) = 231 [pid 16182] <... futex resumed>) = ? [pid 16182] +++ exited with 0 +++ [pid 16185] +++ exited with 0 +++ [pid 16181] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10229, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2681", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2681", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2681/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2681/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2681/binderfs") = 0 [ 322.338294][T16182] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2681/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2681/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2681/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2681/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2681/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2681/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2681") = 0 [pid 289] mkdir("./2682", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10232 ./strace-static-x86_64: Process 16186 attached [pid 16186] set_robust_list(0x555556f746a0, 24) = 0 [pid 16186] chdir("./2682") = 0 [pid 16186] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16186] setpgid(0, 0) = 0 [pid 16186] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16186] write(3, "1000", 4) = 4 [pid 16186] close(3) = 0 [pid 16186] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16186] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16186] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 16186] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 16186] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 16186] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16186] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16186] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0}./strace-static-x86_64: Process 16187 attached => {parent_tid=[10233]}, 88) = 10233 [pid 16187] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 16187] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16187] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16186] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16186] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16187] <... futex resumed>) = 0 [pid 16186] <... futex resumed>) = 1 [pid 16186] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16187] memfd_create("syzkaller", 0) = 3 [pid 16187] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 16187] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16187] munmap(0x7fbc5eeed000, 262144) = 0 [pid 16187] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16187] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16187] close(3) = 0 [pid 16187] mkdir("./file1", 0777) = 0 [pid 16187] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16187] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16187] chdir("./file1") = 0 [pid 16187] ioctl(4, LOOP_CLR_FD) = 0 [pid 16187] close(4) = 0 [pid 16187] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16186] <... futex resumed>) = 0 [pid 16186] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16186] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16187] <... futex resumed>) = 1 [pid 16187] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 16187] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16186] <... futex resumed>) = 0 [pid 16186] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16186] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16186] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 16186] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16186] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16186] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[10234]}, 88) = 10234 [pid 16186] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16186] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16186] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16186] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 16186] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 ./strace-static-x86_64: Process 16191 attached [pid 16186] rt_sigprocmask(SIG_BLOCK, ~[], [pid 16191] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 16186] <... rt_sigprocmask resumed>[], 8) = 0 [pid 16191] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16191] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 16186] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0}./strace-static-x86_64: Process 16192 attached [pid 16192] set_robust_list(0x7fbc5ef0b9a0, 24 [pid 16186] <... clone3 resumed> => {parent_tid=[10235]}, 88) = 10235 [pid 16186] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16186] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16192] <... set_robust_list resumed>) = 0 [pid 16191] <... setxattr resumed>) = 0 [pid 16186] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16187] <... futex resumed>) = 1 [pid 16187] memfd_create("syzkaller", 0) = 4 [pid 16187] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 16191] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16191] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16192] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16192] memfd_create("syzkaller", 0) = 5 [pid 16192] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16192] close(5) = 0 [pid 16192] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 16186] <... futex resumed>) = 0 [pid 16186] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16186] futex(0x7fbc673d96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16191] <... futex resumed>) = 0 [pid 16191] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 16192] <... futex resumed>) = 1 [pid 16191] <... open resumed>) = 5 [pid 16191] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16186] <... futex resumed>) = 0 [pid 16186] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16186] futex(0x7fbc673d96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16191] <... futex resumed>) = 1 [pid 16191] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 16191] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16186] <... futex resumed>) = 0 [pid 16186] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16186] futex(0x7fbc673d96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16191] <... futex resumed>) = 1 [pid 16191] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 16191] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16186] <... futex resumed>) = 0 [pid 16186] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16186] futex(0x7fbc673d96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16191] <... futex resumed>) = 1 [pid 16191] write(6, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 16187] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 16192] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16187] close(4 [pid 16191] <... write resumed>) = 262144 [pid 16191] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16186] <... futex resumed>) = 0 [pid 16191] <... futex resumed>) = 1 [pid 16191] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16187] <... close resumed>) = 0 [pid 16187] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16187] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16186] close(3) = 0 [pid 16186] close(4) = -1 EBADF (Bad file descriptor) [pid 16186] close(5) = 0 [pid 16186] close(6) = 0 [pid 16186] close(7) = -1 EBADF (Bad file descriptor) [pid 16186] close(8) = -1 EBADF (Bad file descriptor) [pid 16186] close(9) = -1 EBADF (Bad file descriptor) [pid 16186] close(10) = -1 EBADF (Bad file descriptor) [pid 16186] close(11) = -1 EBADF (Bad file descriptor) [pid 16186] close(12) = -1 EBADF (Bad file descriptor) [pid 16186] close(13) = -1 EBADF (Bad file descriptor) [pid 16186] close(14) = -1 EBADF (Bad file descriptor) [pid 16186] close(15) = -1 EBADF (Bad file descriptor) [pid 16186] close(16) = -1 EBADF (Bad file descriptor) [pid 16186] close(17) = -1 EBADF (Bad file descriptor) [pid 16186] close(18) = -1 EBADF (Bad file descriptor) [pid 16186] close(19) = -1 EBADF (Bad file descriptor) [pid 16186] close(20) = -1 EBADF (Bad file descriptor) [pid 16186] close(21) = -1 EBADF (Bad file descriptor) [pid 16186] close(22) = -1 EBADF (Bad file descriptor) [pid 16186] close(23) = -1 EBADF (Bad file descriptor) [pid 16186] close(24) = -1 EBADF (Bad file descriptor) [pid 16186] close(25) = -1 EBADF (Bad file descriptor) [pid 16186] close(26) = -1 EBADF (Bad file descriptor) [pid 16186] close(27) = -1 EBADF (Bad file descriptor) [pid 16186] close(28) = -1 EBADF (Bad file descriptor) [pid 16186] close(29) = -1 EBADF (Bad file descriptor) [pid 16186] exit_group(0) = ? [pid 16192] <... futex resumed>) = ? [pid 16192] +++ exited with 0 +++ [pid 16191] <... futex resumed>) = ? [pid 16187] <... futex resumed>) = ? [pid 16191] +++ exited with 0 +++ [pid 16187] +++ exited with 0 +++ [pid 16186] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10232, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2682", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2682", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2682/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2682/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2682/binderfs") = 0 [pid 289] umount2("./2682/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2682/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2682/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2682/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2682/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2682/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2682") = 0 [pid 289] mkdir("./2683", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10236 ./strace-static-x86_64: Process 16193 attached [pid 16193] set_robust_list(0x555556f746a0, 24) = 0 [pid 16193] chdir("./2683") = 0 [pid 16193] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16193] setpgid(0, 0) = 0 [pid 16193] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16193] write(3, "1000", 4) = 4 [pid 16193] close(3) = 0 [pid 16193] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16193] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16193] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 16193] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 16193] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 16193] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16193] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16193] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10237]}, 88) = 10237 [pid 16193] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16193] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16193] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 16194 attached [pid 16194] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 16194] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16194] memfd_create("syzkaller", 0) = 3 [pid 16194] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 16194] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16194] munmap(0x7fbc5eeed000, 262144) = 0 [pid 16194] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16194] ioctl(4, LOOP_SET_FD, 3) = 0 [ 322.465135][T16187] EXT4-fs (loop0): 1 truncate cleaned up [pid 16194] close(3) = 0 [pid 16194] mkdir("./file1", 0777) = 0 [pid 16194] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16194] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16194] chdir("./file1") = 0 [pid 16194] ioctl(4, LOOP_CLR_FD) = 0 [pid 16194] close(4) = 0 [pid 16194] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16193] <... futex resumed>) = 0 [pid 16193] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16193] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16194] <... futex resumed>) = 1 [pid 16194] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 16194] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16193] <... futex resumed>) = 0 [pid 16193] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16193] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16193] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 16193] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16193] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16193] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[10238]}, 88) = 10238 [pid 16193] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16193] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 16197 attached ) = 0 [pid 16193] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16193] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 16193] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16193] rt_sigprocmask(SIG_BLOCK, ~[], [pid 16197] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 16193] <... rt_sigprocmask resumed>[], 8) = 0 [pid 16193] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} [pid 16197] <... set_robust_list resumed>) = 0 [pid 16194] <... futex resumed>) = 1 ./strace-static-x86_64: Process 16198 attached [pid 16197] rt_sigprocmask(SIG_SETMASK, [], [pid 16194] memfd_create("syzkaller", 0 [pid 16198] set_robust_list(0x7fbc5ef0b9a0, 24 [pid 16194] <... memfd_create resumed>) = 4 [pid 16194] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16194] close(4) = 0 [pid 16194] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16194] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16197] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16197] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0) = 0 [pid 16193] <... clone3 resumed> => {parent_tid=[10239]}, 88) = 10239 [pid 16197] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16197] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16198] <... set_robust_list resumed>) = 0 [pid 16198] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16198] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16193] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16193] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16193] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16198] <... futex resumed>) = 0 [pid 16198] memfd_create("syzkaller", 0) = 4 [pid 16198] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16198] close(4) = 0 [pid 16198] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 16193] <... futex resumed>) = 0 [pid 16193] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16193] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16194] <... futex resumed>) = 0 [pid 16194] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 16198] <... futex resumed>) = 1 [pid 16198] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16194] <... open resumed>) = 4 [pid 16194] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16193] <... futex resumed>) = 0 [pid 16193] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16193] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16194] <... futex resumed>) = 1 [pid 16194] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 16194] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16193] <... futex resumed>) = 0 [pid 16193] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16193] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16194] <... futex resumed>) = 1 [pid 16194] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 16194] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16193] <... futex resumed>) = 0 [pid 16193] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16193] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16194] <... futex resumed>) = 1 [pid 16194] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 16194] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16193] <... futex resumed>) = 0 [pid 16193] close(3) = 0 [pid 16193] close(4) = 0 [pid 16193] close(5) = 0 [pid 16193] close(6) = -1 EBADF (Bad file descriptor) [pid 16193] close(7) = -1 EBADF (Bad file descriptor) [pid 16193] close(8) = -1 EBADF (Bad file descriptor) [pid 16193] close(9) = -1 EBADF (Bad file descriptor) [pid 16193] close(10) = -1 EBADF (Bad file descriptor) [pid 16193] close(11) = -1 EBADF (Bad file descriptor) [pid 16193] close(12) = -1 EBADF (Bad file descriptor) [pid 16193] close(13) = -1 EBADF (Bad file descriptor) [pid 16193] close(14) = -1 EBADF (Bad file descriptor) [pid 16193] close(15) = -1 EBADF (Bad file descriptor) [pid 16193] close(16) = -1 EBADF (Bad file descriptor) [pid 16193] close(17) = -1 EBADF (Bad file descriptor) [pid 16193] close(18) = -1 EBADF (Bad file descriptor) [pid 16193] close(19) = -1 EBADF (Bad file descriptor) [pid 16193] close(20) = -1 EBADF (Bad file descriptor) [pid 16193] close(21) = -1 EBADF (Bad file descriptor) [pid 16193] close(22) = -1 EBADF (Bad file descriptor) [pid 16193] close(23) = -1 EBADF (Bad file descriptor) [pid 16193] close(24) = -1 EBADF (Bad file descriptor) [pid 16193] close(25) = -1 EBADF (Bad file descriptor) [pid 16193] close(26) = -1 EBADF (Bad file descriptor) [pid 16193] close(27) = -1 EBADF (Bad file descriptor) [pid 16193] close(28) = -1 EBADF (Bad file descriptor) [pid 16193] close(29) = -1 EBADF (Bad file descriptor) [pid 16193] exit_group(0) = ? [pid 16197] <... futex resumed>) = ? [pid 16197] +++ exited with 0 +++ [pid 16198] <... futex resumed>) = ? [pid 16194] <... futex resumed>) = ? [pid 16198] +++ exited with 0 +++ [pid 16194] +++ exited with 0 +++ [pid 16193] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10236, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2683", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2683", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2683/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2683/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2683/binderfs") = 0 [pid 289] umount2("./2683/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2683/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2683/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2683/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2683/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2683/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2683") = 0 [pid 289] mkdir("./2684", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [ 322.530340][T16194] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10240 ./strace-static-x86_64: Process 16199 attached [pid 16199] set_robust_list(0x555556f746a0, 24) = 0 [pid 16199] chdir("./2684") = 0 [pid 16199] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16199] setpgid(0, 0) = 0 [pid 16199] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16199] write(3, "1000", 4) = 4 [pid 16199] close(3) = 0 [pid 16199] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16199] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16199] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 16199] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 16199] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 16199] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16199] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16199] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10241]}, 88) = 10241 ./strace-static-x86_64: Process 16200 attached [pid 16199] rt_sigprocmask(SIG_SETMASK, [], [pid 16200] set_robust_list(0x7fbc6730d9a0, 24 [pid 16199] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16199] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16200] <... set_robust_list resumed>) = 0 [pid 16199] <... futex resumed>) = 0 [pid 16200] rt_sigprocmask(SIG_SETMASK, [], [pid 16199] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16200] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16200] memfd_create("syzkaller", 0) = 3 [pid 16200] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 16200] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16200] munmap(0x7fbc5eeed000, 262144) = 0 [pid 16200] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16200] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16200] close(3) = 0 [pid 16200] mkdir("./file1", 0777) = 0 [pid 16200] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16200] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16200] chdir("./file1") = 0 [pid 16200] ioctl(4, LOOP_CLR_FD) = 0 [pid 16200] close(4) = 0 [pid 16200] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16199] <... futex resumed>) = 0 [pid 16199] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16199] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16200] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 16200] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16199] <... futex resumed>) = 0 [pid 16199] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16199] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16199] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 16200] <... futex resumed>) = 1 [pid 16199] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16200] memfd_create("syzkaller", 0 [pid 16199] rt_sigprocmask(SIG_BLOCK, ~[], [pid 16200] <... memfd_create resumed>) = 4 [pid 16200] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 16199] <... rt_sigprocmask resumed>[], 8) = 0 [pid 16199] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[10242]}, 88) = 10242 [pid 16199] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16199] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16199] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16199] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 16199] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 ./strace-static-x86_64: Process 16203 attached [pid 16203] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 16200] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 16199] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16199] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} [pid 16203] <... set_robust_list resumed>) = 0 [pid 16200] close(4 [pid 16203] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 16204 attached NULL, 8) = 0 [pid 16200] <... close resumed>) = 0 [pid 16199] <... clone3 resumed> => {parent_tid=[10243]}, 88) = 10243 [pid 16204] set_robust_list(0x7fbc5ef0b9a0, 24 [pid 16199] rt_sigprocmask(SIG_SETMASK, [], [pid 16204] <... set_robust_list resumed>) = 0 [pid 16199] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16204] rt_sigprocmask(SIG_SETMASK, [], [pid 16199] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16204] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16199] <... futex resumed>) = 0 [pid 16199] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16204] memfd_create("syzkaller", 0) = 4 [pid 16204] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16204] close(4) = 0 [pid 16204] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 16199] <... futex resumed>) = 0 [pid 16203] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 16200] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16199] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16199] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16204] <... futex resumed>) = 1 [pid 16204] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16200] <... futex resumed>) = 1 [pid 16199] <... futex resumed>) = 0 [pid 16199] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16203] <... setxattr resumed>) = 0 [pid 16203] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16203] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16200] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 16200] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16199] <... futex resumed>) = 0 [pid 16199] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16199] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16200] <... futex resumed>) = 1 [pid 16200] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 16200] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16199] <... futex resumed>) = 0 [pid 16199] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16199] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16200] <... futex resumed>) = 1 [pid 16200] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 16200] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16199] <... futex resumed>) = 0 [pid 16199] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16199] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16200] <... futex resumed>) = 1 [pid 16200] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 16200] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16199] <... futex resumed>) = 0 [pid 16199] close(3) = 0 [pid 16199] close(4) = 0 [pid 16199] close(5) = 0 [pid 16199] close(6) = -1 EBADF (Bad file descriptor) [pid 16199] close(7) = -1 EBADF (Bad file descriptor) [pid 16199] close(8) = -1 EBADF (Bad file descriptor) [pid 16199] close(9) = -1 EBADF (Bad file descriptor) [pid 16199] close(10) = -1 EBADF (Bad file descriptor) [pid 16199] close(11) = -1 EBADF (Bad file descriptor) [pid 16199] close(12) = -1 EBADF (Bad file descriptor) [pid 16199] close(13) = -1 EBADF (Bad file descriptor) [pid 16199] close(14) = -1 EBADF (Bad file descriptor) [pid 16199] close(15) = -1 EBADF (Bad file descriptor) [pid 16199] close(16) = -1 EBADF (Bad file descriptor) [pid 16199] close(17) = -1 EBADF (Bad file descriptor) [pid 16199] close(18) = -1 EBADF (Bad file descriptor) [pid 16199] close(19) = -1 EBADF (Bad file descriptor) [pid 16199] close(20) = -1 EBADF (Bad file descriptor) [pid 16199] close(21) = -1 EBADF (Bad file descriptor) [pid 16199] close(22) = -1 EBADF (Bad file descriptor) [pid 16199] close(23) = -1 EBADF (Bad file descriptor) [pid 16199] close(24) = -1 EBADF (Bad file descriptor) [pid 16199] close(25) = -1 EBADF (Bad file descriptor) [pid 16199] close(26) = -1 EBADF (Bad file descriptor) [pid 16199] close(27) = -1 EBADF (Bad file descriptor) [pid 16199] close(28) = -1 EBADF (Bad file descriptor) [pid 16199] close(29) = -1 EBADF (Bad file descriptor) [pid 16199] exit_group(0 [pid 16204] <... futex resumed>) = ? [pid 16203] <... futex resumed>) = ? [pid 16199] <... exit_group resumed>) = ? [pid 16204] +++ exited with 0 +++ [pid 16203] +++ exited with 0 +++ [pid 16200] <... futex resumed>) = ? [pid 16200] +++ exited with 0 +++ [pid 16199] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10240, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2684", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2684", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2684/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2684/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2684/binderfs") = 0 [ 322.612521][T16200] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2684/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2684/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2684/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2684/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2684/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2684/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2684") = 0 [pid 289] mkdir("./2685", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10244 ./strace-static-x86_64: Process 16205 attached [pid 16205] set_robust_list(0x555556f746a0, 24) = 0 [pid 16205] chdir("./2685") = 0 [pid 16205] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16205] setpgid(0, 0) = 0 [pid 16205] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16205] write(3, "1000", 4) = 4 [pid 16205] close(3) = 0 [pid 16205] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16205] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16205] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 16205] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 16205] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 16205] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16205] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16205] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10245]}, 88) = 10245 [pid 16205] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16205] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16205] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 16206 attached [pid 16206] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 16206] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16206] memfd_create("syzkaller", 0) = 3 [pid 16206] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 16206] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16206] munmap(0x7fbc5eeed000, 262144) = 0 [pid 16206] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16206] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16206] close(3) = 0 [pid 16206] mkdir("./file1", 0777) = 0 [pid 16206] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16206] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16206] chdir("./file1") = 0 [pid 16206] ioctl(4, LOOP_CLR_FD) = 0 [pid 16206] close(4) = 0 [pid 16206] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16205] <... futex resumed>) = 0 [pid 16205] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16205] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16206] <... futex resumed>) = 1 [pid 16206] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 16206] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16205] <... futex resumed>) = 0 [pid 16205] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16205] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16205] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 16205] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16205] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16205] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[10246]}, 88) = 10246 [pid 16205] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16205] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16205] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16205] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 16205] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16205] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16205] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[10247]}, 88) = 10247 [pid 16205] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16205] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16205] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16206] <... futex resumed>) = 1 [pid 16206] memfd_create("syzkaller", 0) = 4 [pid 16206] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16206] close(4) = 0 [pid 16206] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16206] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 16209 attached ./strace-static-x86_64: Process 16210 attached [pid 16209] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 16209] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16209] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0) = 0 [pid 16209] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16209] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16210] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 16210] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16210] memfd_create("syzkaller", 0) = 4 [pid 16210] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16210] close(4) = 0 [pid 16210] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16205] <... futex resumed>) = 0 [pid 16210] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16205] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16206] <... futex resumed>) = 0 [pid 16205] <... futex resumed>) = 1 [pid 16206] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 16205] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16206] <... open resumed>) = 4 [pid 16206] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16205] <... futex resumed>) = 0 [pid 16206] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 16205] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16206] <... mount resumed>) = 0 [pid 16205] <... futex resumed>) = 0 [pid 16206] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16205] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16206] <... futex resumed>) = 0 [pid 16205] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 16206] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16205] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16205] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16206] <... futex resumed>) = 0 [pid 16206] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 16206] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16205] <... futex resumed>) = 0 [pid 16205] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16205] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16206] <... futex resumed>) = 1 [pid 16206] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 16206] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16205] <... futex resumed>) = 0 [pid 16205] close(3) = 0 [pid 16205] close(4) = 0 [pid 16205] close(5) = 0 [pid 16205] close(6) = -1 EBADF (Bad file descriptor) [pid 16205] close(7) = -1 EBADF (Bad file descriptor) [pid 16205] close(8) = -1 EBADF (Bad file descriptor) [pid 16205] close(9) = -1 EBADF (Bad file descriptor) [pid 16205] close(10) = -1 EBADF (Bad file descriptor) [pid 16205] close(11) = -1 EBADF (Bad file descriptor) [pid 16205] close(12) = -1 EBADF (Bad file descriptor) [pid 16205] close(13) = -1 EBADF (Bad file descriptor) [pid 16205] close(14) = -1 EBADF (Bad file descriptor) [pid 16205] close(15) = -1 EBADF (Bad file descriptor) [pid 16205] close(16) = -1 EBADF (Bad file descriptor) [pid 16205] close(17) = -1 EBADF (Bad file descriptor) [pid 16205] close(18) = -1 EBADF (Bad file descriptor) [pid 16205] close(19) = -1 EBADF (Bad file descriptor) [pid 16205] close(20) = -1 EBADF (Bad file descriptor) [pid 16205] close(21) = -1 EBADF (Bad file descriptor) [pid 16205] close(22) = -1 EBADF (Bad file descriptor) [pid 16205] close(23) = -1 EBADF (Bad file descriptor) [pid 16205] close(24) = -1 EBADF (Bad file descriptor) [pid 16205] close(25) = -1 EBADF (Bad file descriptor) [pid 16205] close(26) = -1 EBADF (Bad file descriptor) [pid 16205] close(27) = -1 EBADF (Bad file descriptor) [pid 16205] close(28) = -1 EBADF (Bad file descriptor) [pid 16205] close(29) = -1 EBADF (Bad file descriptor) [pid 16205] exit_group(0) = ? [pid 16210] <... futex resumed>) = ? [pid 16209] <... futex resumed>) = ? [pid 16206] <... futex resumed>) = ? [pid 16209] +++ exited with 0 +++ [pid 16210] +++ exited with 0 +++ [pid 16206] +++ exited with 0 +++ [pid 16205] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10244, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2685", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2685", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2685/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2685/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2685/binderfs") = 0 [ 322.741658][T16206] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2685/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2685/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2685/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2685/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2685/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2685/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2685") = 0 [pid 289] mkdir("./2686", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10248 ./strace-static-x86_64: Process 16211 attached [pid 16211] set_robust_list(0x555556f746a0, 24) = 0 [pid 16211] chdir("./2686") = 0 [pid 16211] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16211] setpgid(0, 0) = 0 [pid 16211] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16211] write(3, "1000", 4) = 4 [pid 16211] close(3) = 0 [pid 16211] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16211] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16211] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 16211] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 16211] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 16211] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16211] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16211] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10249]}, 88) = 10249 [pid 16211] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16211] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16211] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 16212 attached [pid 16212] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 16212] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16212] memfd_create("syzkaller", 0) = 3 [pid 16212] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 16212] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16212] munmap(0x7fbc5eeed000, 262144) = 0 [pid 16212] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16212] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16212] close(3) = 0 [pid 16212] mkdir("./file1", 0777) = 0 [pid 16212] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16212] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16212] chdir("./file1") = 0 [pid 16212] ioctl(4, LOOP_CLR_FD) = 0 [pid 16212] close(4) = 0 [pid 16212] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16211] <... futex resumed>) = 0 [pid 16211] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16211] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16212] <... futex resumed>) = 1 [pid 16212] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 16212] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16211] <... futex resumed>) = 0 [pid 16211] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16211] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16211] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 16211] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16211] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16211] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[10250]}, 88) = 10250 [pid 16211] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16211] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16211] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16211] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 16211] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16211] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16211] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[10251]}, 88) = 10251 [pid 16211] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16211] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16211] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16212] <... futex resumed>) = 1 [pid 16212] memfd_create("syzkaller", 0./strace-static-x86_64: Process 16216 attached ./strace-static-x86_64: Process 16215 attached ) = 4 [pid 16212] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 16216] set_robust_list(0x7fbc5ef0b9a0, 24 [pid 16215] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 16212] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 16212] close(4) = 0 [pid 16216] <... set_robust_list resumed>) = 0 [pid 16215] <... set_robust_list resumed>) = 0 [pid 16212] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16212] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16216] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16216] memfd_create("syzkaller", 0 [pid 16215] rt_sigprocmask(SIG_SETMASK, [], [pid 16216] <... memfd_create resumed>) = 4 [pid 16216] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16215] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16216] close(4 [pid 16215] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0) = 0 [pid 16216] <... close resumed>) = 0 [pid 16215] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16215] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16216] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16211] <... futex resumed>) = 0 [pid 16216] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16211] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16211] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16212] <... futex resumed>) = 0 [pid 16212] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 16212] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16211] <... futex resumed>) = 0 [pid 16211] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16211] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16212] <... futex resumed>) = 1 [pid 16212] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 16212] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16211] <... futex resumed>) = 0 [pid 16211] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16211] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16212] <... futex resumed>) = 1 [pid 16212] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 16212] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16211] <... futex resumed>) = 0 [pid 16211] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16211] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16212] <... futex resumed>) = 1 [pid 16212] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 16212] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16211] <... futex resumed>) = 0 [pid 16211] close(3) = 0 [pid 16211] close(4) = 0 [pid 16211] close(5) = 0 [pid 16211] close(6) = -1 EBADF (Bad file descriptor) [pid 16211] close(7) = -1 EBADF (Bad file descriptor) [pid 16211] close(8) = -1 EBADF (Bad file descriptor) [pid 16211] close(9) = -1 EBADF (Bad file descriptor) [pid 16211] close(10) = -1 EBADF (Bad file descriptor) [pid 16211] close(11) = -1 EBADF (Bad file descriptor) [pid 16211] close(12) = -1 EBADF (Bad file descriptor) [pid 16211] close(13) = -1 EBADF (Bad file descriptor) [pid 16211] close(14) = -1 EBADF (Bad file descriptor) [pid 16211] close(15) = -1 EBADF (Bad file descriptor) [pid 16211] close(16) = -1 EBADF (Bad file descriptor) [pid 16211] close(17) = -1 EBADF (Bad file descriptor) [pid 16211] close(18) = -1 EBADF (Bad file descriptor) [pid 16211] close(19) = -1 EBADF (Bad file descriptor) [pid 16211] close(20) = -1 EBADF (Bad file descriptor) [pid 16211] close(21) = -1 EBADF (Bad file descriptor) [pid 16211] close(22) = -1 EBADF (Bad file descriptor) [pid 16211] close(23) = -1 EBADF (Bad file descriptor) [pid 16211] close(24) = -1 EBADF (Bad file descriptor) [pid 16211] close(25) = -1 EBADF (Bad file descriptor) [pid 16211] close(26) = -1 EBADF (Bad file descriptor) [pid 16211] close(27) = -1 EBADF (Bad file descriptor) [pid 16211] close(28) = -1 EBADF (Bad file descriptor) [pid 16211] close(29) = -1 EBADF (Bad file descriptor) [pid 16211] exit_group(0) = ? [pid 16216] <... futex resumed>) = ? [pid 16216] +++ exited with 0 +++ [pid 16215] <... futex resumed>) = ? [pid 16215] +++ exited with 0 +++ [pid 16212] <... futex resumed>) = ? [pid 16212] +++ exited with 0 +++ [pid 16211] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10248, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2686", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2686", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2686/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2686/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2686/binderfs") = 0 [ 322.819660][T16212] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2686/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2686/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2686/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2686/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2686/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2686/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2686") = 0 [pid 289] mkdir("./2687", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10252 ./strace-static-x86_64: Process 16217 attached [pid 16217] set_robust_list(0x555556f746a0, 24) = 0 [pid 16217] chdir("./2687") = 0 [pid 16217] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16217] setpgid(0, 0) = 0 [pid 16217] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16217] write(3, "1000", 4) = 4 [pid 16217] close(3) = 0 [pid 16217] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16217] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16217] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 16217] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 16217] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 16217] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16217] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16217] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10253]}, 88) = 10253 [pid 16217] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16217] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16217] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 16218 attached [pid 16218] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 16218] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16218] memfd_create("syzkaller", 0) = 3 [pid 16218] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 16218] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16218] munmap(0x7fbc5eeed000, 262144) = 0 [pid 16218] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16218] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16218] close(3) = 0 [pid 16218] mkdir("./file1", 0777) = 0 [pid 16218] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16218] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16218] chdir("./file1") = 0 [pid 16218] ioctl(4, LOOP_CLR_FD) = 0 [pid 16218] close(4) = 0 [pid 16218] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16217] <... futex resumed>) = 0 [pid 16217] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16217] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16218] <... futex resumed>) = 1 [pid 16218] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 16218] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16217] <... futex resumed>) = 0 [pid 16217] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16217] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16217] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 16217] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16217] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16217] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[10254]}, 88) = 10254 [pid 16217] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16217] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16217] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16217] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 16217] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16217] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16217] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[10255]}, 88) = 10255 [pid 16217] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16217] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16217] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16218] <... futex resumed>) = 1 [pid 16218] memfd_create("syzkaller", 0) = 4 [pid 16218] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16218] close(4) = 0 [pid 16218] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16218] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 16221 attached [pid 16221] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 16221] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16221] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0) = 0 [pid 16221] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16221] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 16222 attached [pid 16222] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 16222] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16222] memfd_create("syzkaller", 0) = 4 [pid 16222] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16222] close(4) = 0 [pid 16222] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 16217] <... futex resumed>) = 0 [pid 16217] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16218] <... futex resumed>) = 0 [pid 16217] <... futex resumed>) = 1 [pid 16218] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 16217] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16218] <... open resumed>) = 4 [pid 16218] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16217] <... futex resumed>) = 0 [pid 16218] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 16217] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16218] <... mount resumed>) = 0 [pid 16217] <... futex resumed>) = 0 [pid 16218] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16217] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16218] <... futex resumed>) = 0 [pid 16217] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 16218] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 16217] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16218] <... open resumed>) = 5 [pid 16217] <... futex resumed>) = 0 [pid 16218] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16217] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16218] <... futex resumed>) = 0 [pid 16217] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 16218] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 16217] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16222] <... futex resumed>) = 1 [pid 16217] <... futex resumed>) = 0 [pid 16222] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16217] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16218] <... write resumed>) = 262144 [pid 16218] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16217] <... futex resumed>) = 0 [pid 16218] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16217] close(3) = 0 [pid 16217] close(4) = 0 [pid 16217] close(5) = 0 [pid 16217] close(6) = -1 EBADF (Bad file descriptor) [pid 16217] close(7) = -1 EBADF (Bad file descriptor) [pid 16217] close(8) = -1 EBADF (Bad file descriptor) [pid 16217] close(9) = -1 EBADF (Bad file descriptor) [pid 16217] close(10) = -1 EBADF (Bad file descriptor) [pid 16217] close(11) = -1 EBADF (Bad file descriptor) [pid 16217] close(12) = -1 EBADF (Bad file descriptor) [pid 16217] close(13) = -1 EBADF (Bad file descriptor) [pid 16217] close(14) = -1 EBADF (Bad file descriptor) [pid 16217] close(15) = -1 EBADF (Bad file descriptor) [pid 16217] close(16) = -1 EBADF (Bad file descriptor) [pid 16217] close(17) = -1 EBADF (Bad file descriptor) [pid 16217] close(18) = -1 EBADF (Bad file descriptor) [pid 16217] close(19) = -1 EBADF (Bad file descriptor) [pid 16217] close(20) = -1 EBADF (Bad file descriptor) [pid 16217] close(21) = -1 EBADF (Bad file descriptor) [pid 16217] close(22) = -1 EBADF (Bad file descriptor) [pid 16217] close(23) = -1 EBADF (Bad file descriptor) [pid 16217] close(24) = -1 EBADF (Bad file descriptor) [pid 16217] close(25) = -1 EBADF (Bad file descriptor) [pid 16217] close(26) = -1 EBADF (Bad file descriptor) [pid 16217] close(27) = -1 EBADF (Bad file descriptor) [pid 16217] close(28) = -1 EBADF (Bad file descriptor) [pid 16217] close(29) = -1 EBADF (Bad file descriptor) [pid 16217] exit_group(0 [pid 16222] <... futex resumed>) = ? [pid 16221] <... futex resumed>) = ? [pid 16218] <... futex resumed>) = ? [pid 16217] <... exit_group resumed>) = ? [pid 16221] +++ exited with 0 +++ [pid 16218] +++ exited with 0 +++ [pid 16222] +++ exited with 0 +++ [pid 16217] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10252, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2687", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2687", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2687/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2687/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2687/binderfs") = 0 [ 322.938854][T16218] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2687/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2687/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2687/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2687/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2687/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2687/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2687") = 0 [pid 289] mkdir("./2688", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10256 ./strace-static-x86_64: Process 16223 attached [pid 16223] set_robust_list(0x555556f746a0, 24) = 0 [pid 16223] chdir("./2688") = 0 [pid 16223] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16223] setpgid(0, 0) = 0 [pid 16223] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16223] write(3, "1000", 4) = 4 [pid 16223] close(3) = 0 [pid 16223] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16223] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16223] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 16223] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 16223] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 16223] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16223] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16223] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10257]}, 88) = 10257 [pid 16223] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16223] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16223] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 16224 attached [pid 16224] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 16224] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16224] memfd_create("syzkaller", 0) = 3 [pid 16224] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 16224] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16224] munmap(0x7fbc5eeed000, 262144) = 0 [pid 16224] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16224] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16224] close(3) = 0 [pid 16224] mkdir("./file1", 0777) = 0 [pid 16224] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16224] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16224] chdir("./file1") = 0 [pid 16224] ioctl(4, LOOP_CLR_FD) = 0 [pid 16224] close(4) = 0 [pid 16224] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16223] <... futex resumed>) = 0 [pid 16224] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16223] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16224] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 16223] <... futex resumed>) = 0 [pid 16224] setxattr("./file1", NULL, NULL, 0, 0 [pid 16223] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16224] <... setxattr resumed>) = -1 EFAULT (Bad address) [pid 16224] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16223] <... futex resumed>) = 0 [pid 16224] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16223] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16224] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 16223] <... futex resumed>) = 0 [pid 16224] memfd_create("syzkaller", 0 [pid 16223] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16224] <... memfd_create resumed>) = 4 [pid 16223] <... futex resumed>) = 0 [pid 16224] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 16223] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 16224] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 16223] <... mmap resumed>) = 0x7fbc5ef0c000 [pid 16224] close(4 [pid 16223] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE [pid 16224] <... close resumed>) = 0 [pid 16223] <... mprotect resumed>) = 0 [pid 16224] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16223] rt_sigprocmask(SIG_BLOCK, ~[], [pid 16224] <... futex resumed>) = 0 [pid 16223] <... rt_sigprocmask resumed>[], 8) = 0 [pid 16224] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16223] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0}./strace-static-x86_64: Process 16227 attached => {parent_tid=[10258]}, 88) = 10258 [pid 16227] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 16223] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16223] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16223] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16224] <... futex resumed>) = 0 [pid 16223] <... futex resumed>) = 1 [pid 16224] memfd_create("syzkaller", 0 [pid 16223] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16224] <... memfd_create resumed>) = 4 [pid 16227] <... set_robust_list resumed>) = 0 [pid 16224] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16224] close(4) = 0 [pid 16224] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16223] <... futex resumed>) = 0 [pid 16224] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16223] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16224] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 16223] <... futex resumed>) = 0 [pid 16224] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 16223] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16227] rt_sigprocmask(SIG_SETMASK, [], [pid 16224] <... open resumed>) = 4 [pid 16224] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16223] <... futex resumed>) = 0 [pid 16224] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16223] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16224] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 16223] <... futex resumed>) = 0 [pid 16224] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 16223] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16227] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16224] <... mount resumed>) = 0 [pid 16224] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16223] <... futex resumed>) = 0 [pid 16224] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16223] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16227] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 16224] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 16223] <... futex resumed>) = 0 [pid 16224] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 16223] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16224] <... open resumed>) = 5 [pid 16224] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16223] <... futex resumed>) = 0 [pid 16224] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16223] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16224] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 16223] <... futex resumed>) = 0 [pid 16224] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 16223] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16224] <... write resumed>) = 262144 [pid 16224] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16223] <... futex resumed>) = 0 [pid 16224] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16227] <... setxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 16227] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16227] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16223] close(3) = 0 [pid 16223] close(4) = 0 [pid 16223] close(5) = 0 [pid 16223] close(6) = -1 EBADF (Bad file descriptor) [pid 16223] close(7) = -1 EBADF (Bad file descriptor) [pid 16223] close(8) = -1 EBADF (Bad file descriptor) [pid 16223] close(9) = -1 EBADF (Bad file descriptor) [pid 16223] close(10) = -1 EBADF (Bad file descriptor) [pid 16223] close(11) = -1 EBADF (Bad file descriptor) [pid 16223] close(12) = -1 EBADF (Bad file descriptor) [pid 16223] close(13) = -1 EBADF (Bad file descriptor) [pid 16223] close(14) = -1 EBADF (Bad file descriptor) [pid 16223] close(15) = -1 EBADF (Bad file descriptor) [pid 16223] close(16) = -1 EBADF (Bad file descriptor) [pid 16223] close(17) = -1 EBADF (Bad file descriptor) [pid 16223] close(18) = -1 EBADF (Bad file descriptor) [pid 16223] close(19) = -1 EBADF (Bad file descriptor) [pid 16223] close(20) = -1 EBADF (Bad file descriptor) [pid 16223] close(21) = -1 EBADF (Bad file descriptor) [pid 16223] close(22) = -1 EBADF (Bad file descriptor) [pid 16223] close(23) = -1 EBADF (Bad file descriptor) [pid 16223] close(24) = -1 EBADF (Bad file descriptor) [pid 16223] close(25) = -1 EBADF (Bad file descriptor) [pid 16223] close(26) = -1 EBADF (Bad file descriptor) [pid 16223] close(27) = -1 EBADF (Bad file descriptor) [pid 16223] close(28) = -1 EBADF (Bad file descriptor) [pid 16223] close(29) = -1 EBADF (Bad file descriptor) [pid 16223] exit_group(0 [pid 16227] <... futex resumed>) = ? [pid 16224] <... futex resumed>) = ? [pid 16223] <... exit_group resumed>) = ? [pid 16224] +++ exited with 0 +++ [pid 16227] +++ exited with 0 +++ [pid 16223] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10256, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2688", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2688", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2688/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2688/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2688/binderfs") = 0 [pid 289] umount2("./2688/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2688/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2688/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2688/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2688/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2688/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2688") = 0 [pid 289] mkdir("./2689", 0777) = 0 [ 323.059861][T16224] EXT4-fs (loop0): 1 truncate cleaned up [ 323.077101][T16227] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5886: Corrupt filesystem [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10259 ./strace-static-x86_64: Process 16228 attached [pid 16228] set_robust_list(0x555556f746a0, 24) = 0 [pid 16228] chdir("./2689") = 0 [pid 16228] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16228] setpgid(0, 0) = 0 [pid 16228] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16228] write(3, "1000", 4) = 4 [pid 16228] close(3) = 0 [pid 16228] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16228] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16228] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 16228] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 16228] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 16228] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16228] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16228] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10260]}, 88) = 10260 [pid 16228] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16228] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16228] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 16229 attached [pid 16229] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 16229] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16229] memfd_create("syzkaller", 0) = 3 [pid 16229] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 16229] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16229] munmap(0x7fbc5eeed000, 262144) = 0 [pid 16229] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16229] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16229] close(3) = 0 [pid 16229] mkdir("./file1", 0777) = 0 [pid 16229] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16229] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16229] chdir("./file1") = 0 [pid 16229] ioctl(4, LOOP_CLR_FD) = 0 [pid 16229] close(4) = 0 [pid 16229] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16228] <... futex resumed>) = 0 [pid 16228] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16228] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16229] <... futex resumed>) = 1 [pid 16229] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 16229] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16228] <... futex resumed>) = 0 [pid 16228] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16228] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16228] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 16228] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16228] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16228] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[10261]}, 88) = 10261 [pid 16228] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16228] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16228] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16228] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 16228] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16228] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16228] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[10262]}, 88) = 10262 [pid 16228] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16228] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16228] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16229] <... futex resumed>) = 1 [pid 16229] memfd_create("syzkaller", 0) = 4 [pid 16229] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16229] close(4) = 0 [pid 16229] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16229] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 16232 attached [pid 16232] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 16232] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16232] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0) = 0 [pid 16232] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16232] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 16233 attached [pid 16233] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 16233] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16233] memfd_create("syzkaller", 0) = 4 [pid 16233] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16233] close(4) = 0 [pid 16233] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 16228] <... futex resumed>) = 0 [pid 16228] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16229] <... futex resumed>) = 0 [pid 16228] <... futex resumed>) = 1 [pid 16229] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 16228] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16229] <... open resumed>) = 4 [pid 16229] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16228] <... futex resumed>) = 0 [pid 16229] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 16228] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16229] <... mount resumed>) = 0 [pid 16229] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16228] <... futex resumed>) = 0 [pid 16229] <... futex resumed>) = 0 [pid 16228] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16229] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16228] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 16229] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 16228] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16229] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 16228] <... futex resumed>) = 0 [pid 16229] <... open resumed>) = 5 [pid 16228] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16229] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16228] <... futex resumed>) = 0 [pid 16229] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 16228] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16228] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16233] <... futex resumed>) = 1 [pid 16233] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16229] <... write resumed>) = 262144 [pid 16229] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16228] <... futex resumed>) = 0 [pid 16228] close(3) = 0 [pid 16228] close(4) = 0 [pid 16228] close(5) = 0 [pid 16229] <... futex resumed>) = 1 [pid 16228] close(6) = -1 EBADF (Bad file descriptor) [pid 16228] close(7) = -1 EBADF (Bad file descriptor) [pid 16228] close(8) = -1 EBADF (Bad file descriptor) [pid 16228] close(9) = -1 EBADF (Bad file descriptor) [pid 16228] close(10) = -1 EBADF (Bad file descriptor) [pid 16228] close(11) = -1 EBADF (Bad file descriptor) [pid 16228] close(12) = -1 EBADF (Bad file descriptor) [pid 16228] close(13) = -1 EBADF (Bad file descriptor) [pid 16228] close(14) = -1 EBADF (Bad file descriptor) [pid 16228] close(15) = -1 EBADF (Bad file descriptor) [pid 16228] close(16) = -1 EBADF (Bad file descriptor) [pid 16228] close(17) = -1 EBADF (Bad file descriptor) [pid 16228] close(18) = -1 EBADF (Bad file descriptor) [pid 16228] close(19) = -1 EBADF (Bad file descriptor) [pid 16228] close(20) = -1 EBADF (Bad file descriptor) [pid 16228] close(21) = -1 EBADF (Bad file descriptor) [pid 16228] close(22) = -1 EBADF (Bad file descriptor) [pid 16228] close(23) = -1 EBADF (Bad file descriptor) [pid 16228] close(24) = -1 EBADF (Bad file descriptor) [pid 16228] close(25) = -1 EBADF (Bad file descriptor) [pid 16228] close(26) = -1 EBADF (Bad file descriptor) [pid 16228] close(27) = -1 EBADF (Bad file descriptor) [pid 16228] close(28) = -1 EBADF (Bad file descriptor) [pid 16228] close(29) = -1 EBADF (Bad file descriptor) [pid 16228] exit_group(0) = ? [pid 16232] <... futex resumed>) = ? [pid 16229] +++ exited with 0 +++ [pid 16232] +++ exited with 0 +++ [pid 16233] <... futex resumed>) = ? [pid 16233] +++ exited with 0 +++ [pid 16228] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10259, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2689", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2689", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2689/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2689/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2689/binderfs") = 0 [ 323.153708][T16229] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2689/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2689/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2689/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2689/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2689/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2689/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2689") = 0 [pid 289] mkdir("./2690", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10263 ./strace-static-x86_64: Process 16234 attached [pid 16234] set_robust_list(0x555556f746a0, 24) = 0 [pid 16234] chdir("./2690") = 0 [pid 16234] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16234] setpgid(0, 0) = 0 [pid 16234] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16234] write(3, "1000", 4) = 4 [pid 16234] close(3) = 0 [pid 16234] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16234] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16234] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 16234] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 16234] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 16234] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16234] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16234] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10264]}, 88) = 10264 [pid 16234] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16234] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16234] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 16235 attached [pid 16235] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 16235] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16235] memfd_create("syzkaller", 0) = 3 [pid 16235] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 16235] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16235] munmap(0x7fbc5eeed000, 262144) = 0 [pid 16235] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16235] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16235] close(3) = 0 [pid 16235] mkdir("./file1", 0777) = 0 [pid 16235] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16235] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16235] chdir("./file1") = 0 [pid 16235] ioctl(4, LOOP_CLR_FD) = 0 [pid 16235] close(4) = 0 [pid 16235] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16234] <... futex resumed>) = 0 [pid 16234] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16234] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16235] <... futex resumed>) = 1 [pid 16235] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 16235] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16234] <... futex resumed>) = 0 [pid 16234] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16234] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16234] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 16234] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16234] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16234] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[10265]}, 88) = 10265 [pid 16234] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16234] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16234] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16234] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 16234] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16234] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16234] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[10266]}, 88) = 10266 ./strace-static-x86_64: Process 16238 attached ./strace-static-x86_64: Process 16239 attached [pid 16238] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 16235] <... futex resumed>) = 1 [pid 16239] set_robust_list(0x7fbc5ef0b9a0, 24 [pid 16234] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16234] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16234] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16238] <... set_robust_list resumed>) = 0 [pid 16239] <... set_robust_list resumed>) = 0 [pid 16235] memfd_create("syzkaller", 0 [pid 16238] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16238] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 16235] <... memfd_create resumed>) = 4 [pid 16239] rt_sigprocmask(SIG_SETMASK, [], [pid 16238] <... setxattr resumed>) = 0 [pid 16238] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16239] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16238] <... futex resumed>) = 0 [pid 16235] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 16239] memfd_create("syzkaller", 0 [pid 16238] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16239] <... memfd_create resumed>) = 5 [pid 16239] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16235] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 16239] close(5 [pid 16235] close(4 [pid 16239] <... close resumed>) = 0 [pid 16235] <... close resumed>) = 0 [pid 16235] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16235] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16239] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 16234] <... futex resumed>) = 0 [pid 16234] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16234] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16235] <... futex resumed>) = 0 [pid 16235] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 16239] <... futex resumed>) = 1 [pid 16239] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16235] <... open resumed>) = 4 [pid 16235] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16234] <... futex resumed>) = 0 [pid 16234] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16234] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16235] <... futex resumed>) = 1 [pid 16235] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 16235] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16234] <... futex resumed>) = 0 [pid 16234] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16234] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16235] <... futex resumed>) = 1 [pid 16235] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 16235] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16234] <... futex resumed>) = 0 [pid 16234] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16234] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16235] <... futex resumed>) = 1 [pid 16235] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 16235] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16234] <... futex resumed>) = 0 [pid 16235] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16234] close(3) = 0 [pid 16234] close(4) = 0 [pid 16234] close(5) = 0 [pid 16234] close(6) = -1 EBADF (Bad file descriptor) [pid 16234] close(7) = -1 EBADF (Bad file descriptor) [pid 16234] close(8) = -1 EBADF (Bad file descriptor) [pid 16234] close(9) = -1 EBADF (Bad file descriptor) [pid 16234] close(10) = -1 EBADF (Bad file descriptor) [pid 16234] close(11) = -1 EBADF (Bad file descriptor) [pid 16234] close(12) = -1 EBADF (Bad file descriptor) [pid 16234] close(13) = -1 EBADF (Bad file descriptor) [pid 16234] close(14) = -1 EBADF (Bad file descriptor) [pid 16234] close(15) = -1 EBADF (Bad file descriptor) [pid 16234] close(16) = -1 EBADF (Bad file descriptor) [pid 16234] close(17) = -1 EBADF (Bad file descriptor) [pid 16234] close(18) = -1 EBADF (Bad file descriptor) [pid 16234] close(19) = -1 EBADF (Bad file descriptor) [pid 16234] close(20) = -1 EBADF (Bad file descriptor) [pid 16234] close(21) = -1 EBADF (Bad file descriptor) [pid 16234] close(22) = -1 EBADF (Bad file descriptor) [pid 16234] close(23) = -1 EBADF (Bad file descriptor) [pid 16234] close(24) = -1 EBADF (Bad file descriptor) [pid 16234] close(25) = -1 EBADF (Bad file descriptor) [pid 16234] close(26) = -1 EBADF (Bad file descriptor) [pid 16234] close(27) = -1 EBADF (Bad file descriptor) [pid 16234] close(28) = -1 EBADF (Bad file descriptor) [pid 16234] close(29) = -1 EBADF (Bad file descriptor) [pid 16234] exit_group(0 [pid 16238] <... futex resumed>) = ? [pid 16234] <... exit_group resumed>) = ? [pid 16238] +++ exited with 0 +++ [pid 16239] <... futex resumed>) = ? [pid 16239] +++ exited with 0 +++ [pid 16235] <... futex resumed>) = ? [pid 16235] +++ exited with 0 +++ [pid 16234] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10263, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2690", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2690", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2690/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2690/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2690/binderfs") = 0 [ 323.229243][T16235] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2690/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2690/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2690/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2690/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2690/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2690/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2690") = 0 [pid 289] mkdir("./2691", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10267 ./strace-static-x86_64: Process 16240 attached [pid 16240] set_robust_list(0x555556f746a0, 24) = 0 [pid 16240] chdir("./2691") = 0 [pid 16240] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16240] setpgid(0, 0) = 0 [pid 16240] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16240] write(3, "1000", 4) = 4 [pid 16240] close(3) = 0 [pid 16240] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16240] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16240] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 16240] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 16240] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 16240] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16240] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16240] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10268]}, 88) = 10268 [pid 16240] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16240] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16240] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 16241 attached [pid 16241] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 16241] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16241] memfd_create("syzkaller", 0) = 3 [pid 16241] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 16241] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16241] munmap(0x7fbc5eeed000, 262144) = 0 [pid 16241] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16241] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16241] close(3) = 0 [pid 16241] mkdir("./file1", 0777) = 0 [pid 16241] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16241] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16241] chdir("./file1") = 0 [pid 16241] ioctl(4, LOOP_CLR_FD) = 0 [pid 16241] close(4) = 0 [pid 16241] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16241] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16240] <... futex resumed>) = 0 [pid 16240] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16240] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16241] <... futex resumed>) = 0 [pid 16241] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 16241] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16240] <... futex resumed>) = 0 [pid 16240] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16240] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16240] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 16240] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16240] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16240] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[10269]}, 88) = 10269 [pid 16240] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16240] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16240] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16240] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 16240] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16240] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 ./strace-static-x86_64: Process 16244 attached [pid 16240] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0}./strace-static-x86_64: Process 16245 attached [pid 16244] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 16240] <... clone3 resumed> => {parent_tid=[10270]}, 88) = 10270 [pid 16240] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16240] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16240] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16241] <... futex resumed>) = 1 [pid 16241] memfd_create("syzkaller", 0) = 4 [pid 16241] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16241] close(4) = 0 [pid 16241] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16241] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16244] <... set_robust_list resumed>) = 0 [pid 16244] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16244] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0) = 0 [pid 16244] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16244] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16245] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 16245] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16245] memfd_create("syzkaller", 0) = 4 [pid 16245] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16245] close(4) = 0 [pid 16245] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 16240] <... futex resumed>) = 0 [pid 16240] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16240] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16241] <... futex resumed>) = 0 [pid 16241] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 16245] <... futex resumed>) = 1 [pid 16245] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16241] <... open resumed>) = 4 [pid 16241] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16240] <... futex resumed>) = 0 [pid 16240] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16240] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16241] <... futex resumed>) = 1 [pid 16241] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 16241] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16240] <... futex resumed>) = 0 [pid 16240] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16240] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16241] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 16241] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16240] <... futex resumed>) = 0 [pid 16240] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16240] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16241] <... futex resumed>) = 1 [pid 16241] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 16241] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16240] <... futex resumed>) = 0 [pid 16240] close(3) = 0 [pid 16240] close(4) = 0 [pid 16240] close(5 [pid 16241] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16240] <... close resumed>) = 0 [pid 16240] close(6) = -1 EBADF (Bad file descriptor) [pid 16240] close(7) = -1 EBADF (Bad file descriptor) [pid 16240] close(8) = -1 EBADF (Bad file descriptor) [pid 16240] close(9) = -1 EBADF (Bad file descriptor) [pid 16240] close(10) = -1 EBADF (Bad file descriptor) [pid 16240] close(11) = -1 EBADF (Bad file descriptor) [pid 16240] close(12) = -1 EBADF (Bad file descriptor) [pid 16240] close(13) = -1 EBADF (Bad file descriptor) [pid 16240] close(14) = -1 EBADF (Bad file descriptor) [pid 16240] close(15) = -1 EBADF (Bad file descriptor) [pid 16240] close(16) = -1 EBADF (Bad file descriptor) [pid 16240] close(17) = -1 EBADF (Bad file descriptor) [pid 16240] close(18) = -1 EBADF (Bad file descriptor) [pid 16240] close(19) = -1 EBADF (Bad file descriptor) [pid 16240] close(20) = -1 EBADF (Bad file descriptor) [pid 16240] close(21) = -1 EBADF (Bad file descriptor) [pid 16240] close(22) = -1 EBADF (Bad file descriptor) [pid 16240] close(23) = -1 EBADF (Bad file descriptor) [pid 16240] close(24) = -1 EBADF (Bad file descriptor) [pid 16240] close(25) = -1 EBADF (Bad file descriptor) [pid 16240] close(26) = -1 EBADF (Bad file descriptor) [pid 16240] close(27) = -1 EBADF (Bad file descriptor) [pid 16240] close(28) = -1 EBADF (Bad file descriptor) [pid 16240] close(29) = -1 EBADF (Bad file descriptor) [pid 16240] exit_group(0 [pid 16245] <... futex resumed>) = ? [pid 16244] <... futex resumed>) = ? [pid 16240] <... exit_group resumed>) = ? [pid 16245] +++ exited with 0 +++ [pid 16244] +++ exited with 0 +++ [pid 16241] <... futex resumed>) = ? [pid 16241] +++ exited with 0 +++ [pid 16240] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10267, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2691", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2691", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2691/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2691/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2691/binderfs") = 0 [ 323.342859][T16241] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2691/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2691/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2691/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2691/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2691/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2691/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2691") = 0 [pid 289] mkdir("./2692", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10271 ./strace-static-x86_64: Process 16246 attached [pid 16246] set_robust_list(0x555556f746a0, 24) = 0 [pid 16246] chdir("./2692") = 0 [pid 16246] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16246] setpgid(0, 0) = 0 [pid 16246] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16246] write(3, "1000", 4) = 4 [pid 16246] close(3) = 0 [pid 16246] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16246] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16246] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 16246] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 16246] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 16246] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16246] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16246] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0}./strace-static-x86_64: Process 16247 attached => {parent_tid=[10272]}, 88) = 10272 [pid 16247] set_robust_list(0x7fbc6730d9a0, 24 [pid 16246] rt_sigprocmask(SIG_SETMASK, [], [pid 16247] <... set_robust_list resumed>) = 0 [pid 16246] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16247] rt_sigprocmask(SIG_SETMASK, [], [pid 16246] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16247] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16246] <... futex resumed>) = 0 [pid 16246] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16247] memfd_create("syzkaller", 0) = 3 [pid 16247] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 16247] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16247] munmap(0x7fbc5eeed000, 262144) = 0 [pid 16247] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16247] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16247] close(3) = 0 [pid 16247] mkdir("./file1", 0777) = 0 [pid 16247] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16247] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16247] chdir("./file1") = 0 [pid 16247] ioctl(4, LOOP_CLR_FD) = 0 [pid 16247] close(4) = 0 [pid 16247] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16247] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16246] <... futex resumed>) = 0 [pid 16246] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16246] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16247] <... futex resumed>) = 0 [pid 16247] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 16247] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16246] <... futex resumed>) = 0 [pid 16246] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16246] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16246] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 16246] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16246] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16246] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[10273]}, 88) = 10273 [pid 16246] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16246] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16246] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16246] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 16246] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16246] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16246] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0}./strace-static-x86_64: Process 16252 attached ./strace-static-x86_64: Process 16251 attached [pid 16247] <... futex resumed>) = 1 [pid 16251] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 16252] set_robust_list(0x7fbc5ef0b9a0, 24 [pid 16247] memfd_create("syzkaller", 0 [pid 16251] <... set_robust_list resumed>) = 0 [pid 16252] <... set_robust_list resumed>) = 0 [pid 16251] rt_sigprocmask(SIG_SETMASK, [], [pid 16252] rt_sigprocmask(SIG_SETMASK, [], [pid 16247] <... memfd_create resumed>) = 4 [pid 16251] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16252] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16251] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 16252] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16251] <... setxattr resumed>) = 0 [pid 16247] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 16246] <... clone3 resumed> => {parent_tid=[10274]}, 88) = 10274 [pid 16247] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 16246] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16247] close(4 [pid 16246] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16247] <... close resumed>) = 0 [pid 16247] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16247] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16251] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16251] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16246] <... futex resumed>) = 1 [pid 16246] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16252] <... futex resumed>) = 0 [pid 16252] memfd_create("syzkaller", 0) = 4 [pid 16252] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16252] close(4) = 0 [pid 16252] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 16246] <... futex resumed>) = 0 [pid 16246] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16246] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16247] <... futex resumed>) = 0 [pid 16247] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 16252] <... futex resumed>) = 1 [pid 16252] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16247] <... open resumed>) = 4 [pid 16247] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16246] <... futex resumed>) = 0 [pid 16246] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16246] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16247] <... futex resumed>) = 1 [pid 16247] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 16247] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16246] <... futex resumed>) = 0 [pid 16246] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16246] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16247] <... futex resumed>) = 1 [pid 16247] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 16247] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16246] <... futex resumed>) = 0 [pid 16246] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16246] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16247] <... futex resumed>) = 1 [pid 16247] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 16247] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16246] <... futex resumed>) = 0 [pid 16246] close(3) = 0 [pid 16246] close(4) = 0 [pid 16246] close(5) = 0 [pid 16247] <... futex resumed>) = 1 [pid 16246] close(6) = -1 EBADF (Bad file descriptor) [pid 16246] close(7) = -1 EBADF (Bad file descriptor) [pid 16246] close(8) = -1 EBADF (Bad file descriptor) [pid 16246] close(9) = -1 EBADF (Bad file descriptor) [pid 16246] close(10) = -1 EBADF (Bad file descriptor) [pid 16246] close(11) = -1 EBADF (Bad file descriptor) [pid 16246] close(12) = -1 EBADF (Bad file descriptor) [pid 16246] close(13) = -1 EBADF (Bad file descriptor) [pid 16246] close(14) = -1 EBADF (Bad file descriptor) [pid 16246] close(15) = -1 EBADF (Bad file descriptor) [pid 16246] close(16) = -1 EBADF (Bad file descriptor) [pid 16246] close(17) = -1 EBADF (Bad file descriptor) [pid 16246] close(18) = -1 EBADF (Bad file descriptor) [pid 16246] close(19) = -1 EBADF (Bad file descriptor) [pid 16246] close(20) = -1 EBADF (Bad file descriptor) [pid 16246] close(21) = -1 EBADF (Bad file descriptor) [pid 16246] close(22) = -1 EBADF (Bad file descriptor) [pid 16246] close(23) = -1 EBADF (Bad file descriptor) [pid 16246] close(24) = -1 EBADF (Bad file descriptor) [pid 16246] close(25) = -1 EBADF (Bad file descriptor) [pid 16246] close(26) = -1 EBADF (Bad file descriptor) [pid 16246] close(27) = -1 EBADF (Bad file descriptor) [pid 16246] close(28) = -1 EBADF (Bad file descriptor) [pid 16246] close(29) = -1 EBADF (Bad file descriptor) [pid 16246] exit_group(0) = ? [pid 16251] <... futex resumed>) = ? [pid 16251] +++ exited with 0 +++ [pid 16252] <... futex resumed>) = ? [pid 16252] +++ exited with 0 +++ [pid 16247] +++ exited with 0 +++ [pid 16246] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10271, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2692", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2692", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2692/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2692/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2692/binderfs") = 0 [ 323.462709][T16247] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2692/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2692/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2692/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2692/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2692/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2692/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2692") = 0 [pid 289] mkdir("./2693", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10275 ./strace-static-x86_64: Process 16253 attached [pid 16253] set_robust_list(0x555556f746a0, 24) = 0 [pid 16253] chdir("./2693") = 0 [pid 16253] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16253] setpgid(0, 0) = 0 [pid 16253] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16253] write(3, "1000", 4) = 4 [pid 16253] close(3) = 0 [pid 16253] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16253] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16253] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 16253] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 16253] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 16253] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16253] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16253] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10276]}, 88) = 10276 [pid 16253] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16253] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16253] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 16254 attached [pid 16254] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 16254] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16254] memfd_create("syzkaller", 0) = 3 [pid 16254] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 16254] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16254] munmap(0x7fbc5eeed000, 262144) = 0 [pid 16254] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16254] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16254] close(3) = 0 [pid 16254] mkdir("./file1", 0777) = 0 [pid 16254] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16254] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16254] chdir("./file1") = 0 [pid 16254] ioctl(4, LOOP_CLR_FD) = 0 [pid 16254] close(4) = 0 [pid 16254] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16253] <... futex resumed>) = 0 [pid 16253] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16253] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16254] <... futex resumed>) = 1 [pid 16254] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 16254] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16253] <... futex resumed>) = 0 [pid 16253] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16253] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16253] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 16253] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16253] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16253] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[10277]}, 88) = 10277 [pid 16253] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16253] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16253] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16253] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 16253] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16253] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16253] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[10278]}, 88) = 10278 [pid 16253] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16253] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16253] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16254] <... futex resumed>) = 1 [pid 16254] memfd_create("syzkaller", 0./strace-static-x86_64: Process 16258 attached ./strace-static-x86_64: Process 16257 attached [pid 16258] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 16257] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 16258] rt_sigprocmask(SIG_SETMASK, [], [pid 16257] <... set_robust_list resumed>) = 0 [pid 16258] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16254] <... memfd_create resumed>) = 4 [pid 16258] memfd_create("syzkaller", 0 [pid 16257] rt_sigprocmask(SIG_SETMASK, [], [pid 16254] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 16258] <... memfd_create resumed>) = 5 [pid 16258] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16258] close(5) = 0 [pid 16258] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 16253] <... futex resumed>) = 0 [pid 16253] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16253] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16258] <... futex resumed>) = 1 [pid 16258] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 16257] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16254] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 16258] <... open resumed>) = 5 [pid 16257] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 16254] close(4 [pid 16258] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16253] <... futex resumed>) = 0 [pid 16258] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 16253] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16253] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16258] <... mount resumed>) = 0 [pid 16258] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16253] <... futex resumed>) = 0 [pid 16258] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 16253] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16253] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16258] <... open resumed>) = 6 [pid 16257] <... setxattr resumed>) = 0 [pid 16258] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16253] <... futex resumed>) = 0 [pid 16258] write(6, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 16253] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16253] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16257] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16254] <... close resumed>) = 0 [pid 16257] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16254] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16254] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16258] <... write resumed>) = 262144 [pid 16258] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16253] <... futex resumed>) = 0 [pid 16258] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16253] close(3) = 0 [pid 16253] close(4) = -1 EBADF (Bad file descriptor) [pid 16253] close(5) = 0 [pid 16253] close(6) = 0 [pid 16253] close(7) = -1 EBADF (Bad file descriptor) [pid 16253] close(8) = -1 EBADF (Bad file descriptor) [pid 16253] close(9) = -1 EBADF (Bad file descriptor) [pid 16253] close(10) = -1 EBADF (Bad file descriptor) [pid 16253] close(11) = -1 EBADF (Bad file descriptor) [pid 16253] close(12) = -1 EBADF (Bad file descriptor) [pid 16253] close(13) = -1 EBADF (Bad file descriptor) [pid 16253] close(14) = -1 EBADF (Bad file descriptor) [pid 16253] close(15) = -1 EBADF (Bad file descriptor) [pid 16253] close(16) = -1 EBADF (Bad file descriptor) [pid 16253] close(17) = -1 EBADF (Bad file descriptor) [pid 16253] close(18) = -1 EBADF (Bad file descriptor) [pid 16253] close(19) = -1 EBADF (Bad file descriptor) [pid 16253] close(20) = -1 EBADF (Bad file descriptor) [pid 16253] close(21) = -1 EBADF (Bad file descriptor) [pid 16253] close(22) = -1 EBADF (Bad file descriptor) [pid 16253] close(23) = -1 EBADF (Bad file descriptor) [pid 16253] close(24) = -1 EBADF (Bad file descriptor) [pid 16253] close(25) = -1 EBADF (Bad file descriptor) [pid 16253] close(26) = -1 EBADF (Bad file descriptor) [pid 16253] close(27) = -1 EBADF (Bad file descriptor) [pid 16253] close(28) = -1 EBADF (Bad file descriptor) [pid 16253] close(29) = -1 EBADF (Bad file descriptor) [pid 16253] exit_group(0) = ? [pid 16257] <... futex resumed>) = ? [pid 16258] <... futex resumed>) = 231 [pid 16257] +++ exited with 0 +++ [pid 16258] +++ exited with 0 +++ [pid 16254] <... futex resumed>) = ? [pid 16254] +++ exited with 0 +++ [pid 16253] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10275, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2693", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2693", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2693/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2693/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2693/binderfs") = 0 [ 323.579857][T16254] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2693/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2693/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2693/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2693/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2693/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2693/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2693") = 0 [pid 289] mkdir("./2694", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10279 ./strace-static-x86_64: Process 16259 attached [pid 16259] set_robust_list(0x555556f746a0, 24) = 0 [pid 16259] chdir("./2694") = 0 [pid 16259] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16259] setpgid(0, 0) = 0 [pid 16259] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16259] write(3, "1000", 4) = 4 [pid 16259] close(3) = 0 [pid 16259] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16259] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16259] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 16259] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 16259] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 16259] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16259] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16259] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10280]}, 88) = 10280 [pid 16259] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16259] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16259] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 16260 attached [pid 16260] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 16260] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16260] memfd_create("syzkaller", 0) = 3 [pid 16260] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 16260] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16260] munmap(0x7fbc5eeed000, 262144) = 0 [pid 16260] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16260] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16260] close(3) = 0 [pid 16260] mkdir("./file1", 0777) = 0 [pid 16260] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16260] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16260] chdir("./file1") = 0 [pid 16260] ioctl(4, LOOP_CLR_FD) = 0 [pid 16260] close(4) = 0 [pid 16260] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16260] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16259] <... futex resumed>) = 0 [pid 16259] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16260] <... futex resumed>) = 0 [pid 16259] <... futex resumed>) = 1 [pid 16259] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16260] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 16260] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16259] <... futex resumed>) = 0 [pid 16260] <... futex resumed>) = 1 [pid 16259] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16260] memfd_create("syzkaller", 0 [pid 16259] <... futex resumed>) = 0 [pid 16260] <... memfd_create resumed>) = 4 [pid 16259] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16259] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 16260] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 16259] <... mmap resumed>) = 0x7fbc5ef0c000 [pid 16259] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE [pid 16260] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 16259] <... mprotect resumed>) = 0 [pid 16259] rt_sigprocmask(SIG_BLOCK, ~[], [pid 16260] close(4) = 0 [pid 16259] <... rt_sigprocmask resumed>[], 8) = 0 [pid 16259] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} [pid 16260] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16259] <... clone3 resumed> => {parent_tid=[10281]}, 88) = 10281 [pid 16259] rt_sigprocmask(SIG_SETMASK, [], [pid 16260] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16259] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16259] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16259] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16259] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16260] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 16260] memfd_create("syzkaller", 0) = 4 [pid 16260] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16260] close(4) = 0 [pid 16260] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16259] <... futex resumed>) = 0 [pid 16259] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16259] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16260] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 16260] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16259] <... futex resumed>) = 0 [pid 16259] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16259] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16260] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL./strace-static-x86_64: Process 16263 attached [pid 16263] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 16263] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16263] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 16260] <... mount resumed>) = 0 [pid 16260] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16259] <... futex resumed>) = 0 [pid 16260] <... futex resumed>) = 1 [pid 16259] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16259] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16263] <... setxattr resumed>) = 0 [pid 16260] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 16263] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16263] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16260] <... open resumed>) = 5 [pid 16260] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16259] <... futex resumed>) = 0 [pid 16260] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16259] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16260] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 16259] <... futex resumed>) = 0 [pid 16260] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 16259] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16260] <... write resumed>) = 262144 [pid 16260] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16259] <... futex resumed>) = 0 [pid 16260] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16259] close(3) = 0 [pid 16259] close(4) = 0 [pid 16259] close(5) = 0 [pid 16259] close(6) = -1 EBADF (Bad file descriptor) [pid 16259] close(7) = -1 EBADF (Bad file descriptor) [pid 16259] close(8) = -1 EBADF (Bad file descriptor) [pid 16259] close(9) = -1 EBADF (Bad file descriptor) [pid 16259] close(10) = -1 EBADF (Bad file descriptor) [pid 16259] close(11) = -1 EBADF (Bad file descriptor) [pid 16259] close(12) = -1 EBADF (Bad file descriptor) [pid 16259] close(13) = -1 EBADF (Bad file descriptor) [pid 16259] close(14) = -1 EBADF (Bad file descriptor) [pid 16259] close(15) = -1 EBADF (Bad file descriptor) [pid 16259] close(16) = -1 EBADF (Bad file descriptor) [pid 16259] close(17) = -1 EBADF (Bad file descriptor) [pid 16259] close(18) = -1 EBADF (Bad file descriptor) [pid 16259] close(19) = -1 EBADF (Bad file descriptor) [pid 16259] close(20) = -1 EBADF (Bad file descriptor) [pid 16259] close(21) = -1 EBADF (Bad file descriptor) [pid 16259] close(22) = -1 EBADF (Bad file descriptor) [pid 16259] close(23) = -1 EBADF (Bad file descriptor) [pid 16259] close(24) = -1 EBADF (Bad file descriptor) [pid 16259] close(25) = -1 EBADF (Bad file descriptor) [pid 16259] close(26) = -1 EBADF (Bad file descriptor) [pid 16259] close(27) = -1 EBADF (Bad file descriptor) [pid 16259] close(28) = -1 EBADF (Bad file descriptor) [pid 16259] close(29) = -1 EBADF (Bad file descriptor) [pid 16259] exit_group(0) = ? [pid 16263] <... futex resumed>) = ? [pid 16260] <... futex resumed>) = ? [pid 16263] +++ exited with 0 +++ [pid 16260] +++ exited with 0 +++ [pid 16259] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10279, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2694", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2694", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2694/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2694/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2694/binderfs") = 0 [ 323.698654][T16260] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2694/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2694/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2694/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2694/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2694/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2694/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2694") = 0 [pid 289] mkdir("./2695", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10282 ./strace-static-x86_64: Process 16264 attached [pid 16264] set_robust_list(0x555556f746a0, 24) = 0 [pid 16264] chdir("./2695") = 0 [pid 16264] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16264] setpgid(0, 0) = 0 [pid 16264] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16264] write(3, "1000", 4) = 4 [pid 16264] close(3) = 0 [pid 16264] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16264] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16264] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 16264] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 16264] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 16264] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16264] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16264] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10283]}, 88) = 10283 ./strace-static-x86_64: Process 16265 attached [pid 16264] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16264] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16264] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16265] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 16265] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16265] memfd_create("syzkaller", 0) = 3 [pid 16265] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 16265] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16265] munmap(0x7fbc5eeed000, 262144) = 0 [pid 16265] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16265] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16265] close(3) = 0 [pid 16265] mkdir("./file1", 0777) = 0 [pid 16265] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16265] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16265] chdir("./file1") = 0 [pid 16265] ioctl(4, LOOP_CLR_FD) = 0 [pid 16265] close(4) = 0 [pid 16265] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16264] <... futex resumed>) = 0 [pid 16264] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16264] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16265] <... futex resumed>) = 1 [pid 16265] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 16265] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16264] <... futex resumed>) = 0 [pid 16264] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16264] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16264] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 16264] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16264] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16264] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[10284]}, 88) = 10284 [pid 16264] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16264] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16264] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16264] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 16264] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16264] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16264] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[10285]}, 88) = 10285 [pid 16264] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16264] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16264] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16265] <... futex resumed>) = 1 [pid 16265] memfd_create("syzkaller", 0) = 4 [pid 16265] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16265] close(4) = 0 [pid 16265] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16265] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 16268 attached [pid 16268] set_robust_list(0x7fbc5ef2c9a0, 24./strace-static-x86_64: Process 16269 attached ) = 0 [pid 16269] set_robust_list(0x7fbc5ef0b9a0, 24 [pid 16268] rt_sigprocmask(SIG_SETMASK, [], [pid 16269] <... set_robust_list resumed>) = 0 [pid 16268] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16269] rt_sigprocmask(SIG_SETMASK, [], [pid 16268] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 16269] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16269] memfd_create("syzkaller", 0 [pid 16268] <... setxattr resumed>) = 0 [pid 16269] <... memfd_create resumed>) = 4 [pid 16268] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16268] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16269] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16269] close(4) = 0 [pid 16269] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16269] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16264] <... futex resumed>) = 0 [pid 16264] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16264] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16265] <... futex resumed>) = 0 [pid 16265] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 16265] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16264] <... futex resumed>) = 0 [pid 16264] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16264] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16265] <... futex resumed>) = 1 [pid 16265] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 16265] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16264] <... futex resumed>) = 0 [pid 16264] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16265] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 16264] <... futex resumed>) = 0 [pid 16264] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16265] <... open resumed>) = 5 [pid 16265] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16264] <... futex resumed>) = 0 [pid 16264] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16264] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16265] <... futex resumed>) = 1 [pid 16265] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 16265] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16264] <... futex resumed>) = 0 [pid 16264] close(3) = 0 [pid 16264] close(4) = 0 [pid 16264] close(5 [pid 16265] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16264] <... close resumed>) = 0 [pid 16264] close(6) = -1 EBADF (Bad file descriptor) [pid 16264] close(7) = -1 EBADF (Bad file descriptor) [pid 16264] close(8) = -1 EBADF (Bad file descriptor) [pid 16264] close(9) = -1 EBADF (Bad file descriptor) [pid 16264] close(10) = -1 EBADF (Bad file descriptor) [pid 16264] close(11) = -1 EBADF (Bad file descriptor) [pid 16264] close(12) = -1 EBADF (Bad file descriptor) [pid 16264] close(13) = -1 EBADF (Bad file descriptor) [pid 16264] close(14) = -1 EBADF (Bad file descriptor) [pid 16264] close(15) = -1 EBADF (Bad file descriptor) [pid 16264] close(16) = -1 EBADF (Bad file descriptor) [pid 16264] close(17) = -1 EBADF (Bad file descriptor) [pid 16264] close(18) = -1 EBADF (Bad file descriptor) [pid 16264] close(19) = -1 EBADF (Bad file descriptor) [pid 16264] close(20) = -1 EBADF (Bad file descriptor) [pid 16264] close(21) = -1 EBADF (Bad file descriptor) [pid 16264] close(22) = -1 EBADF (Bad file descriptor) [pid 16264] close(23) = -1 EBADF (Bad file descriptor) [pid 16264] close(24) = -1 EBADF (Bad file descriptor) [pid 16264] close(25) = -1 EBADF (Bad file descriptor) [pid 16264] close(26) = -1 EBADF (Bad file descriptor) [pid 16264] close(27) = -1 EBADF (Bad file descriptor) [pid 16264] close(28) = -1 EBADF (Bad file descriptor) [pid 16264] close(29) = -1 EBADF (Bad file descriptor) [pid 16264] exit_group(0 [pid 16265] <... futex resumed>) = ? [pid 16264] <... exit_group resumed>) = ? [pid 16265] +++ exited with 0 +++ [pid 16268] <... futex resumed>) = ? [pid 16269] <... futex resumed>) = ? [pid 16268] +++ exited with 0 +++ [pid 16269] +++ exited with 0 +++ [pid 16264] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10282, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 289] umount2("./2695", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2695", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2695/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2695/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2695/binderfs") = 0 [ 323.871979][T16265] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2695/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2695/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2695/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2695/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2695/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2695/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2695") = 0 [pid 289] mkdir("./2696", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10286 ./strace-static-x86_64: Process 16270 attached [pid 16270] set_robust_list(0x555556f746a0, 24) = 0 [pid 16270] chdir("./2696") = 0 [pid 16270] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16270] setpgid(0, 0) = 0 [pid 16270] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16270] write(3, "1000", 4) = 4 [pid 16270] close(3) = 0 [pid 16270] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16270] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16270] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 16270] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 16270] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 16270] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16270] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16270] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10287]}, 88) = 10287 [pid 16270] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16270] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16270] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 16271 attached [pid 16271] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 16271] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16271] memfd_create("syzkaller", 0) = 3 [pid 16271] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 16271] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16271] munmap(0x7fbc5eeed000, 262144) = 0 [pid 16271] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16271] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16271] close(3) = 0 [pid 16271] mkdir("./file1", 0777) = 0 [pid 16271] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16271] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16271] chdir("./file1") = 0 [pid 16271] ioctl(4, LOOP_CLR_FD) = 0 [pid 16271] close(4) = 0 [pid 16271] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16270] <... futex resumed>) = 0 [pid 16270] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16270] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16271] <... futex resumed>) = 1 [pid 16271] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 16271] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16270] <... futex resumed>) = 0 [pid 16270] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16270] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16270] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 16270] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16270] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16270] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[10288]}, 88) = 10288 [pid 16270] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16270] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16270] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16270] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 16270] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16270] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16270] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0}./strace-static-x86_64: Process 16275 attached ./strace-static-x86_64: Process 16274 attached [pid 16271] <... futex resumed>) = 1 [pid 16270] <... clone3 resumed> => {parent_tid=[10289]}, 88) = 10289 [pid 16270] rt_sigprocmask(SIG_SETMASK, [], [pid 16275] set_robust_list(0x7fbc5ef0b9a0, 24 [pid 16274] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 16271] memfd_create("syzkaller", 0 [pid 16270] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16270] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16270] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16275] <... set_robust_list resumed>) = 0 [pid 16275] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16275] memfd_create("syzkaller", 0) = 4 [pid 16275] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16275] close(4) = 0 [pid 16275] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 16270] <... futex resumed>) = 0 [pid 16270] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16270] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16275] <... futex resumed>) = 1 [pid 16275] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 16274] <... set_robust_list resumed>) = 0 [pid 16274] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16274] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0) = 0 [pid 16274] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16274] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16275] <... open resumed>) = 4 [pid 16271] <... memfd_create resumed>) = 5 [pid 16275] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 16270] <... futex resumed>) = 0 [pid 16270] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16271] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 16270] futex(0x7fbc673d96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16275] <... futex resumed>) = 1 [pid 16274] <... futex resumed>) = 0 [pid 16271] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 16271] close(5 [pid 16275] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16274] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 16271] <... close resumed>) = 0 [pid 16271] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16271] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16274] <... mount resumed>) = 0 [pid 16274] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16270] <... futex resumed>) = 0 [pid 16270] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16270] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16274] <... futex resumed>) = 1 [pid 16271] <... futex resumed>) = 0 [pid 16274] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16271] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 16271] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16270] <... futex resumed>) = 0 [pid 16270] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16270] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16271] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 16271] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16270] <... futex resumed>) = 0 [pid 16271] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16270] close(3) = 0 [pid 16270] close(4) = 0 [pid 16270] close(5) = 0 [pid 16270] close(6) = -1 EBADF (Bad file descriptor) [pid 16270] close(7) = -1 EBADF (Bad file descriptor) [pid 16270] close(8) = -1 EBADF (Bad file descriptor) [pid 16270] close(9) = -1 EBADF (Bad file descriptor) [pid 16270] close(10) = -1 EBADF (Bad file descriptor) [pid 16270] close(11) = -1 EBADF (Bad file descriptor) [pid 16270] close(12) = -1 EBADF (Bad file descriptor) [pid 16270] close(13) = -1 EBADF (Bad file descriptor) [pid 16270] close(14) = -1 EBADF (Bad file descriptor) [pid 16270] close(15) = -1 EBADF (Bad file descriptor) [pid 16270] close(16) = -1 EBADF (Bad file descriptor) [pid 16270] close(17) = -1 EBADF (Bad file descriptor) [pid 16270] close(18) = -1 EBADF (Bad file descriptor) [pid 16270] close(19) = -1 EBADF (Bad file descriptor) [pid 16270] close(20) = -1 EBADF (Bad file descriptor) [pid 16270] close(21) = -1 EBADF (Bad file descriptor) [pid 16270] close(22) = -1 EBADF (Bad file descriptor) [pid 16270] close(23) = -1 EBADF (Bad file descriptor) [pid 16270] close(24) = -1 EBADF (Bad file descriptor) [pid 16270] close(25) = -1 EBADF (Bad file descriptor) [pid 16270] close(26) = -1 EBADF (Bad file descriptor) [pid 16270] close(27) = -1 EBADF (Bad file descriptor) [pid 16270] close(28) = -1 EBADF (Bad file descriptor) [pid 16270] close(29) = -1 EBADF (Bad file descriptor) [pid 16270] exit_group(0) = ? [pid 16274] <... futex resumed>) = 231 [pid 16275] <... futex resumed>) = ? [pid 16275] +++ exited with 0 +++ [pid 16274] +++ exited with 0 +++ [pid 16271] <... futex resumed>) = ? [pid 16271] +++ exited with 0 +++ [pid 16270] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10286, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2696", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2696", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2696/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2696/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2696/binderfs") = 0 [pid 289] umount2("./2696/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2696/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2696/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2696/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2696/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 323.959506][T16271] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2696/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2696") = 0 [pid 289] mkdir("./2697", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10290 ./strace-static-x86_64: Process 16276 attached [pid 16276] set_robust_list(0x555556f746a0, 24) = 0 [pid 16276] chdir("./2697") = 0 [pid 16276] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16276] setpgid(0, 0) = 0 [pid 16276] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16276] write(3, "1000", 4) = 4 [pid 16276] close(3) = 0 [pid 16276] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16276] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16276] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 16276] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 16276] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 16276] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16276] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16276] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10291]}, 88) = 10291 ./strace-static-x86_64: Process 16277 attached [pid 16277] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 16277] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16276] rt_sigprocmask(SIG_SETMASK, [], [pid 16277] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16276] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16276] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16276] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16277] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 16277] memfd_create("syzkaller", 0) = 3 [pid 16277] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 16277] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16277] munmap(0x7fbc5eeed000, 262144) = 0 [pid 16277] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16277] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16277] close(3) = 0 [pid 16277] mkdir("./file1", 0777) = 0 [pid 16277] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16277] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16277] chdir("./file1") = 0 [pid 16277] ioctl(4, LOOP_CLR_FD) = 0 [pid 16277] close(4) = 0 [pid 16277] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16276] <... futex resumed>) = 0 [pid 16276] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16276] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16277] <... futex resumed>) = 1 [pid 16277] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 16277] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16276] <... futex resumed>) = 0 [pid 16276] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16276] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16276] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 16276] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16276] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16276] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[10292]}, 88) = 10292 [pid 16276] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16276] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16276] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16276] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 16276] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16276] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16276] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[10293]}, 88) = 10293 [pid 16276] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16276] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16276] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16277] <... futex resumed>) = 1 [pid 16277] memfd_create("syzkaller", 0) = 4 [pid 16277] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16277] close(4) = 0 ./strace-static-x86_64: Process 16280 attached [pid 16277] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16277] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 16281 attached [pid 16281] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 16281] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16281] memfd_create("syzkaller", 0 [pid 16280] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 16281] <... memfd_create resumed>) = 4 [pid 16281] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 16280] <... set_robust_list resumed>) = 0 [pid 16281] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 16281] close(4 [pid 16280] rt_sigprocmask(SIG_SETMASK, [], [pid 16281] <... close resumed>) = 0 [pid 16280] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16281] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 16280] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 16281] <... futex resumed>) = 1 [pid 16280] <... setxattr resumed>) = 0 [pid 16276] <... futex resumed>) = 0 [pid 16276] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16276] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16281] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16280] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16277] <... futex resumed>) = 0 [pid 16277] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 16280] <... futex resumed>) = 0 [pid 16280] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16277] <... open resumed>) = 4 [pid 16277] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16276] <... futex resumed>) = 0 [pid 16276] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16276] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16277] <... futex resumed>) = 1 [pid 16277] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 16277] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16276] <... futex resumed>) = 0 [pid 16276] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16277] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 16276] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16277] <... open resumed>) = 5 [pid 16277] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16276] <... futex resumed>) = 0 [pid 16276] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16277] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 16276] <... futex resumed>) = 0 [pid 16276] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16277] <... write resumed>) = 262144 [pid 16277] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16276] <... futex resumed>) = 0 [pid 16276] close(3) = 0 [pid 16276] close(4) = 0 [pid 16276] close(5 [pid 16277] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16276] <... close resumed>) = 0 [pid 16276] close(6) = -1 EBADF (Bad file descriptor) [pid 16276] close(7) = -1 EBADF (Bad file descriptor) [pid 16276] close(8) = -1 EBADF (Bad file descriptor) [pid 16276] close(9) = -1 EBADF (Bad file descriptor) [pid 16276] close(10) = -1 EBADF (Bad file descriptor) [pid 16276] close(11) = -1 EBADF (Bad file descriptor) [pid 16276] close(12) = -1 EBADF (Bad file descriptor) [pid 16276] close(13) = -1 EBADF (Bad file descriptor) [pid 16276] close(14) = -1 EBADF (Bad file descriptor) [pid 16276] close(15) = -1 EBADF (Bad file descriptor) [pid 16276] close(16) = -1 EBADF (Bad file descriptor) [pid 16276] close(17) = -1 EBADF (Bad file descriptor) [pid 16276] close(18) = -1 EBADF (Bad file descriptor) [pid 16276] close(19) = -1 EBADF (Bad file descriptor) [pid 16276] close(20) = -1 EBADF (Bad file descriptor) [pid 16276] close(21) = -1 EBADF (Bad file descriptor) [pid 16276] close(22) = -1 EBADF (Bad file descriptor) [pid 16276] close(23) = -1 EBADF (Bad file descriptor) [pid 16276] close(24) = -1 EBADF (Bad file descriptor) [pid 16276] close(25) = -1 EBADF (Bad file descriptor) [pid 16276] close(26) = -1 EBADF (Bad file descriptor) [pid 16276] close(27) = -1 EBADF (Bad file descriptor) [pid 16276] close(28) = -1 EBADF (Bad file descriptor) [pid 16276] close(29) = -1 EBADF (Bad file descriptor) [pid 16276] exit_group(0) = ? [pid 16280] <... futex resumed>) = ? [pid 16280] +++ exited with 0 +++ [pid 16277] <... futex resumed>) = ? [pid 16281] <... futex resumed>) = ? [pid 16277] +++ exited with 0 +++ [pid 16281] +++ exited with 0 +++ [pid 16276] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10290, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2697", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2697", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2697/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2697/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2697/binderfs") = 0 [ 324.038922][T16277] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2697/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2697/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2697/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2697/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2697/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2697/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2697") = 0 [pid 289] mkdir("./2698", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10294 ./strace-static-x86_64: Process 16282 attached [pid 16282] set_robust_list(0x555556f746a0, 24) = 0 [pid 16282] chdir("./2698") = 0 [pid 16282] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16282] setpgid(0, 0) = 0 [pid 16282] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16282] write(3, "1000", 4) = 4 [pid 16282] close(3) = 0 [pid 16282] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16282] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16282] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 16282] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 16282] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 16282] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16282] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16282] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10295]}, 88) = 10295 [pid 16282] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16282] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16282] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 16283 attached [pid 16283] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 16283] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16283] memfd_create("syzkaller", 0) = 3 [pid 16283] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 16283] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16283] munmap(0x7fbc5eeed000, 262144) = 0 [pid 16283] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16283] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16283] close(3) = 0 [pid 16283] mkdir("./file1", 0777) = 0 [pid 16283] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16283] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16283] chdir("./file1") = 0 [pid 16283] ioctl(4, LOOP_CLR_FD) = 0 [pid 16283] close(4) = 0 [pid 16283] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16283] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16282] <... futex resumed>) = 0 [pid 16282] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16282] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16283] <... futex resumed>) = 0 [pid 16283] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 16283] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16282] <... futex resumed>) = 0 [pid 16282] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16282] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16282] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 16282] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16283] <... futex resumed>) = 1 [pid 16282] rt_sigprocmask(SIG_BLOCK, ~[], [pid 16283] memfd_create("syzkaller", 0 [pid 16282] <... rt_sigprocmask resumed>[], 8) = 0 [pid 16282] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} [pid 16283] <... memfd_create resumed>) = 4 [pid 16282] <... clone3 resumed> => {parent_tid=[10296]}, 88) = 10296 [pid 16283] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 16282] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16282] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16283] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 16282] <... futex resumed>) = 0 [pid 16282] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16282] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 16282] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16282] rt_sigprocmask(SIG_BLOCK, ~[], [pid 16283] close(4 [pid 16282] <... rt_sigprocmask resumed>[], 8) = 0 [pid 16283] <... close resumed>) = 0 [pid 16282] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} [pid 16283] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 16287 attached [pid 16282] <... clone3 resumed> => {parent_tid=[10297]}, 88) = 10297 [pid 16282] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16282] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16282] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 16286 attached [pid 16287] set_robust_list(0x7fbc5ef0b9a0, 24 [pid 16283] <... futex resumed>) = 0 [pid 16287] <... set_robust_list resumed>) = 0 [pid 16287] rt_sigprocmask(SIG_SETMASK, [], [pid 16283] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16286] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 16286] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16287] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16286] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 16287] memfd_create("syzkaller", 0) = 4 [pid 16286] <... setxattr resumed>) = 0 [pid 16286] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16286] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16287] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16287] close(4) = 0 [pid 16287] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 16282] <... futex resumed>) = 0 [pid 16282] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16282] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16287] <... futex resumed>) = 1 [pid 16287] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16283] <... futex resumed>) = 0 [pid 16283] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 16283] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16282] <... futex resumed>) = 0 [pid 16282] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16282] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16283] <... futex resumed>) = 1 [pid 16283] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 16283] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16282] <... futex resumed>) = 0 [pid 16282] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16282] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16283] <... futex resumed>) = 1 [pid 16283] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 16283] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16282] <... futex resumed>) = 0 [pid 16282] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16282] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16283] <... futex resumed>) = 1 [pid 16283] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 16283] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16282] <... futex resumed>) = 0 [pid 16282] close(3) = 0 [pid 16282] close(4) = 0 [pid 16282] close(5) = 0 [pid 16282] close(6) = -1 EBADF (Bad file descriptor) [pid 16282] close(7) = -1 EBADF (Bad file descriptor) [pid 16282] close(8) = -1 EBADF (Bad file descriptor) [pid 16282] close(9) = -1 EBADF (Bad file descriptor) [pid 16282] close(10) = -1 EBADF (Bad file descriptor) [pid 16282] close(11) = -1 EBADF (Bad file descriptor) [pid 16282] close(12) = -1 EBADF (Bad file descriptor) [pid 16282] close(13) = -1 EBADF (Bad file descriptor) [pid 16282] close(14) = -1 EBADF (Bad file descriptor) [pid 16282] close(15) = -1 EBADF (Bad file descriptor) [pid 16282] close(16) = -1 EBADF (Bad file descriptor) [pid 16282] close(17) = -1 EBADF (Bad file descriptor) [pid 16282] close(18) = -1 EBADF (Bad file descriptor) [pid 16282] close(19) = -1 EBADF (Bad file descriptor) [pid 16282] close(20) = -1 EBADF (Bad file descriptor) [pid 16282] close(21) = -1 EBADF (Bad file descriptor) [pid 16282] close(22) = -1 EBADF (Bad file descriptor) [pid 16282] close(23) = -1 EBADF (Bad file descriptor) [pid 16282] close(24) = -1 EBADF (Bad file descriptor) [pid 16282] close(25) = -1 EBADF (Bad file descriptor) [pid 16282] close(26) = -1 EBADF (Bad file descriptor) [pid 16282] close(27) = -1 EBADF (Bad file descriptor) [pid 16282] close(28) = -1 EBADF (Bad file descriptor) [pid 16282] close(29) = -1 EBADF (Bad file descriptor) [pid 16282] exit_group(0) = ? [pid 16283] <... futex resumed>) = ? [pid 16286] <... futex resumed>) = ? [pid 16283] +++ exited with 0 +++ [pid 16286] +++ exited with 0 +++ [pid 16287] <... futex resumed>) = ? [pid 16287] +++ exited with 0 +++ [pid 16282] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10294, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2698", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2698", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2698/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2698/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2698/binderfs") = 0 [ 324.119127][T16283] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2698/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2698/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2698/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2698/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2698/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2698/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2698") = 0 [pid 289] mkdir("./2699", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10298 ./strace-static-x86_64: Process 16288 attached [pid 16288] set_robust_list(0x555556f746a0, 24) = 0 [pid 16288] chdir("./2699") = 0 [pid 16288] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16288] setpgid(0, 0) = 0 [pid 16288] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16288] write(3, "1000", 4) = 4 [pid 16288] close(3) = 0 [pid 16288] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16288] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16288] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 16288] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 16288] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 16288] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16288] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16288] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10299]}, 88) = 10299 ./strace-static-x86_64: Process 16289 attached [pid 16288] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16289] set_robust_list(0x7fbc6730d9a0, 24 [pid 16288] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16289] <... set_robust_list resumed>) = 0 [pid 16289] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16288] <... futex resumed>) = 0 [pid 16289] memfd_create("syzkaller", 0) = 3 [pid 16289] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 16288] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16289] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16289] munmap(0x7fbc5eeed000, 262144) = 0 [pid 16289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16289] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16289] close(3) = 0 [pid 16289] mkdir("./file1", 0777) = 0 [pid 16289] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16289] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16289] chdir("./file1") = 0 [pid 16289] ioctl(4, LOOP_CLR_FD) = 0 [pid 16289] close(4) = 0 [pid 16289] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16288] <... futex resumed>) = 0 [pid 16288] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16288] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16289] <... futex resumed>) = 1 [pid 16289] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 16289] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16288] <... futex resumed>) = 0 [pid 16288] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16288] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16288] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 16288] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16288] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16288] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[10300]}, 88) = 10300 [pid 16288] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16288] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16288] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 16292 attached [pid 16289] <... futex resumed>) = 1 [pid 16288] <... futex resumed>) = 0 [pid 16288] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 16288] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16288] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16288] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[10301]}, 88) = 10301 [pid 16288] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16288] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16288] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16292] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 16292] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 16293 attached [pid 16289] memfd_create("syzkaller", 0 [pid 16292] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16292] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 16293] set_robust_list(0x7fbc5ef0b9a0, 24 [pid 16289] <... memfd_create resumed>) = 4 [pid 16293] <... set_robust_list resumed>) = 0 [pid 16293] rt_sigprocmask(SIG_SETMASK, [], [pid 16292] <... setxattr resumed>) = 0 [pid 16289] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 16293] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16293] memfd_create("syzkaller", 0) = 5 [pid 16293] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 16292] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16289] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 16293] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 16292] <... futex resumed>) = 0 [pid 16289] close(4 [pid 16292] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16289] <... close resumed>) = 0 [pid 16293] close(5 [pid 16289] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16293] <... close resumed>) = 0 [pid 16289] <... futex resumed>) = 0 [pid 16293] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 16289] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16293] <... futex resumed>) = 1 [pid 16293] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16288] <... futex resumed>) = 0 [pid 16288] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16289] <... futex resumed>) = 0 [pid 16288] <... futex resumed>) = 1 [pid 16289] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 16288] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16289] <... open resumed>) = 4 [pid 16289] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16288] <... futex resumed>) = 0 [pid 16288] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16288] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16289] <... futex resumed>) = 1 [pid 16289] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 16289] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16288] <... futex resumed>) = 0 [pid 16288] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16288] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16289] <... futex resumed>) = 1 [pid 16289] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 16289] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16288] <... futex resumed>) = 0 [pid 16288] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16288] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16289] <... futex resumed>) = 1 [pid 16289] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 16289] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16288] <... futex resumed>) = 0 [pid 16288] close(3) = 0 [pid 16288] close(4) = 0 [pid 16288] close(5) = 0 [pid 16288] close(6) = -1 EBADF (Bad file descriptor) [pid 16288] close(7) = -1 EBADF (Bad file descriptor) [pid 16288] close(8) = -1 EBADF (Bad file descriptor) [pid 16288] close(9) = -1 EBADF (Bad file descriptor) [pid 16288] close(10) = -1 EBADF (Bad file descriptor) [pid 16288] close(11) = -1 EBADF (Bad file descriptor) [pid 16288] close(12) = -1 EBADF (Bad file descriptor) [pid 16288] close(13) = -1 EBADF (Bad file descriptor) [pid 16288] close(14) = -1 EBADF (Bad file descriptor) [pid 16288] close(15) = -1 EBADF (Bad file descriptor) [pid 16288] close(16) = -1 EBADF (Bad file descriptor) [pid 16288] close(17) = -1 EBADF (Bad file descriptor) [pid 16288] close(18) = -1 EBADF (Bad file descriptor) [pid 16288] close(19) = -1 EBADF (Bad file descriptor) [pid 16288] close(20) = -1 EBADF (Bad file descriptor) [pid 16288] close(21) = -1 EBADF (Bad file descriptor) [pid 16288] close(22) = -1 EBADF (Bad file descriptor) [pid 16288] close(23) = -1 EBADF (Bad file descriptor) [pid 16288] close(24) = -1 EBADF (Bad file descriptor) [pid 16288] close(25) = -1 EBADF (Bad file descriptor) [pid 16288] close(26) = -1 EBADF (Bad file descriptor) [pid 16288] close(27) = -1 EBADF (Bad file descriptor) [pid 16288] close(28) = -1 EBADF (Bad file descriptor) [pid 16288] close(29) = -1 EBADF (Bad file descriptor) [pid 16288] exit_group(0) = ? [pid 16292] <... futex resumed>) = ? [pid 16293] <... futex resumed>) = 231 [pid 16289] <... futex resumed>) = ? [pid 16292] +++ exited with 0 +++ [pid 16293] +++ exited with 0 +++ [pid 16289] +++ exited with 0 +++ [pid 16288] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10298, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2699", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2699", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2699/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2699/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2699/binderfs") = 0 [pid 289] umount2("./2699/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2699/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2699/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2699/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2699/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2699/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2699") = 0 [pid 289] mkdir("./2700", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10302 ./strace-static-x86_64: Process 16294 attached [pid 16294] set_robust_list(0x555556f746a0, 24) = 0 [pid 16294] chdir("./2700") = 0 [pid 16294] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16294] setpgid(0, 0) = 0 [pid 16294] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16294] write(3, "1000", 4) = 4 [pid 16294] close(3) = 0 [pid 16294] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16294] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16294] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 16294] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 16294] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 16294] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16294] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16294] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10303]}, 88) = 10303 [pid 16294] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16294] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16294] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 16295 attached [pid 16295] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 16295] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16295] memfd_create("syzkaller", 0) = 3 [pid 16295] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [ 324.246008][T16289] EXT4-fs (loop0): 1 truncate cleaned up [pid 16295] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16295] munmap(0x7fbc5eeed000, 262144) = 0 [pid 16295] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16295] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16295] close(3) = 0 [pid 16295] mkdir("./file1", 0777) = 0 [pid 16295] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16295] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16295] chdir("./file1") = 0 [pid 16295] ioctl(4, LOOP_CLR_FD) = 0 [pid 16295] close(4) = 0 [pid 16295] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16294] <... futex resumed>) = 0 [pid 16294] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16294] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16295] <... futex resumed>) = 1 [pid 16295] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 16295] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16294] <... futex resumed>) = 0 [pid 16294] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16294] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16294] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 16294] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16294] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16294] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[10304]}, 88) = 10304 [pid 16294] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16294] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16294] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16294] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 16294] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16294] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 ./strace-static-x86_64: Process 16298 attached [pid 16298] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 16294] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} [pid 16298] <... set_robust_list resumed>) = 0 ./strace-static-x86_64: Process 16299 attached [pid 16298] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16294] <... clone3 resumed> => {parent_tid=[10305]}, 88) = 10305 [pid 16299] set_robust_list(0x7fbc5ef0b9a0, 24 [pid 16298] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 16294] rt_sigprocmask(SIG_SETMASK, [], [pid 16299] <... set_robust_list resumed>) = 0 [pid 16294] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16294] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16298] <... setxattr resumed>) = 0 [pid 16299] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16298] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16294] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16295] <... futex resumed>) = 1 [pid 16295] memfd_create("syzkaller", 0) = 4 [pid 16295] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16295] close(4) = 0 [pid 16295] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16295] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16299] memfd_create("syzkaller", 0 [pid 16298] <... futex resumed>) = 0 [pid 16298] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16299] <... memfd_create resumed>) = 4 [pid 16299] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16299] close(4) = 0 [pid 16299] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16299] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16294] <... futex resumed>) = 0 [pid 16294] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16294] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16295] <... futex resumed>) = 0 [pid 16295] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 16295] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16294] <... futex resumed>) = 0 [pid 16294] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16294] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16295] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 16295] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16294] <... futex resumed>) = 0 [pid 16294] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16294] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16295] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 16295] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16294] <... futex resumed>) = 0 [pid 16294] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16294] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16295] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 16295] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16294] <... futex resumed>) = 0 [pid 16295] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16294] close(3) = 0 [pid 16294] close(4) = 0 [pid 16294] close(5) = 0 [pid 16294] close(6) = -1 EBADF (Bad file descriptor) [pid 16294] close(7) = -1 EBADF (Bad file descriptor) [pid 16294] close(8) = -1 EBADF (Bad file descriptor) [pid 16294] close(9) = -1 EBADF (Bad file descriptor) [pid 16294] close(10) = -1 EBADF (Bad file descriptor) [pid 16294] close(11) = -1 EBADF (Bad file descriptor) [pid 16294] close(12) = -1 EBADF (Bad file descriptor) [pid 16294] close(13) = -1 EBADF (Bad file descriptor) [pid 16294] close(14) = -1 EBADF (Bad file descriptor) [pid 16294] close(15) = -1 EBADF (Bad file descriptor) [pid 16294] close(16) = -1 EBADF (Bad file descriptor) [pid 16294] close(17) = -1 EBADF (Bad file descriptor) [pid 16294] close(18) = -1 EBADF (Bad file descriptor) [pid 16294] close(19) = -1 EBADF (Bad file descriptor) [pid 16294] close(20) = -1 EBADF (Bad file descriptor) [pid 16294] close(21) = -1 EBADF (Bad file descriptor) [pid 16294] close(22) = -1 EBADF (Bad file descriptor) [pid 16294] close(23) = -1 EBADF (Bad file descriptor) [pid 16294] close(24) = -1 EBADF (Bad file descriptor) [pid 16294] close(25) = -1 EBADF (Bad file descriptor) [pid 16294] close(26) = -1 EBADF (Bad file descriptor) [pid 16294] close(27) = -1 EBADF (Bad file descriptor) [pid 16294] close(28) = -1 EBADF (Bad file descriptor) [pid 16294] close(29) = -1 EBADF (Bad file descriptor) [pid 16294] exit_group(0) = ? [pid 16295] <... futex resumed>) = ? [pid 16298] <... futex resumed>) = ? [pid 16295] +++ exited with 0 +++ [pid 16299] <... futex resumed>) = ? [pid 16298] +++ exited with 0 +++ [pid 16299] +++ exited with 0 +++ [pid 16294] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10302, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 289] umount2("./2700", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2700", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2700/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2700/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2700/binderfs") = 0 [ 324.314021][T16295] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2700/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2700/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2700/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2700/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2700/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2700/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2700") = 0 [pid 289] mkdir("./2701", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10306 ./strace-static-x86_64: Process 16300 attached [pid 16300] set_robust_list(0x555556f746a0, 24) = 0 [pid 16300] chdir("./2701") = 0 [pid 16300] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16300] setpgid(0, 0) = 0 [pid 16300] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16300] write(3, "1000", 4) = 4 [pid 16300] close(3) = 0 [pid 16300] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16300] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16300] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 16300] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 16300] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 16300] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16300] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16300] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0}./strace-static-x86_64: Process 16301 attached => {parent_tid=[10307]}, 88) = 10307 [pid 16300] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16300] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16300] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16301] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 16301] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16301] memfd_create("syzkaller", 0) = 3 [pid 16301] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 16301] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16301] munmap(0x7fbc5eeed000, 262144) = 0 [pid 16301] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16301] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16301] close(3) = 0 [pid 16301] mkdir("./file1", 0777) = 0 [pid 16301] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16301] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16301] chdir("./file1") = 0 [pid 16301] ioctl(4, LOOP_CLR_FD) = 0 [pid 16301] close(4) = 0 [pid 16301] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16300] <... futex resumed>) = 0 [pid 16301] setxattr("./file1", NULL, NULL, 0, 0 [pid 16300] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16301] <... setxattr resumed>) = -1 EFAULT (Bad address) [pid 16300] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16301] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16300] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 16301] <... futex resumed>) = 0 [pid 16300] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16301] memfd_create("syzkaller", 0 [pid 16300] <... futex resumed>) = 0 [pid 16301] <... memfd_create resumed>) = 4 [pid 16300] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16301] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 16300] <... futex resumed>) = 0 [pid 16301] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 16300] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 16301] close(4 [pid 16300] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE [pid 16301] <... close resumed>) = 0 [pid 16300] <... mprotect resumed>) = 0 [pid 16301] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16300] rt_sigprocmask(SIG_BLOCK, ~[], [pid 16301] <... futex resumed>) = 0 [pid 16301] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16300] <... rt_sigprocmask resumed>[], 8) = 0 [pid 16300] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0}./strace-static-x86_64: Process 16305 attached => {parent_tid=[10308]}, 88) = 10308 [pid 16305] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 16300] rt_sigprocmask(SIG_SETMASK, [], [pid 16305] <... set_robust_list resumed>) = 0 [pid 16305] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16305] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16300] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16300] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16300] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16300] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16301] <... futex resumed>) = 0 [pid 16301] memfd_create("syzkaller", 0) = 4 [pid 16305] <... futex resumed>) = 0 [pid 16305] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0) = 0 [pid 16301] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16301] close(4) = 0 [pid 16301] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16300] <... futex resumed>) = 0 [pid 16300] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16300] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16301] <... futex resumed>) = 1 [pid 16301] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 16305] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16305] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16301] <... open resumed>) = 4 [pid 16301] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16300] <... futex resumed>) = 0 [pid 16300] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16300] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16301] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 16301] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16300] <... futex resumed>) = 0 [pid 16300] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16300] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16301] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 16301] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16300] <... futex resumed>) = 0 [pid 16300] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16300] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16301] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 16301] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16300] <... futex resumed>) = 0 [pid 16300] close(3 [pid 16301] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16300] <... close resumed>) = 0 [pid 16300] close(4) = 0 [pid 16300] close(5) = 0 [pid 16300] close(6) = -1 EBADF (Bad file descriptor) [pid 16300] close(7) = -1 EBADF (Bad file descriptor) [pid 16300] close(8) = -1 EBADF (Bad file descriptor) [pid 16300] close(9) = -1 EBADF (Bad file descriptor) [pid 16300] close(10) = -1 EBADF (Bad file descriptor) [pid 16300] close(11) = -1 EBADF (Bad file descriptor) [pid 16300] close(12) = -1 EBADF (Bad file descriptor) [pid 16300] close(13) = -1 EBADF (Bad file descriptor) [pid 16300] close(14) = -1 EBADF (Bad file descriptor) [pid 16300] close(15) = -1 EBADF (Bad file descriptor) [pid 16300] close(16) = -1 EBADF (Bad file descriptor) [pid 16300] close(17) = -1 EBADF (Bad file descriptor) [pid 16300] close(18) = -1 EBADF (Bad file descriptor) [pid 16300] close(19) = -1 EBADF (Bad file descriptor) [pid 16300] close(20) = -1 EBADF (Bad file descriptor) [pid 16300] close(21) = -1 EBADF (Bad file descriptor) [pid 16300] close(22) = -1 EBADF (Bad file descriptor) [pid 16300] close(23) = -1 EBADF (Bad file descriptor) [pid 16300] close(24) = -1 EBADF (Bad file descriptor) [pid 16300] close(25) = -1 EBADF (Bad file descriptor) [pid 16300] close(26) = -1 EBADF (Bad file descriptor) [pid 16300] close(27) = -1 EBADF (Bad file descriptor) [pid 16300] close(28) = -1 EBADF (Bad file descriptor) [pid 16300] close(29) = -1 EBADF (Bad file descriptor) [pid 16300] exit_group(0) = ? [pid 16305] <... futex resumed>) = ? [pid 16305] +++ exited with 0 +++ [pid 16301] <... futex resumed>) = ? [pid 16301] +++ exited with 0 +++ [pid 16300] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10306, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2701", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2701", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2701/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2701/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2701/binderfs") = 0 [ 324.473001][T16301] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2701/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2701/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2701/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2701/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2701/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2701/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2701") = 0 [pid 289] mkdir("./2702", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10309 ./strace-static-x86_64: Process 16306 attached [pid 16306] set_robust_list(0x555556f746a0, 24) = 0 [pid 16306] chdir("./2702") = 0 [pid 16306] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16306] setpgid(0, 0) = 0 [pid 16306] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16306] write(3, "1000", 4) = 4 [pid 16306] close(3) = 0 [pid 16306] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16306] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16306] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 16306] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 16306] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 16306] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16306] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16306] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10310]}, 88) = 10310 [pid 16306] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16306] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16306] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 16307 attached [pid 16307] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 16307] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16307] memfd_create("syzkaller", 0) = 3 [pid 16307] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 16307] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16307] munmap(0x7fbc5eeed000, 262144) = 0 [pid 16307] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16307] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16307] close(3) = 0 [pid 16307] mkdir("./file1", 0777) = 0 [pid 16307] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16307] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16307] chdir("./file1") = 0 [pid 16307] ioctl(4, LOOP_CLR_FD) = 0 [pid 16307] close(4) = 0 [pid 16307] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16306] <... futex resumed>) = 0 [pid 16306] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16306] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16307] <... futex resumed>) = 1 [pid 16307] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 16307] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16306] <... futex resumed>) = 0 [pid 16306] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16306] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16306] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 16306] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16306] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16306] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[10311]}, 88) = 10311 [pid 16306] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 16310 attached [pid 16307] <... futex resumed>) = 1 [pid 16306] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16306] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16306] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 16306] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16306] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16306] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[10312]}, 88) = 10312 [pid 16306] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16306] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16306] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 16311 attached [pid 16311] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 16311] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16311] memfd_create("syzkaller", 0) = 4 [pid 16311] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16311] close(4) = 0 [pid 16311] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 16306] <... futex resumed>) = 0 [pid 16306] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16306] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16311] <... futex resumed>) = 1 [pid 16311] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 16310] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 16310] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16310] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 16311] <... open resumed>) = 4 [pid 16310] <... setxattr resumed>) = 0 [pid 16311] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 16307] memfd_create("syzkaller", 0 [pid 16310] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16310] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16306] <... futex resumed>) = 0 [pid 16306] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16306] futex(0x7fbc673d96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16310] <... futex resumed>) = 0 [pid 16310] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 16311] <... futex resumed>) = 1 [pid 16311] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16310] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16306] <... futex resumed>) = 0 [pid 16306] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16306] futex(0x7fbc673d96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16310] <... futex resumed>) = 1 [pid 16310] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 16310] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16306] <... futex resumed>) = 0 [pid 16306] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16306] futex(0x7fbc673d96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16310] <... futex resumed>) = 1 [pid 16310] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 16307] <... memfd_create resumed>) = 6 [pid 16307] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16307] close(6) = 0 [pid 16307] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16307] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16310] <... write resumed>) = 262144 [pid 16310] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16306] <... futex resumed>) = 0 [pid 16310] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16306] close(3) = 0 [pid 16306] close(4) = 0 [pid 16306] close(5) = 0 [pid 16306] close(6) = -1 EBADF (Bad file descriptor) [pid 16306] close(7) = -1 EBADF (Bad file descriptor) [pid 16306] close(8) = -1 EBADF (Bad file descriptor) [pid 16306] close(9) = -1 EBADF (Bad file descriptor) [pid 16306] close(10) = -1 EBADF (Bad file descriptor) [pid 16306] close(11) = -1 EBADF (Bad file descriptor) [pid 16306] close(12) = -1 EBADF (Bad file descriptor) [pid 16306] close(13) = -1 EBADF (Bad file descriptor) [pid 16306] close(14) = -1 EBADF (Bad file descriptor) [pid 16306] close(15) = -1 EBADF (Bad file descriptor) [pid 16306] close(16) = -1 EBADF (Bad file descriptor) [pid 16306] close(17) = -1 EBADF (Bad file descriptor) [pid 16306] close(18) = -1 EBADF (Bad file descriptor) [pid 16306] close(19) = -1 EBADF (Bad file descriptor) [pid 16306] close(20) = -1 EBADF (Bad file descriptor) [pid 16306] close(21) = -1 EBADF (Bad file descriptor) [pid 16306] close(22) = -1 EBADF (Bad file descriptor) [pid 16306] close(23) = -1 EBADF (Bad file descriptor) [pid 16306] close(24) = -1 EBADF (Bad file descriptor) [pid 16306] close(25) = -1 EBADF (Bad file descriptor) [pid 16306] close(26) = -1 EBADF (Bad file descriptor) [pid 16306] close(27) = -1 EBADF (Bad file descriptor) [pid 16306] close(28) = -1 EBADF (Bad file descriptor) [pid 16306] close(29) = -1 EBADF (Bad file descriptor) [pid 16306] exit_group(0) = ? [pid 16310] <... futex resumed>) = ? [pid 16310] +++ exited with 0 +++ [pid 16311] <... futex resumed>) = ? [pid 16307] <... futex resumed>) = ? [pid 16311] +++ exited with 0 +++ [pid 16307] +++ exited with 0 +++ [pid 16306] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10309, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2702", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2702", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2702/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2702/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2702/binderfs") = 0 [ 324.619412][T16307] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2702/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2702/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2702/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2702/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2702/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2702/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2702") = 0 [pid 289] mkdir("./2703", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10313 ./strace-static-x86_64: Process 16312 attached [pid 16312] set_robust_list(0x555556f746a0, 24) = 0 [pid 16312] chdir("./2703") = 0 [pid 16312] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16312] setpgid(0, 0) = 0 [pid 16312] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16312] write(3, "1000", 4) = 4 [pid 16312] close(3) = 0 [pid 16312] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16312] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16312] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 16312] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 16312] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 16312] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16312] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16312] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10314]}, 88) = 10314 [pid 16312] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16312] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16312] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 16313 attached [pid 16313] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 16313] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16313] memfd_create("syzkaller", 0) = 3 [pid 16313] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 16313] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16313] munmap(0x7fbc5eeed000, 262144) = 0 [pid 16313] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16313] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16313] close(3) = 0 [pid 16313] mkdir("./file1", 0777) = 0 [pid 16313] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16313] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16313] chdir("./file1") = 0 [pid 16313] ioctl(4, LOOP_CLR_FD) = 0 [pid 16313] close(4) = 0 [pid 16313] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16312] <... futex resumed>) = 0 [pid 16312] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16312] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16313] <... futex resumed>) = 1 [pid 16313] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 16313] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16312] <... futex resumed>) = 0 [pid 16312] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16312] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16312] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 16312] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16312] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16312] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[10315]}, 88) = 10315 [pid 16312] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16312] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16312] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16312] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 16312] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16312] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16312] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[10316]}, 88) = 10316 [pid 16312] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16312] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16312] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16313] <... futex resumed>) = 1 [pid 16313] memfd_create("syzkaller", 0) = 4 [pid 16313] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16313] close(4) = 0 [pid 16313] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16313] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 16316 attached ./strace-static-x86_64: Process 16317 attached [pid 16317] set_robust_list(0x7fbc5ef0b9a0, 24 [pid 16316] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 16317] <... set_robust_list resumed>) = 0 [pid 16316] <... set_robust_list resumed>) = 0 [pid 16317] rt_sigprocmask(SIG_SETMASK, [], [pid 16316] rt_sigprocmask(SIG_SETMASK, [], [pid 16317] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16316] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16317] memfd_create("syzkaller", 0 [pid 16316] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0) = 0 [pid 16317] <... memfd_create resumed>) = 4 [pid 16317] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16317] close(4) = 0 [pid 16317] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 16312] <... futex resumed>) = 0 [pid 16312] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16312] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16313] <... futex resumed>) = 0 [pid 16313] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 16317] <... futex resumed>) = 1 [pid 16313] <... open resumed>) = 4 [pid 16313] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16312] <... futex resumed>) = 0 [pid 16312] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16312] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16313] <... futex resumed>) = 1 [pid 16313] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 16313] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16312] <... futex resumed>) = 0 [pid 16312] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16312] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16313] <... futex resumed>) = 1 [pid 16313] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 16313] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16312] <... futex resumed>) = 0 [pid 16312] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16312] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16313] <... futex resumed>) = 1 [pid 16313] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 16316] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16317] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16316] <... futex resumed>) = 0 [pid 16316] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16313] <... write resumed>) = 262144 [pid 16313] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16312] <... futex resumed>) = 0 [pid 16312] close(3) = 0 [pid 16313] <... futex resumed>) = 1 [pid 16312] close(4) = 0 [pid 16312] close(5) = 0 [pid 16312] close(6) = -1 EBADF (Bad file descriptor) [pid 16312] close(7) = -1 EBADF (Bad file descriptor) [pid 16312] close(8) = -1 EBADF (Bad file descriptor) [pid 16312] close(9) = -1 EBADF (Bad file descriptor) [pid 16312] close(10) = -1 EBADF (Bad file descriptor) [pid 16312] close(11) = -1 EBADF (Bad file descriptor) [pid 16312] close(12) = -1 EBADF (Bad file descriptor) [pid 16312] close(13) = -1 EBADF (Bad file descriptor) [pid 16312] close(14) = -1 EBADF (Bad file descriptor) [pid 16312] close(15) = -1 EBADF (Bad file descriptor) [pid 16312] close(16) = -1 EBADF (Bad file descriptor) [pid 16312] close(17) = -1 EBADF (Bad file descriptor) [pid 16312] close(18) = -1 EBADF (Bad file descriptor) [pid 16312] close(19) = -1 EBADF (Bad file descriptor) [pid 16312] close(20) = -1 EBADF (Bad file descriptor) [pid 16312] close(21) = -1 EBADF (Bad file descriptor) [pid 16312] close(22) = -1 EBADF (Bad file descriptor) [pid 16312] close(23) = -1 EBADF (Bad file descriptor) [pid 16312] close(24) = -1 EBADF (Bad file descriptor) [pid 16312] close(25) = -1 EBADF (Bad file descriptor) [pid 16312] close(26) = -1 EBADF (Bad file descriptor) [pid 16312] close(27) = -1 EBADF (Bad file descriptor) [pid 16312] close(28) = -1 EBADF (Bad file descriptor) [pid 16312] close(29) = -1 EBADF (Bad file descriptor) [pid 16312] exit_group(0) = ? [pid 16316] <... futex resumed>) = ? [pid 16316] +++ exited with 0 +++ [pid 16317] <... futex resumed>) = ? [pid 16317] +++ exited with 0 +++ [pid 16313] +++ exited with 0 +++ [pid 16312] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10313, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2703", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2703", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2703/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2703/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2703/binderfs") = 0 [ 324.720668][T16313] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2703/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2703/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2703/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2703/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2703/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2703/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2703") = 0 [pid 289] mkdir("./2704", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10317 ./strace-static-x86_64: Process 16318 attached [pid 16318] set_robust_list(0x555556f746a0, 24) = 0 [pid 16318] chdir("./2704") = 0 [pid 16318] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16318] setpgid(0, 0) = 0 [pid 16318] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16318] write(3, "1000", 4) = 4 [pid 16318] close(3) = 0 [pid 16318] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16318] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16318] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 16318] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 16318] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 16318] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16318] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16318] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10318]}, 88) = 10318 [pid 16318] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16318] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16318] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 16319 attached [pid 16319] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 16319] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16319] memfd_create("syzkaller", 0) = 3 [pid 16319] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 16319] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16319] munmap(0x7fbc5eeed000, 262144) = 0 [pid 16319] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16319] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16319] close(3) = 0 [pid 16319] mkdir("./file1", 0777) = 0 [pid 16319] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16319] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16319] chdir("./file1") = 0 [pid 16319] ioctl(4, LOOP_CLR_FD) = 0 [pid 16319] close(4) = 0 [pid 16319] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16318] <... futex resumed>) = 0 [pid 16318] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16318] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16319] <... futex resumed>) = 1 [pid 16319] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 16319] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16318] <... futex resumed>) = 0 [pid 16318] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16318] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16318] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 16318] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16318] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16318] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[10319]}, 88) = 10319 [pid 16318] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16318] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16318] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16318] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 16318] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16318] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16318] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0}./strace-static-x86_64: Process 16322 attached [pid 16319] <... futex resumed>) = 1 ./strace-static-x86_64: Process 16323 attached [pid 16318] <... clone3 resumed> => {parent_tid=[10320]}, 88) = 10320 [pid 16319] memfd_create("syzkaller", 0 [pid 16318] rt_sigprocmask(SIG_SETMASK, [], [pid 16319] <... memfd_create resumed>) = 4 [pid 16318] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16319] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16318] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16319] close(4 [pid 16318] <... futex resumed>) = 0 [pid 16319] <... close resumed>) = 0 [pid 16318] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16319] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16319] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16323] set_robust_list(0x7fbc5ef0b9a0, 24 [pid 16322] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 16323] <... set_robust_list resumed>) = 0 [pid 16322] <... set_robust_list resumed>) = 0 [pid 16323] rt_sigprocmask(SIG_SETMASK, [], [pid 16322] rt_sigprocmask(SIG_SETMASK, [], [pid 16323] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16322] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16323] memfd_create("syzkaller", 0 [pid 16322] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0) = 0 [pid 16322] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16322] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16323] <... memfd_create resumed>) = 4 [pid 16323] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16323] close(4) = 0 [pid 16323] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 16318] <... futex resumed>) = 0 [pid 16318] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16318] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16319] <... futex resumed>) = 0 [pid 16319] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 16323] <... futex resumed>) = 1 [pid 16323] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16319] <... open resumed>) = 4 [pid 16319] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16318] <... futex resumed>) = 0 [pid 16318] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16318] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16319] <... futex resumed>) = 1 [pid 16319] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 16319] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16318] <... futex resumed>) = 0 [pid 16318] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16318] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16319] <... futex resumed>) = 1 [pid 16319] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 16319] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16318] <... futex resumed>) = 0 [pid 16318] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16318] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16319] <... futex resumed>) = 1 [pid 16319] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 16319] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16318] <... futex resumed>) = 0 [pid 16318] close(3) = 0 [pid 16318] close(4) = 0 [pid 16318] close(5) = 0 [pid 16318] close(6) = -1 EBADF (Bad file descriptor) [pid 16318] close(7) = -1 EBADF (Bad file descriptor) [pid 16318] close(8) = -1 EBADF (Bad file descriptor) [pid 16318] close(9) = -1 EBADF (Bad file descriptor) [pid 16318] close(10) = -1 EBADF (Bad file descriptor) [pid 16318] close(11) = -1 EBADF (Bad file descriptor) [pid 16318] close(12) = -1 EBADF (Bad file descriptor) [pid 16318] close(13) = -1 EBADF (Bad file descriptor) [pid 16318] close(14) = -1 EBADF (Bad file descriptor) [pid 16318] close(15) = -1 EBADF (Bad file descriptor) [pid 16318] close(16) = -1 EBADF (Bad file descriptor) [pid 16318] close(17) = -1 EBADF (Bad file descriptor) [pid 16318] close(18) = -1 EBADF (Bad file descriptor) [pid 16318] close(19) = -1 EBADF (Bad file descriptor) [pid 16318] close(20) = -1 EBADF (Bad file descriptor) [pid 16318] close(21) = -1 EBADF (Bad file descriptor) [pid 16318] close(22) = -1 EBADF (Bad file descriptor) [pid 16318] close(23) = -1 EBADF (Bad file descriptor) [pid 16318] close(24) = -1 EBADF (Bad file descriptor) [pid 16318] close(25) = -1 EBADF (Bad file descriptor) [pid 16318] close(26) = -1 EBADF (Bad file descriptor) [pid 16318] close(27) = -1 EBADF (Bad file descriptor) [pid 16318] close(28) = -1 EBADF (Bad file descriptor) [pid 16318] close(29) = -1 EBADF (Bad file descriptor) [pid 16318] exit_group(0) = ? [pid 16322] <... futex resumed>) = ? [pid 16322] +++ exited with 0 +++ [pid 16323] <... futex resumed>) = ? [pid 16323] +++ exited with 0 +++ [pid 16319] <... futex resumed>) = ? [pid 16319] +++ exited with 0 +++ [pid 16318] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10317, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2704", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2704", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2704/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2704/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2704/binderfs") = 0 [ 324.860018][T16319] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2704/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2704/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2704/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2704/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2704/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2704/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2704") = 0 [pid 289] mkdir("./2705", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10321 ./strace-static-x86_64: Process 16324 attached [pid 16324] set_robust_list(0x555556f746a0, 24) = 0 [pid 16324] chdir("./2705") = 0 [pid 16324] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16324] setpgid(0, 0) = 0 [pid 16324] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16324] write(3, "1000", 4) = 4 [pid 16324] close(3) = 0 [pid 16324] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16324] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16324] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 16324] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 16324] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 16324] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16324] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16324] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0}./strace-static-x86_64: Process 16325 attached => {parent_tid=[10322]}, 88) = 10322 [pid 16325] set_robust_list(0x7fbc6730d9a0, 24 [pid 16324] rt_sigprocmask(SIG_SETMASK, [], [pid 16325] <... set_robust_list resumed>) = 0 [pid 16324] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16325] rt_sigprocmask(SIG_SETMASK, [], [pid 16324] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16325] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16324] <... futex resumed>) = 0 [pid 16325] memfd_create("syzkaller", 0 [pid 16324] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16325] <... memfd_create resumed>) = 3 [pid 16325] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 16325] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16325] munmap(0x7fbc5eeed000, 262144) = 0 [pid 16325] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16325] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16325] close(3) = 0 [pid 16325] mkdir("./file1", 0777) = 0 [pid 16325] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16325] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16325] chdir("./file1") = 0 [pid 16325] ioctl(4, LOOP_CLR_FD) = 0 [pid 16325] close(4) = 0 [pid 16325] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16325] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16324] <... futex resumed>) = 0 [pid 16324] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16324] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16325] <... futex resumed>) = 0 [pid 16325] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 16325] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16324] <... futex resumed>) = 0 [pid 16324] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16324] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16324] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 16325] <... futex resumed>) = 1 [pid 16324] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE [pid 16325] memfd_create("syzkaller", 0 [pid 16324] <... mprotect resumed>) = 0 [pid 16325] <... memfd_create resumed>) = 4 [pid 16325] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 16324] rt_sigprocmask(SIG_BLOCK, ~[], [pid 16325] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 16324] <... rt_sigprocmask resumed>[], 8) = 0 [pid 16325] close(4 [pid 16324] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} [pid 16325] <... close resumed>) = 0 [pid 16325] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 16328 attached ) = 0 [pid 16328] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 16325] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16324] <... clone3 resumed> => {parent_tid=[10323]}, 88) = 10323 [pid 16328] <... set_robust_list resumed>) = 0 [pid 16324] rt_sigprocmask(SIG_SETMASK, [], [pid 16328] rt_sigprocmask(SIG_SETMASK, [], [pid 16324] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16328] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16324] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16328] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 16324] <... futex resumed>) = 0 [pid 16324] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16328] <... setxattr resumed>) = 0 [pid 16325] <... futex resumed>) = 0 [pid 16324] <... futex resumed>) = 1 [pid 16324] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16328] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16325] memfd_create("syzkaller", 0 [pid 16328] <... futex resumed>) = 0 [pid 16328] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16325] <... memfd_create resumed>) = 4 [pid 16325] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16325] close(4) = 0 [pid 16325] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16324] <... futex resumed>) = 0 [pid 16325] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 16324] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16324] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16325] <... open resumed>) = 4 [pid 16325] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16324] <... futex resumed>) = 0 [pid 16325] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 16324] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16325] <... mount resumed>) = 0 [pid 16324] <... futex resumed>) = 0 [pid 16325] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16324] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16325] <... futex resumed>) = 0 [pid 16324] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 16325] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16324] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16325] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 16324] <... futex resumed>) = 0 [pid 16325] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 16324] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16325] <... open resumed>) = 5 [pid 16325] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16324] <... futex resumed>) = 0 [pid 16325] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 16324] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16324] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16325] <... write resumed>) = 262144 [pid 16325] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16324] <... futex resumed>) = 0 [pid 16325] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16324] close(3) = 0 [pid 16324] close(4) = 0 [pid 16324] close(5) = 0 [pid 16324] close(6) = -1 EBADF (Bad file descriptor) [pid 16324] close(7) = -1 EBADF (Bad file descriptor) [pid 16324] close(8) = -1 EBADF (Bad file descriptor) [pid 16324] close(9) = -1 EBADF (Bad file descriptor) [pid 16324] close(10) = -1 EBADF (Bad file descriptor) [pid 16324] close(11) = -1 EBADF (Bad file descriptor) [pid 16324] close(12) = -1 EBADF (Bad file descriptor) [pid 16324] close(13) = -1 EBADF (Bad file descriptor) [pid 16324] close(14) = -1 EBADF (Bad file descriptor) [pid 16324] close(15) = -1 EBADF (Bad file descriptor) [pid 16324] close(16) = -1 EBADF (Bad file descriptor) [pid 16324] close(17) = -1 EBADF (Bad file descriptor) [pid 16324] close(18) = -1 EBADF (Bad file descriptor) [pid 16324] close(19) = -1 EBADF (Bad file descriptor) [pid 16324] close(20) = -1 EBADF (Bad file descriptor) [pid 16324] close(21) = -1 EBADF (Bad file descriptor) [pid 16324] close(22) = -1 EBADF (Bad file descriptor) [pid 16324] close(23) = -1 EBADF (Bad file descriptor) [pid 16324] close(24) = -1 EBADF (Bad file descriptor) [pid 16324] close(25) = -1 EBADF (Bad file descriptor) [pid 16324] close(26) = -1 EBADF (Bad file descriptor) [pid 16324] close(27) = -1 EBADF (Bad file descriptor) [pid 16324] close(28) = -1 EBADF (Bad file descriptor) [pid 16324] close(29) = -1 EBADF (Bad file descriptor) [pid 16324] exit_group(0) = ? [pid 16325] <... futex resumed>) = ? [pid 16325] +++ exited with 0 +++ [pid 16328] <... futex resumed>) = ? [pid 16328] +++ exited with 0 +++ [pid 16324] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10321, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2705", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2705", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2705/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2705/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2705/binderfs") = 0 [ 324.988778][T16325] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2705/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2705/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2705/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2705/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2705/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2705/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2705") = 0 [pid 289] mkdir("./2706", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10324 ./strace-static-x86_64: Process 16329 attached [pid 16329] set_robust_list(0x555556f746a0, 24) = 0 [pid 16329] chdir("./2706") = 0 [pid 16329] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16329] setpgid(0, 0) = 0 [pid 16329] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16329] write(3, "1000", 4) = 4 [pid 16329] close(3) = 0 [pid 16329] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16329] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16329] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 16329] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 16329] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 16329] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16329] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16329] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0}./strace-static-x86_64: Process 16330 attached [pid 16330] set_robust_list(0x7fbc6730d9a0, 24 [pid 16329] <... clone3 resumed> => {parent_tid=[10325]}, 88) = 10325 [pid 16330] <... set_robust_list resumed>) = 0 [pid 16329] rt_sigprocmask(SIG_SETMASK, [], [pid 16330] rt_sigprocmask(SIG_SETMASK, [], [pid 16329] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16330] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16329] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16330] memfd_create("syzkaller", 0 [pid 16329] <... futex resumed>) = 0 [pid 16329] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16330] <... memfd_create resumed>) = 3 [pid 16330] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 16330] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16330] munmap(0x7fbc5eeed000, 262144) = 0 [pid 16330] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16330] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16330] close(3) = 0 [pid 16330] mkdir("./file1", 0777) = 0 [pid 16330] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16330] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16330] chdir("./file1") = 0 [pid 16330] ioctl(4, LOOP_CLR_FD) = 0 [pid 16330] close(4) = 0 [pid 16330] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16330] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16329] <... futex resumed>) = 0 [pid 16329] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16329] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16330] <... futex resumed>) = 0 [pid 16330] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 16330] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16329] <... futex resumed>) = 0 [pid 16329] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16329] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16329] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 16329] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16329] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16329] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[10326]}, 88) = 10326 [pid 16329] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16329] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16329] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16329] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 16329] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE./strace-static-x86_64: Process 16333 attached ) = 0 [pid 16329] rt_sigprocmask(SIG_BLOCK, ~[], [pid 16333] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 16329] <... rt_sigprocmask resumed>[], 8) = 0 [pid 16333] <... set_robust_list resumed>) = 0 [pid 16333] rt_sigprocmask(SIG_SETMASK, [], [pid 16329] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} [pid 16333] <... rt_sigprocmask resumed>NULL, 8) = 0 ./strace-static-x86_64: Process 16334 attached [pid 16333] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 16329] <... clone3 resumed> => {parent_tid=[10327]}, 88) = 10327 [pid 16333] <... setxattr resumed>) = 0 [pid 16330] <... futex resumed>) = 1 [pid 16329] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16330] memfd_create("syzkaller", 0 [pid 16329] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16333] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16329] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16333] <... futex resumed>) = 0 [pid 16330] <... memfd_create resumed>) = 4 [pid 16330] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16330] close(4) = 0 [pid 16333] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16334] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 16330] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16330] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16334] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16334] memfd_create("syzkaller", 0) = 4 [pid 16334] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16334] close(4) = 0 [pid 16334] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16329] <... futex resumed>) = 0 [pid 16334] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16329] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16330] <... futex resumed>) = 0 [pid 16329] <... futex resumed>) = 1 [pid 16330] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 16329] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16330] <... open resumed>) = 4 [pid 16330] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16329] <... futex resumed>) = 0 [pid 16329] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16329] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16330] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 16330] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16329] <... futex resumed>) = 0 [pid 16329] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16329] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16330] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 16330] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16329] <... futex resumed>) = 0 [pid 16329] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16330] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 16329] <... futex resumed>) = 0 [pid 16329] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16330] <... write resumed>) = 262144 [pid 16330] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16329] <... futex resumed>) = 0 [pid 16329] close(3) = 0 [pid 16329] close(4) = 0 [pid 16329] close(5 [pid 16330] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16329] <... close resumed>) = 0 [pid 16329] close(6) = -1 EBADF (Bad file descriptor) [pid 16329] close(7) = -1 EBADF (Bad file descriptor) [pid 16329] close(8) = -1 EBADF (Bad file descriptor) [pid 16329] close(9) = -1 EBADF (Bad file descriptor) [pid 16329] close(10) = -1 EBADF (Bad file descriptor) [pid 16329] close(11) = -1 EBADF (Bad file descriptor) [pid 16329] close(12) = -1 EBADF (Bad file descriptor) [pid 16329] close(13) = -1 EBADF (Bad file descriptor) [pid 16329] close(14) = -1 EBADF (Bad file descriptor) [pid 16329] close(15) = -1 EBADF (Bad file descriptor) [pid 16329] close(16) = -1 EBADF (Bad file descriptor) [pid 16329] close(17) = -1 EBADF (Bad file descriptor) [pid 16329] close(18) = -1 EBADF (Bad file descriptor) [pid 16329] close(19) = -1 EBADF (Bad file descriptor) [pid 16329] close(20) = -1 EBADF (Bad file descriptor) [pid 16329] close(21) = -1 EBADF (Bad file descriptor) [pid 16329] close(22) = -1 EBADF (Bad file descriptor) [pid 16329] close(23) = -1 EBADF (Bad file descriptor) [pid 16329] close(24) = -1 EBADF (Bad file descriptor) [pid 16329] close(25) = -1 EBADF (Bad file descriptor) [pid 16329] close(26) = -1 EBADF (Bad file descriptor) [pid 16329] close(27) = -1 EBADF (Bad file descriptor) [pid 16329] close(28) = -1 EBADF (Bad file descriptor) [pid 16329] close(29) = -1 EBADF (Bad file descriptor) [pid 16329] exit_group(0 [pid 16333] <... futex resumed>) = ? [pid 16334] <... futex resumed>) = ? [pid 16329] <... exit_group resumed>) = ? [pid 16333] +++ exited with 0 +++ [pid 16334] +++ exited with 0 +++ [pid 16330] <... futex resumed>) = ? [pid 16330] +++ exited with 0 +++ [pid 16329] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10324, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2706", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2706", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2706/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2706/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2706/binderfs") = 0 [ 325.147419][T16330] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2706/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2706/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2706/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2706/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2706/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2706/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2706") = 0 [pid 289] mkdir("./2707", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10328 ./strace-static-x86_64: Process 16335 attached [pid 16335] set_robust_list(0x555556f746a0, 24) = 0 [pid 16335] chdir("./2707") = 0 [pid 16335] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16335] setpgid(0, 0) = 0 [pid 16335] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16335] write(3, "1000", 4) = 4 [pid 16335] close(3) = 0 [pid 16335] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16335] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16335] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 16335] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 16335] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 16335] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16335] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16335] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10329]}, 88) = 10329 [pid 16335] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16335] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16335] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 16336 attached [pid 16336] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 16336] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16336] memfd_create("syzkaller", 0) = 3 [pid 16336] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 16336] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16336] munmap(0x7fbc5eeed000, 262144) = 0 [pid 16336] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16336] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16336] close(3) = 0 [pid 16336] mkdir("./file1", 0777) = 0 [pid 16336] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16336] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16336] chdir("./file1") = 0 [pid 16336] ioctl(4, LOOP_CLR_FD) = 0 [pid 16336] close(4) = 0 [pid 16336] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16335] <... futex resumed>) = 0 [pid 16335] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16335] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16336] <... futex resumed>) = 1 [pid 16336] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 16336] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16335] <... futex resumed>) = 0 [pid 16335] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16335] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16335] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 16335] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16335] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16335] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[10330]}, 88) = 10330 ./strace-static-x86_64: Process 16339 attached [pid 16335] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16335] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16335] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16335] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 16335] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16335] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16335] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} [pid 16339] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 16336] <... futex resumed>) = 1 ./strace-static-x86_64: Process 16340 attached [pid 16339] <... set_robust_list resumed>) = 0 [pid 16336] memfd_create("syzkaller", 0 [pid 16339] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16336] <... memfd_create resumed>) = 4 [pid 16339] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 16336] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 16339] <... setxattr resumed>) = 0 [pid 16336] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 16335] <... clone3 resumed> => {parent_tid=[10331]}, 88) = 10331 [pid 16340] set_robust_list(0x7fbc5ef0b9a0, 24 [pid 16339] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16336] close(4) = 0 [pid 16340] <... set_robust_list resumed>) = 0 [pid 16339] <... futex resumed>) = 0 [pid 16335] rt_sigprocmask(SIG_SETMASK, [], [pid 16340] rt_sigprocmask(SIG_SETMASK, [], [pid 16339] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16336] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16335] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16336] <... futex resumed>) = 0 [pid 16336] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16340] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16340] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16335] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16335] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16340] <... futex resumed>) = 0 [pid 16340] memfd_create("syzkaller", 0) = 4 [pid 16340] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16340] close(4) = 0 [pid 16340] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 16335] <... futex resumed>) = 0 [pid 16340] <... futex resumed>) = 1 [pid 16340] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16335] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16336] <... futex resumed>) = 0 [pid 16335] <... futex resumed>) = 1 [pid 16336] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 16335] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16336] <... open resumed>) = 4 [pid 16336] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16335] <... futex resumed>) = 0 [pid 16336] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 16335] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16336] <... mount resumed>) = 0 [pid 16335] <... futex resumed>) = 0 [pid 16336] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16335] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16336] <... futex resumed>) = 0 [pid 16335] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 16336] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 16335] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16336] <... open resumed>) = 5 [pid 16335] <... futex resumed>) = 0 [pid 16336] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16335] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16336] <... futex resumed>) = 0 [pid 16335] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 16336] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 16335] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16335] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16336] <... write resumed>) = 262144 [pid 16336] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16335] <... futex resumed>) = 0 [pid 16335] close(3) = 0 [pid 16335] close(4) = 0 [pid 16335] close(5) = 0 [pid 16335] close(6) = -1 EBADF (Bad file descriptor) [pid 16335] close(7) = -1 EBADF (Bad file descriptor) [pid 16335] close(8) = -1 EBADF (Bad file descriptor) [pid 16335] close(9) = -1 EBADF (Bad file descriptor) [pid 16335] close(10) = -1 EBADF (Bad file descriptor) [pid 16335] close(11) = -1 EBADF (Bad file descriptor) [pid 16335] close(12) = -1 EBADF (Bad file descriptor) [pid 16335] close(13) = -1 EBADF (Bad file descriptor) [pid 16335] close(14) = -1 EBADF (Bad file descriptor) [pid 16335] close(15) = -1 EBADF (Bad file descriptor) [pid 16335] close(16) = -1 EBADF (Bad file descriptor) [pid 16335] close(17) = -1 EBADF (Bad file descriptor) [pid 16335] close(18) = -1 EBADF (Bad file descriptor) [pid 16335] close(19) = -1 EBADF (Bad file descriptor) [pid 16335] close(20) = -1 EBADF (Bad file descriptor) [pid 16335] close(21) = -1 EBADF (Bad file descriptor) [pid 16335] close(22) = -1 EBADF (Bad file descriptor) [pid 16335] close(23) = -1 EBADF (Bad file descriptor) [pid 16335] close(24) = -1 EBADF (Bad file descriptor) [pid 16335] close(25) = -1 EBADF (Bad file descriptor) [pid 16335] close(26) = -1 EBADF (Bad file descriptor) [pid 16335] close(27) = -1 EBADF (Bad file descriptor) [pid 16335] close(28) = -1 EBADF (Bad file descriptor) [pid 16335] close(29) = -1 EBADF (Bad file descriptor) [pid 16335] exit_group(0 [pid 16339] <... futex resumed>) = ? [pid 16335] <... exit_group resumed>) = ? [pid 16339] +++ exited with 0 +++ [pid 16336] <... futex resumed>) = ? [pid 16336] +++ exited with 0 +++ [pid 16340] <... futex resumed>) = ? [pid 16340] +++ exited with 0 +++ [pid 16335] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10328, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2707", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2707", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2707/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2707/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2707/binderfs") = 0 [ 325.237140][T16336] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2707/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2707/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2707/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2707/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2707/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2707/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2707") = 0 [pid 289] mkdir("./2708", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10332 ./strace-static-x86_64: Process 16341 attached [pid 16341] set_robust_list(0x555556f746a0, 24) = 0 [pid 16341] chdir("./2708") = 0 [pid 16341] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16341] setpgid(0, 0) = 0 [pid 16341] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16341] write(3, "1000", 4) = 4 [pid 16341] close(3) = 0 [pid 16341] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16341] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16341] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 16341] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 16341] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 16341] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16341] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16341] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10333]}, 88) = 10333 [pid 16341] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16341] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16341] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 16342 attached [pid 16342] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 16342] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16342] memfd_create("syzkaller", 0) = 3 [pid 16342] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 16342] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16342] munmap(0x7fbc5eeed000, 262144) = 0 [pid 16342] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16342] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16342] close(3) = 0 [pid 16342] mkdir("./file1", 0777) = 0 [pid 16342] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16342] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16342] chdir("./file1") = 0 [pid 16342] ioctl(4, LOOP_CLR_FD) = 0 [pid 16342] close(4) = 0 [pid 16342] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16341] <... futex resumed>) = 0 [pid 16341] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16341] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16342] <... futex resumed>) = 1 [pid 16342] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 16342] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16341] <... futex resumed>) = 0 [pid 16341] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16341] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16341] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 16341] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16341] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16341] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[10334]}, 88) = 10334 [pid 16341] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16341] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16341] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16341] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 16341] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16341] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16341] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[10335]}, 88) = 10335 [pid 16341] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16341] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16341] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16342] <... futex resumed>) = 1 [pid 16342] memfd_create("syzkaller", 0) = 4 [pid 16342] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16342] close(4) = 0 [pid 16342] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16342] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 16346 attached [pid 16346] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 16346] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16346] memfd_create("syzkaller", 0) = 4 [pid 16346] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16346] close(4) = 0 [pid 16346] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 16341] <... futex resumed>) = 0 [pid 16341] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16341] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16342] <... futex resumed>) = 0 [pid 16342] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 16342] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16341] <... futex resumed>) = 0 [pid 16341] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16341] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16342] <... futex resumed>) = 1 [pid 16342] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 16342] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16341] <... futex resumed>) = 0 [pid 16341] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16341] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16342] <... futex resumed>) = 1 [pid 16342] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 16342] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16341] <... futex resumed>) = 0 [pid 16341] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16341] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16342] <... futex resumed>) = 1 [pid 16342] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651./strace-static-x86_64: Process 16345 attached [pid 16346] <... futex resumed>) = 1 [pid 16345] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 16346] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16345] <... set_robust_list resumed>) = 0 [pid 16345] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16345] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 16342] <... write resumed>) = 262144 [pid 16342] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16341] <... futex resumed>) = 0 [pid 16342] <... futex resumed>) = 1 [pid 16342] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16345] <... setxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 16345] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16345] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16341] close(3) = 0 [pid 16341] close(4) = 0 [pid 16341] close(5) = 0 [pid 16341] close(6) = -1 EBADF (Bad file descriptor) [pid 16341] close(7) = -1 EBADF (Bad file descriptor) [pid 16341] close(8) = -1 EBADF (Bad file descriptor) [pid 16341] close(9) = -1 EBADF (Bad file descriptor) [pid 16341] close(10) = -1 EBADF (Bad file descriptor) [pid 16341] close(11) = -1 EBADF (Bad file descriptor) [pid 16341] close(12) = -1 EBADF (Bad file descriptor) [pid 16341] close(13) = -1 EBADF (Bad file descriptor) [pid 16341] close(14) = -1 EBADF (Bad file descriptor) [pid 16341] close(15) = -1 EBADF (Bad file descriptor) [pid 16341] close(16) = -1 EBADF (Bad file descriptor) [pid 16341] close(17) = -1 EBADF (Bad file descriptor) [pid 16341] close(18) = -1 EBADF (Bad file descriptor) [pid 16341] close(19) = -1 EBADF (Bad file descriptor) [pid 16341] close(20) = -1 EBADF (Bad file descriptor) [pid 16341] close(21) = -1 EBADF (Bad file descriptor) [pid 16341] close(22) = -1 EBADF (Bad file descriptor) [pid 16341] close(23) = -1 EBADF (Bad file descriptor) [pid 16341] close(24) = -1 EBADF (Bad file descriptor) [pid 16341] close(25) = -1 EBADF (Bad file descriptor) [pid 16341] close(26) = -1 EBADF (Bad file descriptor) [pid 16341] close(27) = -1 EBADF (Bad file descriptor) [pid 16341] close(28) = -1 EBADF (Bad file descriptor) [pid 16341] close(29) = -1 EBADF (Bad file descriptor) [pid 16341] exit_group(0 [pid 16346] <... futex resumed>) = ? [pid 16341] <... exit_group resumed>) = ? [pid 16346] +++ exited with 0 +++ [pid 16342] <... futex resumed>) = ? [pid 16342] +++ exited with 0 +++ [pid 16345] <... futex resumed>) = ? [pid 16345] +++ exited with 0 +++ [pid 16341] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10332, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] umount2("./2708", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2708", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2708/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2708/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2708/binderfs") = 0 [pid 289] umount2("./2708/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2708/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2708/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2708/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2708/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2708/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2708") = 0 [pid 289] mkdir("./2709", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10336 ./strace-static-x86_64: Process 16347 attached [pid 16347] set_robust_list(0x555556f746a0, 24) = 0 [pid 16347] chdir("./2709") = 0 [pid 16347] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16347] setpgid(0, 0) = 0 [pid 16347] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16347] write(3, "1000", 4) = 4 [pid 16347] close(3) = 0 [pid 16347] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16347] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16347] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 16347] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 16347] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 16347] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16347] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16347] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10337]}, 88) = 10337 [pid 16347] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16347] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16347] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 16348 attached [pid 16348] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 16348] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16348] memfd_create("syzkaller", 0) = 3 [pid 16348] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 16348] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16348] munmap(0x7fbc5eeed000, 262144) = 0 [pid 16348] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16348] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16348] close(3) = 0 [ 325.329675][T16342] EXT4-fs (loop0): 1 truncate cleaned up [ 325.344170][T16345] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5886: Corrupt filesystem [pid 16348] mkdir("./file1", 0777) = 0 [pid 16348] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16348] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16348] chdir("./file1") = 0 [pid 16348] ioctl(4, LOOP_CLR_FD) = 0 [pid 16348] close(4) = 0 [pid 16348] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16347] <... futex resumed>) = 0 [pid 16347] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16347] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16348] <... futex resumed>) = 1 [pid 16348] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 16348] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16347] <... futex resumed>) = 0 [pid 16347] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16347] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16347] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 16347] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16347] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16347] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[10338]}, 88) = 10338 [pid 16347] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16347] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16347] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16347] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 16347] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16347] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16347] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[10339]}, 88) = 10339 [pid 16347] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16347] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16347] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16348] <... futex resumed>) = 1 [pid 16348] memfd_create("syzkaller", 0) = 4 [pid 16348] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16348] close(4) = 0 [pid 16348] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16348] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 16352 attached ./strace-static-x86_64: Process 16351 attached [pid 16351] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 16352] set_robust_list(0x7fbc5ef0b9a0, 24 [pid 16351] <... set_robust_list resumed>) = 0 [pid 16351] rt_sigprocmask(SIG_SETMASK, [], [pid 16352] <... set_robust_list resumed>) = 0 [pid 16352] rt_sigprocmask(SIG_SETMASK, [], [pid 16351] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16352] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16351] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 16352] memfd_create("syzkaller", 0 [pid 16351] <... setxattr resumed>) = 0 [pid 16352] <... memfd_create resumed>) = 4 [pid 16352] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16352] close(4) = 0 [pid 16352] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 16347] <... futex resumed>) = 0 [pid 16347] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16347] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16348] <... futex resumed>) = 0 [pid 16348] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 16351] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16352] <... futex resumed>) = 1 [pid 16348] <... open resumed>) = 4 [pid 16351] <... futex resumed>) = 0 [pid 16352] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16348] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16347] <... futex resumed>) = 0 [pid 16347] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16347] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16348] <... futex resumed>) = 1 [pid 16348] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 16351] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16348] <... mount resumed>) = 0 [pid 16348] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16347] <... futex resumed>) = 0 [pid 16347] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16347] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16348] <... futex resumed>) = 1 [pid 16348] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 16348] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16347] <... futex resumed>) = 0 [pid 16347] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16347] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16348] <... futex resumed>) = 1 [pid 16348] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 16348] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16347] <... futex resumed>) = 0 [pid 16348] <... futex resumed>) = 1 [pid 16347] close(3 [pid 16348] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16347] <... close resumed>) = 0 [pid 16347] close(4) = 0 [pid 16347] close(5) = 0 [pid 16347] close(6) = -1 EBADF (Bad file descriptor) [pid 16347] close(7) = -1 EBADF (Bad file descriptor) [pid 16347] close(8) = -1 EBADF (Bad file descriptor) [pid 16347] close(9) = -1 EBADF (Bad file descriptor) [pid 16347] close(10) = -1 EBADF (Bad file descriptor) [pid 16347] close(11) = -1 EBADF (Bad file descriptor) [pid 16347] close(12) = -1 EBADF (Bad file descriptor) [pid 16347] close(13) = -1 EBADF (Bad file descriptor) [pid 16347] close(14) = -1 EBADF (Bad file descriptor) [pid 16347] close(15) = -1 EBADF (Bad file descriptor) [pid 16347] close(16) = -1 EBADF (Bad file descriptor) [pid 16347] close(17) = -1 EBADF (Bad file descriptor) [pid 16347] close(18) = -1 EBADF (Bad file descriptor) [pid 16347] close(19) = -1 EBADF (Bad file descriptor) [pid 16347] close(20) = -1 EBADF (Bad file descriptor) [pid 16347] close(21) = -1 EBADF (Bad file descriptor) [pid 16347] close(22) = -1 EBADF (Bad file descriptor) [pid 16347] close(23) = -1 EBADF (Bad file descriptor) [pid 16347] close(24) = -1 EBADF (Bad file descriptor) [pid 16347] close(25) = -1 EBADF (Bad file descriptor) [pid 16347] close(26) = -1 EBADF (Bad file descriptor) [pid 16347] close(27) = -1 EBADF (Bad file descriptor) [pid 16347] close(28) = -1 EBADF (Bad file descriptor) [pid 16347] close(29) = -1 EBADF (Bad file descriptor) [pid 16347] exit_group(0) = ? [pid 16351] <... futex resumed>) = ? [pid 16352] <... futex resumed>) = -1 (errno 18446744073709551555) [pid 16352] +++ exited with 0 +++ [pid 16351] +++ exited with 0 +++ [pid 16348] <... futex resumed>) = -1 (errno 18446744073709551555) [pid 16348] +++ exited with 0 +++ [pid 16347] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10336, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2709", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2709", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2709/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2709/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2709/binderfs") = 0 [ 325.393847][T16348] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2709/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2709/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2709/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2709/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2709/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2709/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2709") = 0 [pid 289] mkdir("./2710", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10340 ./strace-static-x86_64: Process 16353 attached [pid 16353] set_robust_list(0x555556f746a0, 24) = 0 [pid 16353] chdir("./2710") = 0 [pid 16353] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16353] setpgid(0, 0) = 0 [pid 16353] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16353] write(3, "1000", 4) = 4 [pid 16353] close(3) = 0 [pid 16353] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16353] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16353] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 16353] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 16353] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 16353] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16353] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16353] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10341]}, 88) = 10341 [pid 16353] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16353] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16353] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 16354 attached [pid 16354] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 16354] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16354] memfd_create("syzkaller", 0) = 3 [pid 16354] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 16354] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16354] munmap(0x7fbc5eeed000, 262144) = 0 [pid 16354] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16354] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16354] close(3) = 0 [pid 16354] mkdir("./file1", 0777) = 0 [pid 16354] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16354] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16354] chdir("./file1") = 0 [pid 16354] ioctl(4, LOOP_CLR_FD) = 0 [pid 16354] close(4) = 0 [pid 16354] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16354] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16353] <... futex resumed>) = 0 [pid 16353] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16353] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16354] <... futex resumed>) = 0 [pid 16354] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 16354] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16353] <... futex resumed>) = 0 [pid 16353] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16353] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16353] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 16353] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16353] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16353] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[10342]}, 88) = 10342 [pid 16353] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16353] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16353] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16353] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 16353] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16353] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16353] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[10343]}, 88) = 10343 [pid 16353] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 16359 attached ./strace-static-x86_64: Process 16358 attached [pid 16354] <... futex resumed>) = 1 [pid 16353] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16353] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16359] set_robust_list(0x7fbc5ef0b9a0, 24 [pid 16358] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 16354] memfd_create("syzkaller", 0 [pid 16359] <... set_robust_list resumed>) = 0 [pid 16358] <... set_robust_list resumed>) = 0 [pid 16354] <... memfd_create resumed>) = 4 [pid 16358] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16358] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 16359] rt_sigprocmask(SIG_SETMASK, [], [pid 16358] <... setxattr resumed>) = 0 [pid 16358] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16358] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16354] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16354] close(4) = 0 [pid 16354] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16354] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16359] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16359] memfd_create("syzkaller", 0) = 4 [pid 16359] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16359] close(4) = 0 [pid 16359] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 16353] <... futex resumed>) = 0 [pid 16353] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16353] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16354] <... futex resumed>) = 0 [pid 16354] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 16359] <... futex resumed>) = 1 [pid 16354] <... open resumed>) = 4 [pid 16354] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16353] <... futex resumed>) = 0 [pid 16353] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16353] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16354] <... futex resumed>) = 1 [pid 16354] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 16354] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16353] <... futex resumed>) = 0 [pid 16353] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16353] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16354] <... futex resumed>) = 1 [pid 16354] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 16354] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16353] <... futex resumed>) = 0 [pid 16353] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16353] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16354] <... futex resumed>) = 1 [pid 16354] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 16359] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16354] <... write resumed>) = 262144 [pid 16354] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16353] <... futex resumed>) = 0 [pid 16353] close(3) = 0 [pid 16353] close(4) = 0 [pid 16353] close(5) = 0 [pid 16353] close(6) = -1 EBADF (Bad file descriptor) [pid 16353] close(7) = -1 EBADF (Bad file descriptor) [pid 16353] close(8) = -1 EBADF (Bad file descriptor) [pid 16353] close(9) = -1 EBADF (Bad file descriptor) [pid 16353] close(10) = -1 EBADF (Bad file descriptor) [pid 16353] close(11) = -1 EBADF (Bad file descriptor) [pid 16353] close(12) = -1 EBADF (Bad file descriptor) [pid 16353] close(13) = -1 EBADF (Bad file descriptor) [pid 16353] close(14) = -1 EBADF (Bad file descriptor) [pid 16353] close(15) = -1 EBADF (Bad file descriptor) [pid 16353] close(16) = -1 EBADF (Bad file descriptor) [pid 16353] close(17) = -1 EBADF (Bad file descriptor) [pid 16353] close(18) = -1 EBADF (Bad file descriptor) [pid 16353] close(19) = -1 EBADF (Bad file descriptor) [pid 16353] close(20) = -1 EBADF (Bad file descriptor) [pid 16353] close(21) = -1 EBADF (Bad file descriptor) [pid 16353] close(22) = -1 EBADF (Bad file descriptor) [pid 16353] close(23) = -1 EBADF (Bad file descriptor) [pid 16353] close(24) = -1 EBADF (Bad file descriptor) [pid 16353] close(25) = -1 EBADF (Bad file descriptor) [pid 16353] close(26) = -1 EBADF (Bad file descriptor) [pid 16353] close(27) = -1 EBADF (Bad file descriptor) [pid 16353] close(28) = -1 EBADF (Bad file descriptor) [pid 16353] close(29) = -1 EBADF (Bad file descriptor) [pid 16353] exit_group(0 [pid 16359] <... futex resumed>) = ? [pid 16353] <... exit_group resumed>) = ? [pid 16359] +++ exited with 0 +++ [pid 16358] <... futex resumed>) = ? [pid 16358] +++ exited with 0 +++ [pid 16354] +++ exited with 0 +++ [pid 16353] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10340, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2710", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2710", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2710/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2710/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2710/binderfs") = 0 [ 325.469187][T16354] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2710/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2710/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2710/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2710/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2710/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2710/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2710") = 0 [pid 289] mkdir("./2711", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10344 ./strace-static-x86_64: Process 16360 attached [pid 16360] set_robust_list(0x555556f746a0, 24) = 0 [pid 16360] chdir("./2711") = 0 [pid 16360] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16360] setpgid(0, 0) = 0 [pid 16360] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16360] write(3, "1000", 4) = 4 [pid 16360] close(3) = 0 [pid 16360] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16360] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16360] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 16360] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 16360] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 16360] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16360] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16360] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0}./strace-static-x86_64: Process 16361 attached => {parent_tid=[10345]}, 88) = 10345 [pid 16361] set_robust_list(0x7fbc6730d9a0, 24 [pid 16360] rt_sigprocmask(SIG_SETMASK, [], [pid 16361] <... set_robust_list resumed>) = 0 [pid 16360] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16361] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16361] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16360] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16360] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16361] <... futex resumed>) = 0 [pid 16361] memfd_create("syzkaller", 0) = 3 [pid 16361] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 16361] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16361] munmap(0x7fbc5eeed000, 262144) = 0 [pid 16361] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16361] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16361] close(3) = 0 [pid 16361] mkdir("./file1", 0777) = 0 [pid 16361] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16361] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16361] chdir("./file1") = 0 [pid 16361] ioctl(4, LOOP_CLR_FD) = 0 [pid 16361] close(4) = 0 [pid 16361] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16360] <... futex resumed>) = 0 [pid 16360] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16360] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16361] <... futex resumed>) = 1 [pid 16361] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 16361] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16360] <... futex resumed>) = 0 [pid 16360] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16360] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16360] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 16360] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16360] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16360] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0}./strace-static-x86_64: Process 16364 attached [pid 16364] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 16360] <... clone3 resumed> => {parent_tid=[10346]}, 88) = 10346 [pid 16361] <... futex resumed>) = 1 [pid 16361] memfd_create("syzkaller", 0) = 4 [pid 16361] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16361] close(4) = 0 [pid 16360] rt_sigprocmask(SIG_SETMASK, [], [pid 16361] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16360] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16361] <... futex resumed>) = 0 [pid 16361] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16364] <... set_robust_list resumed>) = 0 [pid 16364] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16364] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16360] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16360] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16364] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 16360] <... futex resumed>) = 1 [pid 16364] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 16360] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16361] <... futex resumed>) = 0 [pid 16364] <... setxattr resumed>) = 0 [pid 16361] memfd_create("syzkaller", 0 [pid 16364] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16364] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16361] <... memfd_create resumed>) = 4 [pid 16361] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16361] close(4) = 0 [pid 16361] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16360] <... futex resumed>) = 0 [pid 16361] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 16360] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16360] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16361] <... open resumed>) = 4 [pid 16361] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16360] <... futex resumed>) = 0 [pid 16360] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16360] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16361] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 16361] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16360] <... futex resumed>) = 0 [pid 16361] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16360] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16360] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16361] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 16361] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 16361] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16360] <... futex resumed>) = 0 [pid 16361] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 16360] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16360] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16361] <... write resumed>) = 262144 [pid 16361] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16360] <... futex resumed>) = 0 [pid 16360] close(3) = 0 [pid 16360] close(4) = 0 [pid 16360] close(5) = 0 [pid 16360] close(6) = -1 EBADF (Bad file descriptor) [pid 16360] close(7) = -1 EBADF (Bad file descriptor) [pid 16360] close(8) = -1 EBADF (Bad file descriptor) [pid 16360] close(9) = -1 EBADF (Bad file descriptor) [pid 16360] close(10) = -1 EBADF (Bad file descriptor) [pid 16360] close(11) = -1 EBADF (Bad file descriptor) [pid 16360] close(12) = -1 EBADF (Bad file descriptor) [pid 16360] close(13) = -1 EBADF (Bad file descriptor) [pid 16360] close(14) = -1 EBADF (Bad file descriptor) [pid 16360] close(15) = -1 EBADF (Bad file descriptor) [pid 16360] close(16) = -1 EBADF (Bad file descriptor) [pid 16360] close(17) = -1 EBADF (Bad file descriptor) [pid 16360] close(18) = -1 EBADF (Bad file descriptor) [pid 16360] close(19) = -1 EBADF (Bad file descriptor) [pid 16360] close(20) = -1 EBADF (Bad file descriptor) [pid 16360] close(21) = -1 EBADF (Bad file descriptor) [pid 16360] close(22) = -1 EBADF (Bad file descriptor) [pid 16360] close(23) = -1 EBADF (Bad file descriptor) [pid 16360] close(24) = -1 EBADF (Bad file descriptor) [pid 16360] close(25) = -1 EBADF (Bad file descriptor) [pid 16360] close(26) = -1 EBADF (Bad file descriptor) [pid 16360] close(27) = -1 EBADF (Bad file descriptor) [pid 16360] close(28) = -1 EBADF (Bad file descriptor) [pid 16360] close(29) = -1 EBADF (Bad file descriptor) [pid 16360] exit_group(0) = ? [pid 16364] <... futex resumed>) = ? [pid 16364] +++ exited with 0 +++ [pid 16361] <... futex resumed>) = ? [pid 16361] +++ exited with 0 +++ [pid 16360] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10344, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2711", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2711", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2711/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2711/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2711/binderfs") = 0 [ 325.592774][T16361] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2711/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2711/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2711/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2711/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2711/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2711/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2711") = 0 [pid 289] mkdir("./2712", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10347 ./strace-static-x86_64: Process 16365 attached [pid 16365] set_robust_list(0x555556f746a0, 24) = 0 [pid 16365] chdir("./2712") = 0 [pid 16365] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16365] setpgid(0, 0) = 0 [pid 16365] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16365] write(3, "1000", 4) = 4 [pid 16365] close(3) = 0 [pid 16365] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16365] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16365] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 16365] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 16365] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 16365] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16365] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16365] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10348]}, 88) = 10348 [pid 16365] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16365] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16365] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 16366 attached [pid 16366] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 16366] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16366] memfd_create("syzkaller", 0) = 3 [pid 16366] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 16366] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16366] munmap(0x7fbc5eeed000, 262144) = 0 [pid 16366] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16366] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16366] close(3) = 0 [pid 16366] mkdir("./file1", 0777) = 0 [pid 16366] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16366] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16366] chdir("./file1") = 0 [pid 16366] ioctl(4, LOOP_CLR_FD) = 0 [pid 16366] close(4) = 0 [pid 16366] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16365] <... futex resumed>) = 0 [pid 16365] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16365] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16366] <... futex resumed>) = 1 [pid 16366] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 16366] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16365] <... futex resumed>) = 0 [pid 16365] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16365] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16365] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 16365] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16365] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16365] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[10349]}, 88) = 10349 [pid 16365] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16365] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 16369 attached [pid 16366] <... futex resumed>) = 1 [pid 16365] <... futex resumed>) = 0 [pid 16365] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 16369] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 16366] memfd_create("syzkaller", 0 [pid 16365] <... futex resumed>) = 0 [pid 16365] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 16366] <... memfd_create resumed>) = 4 [pid 16366] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 16365] <... mmap resumed>) = 0x7fbc5eeeb000 [pid 16365] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE [pid 16369] <... set_robust_list resumed>) = 0 [pid 16366] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 16365] <... mprotect resumed>) = 0 [pid 16369] rt_sigprocmask(SIG_SETMASK, [], [pid 16366] close(4 [pid 16365] rt_sigprocmask(SIG_BLOCK, ~[], [pid 16369] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16365] <... rt_sigprocmask resumed>[], 8) = 0 [pid 16369] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 16366] <... close resumed>) = 0 [pid 16365] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} [pid 16366] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16365] <... clone3 resumed> => {parent_tid=[10350]}, 88) = 10350 [pid 16366] <... futex resumed>) = 0 [pid 16365] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 16370 attached [pid 16370] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 16370] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16370] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16365] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16366] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16369] <... setxattr resumed>) = 0 [pid 16365] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16369] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16365] <... futex resumed>) = 1 [pid 16369] <... futex resumed>) = 0 [pid 16369] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16365] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16370] <... futex resumed>) = 0 [pid 16370] memfd_create("syzkaller", 0) = 4 [pid 16370] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16370] close(4) = 0 [pid 16370] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16365] <... futex resumed>) = 0 [pid 16365] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16366] <... futex resumed>) = 0 [pid 16365] <... futex resumed>) = 1 [pid 16366] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 16365] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16366] <... open resumed>) = 4 [pid 16366] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16365] <... futex resumed>) = 0 [pid 16366] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 16365] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16366] <... mount resumed>) = 0 [pid 16365] <... futex resumed>) = 0 [pid 16365] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16366] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16366] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16365] <... futex resumed>) = 0 [pid 16365] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16366] <... futex resumed>) = 0 [pid 16365] <... futex resumed>) = 1 [pid 16366] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 16365] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16366] <... open resumed>) = 5 [pid 16366] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16365] <... futex resumed>) = 0 [pid 16366] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16365] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16366] <... futex resumed>) = 0 [pid 16365] <... futex resumed>) = 1 [pid 16366] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 16365] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16370] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16366] <... write resumed>) = 262144 [pid 16366] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16365] <... futex resumed>) = 0 [pid 16365] close(3) = 0 [pid 16365] close(4) = 0 [pid 16365] close(5 [pid 16366] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16365] <... close resumed>) = 0 [pid 16365] close(6) = -1 EBADF (Bad file descriptor) [pid 16365] close(7) = -1 EBADF (Bad file descriptor) [pid 16365] close(8) = -1 EBADF (Bad file descriptor) [pid 16365] close(9) = -1 EBADF (Bad file descriptor) [pid 16365] close(10) = -1 EBADF (Bad file descriptor) [pid 16365] close(11) = -1 EBADF (Bad file descriptor) [pid 16365] close(12) = -1 EBADF (Bad file descriptor) [pid 16365] close(13) = -1 EBADF (Bad file descriptor) [pid 16365] close(14) = -1 EBADF (Bad file descriptor) [pid 16365] close(15) = -1 EBADF (Bad file descriptor) [pid 16365] close(16) = -1 EBADF (Bad file descriptor) [pid 16365] close(17) = -1 EBADF (Bad file descriptor) [pid 16365] close(18) = -1 EBADF (Bad file descriptor) [pid 16365] close(19) = -1 EBADF (Bad file descriptor) [pid 16365] close(20) = -1 EBADF (Bad file descriptor) [pid 16365] close(21) = -1 EBADF (Bad file descriptor) [pid 16365] close(22) = -1 EBADF (Bad file descriptor) [pid 16365] close(23) = -1 EBADF (Bad file descriptor) [pid 16365] close(24) = -1 EBADF (Bad file descriptor) [pid 16365] close(25) = -1 EBADF (Bad file descriptor) [pid 16365] close(26) = -1 EBADF (Bad file descriptor) [pid 16365] close(27) = -1 EBADF (Bad file descriptor) [pid 16365] close(28) = -1 EBADF (Bad file descriptor) [pid 16365] close(29) = -1 EBADF (Bad file descriptor) [pid 16365] exit_group(0) = ? [pid 16369] <... futex resumed>) = ? [pid 16366] <... futex resumed>) = ? [pid 16369] +++ exited with 0 +++ [pid 16370] <... futex resumed>) = ? [pid 16366] +++ exited with 0 +++ [pid 16370] +++ exited with 0 +++ [pid 16365] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10347, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2712", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2712", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2712/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2712/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2712/binderfs") = 0 [ 325.739484][T16366] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2712/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2712/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2712/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2712/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2712/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2712/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2712") = 0 [pid 289] mkdir("./2713", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10351 ./strace-static-x86_64: Process 16371 attached [pid 16371] set_robust_list(0x555556f746a0, 24) = 0 [pid 16371] chdir("./2713") = 0 [pid 16371] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16371] setpgid(0, 0) = 0 [pid 16371] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16371] write(3, "1000", 4) = 4 [pid 16371] close(3) = 0 [pid 16371] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16371] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16371] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 16371] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 16371] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 16371] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16371] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16371] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10352]}, 88) = 10352 ./strace-static-x86_64: Process 16372 attached [pid 16371] rt_sigprocmask(SIG_SETMASK, [], [pid 16372] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 16371] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16371] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16371] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16372] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16372] memfd_create("syzkaller", 0) = 3 [pid 16372] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 16372] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16372] munmap(0x7fbc5eeed000, 262144) = 0 [pid 16372] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16372] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16372] close(3) = 0 [pid 16372] mkdir("./file1", 0777) = 0 [pid 16372] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16372] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16372] chdir("./file1") = 0 [pid 16372] ioctl(4, LOOP_CLR_FD) = 0 [pid 16372] close(4) = 0 [pid 16372] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16371] <... futex resumed>) = 0 [pid 16371] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16371] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16372] <... futex resumed>) = 1 [pid 16372] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 16372] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16371] <... futex resumed>) = 0 [pid 16371] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16371] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16371] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 16371] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16371] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16371] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0}./strace-static-x86_64: Process 16375 attached [pid 16375] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 16375] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16371] <... clone3 resumed> => {parent_tid=[10353]}, 88) = 10353 [pid 16375] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16371] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16371] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16375] <... futex resumed>) = 0 [pid 16371] <... futex resumed>) = 1 [pid 16375] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 16371] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16371] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 16375] <... setxattr resumed>) = 0 [pid 16371] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE [pid 16375] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16371] <... mprotect resumed>) = 0 [pid 16375] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16371] rt_sigprocmask(SIG_BLOCK, ~[], [pid 16372] <... futex resumed>) = 1 [pid 16371] <... rt_sigprocmask resumed>[], 8) = 0 [pid 16371] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} [pid 16372] memfd_create("syzkaller", 0) = 4 [pid 16372] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 16371] <... clone3 resumed> => {parent_tid=[10354]}, 88) = 10354 [pid 16371] rt_sigprocmask(SIG_SETMASK, [], [pid 16372] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 16371] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16371] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16371] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16372] close(4) = 0 [pid 16372] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16372] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 16376 attached [pid 16376] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 16376] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16376] memfd_create("syzkaller", 0) = 4 [pid 16376] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16376] close(4) = 0 [pid 16376] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16371] <... futex resumed>) = 0 [pid 16376] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16371] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16372] <... futex resumed>) = 0 [pid 16371] <... futex resumed>) = 1 [pid 16372] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 16371] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16372] <... open resumed>) = 4 [pid 16372] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16371] <... futex resumed>) = 0 [pid 16372] <... futex resumed>) = 1 [pid 16371] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16372] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 16371] <... futex resumed>) = 0 [pid 16371] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16372] <... mount resumed>) = 0 [pid 16372] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16371] <... futex resumed>) = 0 [pid 16372] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16371] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16372] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 16371] <... futex resumed>) = 0 [pid 16372] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 16371] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16372] <... open resumed>) = 5 [pid 16372] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16371] <... futex resumed>) = 0 [pid 16372] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16371] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16372] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 16371] <... futex resumed>) = 0 [pid 16372] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 16371] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16372] <... write resumed>) = 262144 [pid 16372] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16371] <... futex resumed>) = 0 [pid 16372] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16371] close(3) = 0 [pid 16371] close(4) = 0 [pid 16371] close(5) = 0 [pid 16371] close(6) = -1 EBADF (Bad file descriptor) [pid 16371] close(7) = -1 EBADF (Bad file descriptor) [pid 16371] close(8) = -1 EBADF (Bad file descriptor) [pid 16371] close(9) = -1 EBADF (Bad file descriptor) [pid 16371] close(10) = -1 EBADF (Bad file descriptor) [pid 16371] close(11) = -1 EBADF (Bad file descriptor) [pid 16371] close(12) = -1 EBADF (Bad file descriptor) [pid 16371] close(13) = -1 EBADF (Bad file descriptor) [pid 16371] close(14) = -1 EBADF (Bad file descriptor) [pid 16371] close(15) = -1 EBADF (Bad file descriptor) [pid 16371] close(16) = -1 EBADF (Bad file descriptor) [pid 16371] close(17) = -1 EBADF (Bad file descriptor) [pid 16371] close(18) = -1 EBADF (Bad file descriptor) [pid 16371] close(19) = -1 EBADF (Bad file descriptor) [pid 16371] close(20) = -1 EBADF (Bad file descriptor) [pid 16371] close(21) = -1 EBADF (Bad file descriptor) [pid 16371] close(22) = -1 EBADF (Bad file descriptor) [pid 16371] close(23) = -1 EBADF (Bad file descriptor) [pid 16371] close(24) = -1 EBADF (Bad file descriptor) [pid 16371] close(25) = -1 EBADF (Bad file descriptor) [pid 16371] close(26) = -1 EBADF (Bad file descriptor) [pid 16371] close(27) = -1 EBADF (Bad file descriptor) [pid 16371] close(28) = -1 EBADF (Bad file descriptor) [pid 16371] close(29) = -1 EBADF (Bad file descriptor) [pid 16371] exit_group(0) = ? [pid 16376] <... futex resumed>) = ? [pid 16376] +++ exited with 0 +++ [pid 16375] <... futex resumed>) = ? [pid 16372] <... futex resumed>) = ? [pid 16375] +++ exited with 0 +++ [pid 16372] +++ exited with 0 +++ [pid 16371] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10351, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2713", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2713", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2713/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2713/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2713/binderfs") = 0 [ 325.860487][T16372] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2713/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2713/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2713/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2713/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2713/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2713/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2713") = 0 [pid 289] mkdir("./2714", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10355 ./strace-static-x86_64: Process 16377 attached [pid 16377] set_robust_list(0x555556f746a0, 24) = 0 [pid 16377] chdir("./2714") = 0 [pid 16377] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16377] setpgid(0, 0) = 0 [pid 16377] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16377] write(3, "1000", 4) = 4 [pid 16377] close(3) = 0 [pid 16377] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16377] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16377] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 16377] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 16377] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 16377] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16377] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16377] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10356]}, 88) = 10356 [pid 16377] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16377] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16377] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 16378 attached [pid 16378] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 16378] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16378] memfd_create("syzkaller", 0) = 3 [pid 16378] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 16378] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16378] munmap(0x7fbc5eeed000, 262144) = 0 [pid 16378] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16378] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16378] close(3) = 0 [pid 16378] mkdir("./file1", 0777) = 0 [pid 16378] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16378] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16378] chdir("./file1") = 0 [pid 16378] ioctl(4, LOOP_CLR_FD) = 0 [pid 16378] close(4) = 0 [pid 16378] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16378] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16377] <... futex resumed>) = 0 [pid 16377] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16377] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16378] <... futex resumed>) = 0 [pid 16378] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 16378] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16377] <... futex resumed>) = 0 [pid 16377] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16377] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16377] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 16377] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16377] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16377] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[10357]}, 88) = 10357 [pid 16377] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16377] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16377] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16377] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 16377] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16377] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16377] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0}./strace-static-x86_64: Process 16382 attached ./strace-static-x86_64: Process 16381 attached [pid 16382] set_robust_list(0x7fbc5ef0b9a0, 24 [pid 16381] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 16377] <... clone3 resumed> => {parent_tid=[10358]}, 88) = 10358 [pid 16377] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16377] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16382] <... set_robust_list resumed>) = 0 [pid 16381] <... set_robust_list resumed>) = 0 [pid 16377] <... futex resumed>) = 0 [pid 16377] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16378] <... futex resumed>) = 1 [pid 16378] memfd_create("syzkaller", 0) = 4 [pid 16378] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16378] close(4) = 0 [pid 16378] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16378] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16382] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16382] memfd_create("syzkaller", 0) = 4 [pid 16382] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16382] close(4) = 0 [pid 16382] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 16377] <... futex resumed>) = 0 [pid 16377] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16377] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16382] <... futex resumed>) = 1 [pid 16382] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16378] <... futex resumed>) = 0 [pid 16378] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 16381] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16381] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 16378] <... open resumed>) = 4 [pid 16378] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16377] <... futex resumed>) = 0 [pid 16377] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16377] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16381] <... setxattr resumed>) = 0 [pid 16378] <... futex resumed>) = 1 [pid 16378] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 16381] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16378] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16381] <... futex resumed>) = 0 [pid 16377] <... futex resumed>) = 0 [pid 16377] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16377] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16378] <... futex resumed>) = 1 [pid 16378] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 16378] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16377] <... futex resumed>) = 0 [pid 16377] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16381] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16377] <... futex resumed>) = 0 [pid 16377] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16378] <... futex resumed>) = 1 [pid 16378] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 16378] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16377] <... futex resumed>) = 0 [pid 16377] close(3) = 0 [pid 16377] close(4) = 0 [pid 16377] close(5) = 0 [pid 16377] close(6) = -1 EBADF (Bad file descriptor) [pid 16377] close(7) = -1 EBADF (Bad file descriptor) [pid 16377] close(8) = -1 EBADF (Bad file descriptor) [pid 16377] close(9) = -1 EBADF (Bad file descriptor) [pid 16377] close(10) = -1 EBADF (Bad file descriptor) [pid 16377] close(11) = -1 EBADF (Bad file descriptor) [pid 16377] close(12) = -1 EBADF (Bad file descriptor) [pid 16377] close(13) = -1 EBADF (Bad file descriptor) [pid 16377] close(14) = -1 EBADF (Bad file descriptor) [pid 16377] close(15) = -1 EBADF (Bad file descriptor) [pid 16377] close(16) = -1 EBADF (Bad file descriptor) [pid 16377] close(17) = -1 EBADF (Bad file descriptor) [pid 16377] close(18) = -1 EBADF (Bad file descriptor) [pid 16377] close(19) = -1 EBADF (Bad file descriptor) [pid 16377] close(20) = -1 EBADF (Bad file descriptor) [pid 16377] close(21) = -1 EBADF (Bad file descriptor) [pid 16377] close(22) = -1 EBADF (Bad file descriptor) [pid 16377] close(23) = -1 EBADF (Bad file descriptor) [pid 16377] close(24) = -1 EBADF (Bad file descriptor) [pid 16377] close(25) = -1 EBADF (Bad file descriptor) [pid 16377] close(26) = -1 EBADF (Bad file descriptor) [pid 16377] close(27) = -1 EBADF (Bad file descriptor) [pid 16377] close(28) = -1 EBADF (Bad file descriptor) [pid 16377] close(29) = -1 EBADF (Bad file descriptor) [pid 16377] exit_group(0 [pid 16382] <... futex resumed>) = ? [pid 16377] <... exit_group resumed>) = ? [pid 16382] +++ exited with 0 +++ [pid 16378] <... futex resumed>) = ? [pid 16378] +++ exited with 0 +++ [pid 16381] <... futex resumed>) = ? [pid 16381] +++ exited with 0 +++ [pid 16377] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10355, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2714", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2714", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2714/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2714/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2714/binderfs") = 0 [pid 289] umount2("./2714/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2714/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2714/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2714/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2714/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2714/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2714") = 0 [pid 289] mkdir("./2715", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [ 325.942323][T16378] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10359 ./strace-static-x86_64: Process 16383 attached [pid 16383] set_robust_list(0x555556f746a0, 24) = 0 [pid 16383] chdir("./2715") = 0 [pid 16383] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16383] setpgid(0, 0) = 0 [pid 16383] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16383] write(3, "1000", 4) = 4 [pid 16383] close(3) = 0 [pid 16383] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16383] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16383] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 16383] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 16383] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 16383] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16383] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16383] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10360]}, 88) = 10360 [pid 16383] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16383] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16383] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 16384 attached [pid 16384] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 16384] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16384] memfd_create("syzkaller", 0) = 3 [pid 16384] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 16384] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16384] munmap(0x7fbc5eeed000, 262144) = 0 [pid 16384] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16384] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16384] close(3) = 0 [pid 16384] mkdir("./file1", 0777) = 0 [pid 16384] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16384] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16384] chdir("./file1") = 0 [pid 16384] ioctl(4, LOOP_CLR_FD) = 0 [pid 16384] close(4) = 0 [pid 16384] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16384] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16383] <... futex resumed>) = 0 [pid 16383] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16383] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16384] <... futex resumed>) = 0 [pid 16384] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 16384] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16383] <... futex resumed>) = 0 [pid 16383] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16383] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16383] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 16383] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16383] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16383] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[10361]}, 88) = 10361 [pid 16383] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16383] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16383] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16383] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 16383] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16383] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16383] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[10362]}, 88) = 10362 [pid 16383] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16383] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16383] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16384] <... futex resumed>) = 1 [pid 16384] memfd_create("syzkaller", 0) = 4 [pid 16384] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16384] close(4) = 0 [pid 16384] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16384] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 16387 attached [pid 16387] set_robust_list(0x7fbc5ef2c9a0, 24./strace-static-x86_64: Process 16388 attached ) = 0 [pid 16388] set_robust_list(0x7fbc5ef0b9a0, 24 [pid 16387] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16387] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 16388] <... set_robust_list resumed>) = 0 [pid 16388] rt_sigprocmask(SIG_SETMASK, [], [pid 16387] <... setxattr resumed>) = 0 [pid 16387] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16387] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16388] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16388] memfd_create("syzkaller", 0) = 4 [pid 16388] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16388] close(4) = 0 [pid 16388] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 16383] <... futex resumed>) = 0 [pid 16383] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16383] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16388] <... futex resumed>) = 1 [pid 16384] <... futex resumed>) = 0 [pid 16388] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16384] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 16384] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16383] <... futex resumed>) = 0 [pid 16384] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 16383] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16383] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16384] <... mount resumed>) = 0 [pid 16384] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16383] <... futex resumed>) = 0 [pid 16383] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16383] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16384] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 16384] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16383] <... futex resumed>) = 0 [pid 16383] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16383] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16384] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 16384] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16383] <... futex resumed>) = 0 [pid 16383] close(3) = 0 [pid 16383] close(4) = 0 [pid 16383] close(5 [pid 16384] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16383] <... close resumed>) = 0 [pid 16383] close(6) = -1 EBADF (Bad file descriptor) [pid 16383] close(7) = -1 EBADF (Bad file descriptor) [pid 16383] close(8) = -1 EBADF (Bad file descriptor) [pid 16383] close(9) = -1 EBADF (Bad file descriptor) [pid 16383] close(10) = -1 EBADF (Bad file descriptor) [pid 16383] close(11) = -1 EBADF (Bad file descriptor) [pid 16383] close(12) = -1 EBADF (Bad file descriptor) [pid 16383] close(13) = -1 EBADF (Bad file descriptor) [pid 16383] close(14) = -1 EBADF (Bad file descriptor) [pid 16383] close(15) = -1 EBADF (Bad file descriptor) [pid 16383] close(16) = -1 EBADF (Bad file descriptor) [pid 16383] close(17) = -1 EBADF (Bad file descriptor) [pid 16383] close(18) = -1 EBADF (Bad file descriptor) [pid 16383] close(19) = -1 EBADF (Bad file descriptor) [pid 16383] close(20) = -1 EBADF (Bad file descriptor) [pid 16383] close(21) = -1 EBADF (Bad file descriptor) [pid 16383] close(22) = -1 EBADF (Bad file descriptor) [pid 16383] close(23) = -1 EBADF (Bad file descriptor) [pid 16383] close(24) = -1 EBADF (Bad file descriptor) [pid 16383] close(25) = -1 EBADF (Bad file descriptor) [pid 16383] close(26) = -1 EBADF (Bad file descriptor) [pid 16383] close(27) = -1 EBADF (Bad file descriptor) [pid 16383] close(28) = -1 EBADF (Bad file descriptor) [pid 16383] close(29) = -1 EBADF (Bad file descriptor) [pid 16383] exit_group(0) = ? [pid 16387] <... futex resumed>) = ? [pid 16387] +++ exited with 0 +++ [pid 16388] <... futex resumed>) = ? [pid 16384] <... futex resumed>) = ? [pid 16388] +++ exited with 0 +++ [pid 16384] +++ exited with 0 +++ [pid 16383] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10359, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2715", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2715", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2715/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2715/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2715/binderfs") = 0 [ 326.009796][T16384] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2715/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2715/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2715/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2715/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2715/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2715/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2715") = 0 [pid 289] mkdir("./2716", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10363 ./strace-static-x86_64: Process 16389 attached [pid 16389] set_robust_list(0x555556f746a0, 24) = 0 [pid 16389] chdir("./2716") = 0 [pid 16389] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16389] setpgid(0, 0) = 0 [pid 16389] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16389] write(3, "1000", 4) = 4 [pid 16389] close(3) = 0 [pid 16389] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16389] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16389] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 16389] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 16389] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 16389] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16389] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16389] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10364]}, 88) = 10364 [pid 16389] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16389] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16389] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 16390 attached [pid 16390] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 16390] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16390] memfd_create("syzkaller", 0) = 3 [pid 16390] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 16390] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16390] munmap(0x7fbc5eeed000, 262144) = 0 [pid 16390] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16390] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16390] close(3) = 0 [pid 16390] mkdir("./file1", 0777) = 0 [pid 16390] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16390] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16390] chdir("./file1") = 0 [pid 16390] ioctl(4, LOOP_CLR_FD) = 0 [pid 16390] close(4) = 0 [pid 16390] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16389] <... futex resumed>) = 0 [pid 16389] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16389] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16390] <... futex resumed>) = 1 [pid 16390] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 16390] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16389] <... futex resumed>) = 0 [pid 16389] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16389] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16389] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 16389] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16390] <... futex resumed>) = 1 [pid 16389] rt_sigprocmask(SIG_BLOCK, ~[], [pid 16390] memfd_create("syzkaller", 0) = 4 [pid 16389] <... rt_sigprocmask resumed>[], 8) = 0 [pid 16390] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16390] close(4) = 0 [pid 16390] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16390] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16389] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[10365]}, 88) = 10365 [pid 16389] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16389] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16389] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16389] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16390] <... futex resumed>) = 0 [pid 16390] memfd_create("syzkaller", 0) = 4 [pid 16390] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16390] close(4) = 0 [pid 16390] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16389] <... futex resumed>) = 0 [pid 16389] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16389] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16390] <... futex resumed>) = 1 [pid 16390] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000./strace-static-x86_64: Process 16393 attached [pid 16393] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 16390] <... open resumed>) = 4 [pid 16390] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16389] <... futex resumed>) = 0 [pid 16389] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16389] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16390] <... futex resumed>) = 1 [pid 16390] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 16393] <... set_robust_list resumed>) = 0 [pid 16393] rt_sigprocmask(SIG_SETMASK, [], [pid 16390] <... mount resumed>) = 0 [pid 16390] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16389] <... futex resumed>) = 0 [pid 16389] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16389] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16390] <... futex resumed>) = 1 [pid 16390] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 16393] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16390] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16389] <... futex resumed>) = 0 [pid 16389] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16389] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16390] <... futex resumed>) = 1 [pid 16390] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 16393] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 16390] <... write resumed>) = 262144 [pid 16390] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16389] <... futex resumed>) = 0 [pid 16390] <... futex resumed>) = 1 [pid 16390] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16393] <... setxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 16393] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16393] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16389] close(3) = 0 [pid 16389] close(4) = 0 [pid 16389] close(5) = 0 [pid 16389] close(6) = -1 EBADF (Bad file descriptor) [pid 16389] close(7) = -1 EBADF (Bad file descriptor) [pid 16389] close(8) = -1 EBADF (Bad file descriptor) [pid 16389] close(9) = -1 EBADF (Bad file descriptor) [pid 16389] close(10) = -1 EBADF (Bad file descriptor) [pid 16389] close(11) = -1 EBADF (Bad file descriptor) [pid 16389] close(12) = -1 EBADF (Bad file descriptor) [pid 16389] close(13) = -1 EBADF (Bad file descriptor) [pid 16389] close(14) = -1 EBADF (Bad file descriptor) [pid 16389] close(15) = -1 EBADF (Bad file descriptor) [pid 16389] close(16) = -1 EBADF (Bad file descriptor) [pid 16389] close(17) = -1 EBADF (Bad file descriptor) [pid 16389] close(18) = -1 EBADF (Bad file descriptor) [pid 16389] close(19) = -1 EBADF (Bad file descriptor) [pid 16389] close(20) = -1 EBADF (Bad file descriptor) [pid 16389] close(21) = -1 EBADF (Bad file descriptor) [pid 16389] close(22) = -1 EBADF (Bad file descriptor) [pid 16389] close(23) = -1 EBADF (Bad file descriptor) [pid 16389] close(24) = -1 EBADF (Bad file descriptor) [pid 16389] close(25) = -1 EBADF (Bad file descriptor) [pid 16389] close(26) = -1 EBADF (Bad file descriptor) [pid 16389] close(27) = -1 EBADF (Bad file descriptor) [pid 16389] close(28) = -1 EBADF (Bad file descriptor) [pid 16389] close(29) = -1 EBADF (Bad file descriptor) [pid 16389] exit_group(0) = ? [pid 16390] <... futex resumed>) = ? [pid 16390] +++ exited with 0 +++ [pid 16393] <... futex resumed>) = ? [pid 16393] +++ exited with 0 +++ [pid 16389] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10363, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2716", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2716", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2716/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2716/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2716/binderfs") = 0 [ 326.138815][T16390] EXT4-fs (loop0): 1 truncate cleaned up [ 326.162989][T16393] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5886: Corrupt filesystem [pid 289] umount2("./2716/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2716/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2716/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2716/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2716/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2716/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2716") = 0 [pid 289] mkdir("./2717", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10366 ./strace-static-x86_64: Process 16394 attached [pid 16394] set_robust_list(0x555556f746a0, 24) = 0 [pid 16394] chdir("./2717") = 0 [pid 16394] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16394] setpgid(0, 0) = 0 [pid 16394] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16394] write(3, "1000", 4) = 4 [pid 16394] close(3) = 0 [pid 16394] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16394] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16394] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 16394] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 16394] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 16394] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16394] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16394] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10367]}, 88) = 10367 [pid 16394] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16394] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16394] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 16395 attached [pid 16395] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 16395] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16395] memfd_create("syzkaller", 0) = 3 [pid 16395] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 16395] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16395] munmap(0x7fbc5eeed000, 262144) = 0 [pid 16395] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16395] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16395] close(3) = 0 [pid 16395] mkdir("./file1", 0777) = 0 [pid 16395] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16395] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16395] chdir("./file1") = 0 [pid 16395] ioctl(4, LOOP_CLR_FD) = 0 [pid 16395] close(4) = 0 [pid 16395] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16394] <... futex resumed>) = 0 [pid 16394] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16394] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16395] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 16395] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16394] <... futex resumed>) = 0 [pid 16394] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16394] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16394] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 16394] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16394] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16394] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[10368]}, 88) = 10368 [pid 16395] memfd_create("syzkaller", 0 [pid 16394] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16394] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16394] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16394] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 16394] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16394] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16394] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} [pid 16395] <... memfd_create resumed>) = 4 [pid 16394] <... clone3 resumed> => {parent_tid=[10369]}, 88) = 10369 [pid 16394] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16394] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16394] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 16399 attached [pid 16399] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 16399] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16399] memfd_create("syzkaller", 0) = 5 [pid 16399] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16399] close(5) = 0 [pid 16399] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 16394] <... futex resumed>) = 0 [pid 16394] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16394] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16399] <... futex resumed>) = 1 [pid 16399] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 16395] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16395] close(4 [pid 16399] <... open resumed>) = 5 [pid 16399] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 16394] <... futex resumed>) = 0 [pid 16394] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16394] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16399] <... futex resumed>) = 1 [pid 16399] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 16399] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 16394] <... futex resumed>) = 0 [pid 16394] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16394] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16399] <... futex resumed>) = 1 [pid 16399] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 16399] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 16394] <... futex resumed>) = 0 [pid 16394] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16394] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16399] <... futex resumed>) = 1 [pid 16399] write(6, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 16395] <... close resumed>) = 0 [pid 16395] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 16398 attached ) = 0 [pid 16398] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 16395] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16398] <... set_robust_list resumed>) = 0 [pid 16398] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16398] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 16399] <... write resumed>) = 262144 [pid 16399] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 16394] <... futex resumed>) = 0 [pid 16399] <... futex resumed>) = 1 [pid 16399] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16398] <... setxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 16398] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16398] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16394] close(3) = 0 [pid 16394] close(4) = -1 EBADF (Bad file descriptor) [pid 16394] close(5) = 0 [pid 16394] close(6) = 0 [pid 16394] close(7) = -1 EBADF (Bad file descriptor) [pid 16394] close(8) = -1 EBADF (Bad file descriptor) [pid 16394] close(9) = -1 EBADF (Bad file descriptor) [pid 16394] close(10) = -1 EBADF (Bad file descriptor) [pid 16394] close(11) = -1 EBADF (Bad file descriptor) [pid 16394] close(12) = -1 EBADF (Bad file descriptor) [pid 16394] close(13) = -1 EBADF (Bad file descriptor) [pid 16394] close(14) = -1 EBADF (Bad file descriptor) [pid 16394] close(15) = -1 EBADF (Bad file descriptor) [pid 16394] close(16) = -1 EBADF (Bad file descriptor) [pid 16394] close(17) = -1 EBADF (Bad file descriptor) [pid 16394] close(18) = -1 EBADF (Bad file descriptor) [pid 16394] close(19) = -1 EBADF (Bad file descriptor) [pid 16394] close(20) = -1 EBADF (Bad file descriptor) [pid 16394] close(21) = -1 EBADF (Bad file descriptor) [pid 16394] close(22) = -1 EBADF (Bad file descriptor) [pid 16394] close(23) = -1 EBADF (Bad file descriptor) [pid 16394] close(24) = -1 EBADF (Bad file descriptor) [pid 16394] close(25) = -1 EBADF (Bad file descriptor) [pid 16394] close(26) = -1 EBADF (Bad file descriptor) [pid 16394] close(27) = -1 EBADF (Bad file descriptor) [pid 16394] close(28) = -1 EBADF (Bad file descriptor) [pid 16394] close(29) = -1 EBADF (Bad file descriptor) [pid 16394] exit_group(0 [pid 16395] <... futex resumed>) = ? [pid 16394] <... exit_group resumed>) = ? [pid 16395] +++ exited with 0 +++ [pid 16398] <... futex resumed>) = ? [pid 16398] +++ exited with 0 +++ [pid 16399] <... futex resumed>) = ? [pid 16399] +++ exited with 0 +++ [pid 16394] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10366, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2717", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2717", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2717/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2717/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2717/binderfs") = 0 [pid 289] umount2("./2717/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2717/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2717/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2717/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2717/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2717/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2717") = 0 [pid 289] mkdir("./2718", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10370 ./strace-static-x86_64: Process 16400 attached [pid 16400] set_robust_list(0x555556f746a0, 24) = 0 [pid 16400] chdir("./2718") = 0 [pid 16400] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16400] setpgid(0, 0) = 0 [pid 16400] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16400] write(3, "1000", 4) = 4 [pid 16400] close(3) = 0 [pid 16400] symlink("/dev/binderfs", "./binderfs") = 0 [ 326.299125][T16395] EXT4-fs (loop0): 1 truncate cleaned up [ 326.325675][T16398] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5886: Corrupt filesystem [pid 16400] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16400] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 16400] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 16400] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 16400] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16400] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16400] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10371]}, 88) = 10371 [pid 16400] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16400] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16400] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 16401 attached [pid 16401] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 16401] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16401] memfd_create("syzkaller", 0) = 3 [pid 16401] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 16401] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16401] munmap(0x7fbc5eeed000, 262144) = 0 [pid 16401] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16401] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16401] close(3) = 0 [pid 16401] mkdir("./file1", 0777) = 0 [pid 16401] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16401] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16401] chdir("./file1") = 0 [pid 16401] ioctl(4, LOOP_CLR_FD) = 0 [pid 16401] close(4) = 0 [pid 16401] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16401] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16400] <... futex resumed>) = 0 [pid 16400] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16401] <... futex resumed>) = 0 [pid 16400] <... futex resumed>) = 1 [pid 16400] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16401] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 16401] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16400] <... futex resumed>) = 0 [pid 16401] <... futex resumed>) = 1 [pid 16400] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16400] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16401] memfd_create("syzkaller", 0 [pid 16400] <... futex resumed>) = 0 [pid 16401] <... memfd_create resumed>) = 4 [pid 16400] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 16401] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 16400] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE [pid 16401] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 16400] <... mprotect resumed>) = 0 [pid 16401] close(4) = 0 [pid 16400] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16401] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16400] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[10372]}, 88) = 10372 [pid 16400] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16400] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16400] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16400] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16401] <... futex resumed>) = 1 [pid 16400] <... futex resumed>) = 0 [pid 16400] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=49000000} [pid 16401] memfd_create("syzkaller", 0) = 4 [pid 16401] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) ./strace-static-x86_64: Process 16404 attached [pid 16404] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 16404] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16404] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 16401] close(4) = 0 [pid 16404] <... setxattr resumed>) = 0 [pid 16404] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16404] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16401] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16400] <... futex resumed>) = 0 [pid 16400] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16401] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 16400] <... futex resumed>) = 0 [pid 16400] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16401] <... open resumed>) = 4 [pid 16401] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16400] <... futex resumed>) = 0 [pid 16400] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16400] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16401] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 16401] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16400] <... futex resumed>) = 0 [pid 16400] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16400] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16401] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 16401] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16400] <... futex resumed>) = 0 [pid 16400] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16400] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16401] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 16401] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16400] <... futex resumed>) = 0 [pid 16400] close(3) = 0 [pid 16400] close(4) = 0 [pid 16400] close(5 [pid 16401] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16400] <... close resumed>) = 0 [pid 16400] close(6) = -1 EBADF (Bad file descriptor) [pid 16400] close(7) = -1 EBADF (Bad file descriptor) [pid 16400] close(8) = -1 EBADF (Bad file descriptor) [pid 16400] close(9) = -1 EBADF (Bad file descriptor) [pid 16400] close(10) = -1 EBADF (Bad file descriptor) [pid 16400] close(11) = -1 EBADF (Bad file descriptor) [pid 16400] close(12) = -1 EBADF (Bad file descriptor) [pid 16400] close(13) = -1 EBADF (Bad file descriptor) [pid 16400] close(14) = -1 EBADF (Bad file descriptor) [pid 16400] close(15) = -1 EBADF (Bad file descriptor) [pid 16400] close(16) = -1 EBADF (Bad file descriptor) [pid 16400] close(17) = -1 EBADF (Bad file descriptor) [pid 16400] close(18) = -1 EBADF (Bad file descriptor) [pid 16400] close(19) = -1 EBADF (Bad file descriptor) [pid 16400] close(20) = -1 EBADF (Bad file descriptor) [pid 16400] close(21) = -1 EBADF (Bad file descriptor) [pid 16400] close(22) = -1 EBADF (Bad file descriptor) [pid 16400] close(23) = -1 EBADF (Bad file descriptor) [pid 16400] close(24) = -1 EBADF (Bad file descriptor) [pid 16400] close(25) = -1 EBADF (Bad file descriptor) [pid 16400] close(26) = -1 EBADF (Bad file descriptor) [pid 16400] close(27) = -1 EBADF (Bad file descriptor) [pid 16400] close(28) = -1 EBADF (Bad file descriptor) [pid 16400] close(29) = -1 EBADF (Bad file descriptor) [pid 16400] exit_group(0) = ? [pid 16404] <... futex resumed>) = ? [pid 16401] <... futex resumed>) = ? [pid 16404] +++ exited with 0 +++ [pid 16401] +++ exited with 0 +++ [pid 16400] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10370, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2718", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2718", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2718/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2718/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2718/binderfs") = 0 [ 326.393952][T16401] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2718/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2718/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2718/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2718/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2718/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2718/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2718") = 0 [pid 289] mkdir("./2719", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10373 ./strace-static-x86_64: Process 16406 attached [pid 16406] set_robust_list(0x555556f746a0, 24) = 0 [pid 16406] chdir("./2719") = 0 [pid 16406] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16406] setpgid(0, 0) = 0 [pid 16406] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16406] write(3, "1000", 4) = 4 [pid 16406] close(3) = 0 [pid 16406] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16406] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16406] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 16406] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 16406] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 16406] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16406] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16406] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10374]}, 88) = 10374 [pid 16406] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16406] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16406] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 16407 attached [pid 16407] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 16407] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16407] memfd_create("syzkaller", 0) = 3 [pid 16407] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 16407] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16407] munmap(0x7fbc5eeed000, 262144) = 0 [pid 16407] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16407] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16407] close(3) = 0 [pid 16407] mkdir("./file1", 0777) = 0 [pid 16407] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16407] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16407] chdir("./file1") = 0 [pid 16407] ioctl(4, LOOP_CLR_FD) = 0 [pid 16407] close(4) = 0 [pid 16407] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16406] <... futex resumed>) = 0 [pid 16406] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16406] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16407] <... futex resumed>) = 1 [pid 16407] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 16407] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16406] <... futex resumed>) = 0 [pid 16406] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16406] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16406] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 16406] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16406] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16406] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[10375]}, 88) = 10375 [pid 16407] memfd_create("syzkaller", 0 [pid 16406] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16406] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16406] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16406] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 16406] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16406] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16406] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[10376]}, 88) = 10376 [pid 16406] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16406] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16406] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 16411 attached [pid 16411] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 16411] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16411] memfd_create("syzkaller", 0) = 4 [pid 16411] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16411] close(4) = 0 [pid 16411] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 16406] <... futex resumed>) = 0 [pid 16406] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16406] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16411] <... futex resumed>) = 1 [pid 16411] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 16407] <... memfd_create resumed>) = 5 [pid 16411] <... open resumed>) = 4 [pid 16411] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 16406] <... futex resumed>) = 0 [pid 16406] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16406] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16411] <... futex resumed>) = 1 [pid 16411] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 16411] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 16406] <... futex resumed>) = 0 [pid 16406] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16406] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16411] <... futex resumed>) = 1 [pid 16411] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 16411] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 16406] <... futex resumed>) = 0 [pid 16406] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16406] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16411] <... futex resumed>) = 1 [pid 16411] write(6, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 16407] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16407] close(5) = 0 [pid 16407] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16407] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 16410 attached [pid 16410] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 16410] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16410] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 16410] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16411] <... write resumed>) = 262144 [pid 16410] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16411] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 16406] <... futex resumed>) = 0 [pid 16411] <... futex resumed>) = 1 [pid 16406] close(3 [pid 16411] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16406] <... close resumed>) = 0 [pid 16406] close(4) = 0 [pid 16406] close(5) = -1 EBADF (Bad file descriptor) [pid 16406] close(6) = 0 [pid 16406] close(7) = -1 EBADF (Bad file descriptor) [pid 16406] close(8) = -1 EBADF (Bad file descriptor) [pid 16406] close(9) = -1 EBADF (Bad file descriptor) [pid 16406] close(10) = -1 EBADF (Bad file descriptor) [pid 16406] close(11) = -1 EBADF (Bad file descriptor) [pid 16406] close(12) = -1 EBADF (Bad file descriptor) [pid 16406] close(13) = -1 EBADF (Bad file descriptor) [pid 16406] close(14) = -1 EBADF (Bad file descriptor) [pid 16406] close(15) = -1 EBADF (Bad file descriptor) [pid 16406] close(16) = -1 EBADF (Bad file descriptor) [pid 16406] close(17) = -1 EBADF (Bad file descriptor) [pid 16406] close(18) = -1 EBADF (Bad file descriptor) [pid 16406] close(19) = -1 EBADF (Bad file descriptor) [pid 16406] close(20) = -1 EBADF (Bad file descriptor) [pid 16406] close(21) = -1 EBADF (Bad file descriptor) [pid 16406] close(22) = -1 EBADF (Bad file descriptor) [pid 16406] close(23) = -1 EBADF (Bad file descriptor) [pid 16406] close(24) = -1 EBADF (Bad file descriptor) [pid 16406] close(25) = -1 EBADF (Bad file descriptor) [pid 16406] close(26) = -1 EBADF (Bad file descriptor) [pid 16406] close(27) = -1 EBADF (Bad file descriptor) [pid 16406] close(28) = -1 EBADF (Bad file descriptor) [pid 16406] close(29) = -1 EBADF (Bad file descriptor) [pid 16406] exit_group(0) = ? [pid 16407] <... futex resumed>) = ? [pid 16411] <... futex resumed>) = ? [pid 16410] <... futex resumed>) = ? [pid 16407] +++ exited with 0 +++ [pid 16411] +++ exited with 0 +++ [pid 16410] +++ exited with 0 +++ [pid 16406] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10373, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2719", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2719", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2719/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2719/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2719/binderfs") = 0 [ 326.503755][T16407] EXT4-fs (loop0): 1 truncate cleaned up [ 326.523127][T16410] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5886: Corrupt filesystem [pid 289] umount2("./2719/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2719/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2719/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2719/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2719/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2719/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2719") = 0 [pid 289] mkdir("./2720", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10377 ./strace-static-x86_64: Process 16412 attached [pid 16412] set_robust_list(0x555556f746a0, 24) = 0 [pid 16412] chdir("./2720") = 0 [pid 16412] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16412] setpgid(0, 0) = 0 [pid 16412] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16412] write(3, "1000", 4) = 4 [pid 16412] close(3) = 0 [pid 16412] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16412] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16412] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 16412] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 16412] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 16412] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16412] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16412] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10378]}, 88) = 10378 [pid 16412] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16412] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16412] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 16413 attached [pid 16413] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 16413] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16413] memfd_create("syzkaller", 0) = 3 [pid 16413] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 16413] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16413] munmap(0x7fbc5eeed000, 262144) = 0 [pid 16413] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16413] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16413] close(3) = 0 [pid 16413] mkdir("./file1", 0777) = 0 [pid 16413] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16413] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16413] chdir("./file1") = 0 [pid 16413] ioctl(4, LOOP_CLR_FD) = 0 [pid 16413] close(4) = 0 [pid 16413] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16412] <... futex resumed>) = 0 [pid 16412] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16412] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16413] <... futex resumed>) = 1 [pid 16413] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 16413] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16412] <... futex resumed>) = 0 [pid 16412] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16412] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16412] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 16412] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16412] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16412] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[10379]}, 88) = 10379 [pid 16412] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16412] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16412] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16412] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 16412] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16412] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16412] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[10380]}, 88) = 10380 [pid 16412] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16412] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16412] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16413] <... futex resumed>) = 1 [pid 16413] memfd_create("syzkaller", 0) = 4 [pid 16413] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16413] close(4./strace-static-x86_64: Process 16417 attached ./strace-static-x86_64: Process 16416 attached ) = 0 [pid 16413] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16413] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16417] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 16417] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16417] memfd_create("syzkaller", 0) = 4 [pid 16417] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16417] close(4) = 0 [pid 16417] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 16412] <... futex resumed>) = 0 [pid 16412] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16412] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16413] <... futex resumed>) = 0 [pid 16413] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 16416] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 16417] <... futex resumed>) = 1 [pid 16416] <... set_robust_list resumed>) = 0 [pid 16416] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16416] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0) = 0 [pid 16413] <... open resumed>) = 4 [pid 16416] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16416] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16417] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16413] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16412] <... futex resumed>) = 0 [pid 16412] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16412] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16413] <... futex resumed>) = 1 [pid 16413] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 16413] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16412] <... futex resumed>) = 0 [pid 16412] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16412] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16413] <... futex resumed>) = 1 [pid 16413] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 16413] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16412] <... futex resumed>) = 0 [pid 16412] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16412] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16413] <... futex resumed>) = 1 [pid 16413] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 16413] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16412] <... futex resumed>) = 0 [pid 16412] close(3 [pid 16413] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16412] <... close resumed>) = 0 [pid 16412] close(4) = 0 [pid 16412] close(5) = 0 [pid 16412] close(6) = -1 EBADF (Bad file descriptor) [pid 16412] close(7) = -1 EBADF (Bad file descriptor) [pid 16412] close(8) = -1 EBADF (Bad file descriptor) [pid 16412] close(9) = -1 EBADF (Bad file descriptor) [pid 16412] close(10) = -1 EBADF (Bad file descriptor) [pid 16412] close(11) = -1 EBADF (Bad file descriptor) [pid 16412] close(12) = -1 EBADF (Bad file descriptor) [pid 16412] close(13) = -1 EBADF (Bad file descriptor) [pid 16412] close(14) = -1 EBADF (Bad file descriptor) [pid 16412] close(15) = -1 EBADF (Bad file descriptor) [pid 16412] close(16) = -1 EBADF (Bad file descriptor) [pid 16412] close(17) = -1 EBADF (Bad file descriptor) [pid 16412] close(18) = -1 EBADF (Bad file descriptor) [pid 16412] close(19) = -1 EBADF (Bad file descriptor) [pid 16412] close(20) = -1 EBADF (Bad file descriptor) [pid 16412] close(21) = -1 EBADF (Bad file descriptor) [pid 16412] close(22) = -1 EBADF (Bad file descriptor) [pid 16412] close(23) = -1 EBADF (Bad file descriptor) [pid 16412] close(24) = -1 EBADF (Bad file descriptor) [pid 16412] close(25) = -1 EBADF (Bad file descriptor) [pid 16412] close(26) = -1 EBADF (Bad file descriptor) [pid 16412] close(27) = -1 EBADF (Bad file descriptor) [pid 16412] close(28) = -1 EBADF (Bad file descriptor) [pid 16412] close(29) = -1 EBADF (Bad file descriptor) [pid 16412] exit_group(0 [pid 16416] <... futex resumed>) = ? [pid 16412] <... exit_group resumed>) = ? [pid 16416] +++ exited with 0 +++ [pid 16417] <... futex resumed>) = ? [pid 16417] +++ exited with 0 +++ [pid 16413] <... futex resumed>) = ? [pid 16413] +++ exited with 0 +++ [pid 16412] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10377, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2720", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2720", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2720/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2720/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2720/binderfs") = 0 [ 326.662228][T16413] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2720/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2720/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2720/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2720/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2720/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2720/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2720") = 0 [pid 289] mkdir("./2721", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10381 ./strace-static-x86_64: Process 16418 attached [pid 16418] set_robust_list(0x555556f746a0, 24) = 0 [pid 16418] chdir("./2721") = 0 [pid 16418] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16418] setpgid(0, 0) = 0 [pid 16418] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16418] write(3, "1000", 4) = 4 [pid 16418] close(3) = 0 [pid 16418] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16418] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16418] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 16418] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 16418] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 16418] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16418] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16418] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10382]}, 88) = 10382 [pid 16418] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16418] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16418] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 16419 attached [pid 16419] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 16419] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16419] memfd_create("syzkaller", 0) = 3 [pid 16419] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 16419] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16419] munmap(0x7fbc5eeed000, 262144) = 0 [pid 16419] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16419] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16419] close(3) = 0 [pid 16419] mkdir("./file1", 0777) = 0 [pid 16419] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16419] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16419] chdir("./file1") = 0 [pid 16419] ioctl(4, LOOP_CLR_FD) = 0 [pid 16419] close(4) = 0 [pid 16419] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16418] <... futex resumed>) = 0 [pid 16418] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16419] setxattr("./file1", NULL, NULL, 0, 0 [pid 16418] <... futex resumed>) = 0 [pid 16419] <... setxattr resumed>) = -1 EFAULT (Bad address) [pid 16418] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16419] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16418] <... futex resumed>) = 0 [pid 16418] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16418] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16418] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 16418] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16418] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16418] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[10383]}, 88) = 10383 [pid 16418] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16418] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16418] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 16422 attached [pid 16419] <... futex resumed>) = 1 [pid 16418] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 16418] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16418] rt_sigprocmask(SIG_BLOCK, ~[], [pid 16419] memfd_create("syzkaller", 0 [pid 16418] <... rt_sigprocmask resumed>[], 8) = 0 [pid 16418] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[10384]}, 88) = 10384 [pid 16422] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 16418] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16418] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16418] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 16423 attached [pid 16423] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 16423] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16423] memfd_create("syzkaller", 0) = 5 [pid 16423] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16423] close(5) = 0 [pid 16423] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 16418] <... futex resumed>) = 0 [pid 16418] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16418] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16423] <... futex resumed>) = 1 [pid 16423] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 16422] <... set_robust_list resumed>) = 0 [pid 16419] <... memfd_create resumed>) = 4 [pid 16422] rt_sigprocmask(SIG_SETMASK, [], [pid 16419] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 16423] <... open resumed>) = 5 [pid 16422] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16419] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 16423] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 16418] <... futex resumed>) = 0 [pid 16418] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16418] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16423] <... futex resumed>) = 1 [pid 16423] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 16423] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 16418] <... futex resumed>) = 0 [pid 16418] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16418] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16423] <... futex resumed>) = 1 [pid 16423] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 16423] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 16418] <... futex resumed>) = 0 [pid 16418] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16418] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16423] <... futex resumed>) = 1 [pid 16423] write(6, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 16422] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 16419] close(4) = 0 [pid 16419] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16422] <... setxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 16422] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16422] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16419] <... futex resumed>) = 0 [pid 16419] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16423] <... write resumed>) = 262144 [pid 16423] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16423] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16418] <... futex resumed>) = 0 [pid 16418] close(3) = 0 [pid 16418] close(4) = -1 EBADF (Bad file descriptor) [pid 16418] close(5) = 0 [pid 16418] close(6) = 0 [pid 16418] close(7) = -1 EBADF (Bad file descriptor) [pid 16418] close(8) = -1 EBADF (Bad file descriptor) [pid 16418] close(9) = -1 EBADF (Bad file descriptor) [pid 16418] close(10) = -1 EBADF (Bad file descriptor) [pid 16418] close(11) = -1 EBADF (Bad file descriptor) [pid 16418] close(12) = -1 EBADF (Bad file descriptor) [pid 16418] close(13) = -1 EBADF (Bad file descriptor) [pid 16418] close(14) = -1 EBADF (Bad file descriptor) [pid 16418] close(15) = -1 EBADF (Bad file descriptor) [pid 16418] close(16) = -1 EBADF (Bad file descriptor) [pid 16418] close(17) = -1 EBADF (Bad file descriptor) [pid 16418] close(18) = -1 EBADF (Bad file descriptor) [pid 16418] close(19) = -1 EBADF (Bad file descriptor) [pid 16418] close(20) = -1 EBADF (Bad file descriptor) [pid 16418] close(21) = -1 EBADF (Bad file descriptor) [pid 16418] close(22) = -1 EBADF (Bad file descriptor) [pid 16418] close(23) = -1 EBADF (Bad file descriptor) [pid 16418] close(24) = -1 EBADF (Bad file descriptor) [pid 16418] close(25) = -1 EBADF (Bad file descriptor) [pid 16418] close(26) = -1 EBADF (Bad file descriptor) [pid 16418] close(27) = -1 EBADF (Bad file descriptor) [pid 16418] close(28) = -1 EBADF (Bad file descriptor) [pid 16418] close(29) = -1 EBADF (Bad file descriptor) [pid 16418] exit_group(0 [pid 16419] <... futex resumed>) = ? [pid 16418] <... exit_group resumed>) = ? [pid 16419] +++ exited with 0 +++ [pid 16422] <... futex resumed>) = ? [pid 16422] +++ exited with 0 +++ [pid 16423] <... futex resumed>) = ? [pid 16423] +++ exited with 0 +++ [pid 16418] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10381, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] umount2("./2721", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2721", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2721/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2721/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2721/binderfs") = 0 [ 326.739106][T16419] EXT4-fs (loop0): 1 truncate cleaned up [ 326.763287][T16422] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5886: Corrupt filesystem [pid 289] umount2("./2721/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2721/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2721/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2721/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2721/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2721/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2721") = 0 [pid 289] mkdir("./2722", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10385 ./strace-static-x86_64: Process 16424 attached [pid 16424] set_robust_list(0x555556f746a0, 24) = 0 [pid 16424] chdir("./2722") = 0 [pid 16424] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16424] setpgid(0, 0) = 0 [pid 16424] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16424] write(3, "1000", 4) = 4 [pid 16424] close(3) = 0 [pid 16424] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16424] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16424] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 16424] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 16424] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 16424] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16424] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16424] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10386]}, 88) = 10386 [pid 16424] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16424] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16424] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 16425 attached [pid 16425] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 16425] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16425] memfd_create("syzkaller", 0) = 3 [pid 16425] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 16425] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16425] munmap(0x7fbc5eeed000, 262144) = 0 [pid 16425] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16425] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16425] close(3) = 0 [pid 16425] mkdir("./file1", 0777) = 0 [pid 16425] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16425] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16425] chdir("./file1") = 0 [pid 16425] ioctl(4, LOOP_CLR_FD) = 0 [pid 16425] close(4) = 0 [pid 16425] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16424] <... futex resumed>) = 0 [pid 16425] setxattr("./file1", NULL, NULL, 0, 0 [pid 16424] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16425] <... setxattr resumed>) = -1 EFAULT (Bad address) [pid 16424] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16425] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16424] <... futex resumed>) = 0 [pid 16424] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16424] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16424] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 16424] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16425] memfd_create("syzkaller", 0 [pid 16424] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16424] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} [pid 16425] <... memfd_create resumed>) = 4 [pid 16424] <... clone3 resumed> => {parent_tid=[10387]}, 88) = 10387 [pid 16424] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16424] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16424] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16424] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 16424] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16425] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 16424] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16424] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} [pid 16425] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 16424] <... clone3 resumed> => {parent_tid=[10388]}, 88) = 10388 [pid 16424] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 16429 attached ./strace-static-x86_64: Process 16428 attached [pid 16424] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16429] set_robust_list(0x7fbc5ef0b9a0, 24 [pid 16428] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 16425] close(4 [pid 16424] <... futex resumed>) = 0 [pid 16429] <... set_robust_list resumed>) = 0 [pid 16424] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16429] rt_sigprocmask(SIG_SETMASK, [], [pid 16425] <... close resumed>) = 0 [pid 16428] <... set_robust_list resumed>) = 0 [pid 16428] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16428] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0) = 0 [pid 16429] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16425] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16428] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16428] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16429] memfd_create("syzkaller", 0) = 4 [pid 16429] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16429] close(4) = 0 [pid 16429] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16425] <... futex resumed>) = 0 [pid 16424] <... futex resumed>) = 0 [pid 16425] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 16424] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16424] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16429] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16425] <... open resumed>) = 4 [pid 16425] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16424] <... futex resumed>) = 0 [pid 16425] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16424] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16424] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16425] <... futex resumed>) = 0 [pid 16425] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 16425] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16424] <... futex resumed>) = 0 [pid 16424] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16424] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16425] <... futex resumed>) = 1 [pid 16425] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 16425] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16424] <... futex resumed>) = 0 [pid 16425] <... futex resumed>) = 1 [pid 16424] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16424] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16425] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 16425] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16424] <... futex resumed>) = 0 [pid 16424] close(3) = 0 [pid 16424] close(4) = 0 [pid 16424] close(5) = 0 [pid 16424] close(6) = -1 EBADF (Bad file descriptor) [pid 16424] close(7) = -1 EBADF (Bad file descriptor) [pid 16424] close(8) = -1 EBADF (Bad file descriptor) [pid 16424] close(9) = -1 EBADF (Bad file descriptor) [pid 16424] close(10) = -1 EBADF (Bad file descriptor) [pid 16424] close(11) = -1 EBADF (Bad file descriptor) [pid 16424] close(12) = -1 EBADF (Bad file descriptor) [pid 16424] close(13) = -1 EBADF (Bad file descriptor) [pid 16424] close(14) = -1 EBADF (Bad file descriptor) [pid 16424] close(15) = -1 EBADF (Bad file descriptor) [pid 16424] close(16) = -1 EBADF (Bad file descriptor) [pid 16424] close(17) = -1 EBADF (Bad file descriptor) [pid 16424] close(18) = -1 EBADF (Bad file descriptor) [pid 16424] close(19) = -1 EBADF (Bad file descriptor) [pid 16424] close(20) = -1 EBADF (Bad file descriptor) [pid 16424] close(21) = -1 EBADF (Bad file descriptor) [pid 16424] close(22) = -1 EBADF (Bad file descriptor) [pid 16424] close(23) = -1 EBADF (Bad file descriptor) [pid 16424] close(24) = -1 EBADF (Bad file descriptor) [pid 16424] close(25) = -1 EBADF (Bad file descriptor) [pid 16424] close(26) = -1 EBADF (Bad file descriptor) [pid 16424] close(27) = -1 EBADF (Bad file descriptor) [pid 16424] close(28) = -1 EBADF (Bad file descriptor) [pid 16424] close(29) = -1 EBADF (Bad file descriptor) [pid 16424] exit_group(0) = ? [pid 16429] <... futex resumed>) = ? [pid 16428] <... futex resumed>) = ? [pid 16429] +++ exited with 0 +++ [pid 16428] +++ exited with 0 +++ [pid 16425] <... futex resumed>) = ? [pid 16425] +++ exited with 0 +++ [pid 16424] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10385, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2722", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2722", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2722/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2722/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2722/binderfs") = 0 [pid 289] umount2("./2722/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2722/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2722/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2722/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2722/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2722/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2722") = 0 [pid 289] mkdir("./2723", 0777) = 0 [ 326.858791][T16425] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10389 ./strace-static-x86_64: Process 16430 attached [pid 16430] set_robust_list(0x555556f746a0, 24) = 0 [pid 16430] chdir("./2723") = 0 [pid 16430] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16430] setpgid(0, 0) = 0 [pid 16430] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16430] write(3, "1000", 4) = 4 [pid 16430] close(3) = 0 [pid 16430] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16430] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16430] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 16430] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 16430] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 16430] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16430] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16430] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10390]}, 88) = 10390 [pid 16430] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16430] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16430] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 16431 attached [pid 16431] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 16431] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16431] memfd_create("syzkaller", 0) = 3 [pid 16431] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 16431] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16431] munmap(0x7fbc5eeed000, 262144) = 0 [pid 16431] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16431] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16431] close(3) = 0 [pid 16431] mkdir("./file1", 0777) = 0 [pid 16431] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16431] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16431] chdir("./file1") = 0 [pid 16431] ioctl(4, LOOP_CLR_FD) = 0 [pid 16431] close(4) = 0 [pid 16431] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16430] <... futex resumed>) = 0 [pid 16430] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16430] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16431] <... futex resumed>) = 1 [pid 16431] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 16431] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16430] <... futex resumed>) = 0 [pid 16430] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16430] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16430] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 16430] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16430] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16430] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[10391]}, 88) = 10391 [pid 16430] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16430] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16430] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16430] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 16430] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16430] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16430] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[10392]}, 88) = 10392 [pid 16430] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16430] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16430] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16431] <... futex resumed>) = 1 [pid 16431] memfd_create("syzkaller", 0) = 4 [pid 16431] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16431] close(4) = 0 [pid 16431] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16431] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 16434 attached [pid 16434] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 16434] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16434] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0./strace-static-x86_64: Process 16435 attached [pid 16435] set_robust_list(0x7fbc5ef0b9a0, 24 [pid 16434] <... setxattr resumed>) = 0 [pid 16435] <... set_robust_list resumed>) = 0 [pid 16435] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16435] memfd_create("syzkaller", 0) = 4 [pid 16435] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16435] close(4) = 0 [pid 16435] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 16430] <... futex resumed>) = 0 [pid 16430] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16430] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16431] <... futex resumed>) = 0 [pid 16431] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 16435] <... futex resumed>) = 1 [pid 16431] <... open resumed>) = 4 [pid 16431] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16430] <... futex resumed>) = 0 [pid 16430] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16430] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16431] <... futex resumed>) = 1 [pid 16431] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 16431] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16430] <... futex resumed>) = 0 [pid 16430] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16430] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16431] <... futex resumed>) = 1 [pid 16431] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 16431] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16430] <... futex resumed>) = 0 [pid 16430] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16430] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16431] <... futex resumed>) = 1 [pid 16431] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 16434] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16435] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16434] <... futex resumed>) = 0 [pid 16434] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16431] <... write resumed>) = 262144 [pid 16431] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16430] <... futex resumed>) = 0 [pid 16431] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16430] close(3) = 0 [pid 16430] close(4) = 0 [pid 16430] close(5) = 0 [pid 16430] close(6) = -1 EBADF (Bad file descriptor) [pid 16430] close(7) = -1 EBADF (Bad file descriptor) [pid 16430] close(8) = -1 EBADF (Bad file descriptor) [pid 16430] close(9) = -1 EBADF (Bad file descriptor) [pid 16430] close(10) = -1 EBADF (Bad file descriptor) [pid 16430] close(11) = -1 EBADF (Bad file descriptor) [pid 16430] close(12) = -1 EBADF (Bad file descriptor) [pid 16430] close(13) = -1 EBADF (Bad file descriptor) [pid 16430] close(14) = -1 EBADF (Bad file descriptor) [pid 16430] close(15) = -1 EBADF (Bad file descriptor) [pid 16430] close(16) = -1 EBADF (Bad file descriptor) [pid 16430] close(17) = -1 EBADF (Bad file descriptor) [pid 16430] close(18) = -1 EBADF (Bad file descriptor) [pid 16430] close(19) = -1 EBADF (Bad file descriptor) [pid 16430] close(20) = -1 EBADF (Bad file descriptor) [pid 16430] close(21) = -1 EBADF (Bad file descriptor) [pid 16430] close(22) = -1 EBADF (Bad file descriptor) [pid 16430] close(23) = -1 EBADF (Bad file descriptor) [pid 16430] close(24) = -1 EBADF (Bad file descriptor) [pid 16430] close(25) = -1 EBADF (Bad file descriptor) [pid 16430] close(26) = -1 EBADF (Bad file descriptor) [pid 16430] close(27) = -1 EBADF (Bad file descriptor) [pid 16430] close(28) = -1 EBADF (Bad file descriptor) [pid 16430] close(29) = -1 EBADF (Bad file descriptor) [pid 16430] exit_group(0) = ? [pid 16435] <... futex resumed>) = ? [pid 16435] +++ exited with 0 +++ [pid 16434] <... futex resumed>) = ? [pid 16434] +++ exited with 0 +++ [pid 16431] <... futex resumed>) = ? [pid 16431] +++ exited with 0 +++ [pid 16430] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10389, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2723", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2723", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2723/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2723/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2723/binderfs") = 0 [pid 289] umount2("./2723/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2723/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2723/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2723/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2723/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2723/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2723") = 0 [pid 289] mkdir("./2724", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10393 ./strace-static-x86_64: Process 16436 attached [pid 16436] set_robust_list(0x555556f746a0, 24) = 0 [pid 16436] chdir("./2724") = 0 [pid 16436] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16436] setpgid(0, 0) = 0 [pid 16436] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16436] write(3, "1000", 4) = 4 [pid 16436] close(3) = 0 [pid 16436] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16436] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16436] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 16436] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 16436] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 16436] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16436] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16436] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10394]}, 88) = 10394 [pid 16436] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16436] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16436] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 16437 attached [pid 16437] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 16437] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16437] memfd_create("syzkaller", 0) = 3 [pid 16437] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 16437] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16437] munmap(0x7fbc5eeed000, 262144) = 0 [pid 16437] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16437] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16437] close(3) = 0 [pid 16437] mkdir("./file1", 0777) = 0 [ 326.936852][T16431] EXT4-fs (loop0): 1 truncate cleaned up [pid 16437] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16437] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16437] chdir("./file1") = 0 [pid 16437] ioctl(4, LOOP_CLR_FD) = 0 [pid 16437] close(4) = 0 [pid 16437] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16436] <... futex resumed>) = 0 [pid 16436] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16436] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16437] <... futex resumed>) = 1 [pid 16437] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 16437] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16436] <... futex resumed>) = 0 [pid 16436] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16436] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16436] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 16436] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16436] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16436] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[10395]}, 88) = 10395 [pid 16436] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16436] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16436] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16436] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 16436] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16436] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16436] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[10396]}, 88) = 10396 [pid 16436] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16436] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16436] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16437] <... futex resumed>) = 1 [pid 16437] memfd_create("syzkaller", 0) = 4 [pid 16437] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16437] close(4) = 0 [pid 16437] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16437] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 16441 attached [pid 16441] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 16441] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16441] memfd_create("syzkaller", 0) = 4 [pid 16441] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16441] close(4) = 0 [pid 16441] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 16436] <... futex resumed>) = 0 [pid 16436] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16436] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16437] <... futex resumed>) = 0 [pid 16437] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 16441] <... futex resumed>) = 1 [pid 16437] <... open resumed>) = 4 [pid 16437] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16436] <... futex resumed>) = 0 [pid 16436] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16436] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16437] <... futex resumed>) = 1 [pid 16437] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 16437] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16436] <... futex resumed>) = 0 [pid 16436] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16436] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16437] <... futex resumed>) = 1 [pid 16437] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 16437] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16436] <... futex resumed>) = 0 [pid 16436] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16436] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16437] <... futex resumed>) = 1 [pid 16437] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 16441] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 16440 attached [pid 16440] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 16440] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16440] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 16437] <... write resumed>) = 262144 [pid 16437] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16437] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16436] <... futex resumed>) = 0 [pid 16440] <... setxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 16440] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16440] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16436] close(3) = 0 [pid 16436] close(4) = 0 [pid 16436] close(5) = 0 [pid 16436] close(6) = -1 EBADF (Bad file descriptor) [pid 16436] close(7) = -1 EBADF (Bad file descriptor) [pid 16436] close(8) = -1 EBADF (Bad file descriptor) [pid 16436] close(9) = -1 EBADF (Bad file descriptor) [pid 16436] close(10) = -1 EBADF (Bad file descriptor) [pid 16436] close(11) = -1 EBADF (Bad file descriptor) [pid 16436] close(12) = -1 EBADF (Bad file descriptor) [pid 16436] close(13) = -1 EBADF (Bad file descriptor) [pid 16436] close(14) = -1 EBADF (Bad file descriptor) [pid 16436] close(15) = -1 EBADF (Bad file descriptor) [pid 16436] close(16) = -1 EBADF (Bad file descriptor) [pid 16436] close(17) = -1 EBADF (Bad file descriptor) [pid 16436] close(18) = -1 EBADF (Bad file descriptor) [pid 16436] close(19) = -1 EBADF (Bad file descriptor) [pid 16436] close(20) = -1 EBADF (Bad file descriptor) [pid 16436] close(21) = -1 EBADF (Bad file descriptor) [pid 16436] close(22) = -1 EBADF (Bad file descriptor) [pid 16436] close(23) = -1 EBADF (Bad file descriptor) [pid 16436] close(24) = -1 EBADF (Bad file descriptor) [pid 16436] close(25) = -1 EBADF (Bad file descriptor) [pid 16436] close(26) = -1 EBADF (Bad file descriptor) [pid 16436] close(27) = -1 EBADF (Bad file descriptor) [pid 16436] close(28) = -1 EBADF (Bad file descriptor) [pid 16436] close(29) = -1 EBADF (Bad file descriptor) [pid 16436] exit_group(0 [pid 16441] <... futex resumed>) = ? [pid 16440] <... futex resumed>) = ? [pid 16437] <... futex resumed>) = ? [pid 16436] <... exit_group resumed>) = ? [pid 16441] +++ exited with 0 +++ [pid 16437] +++ exited with 0 +++ [pid 16440] +++ exited with 0 +++ [pid 16436] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10393, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2724", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2724", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2724/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2724/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2724/binderfs") = 0 [ 326.998305][T16437] EXT4-fs (loop0): 1 truncate cleaned up [ 327.014145][T16440] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5886: Corrupt filesystem [pid 289] umount2("./2724/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2724/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2724/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2724/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2724/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2724/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2724") = 0 [pid 289] mkdir("./2725", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10397 ./strace-static-x86_64: Process 16442 attached [pid 16442] set_robust_list(0x555556f746a0, 24) = 0 [pid 16442] chdir("./2725") = 0 [pid 16442] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16442] setpgid(0, 0) = 0 [pid 16442] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16442] write(3, "1000", 4) = 4 [pid 16442] close(3) = 0 [pid 16442] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16442] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16442] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 16442] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 16442] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 16442] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16442] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16442] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0}./strace-static-x86_64: Process 16443 attached => {parent_tid=[10398]}, 88) = 10398 [pid 16443] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 16443] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16443] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16442] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16442] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16443] <... futex resumed>) = 0 [pid 16442] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16443] memfd_create("syzkaller", 0) = 3 [pid 16443] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 16443] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16443] munmap(0x7fbc5eeed000, 262144) = 0 [pid 16443] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16443] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16443] close(3) = 0 [pid 16443] mkdir("./file1", 0777) = 0 [pid 16443] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16443] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16443] chdir("./file1") = 0 [pid 16443] ioctl(4, LOOP_CLR_FD) = 0 [pid 16443] close(4) = 0 [pid 16443] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16442] <... futex resumed>) = 0 [pid 16442] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16442] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16443] <... futex resumed>) = 1 [pid 16443] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 16443] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16442] <... futex resumed>) = 0 [pid 16442] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16442] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16442] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 16442] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16442] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16442] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[10399]}, 88) = 10399 [pid 16442] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16442] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16442] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16442] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 16442] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16442] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16442] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[10400]}, 88) = 10400 [pid 16442] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16442] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16442] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16443] <... futex resumed>) = 1 [pid 16443] memfd_create("syzkaller", 0) = 4 [pid 16443] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16443] close(4) = 0 [pid 16443] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16443] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 16446 attached [pid 16446] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 16446] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16446] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0./strace-static-x86_64: Process 16447 attached ) = 0 [pid 16446] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16446] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16447] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 16447] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16447] memfd_create("syzkaller", 0) = 4 [pid 16447] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16447] close(4) = 0 [pid 16447] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 16442] <... futex resumed>) = 0 [pid 16442] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16442] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16443] <... futex resumed>) = 0 [pid 16443] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 16447] <... futex resumed>) = 1 [pid 16443] <... open resumed>) = 4 [pid 16443] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16442] <... futex resumed>) = 0 [pid 16442] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16442] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16443] <... futex resumed>) = 1 [pid 16443] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 16443] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16442] <... futex resumed>) = 0 [pid 16442] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16442] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16443] <... futex resumed>) = 1 [pid 16443] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 16443] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16442] <... futex resumed>) = 0 [pid 16442] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16442] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16443] <... futex resumed>) = 1 [pid 16443] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 16447] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16443] <... write resumed>) = 262144 [pid 16443] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16442] <... futex resumed>) = 0 [pid 16442] close(3) = 0 [pid 16442] close(4) = 0 [pid 16443] <... futex resumed>) = 1 [pid 16442] close(5 [pid 16443] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16442] <... close resumed>) = 0 [pid 16442] close(6) = -1 EBADF (Bad file descriptor) [pid 16442] close(7) = -1 EBADF (Bad file descriptor) [pid 16442] close(8) = -1 EBADF (Bad file descriptor) [pid 16442] close(9) = -1 EBADF (Bad file descriptor) [pid 16442] close(10) = -1 EBADF (Bad file descriptor) [pid 16442] close(11) = -1 EBADF (Bad file descriptor) [pid 16442] close(12) = -1 EBADF (Bad file descriptor) [pid 16442] close(13) = -1 EBADF (Bad file descriptor) [pid 16442] close(14) = -1 EBADF (Bad file descriptor) [pid 16442] close(15) = -1 EBADF (Bad file descriptor) [pid 16442] close(16) = -1 EBADF (Bad file descriptor) [pid 16442] close(17) = -1 EBADF (Bad file descriptor) [pid 16442] close(18) = -1 EBADF (Bad file descriptor) [pid 16442] close(19) = -1 EBADF (Bad file descriptor) [pid 16442] close(20) = -1 EBADF (Bad file descriptor) [pid 16442] close(21) = -1 EBADF (Bad file descriptor) [pid 16442] close(22) = -1 EBADF (Bad file descriptor) [pid 16442] close(23) = -1 EBADF (Bad file descriptor) [pid 16442] close(24) = -1 EBADF (Bad file descriptor) [pid 16442] close(25) = -1 EBADF (Bad file descriptor) [pid 16442] close(26) = -1 EBADF (Bad file descriptor) [pid 16442] close(27) = -1 EBADF (Bad file descriptor) [pid 16442] close(28) = -1 EBADF (Bad file descriptor) [pid 16442] close(29) = -1 EBADF (Bad file descriptor) [pid 16442] exit_group(0) = ? [pid 16446] <... futex resumed>) = ? [pid 16446] +++ exited with 0 +++ [pid 16447] <... futex resumed>) = ? [pid 16447] +++ exited with 0 +++ [pid 16443] <... futex resumed>) = ? [pid 16443] +++ exited with 0 +++ [pid 16442] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10397, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2725", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2725", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2725/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2725/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2725/binderfs") = 0 [ 327.145404][T16443] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2725/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2725/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2725/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2725/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2725/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2725/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2725") = 0 [pid 289] mkdir("./2726", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10401 ./strace-static-x86_64: Process 16448 attached [pid 16448] set_robust_list(0x555556f746a0, 24) = 0 [pid 16448] chdir("./2726") = 0 [pid 16448] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16448] setpgid(0, 0) = 0 [pid 16448] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16448] write(3, "1000", 4) = 4 [pid 16448] close(3) = 0 [pid 16448] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16448] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16448] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 16448] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 16448] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 16448] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16448] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16448] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0}./strace-static-x86_64: Process 16449 attached => {parent_tid=[10402]}, 88) = 10402 [pid 16448] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16448] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16448] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16449] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 16449] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16449] memfd_create("syzkaller", 0) = 3 [pid 16449] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 16449] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16449] munmap(0x7fbc5eeed000, 262144) = 0 [pid 16449] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16449] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16449] close(3) = 0 [pid 16449] mkdir("./file1", 0777) = 0 [pid 16449] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16449] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16449] chdir("./file1") = 0 [pid 16449] ioctl(4, LOOP_CLR_FD) = 0 [pid 16449] close(4) = 0 [pid 16449] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16448] <... futex resumed>) = 0 [pid 16448] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16448] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16449] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 16449] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16448] <... futex resumed>) = 0 [pid 16448] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16448] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16448] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 16448] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16448] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16448] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[10403]}, 88) = 10403 ./strace-static-x86_64: Process 16452 attached [pid 16449] memfd_create("syzkaller", 0 [pid 16448] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16448] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16448] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16448] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 16448] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16448] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16448] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[10404]}, 88) = 10404 [pid 16448] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16448] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16448] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16452] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 16449] <... memfd_create resumed>) = 4 [pid 16452] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16452] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0) = 0 ./strace-static-x86_64: Process 16453 attached [pid 16449] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16449] close(4) = 0 [pid 16449] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16449] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16452] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16452] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16453] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 16453] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16453] memfd_create("syzkaller", 0) = 4 [pid 16453] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16453] close(4) = 0 [pid 16453] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16448] <... futex resumed>) = 0 [pid 16448] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16448] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16449] <... futex resumed>) = 0 [pid 16449] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 16449] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16448] <... futex resumed>) = 0 [pid 16448] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16448] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16449] <... futex resumed>) = 1 [pid 16449] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 16449] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16448] <... futex resumed>) = 0 [pid 16448] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16448] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16449] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 16449] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16448] <... futex resumed>) = 0 [pid 16448] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16448] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16449] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 16453] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16449] <... write resumed>) = 262144 [pid 16449] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16448] <... futex resumed>) = 0 [pid 16448] close(3) = 0 [pid 16448] close(4) = 0 [pid 16448] close(5) = 0 [pid 16448] close(6) = -1 EBADF (Bad file descriptor) [pid 16448] close(7) = -1 EBADF (Bad file descriptor) [pid 16448] close(8) = -1 EBADF (Bad file descriptor) [pid 16448] close(9) = -1 EBADF (Bad file descriptor) [pid 16448] close(10) = -1 EBADF (Bad file descriptor) [pid 16448] close(11) = -1 EBADF (Bad file descriptor) [pid 16448] close(12) = -1 EBADF (Bad file descriptor) [pid 16448] close(13) = -1 EBADF (Bad file descriptor) [pid 16448] close(14) = -1 EBADF (Bad file descriptor) [pid 16448] close(15) = -1 EBADF (Bad file descriptor) [pid 16448] close(16) = -1 EBADF (Bad file descriptor) [pid 16448] close(17) = -1 EBADF (Bad file descriptor) [pid 16448] close(18) = -1 EBADF (Bad file descriptor) [pid 16448] close(19) = -1 EBADF (Bad file descriptor) [pid 16448] close(20) = -1 EBADF (Bad file descriptor) [pid 16448] close(21) = -1 EBADF (Bad file descriptor) [pid 16448] close(22) = -1 EBADF (Bad file descriptor) [pid 16448] close(23) = -1 EBADF (Bad file descriptor) [pid 16448] close(24) = -1 EBADF (Bad file descriptor) [pid 16448] close(25) = -1 EBADF (Bad file descriptor) [pid 16448] close(26) = -1 EBADF (Bad file descriptor) [pid 16448] close(27) = -1 EBADF (Bad file descriptor) [pid 16448] close(28) = -1 EBADF (Bad file descriptor) [pid 16448] close(29) = -1 EBADF (Bad file descriptor) [pid 16448] exit_group(0) = ? [pid 16452] <... futex resumed>) = ? [pid 16452] +++ exited with 0 +++ [pid 16453] <... futex resumed>) = ? [pid 16449] +++ exited with 0 +++ [pid 16453] +++ exited with 0 +++ [pid 16448] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10401, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] umount2("./2726", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2726", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2726/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2726/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2726/binderfs") = 0 [ 327.262959][T16449] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2726/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2726/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2726/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2726/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2726/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2726/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2726") = 0 [pid 289] mkdir("./2727", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10405 ./strace-static-x86_64: Process 16454 attached [pid 16454] set_robust_list(0x555556f746a0, 24) = 0 [pid 16454] chdir("./2727") = 0 [pid 16454] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16454] setpgid(0, 0) = 0 [pid 16454] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16454] write(3, "1000", 4) = 4 [pid 16454] close(3) = 0 [pid 16454] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16454] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16454] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 16454] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 16454] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 16454] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16454] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16454] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10406]}, 88) = 10406 [pid 16454] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16454] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16454] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 16455 attached [pid 16455] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 16455] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16455] memfd_create("syzkaller", 0) = 3 [pid 16455] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 16455] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16455] munmap(0x7fbc5eeed000, 262144) = 0 [pid 16455] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16455] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16455] close(3) = 0 [pid 16455] mkdir("./file1", 0777) = 0 [pid 16455] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16455] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16455] chdir("./file1") = 0 [pid 16455] ioctl(4, LOOP_CLR_FD) = 0 [pid 16455] close(4) = 0 [pid 16455] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16454] <... futex resumed>) = 0 [pid 16454] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16455] setxattr("./file1", NULL, NULL, 0, 0 [pid 16454] <... futex resumed>) = 0 [pid 16454] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16455] <... setxattr resumed>) = -1 EFAULT (Bad address) [pid 16455] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16454] <... futex resumed>) = 0 [pid 16455] <... futex resumed>) = 1 [pid 16454] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16455] memfd_create("syzkaller", 0 [pid 16454] <... futex resumed>) = 0 [pid 16454] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16455] <... memfd_create resumed>) = 4 [pid 16454] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 16455] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 16454] <... mmap resumed>) = 0x7fbc5ef0c000 [pid 16455] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 16454] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE [pid 16455] close(4 [pid 16454] <... mprotect resumed>) = 0 [pid 16454] rt_sigprocmask(SIG_BLOCK, ~[], [pid 16455] <... close resumed>) = 0 [pid 16454] <... rt_sigprocmask resumed>[], 8) = 0 [pid 16455] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16454] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} [pid 16455] <... futex resumed>) = 0 [pid 16455] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16454] <... clone3 resumed> => {parent_tid=[10407]}, 88) = 10407 [pid 16454] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16454] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16454] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16455] <... futex resumed>) = 0 [pid 16454] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16455] memfd_create("syzkaller", 0) = 4 [pid 16455] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16455] close(4) = 0 [pid 16455] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16454] <... futex resumed>) = 0 [pid 16455] <... futex resumed>) = 1 [pid 16454] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16455] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 16454] <... futex resumed>) = 0 [pid 16454] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16455] <... open resumed>) = 4 [pid 16455] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16454] <... futex resumed>) = 0 [pid 16455] <... futex resumed>) = 1 [pid 16454] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16455] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 16454] <... futex resumed>) = 0 [pid 16454] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16455] <... mount resumed>) = 0 [pid 16455] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16454] <... futex resumed>) = 0 [pid 16455] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16454] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16455] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 16454] <... futex resumed>) = 0 [pid 16455] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 16454] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16455] <... open resumed>) = 5 [pid 16455] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16454] <... futex resumed>) = 0 [pid 16455] <... futex resumed>) = 1 [pid 16454] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16455] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 16454] <... futex resumed>) = 0 [pid 16454] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16455] <... write resumed>) = 262144 [pid 16455] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16454] <... futex resumed>) = 0 [pid 16455] <... futex resumed>) = 1 ./strace-static-x86_64: Process 16458 attached [pid 16458] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 16458] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16458] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 16455] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16458] <... setxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 16458] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16458] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16454] close(3) = 0 [pid 16454] close(4) = 0 [pid 16454] close(5) = 0 [pid 16454] close(6) = -1 EBADF (Bad file descriptor) [pid 16454] close(7) = -1 EBADF (Bad file descriptor) [pid 16454] close(8) = -1 EBADF (Bad file descriptor) [pid 16454] close(9) = -1 EBADF (Bad file descriptor) [pid 16454] close(10) = -1 EBADF (Bad file descriptor) [pid 16454] close(11) = -1 EBADF (Bad file descriptor) [pid 16454] close(12) = -1 EBADF (Bad file descriptor) [pid 16454] close(13) = -1 EBADF (Bad file descriptor) [pid 16454] close(14) = -1 EBADF (Bad file descriptor) [pid 16454] close(15) = -1 EBADF (Bad file descriptor) [pid 16454] close(16) = -1 EBADF (Bad file descriptor) [pid 16454] close(17) = -1 EBADF (Bad file descriptor) [pid 16454] close(18) = -1 EBADF (Bad file descriptor) [pid 16454] close(19) = -1 EBADF (Bad file descriptor) [pid 16454] close(20) = -1 EBADF (Bad file descriptor) [pid 16454] close(21) = -1 EBADF (Bad file descriptor) [pid 16454] close(22) = -1 EBADF (Bad file descriptor) [pid 16454] close(23) = -1 EBADF (Bad file descriptor) [pid 16454] close(24) = -1 EBADF (Bad file descriptor) [pid 16454] close(25) = -1 EBADF (Bad file descriptor) [pid 16454] close(26) = -1 EBADF (Bad file descriptor) [pid 16454] close(27) = -1 EBADF (Bad file descriptor) [pid 16454] close(28) = -1 EBADF (Bad file descriptor) [pid 16454] close(29) = -1 EBADF (Bad file descriptor) [pid 16454] exit_group(0) = ? [pid 16455] <... futex resumed>) = ? [pid 16455] +++ exited with 0 +++ [pid 16458] <... futex resumed>) = ? [pid 16458] +++ exited with 0 +++ [pid 16454] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10405, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2727", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2727", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2727/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2727/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2727/binderfs") = 0 [ 327.378635][T16455] EXT4-fs (loop0): 1 truncate cleaned up [ 327.398036][T16458] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5886: Corrupt filesystem [pid 289] umount2("./2727/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2727/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2727/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2727/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2727/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2727/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2727") = 0 [pid 289] mkdir("./2728", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10408 ./strace-static-x86_64: Process 16460 attached [pid 16460] set_robust_list(0x555556f746a0, 24) = 0 [pid 16460] chdir("./2728") = 0 [pid 16460] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16460] setpgid(0, 0) = 0 [pid 16460] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16460] write(3, "1000", 4) = 4 [pid 16460] close(3) = 0 [pid 16460] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16460] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16460] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 16460] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 16460] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 16460] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16460] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16460] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10409]}, 88) = 10409 [pid 16460] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16460] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16460] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 16461 attached [pid 16461] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 16461] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16461] memfd_create("syzkaller", 0) = 3 [pid 16461] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 16461] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16461] munmap(0x7fbc5eeed000, 262144) = 0 [pid 16461] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16461] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16461] close(3) = 0 [pid 16461] mkdir("./file1", 0777) = 0 [pid 16461] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16461] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16461] chdir("./file1") = 0 [pid 16461] ioctl(4, LOOP_CLR_FD) = 0 [pid 16461] close(4) = 0 [pid 16461] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16460] <... futex resumed>) = 0 [pid 16460] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16460] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16461] <... futex resumed>) = 1 [pid 16461] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 16461] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16460] <... futex resumed>) = 0 [pid 16460] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16460] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16460] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 16461] <... futex resumed>) = 1 [pid 16460] <... mmap resumed>) = 0x7fbc5ef0c000 [pid 16460] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16460] rt_sigprocmask(SIG_BLOCK, ~[], [pid 16461] memfd_create("syzkaller", 0 [pid 16460] <... rt_sigprocmask resumed>[], 8) = 0 [pid 16460] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} [pid 16461] <... memfd_create resumed>) = 4 [pid 16460] <... clone3 resumed> => {parent_tid=[10410]}, 88) = 10410 [pid 16460] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16460] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16460] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16460] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 16460] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16460] rt_sigprocmask(SIG_BLOCK, ~[], [pid 16461] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 16460] <... rt_sigprocmask resumed>[], 8) = 0 [pid 16460] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0}./strace-static-x86_64: Process 16465 attached [pid 16461] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 16460] <... clone3 resumed> => {parent_tid=[10411]}, 88) = 10411 [pid 16460] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16460] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16460] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 16464 attached [pid 16464] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 16464] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16465] set_robust_list(0x7fbc5ef0b9a0, 24 [pid 16464] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 16461] close(4) = 0 [pid 16465] <... set_robust_list resumed>) = 0 [pid 16465] rt_sigprocmask(SIG_SETMASK, [], [pid 16461] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16465] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16461] <... futex resumed>) = 0 [pid 16464] <... setxattr resumed>) = 0 [pid 16465] memfd_create("syzkaller", 0 [pid 16461] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16464] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16464] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16465] <... memfd_create resumed>) = 4 [pid 16465] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16465] close(4) = 0 [pid 16465] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 16460] <... futex resumed>) = 0 [pid 16460] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16460] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16465] <... futex resumed>) = 1 [pid 16465] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16461] <... futex resumed>) = 0 [pid 16461] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 16461] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16460] <... futex resumed>) = 0 [pid 16460] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16460] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16461] <... futex resumed>) = 1 [pid 16461] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 16461] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16460] <... futex resumed>) = 0 [pid 16460] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16460] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16461] <... futex resumed>) = 1 [pid 16461] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 16461] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16460] <... futex resumed>) = 0 [pid 16460] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16460] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16461] <... futex resumed>) = 1 [pid 16461] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 16461] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16460] <... futex resumed>) = 0 [pid 16461] <... futex resumed>) = 1 [pid 16460] close(3 [pid 16461] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16460] <... close resumed>) = 0 [pid 16460] close(4) = 0 [pid 16460] close(5) = 0 [pid 16460] close(6) = -1 EBADF (Bad file descriptor) [pid 16460] close(7) = -1 EBADF (Bad file descriptor) [pid 16460] close(8) = -1 EBADF (Bad file descriptor) [pid 16460] close(9) = -1 EBADF (Bad file descriptor) [pid 16460] close(10) = -1 EBADF (Bad file descriptor) [pid 16460] close(11) = -1 EBADF (Bad file descriptor) [pid 16460] close(12) = -1 EBADF (Bad file descriptor) [pid 16460] close(13) = -1 EBADF (Bad file descriptor) [pid 16460] close(14) = -1 EBADF (Bad file descriptor) [pid 16460] close(15) = -1 EBADF (Bad file descriptor) [pid 16460] close(16) = -1 EBADF (Bad file descriptor) [pid 16460] close(17) = -1 EBADF (Bad file descriptor) [pid 16460] close(18) = -1 EBADF (Bad file descriptor) [pid 16460] close(19) = -1 EBADF (Bad file descriptor) [pid 16460] close(20) = -1 EBADF (Bad file descriptor) [pid 16460] close(21) = -1 EBADF (Bad file descriptor) [pid 16460] close(22) = -1 EBADF (Bad file descriptor) [pid 16460] close(23) = -1 EBADF (Bad file descriptor) [pid 16460] close(24) = -1 EBADF (Bad file descriptor) [pid 16460] close(25) = -1 EBADF (Bad file descriptor) [pid 16460] close(26) = -1 EBADF (Bad file descriptor) [pid 16460] close(27) = -1 EBADF (Bad file descriptor) [pid 16460] close(28) = -1 EBADF (Bad file descriptor) [pid 16460] close(29) = -1 EBADF (Bad file descriptor) [pid 16460] exit_group(0) = ? [pid 16464] <... futex resumed>) = 231 [pid 16461] <... futex resumed>) = ? [pid 16464] +++ exited with 0 +++ [pid 16465] <... futex resumed>) = ? [pid 16461] +++ exited with 0 +++ [pid 16465] +++ exited with 0 +++ [pid 16460] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10408, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2728", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2728", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2728/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2728/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2728/binderfs") = 0 [ 327.485987][T16461] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2728/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2728/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2728/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2728/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2728/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2728/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2728") = 0 [pid 289] mkdir("./2729", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10412 ./strace-static-x86_64: Process 16466 attached [pid 16466] set_robust_list(0x555556f746a0, 24) = 0 [pid 16466] chdir("./2729") = 0 [pid 16466] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16466] setpgid(0, 0) = 0 [pid 16466] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16466] write(3, "1000", 4) = 4 [pid 16466] close(3) = 0 [pid 16466] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16466] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16466] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 16466] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 16466] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 16466] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16466] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16466] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0}./strace-static-x86_64: Process 16467 attached [pid 16467] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 16467] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16467] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16466] <... clone3 resumed> => {parent_tid=[10413]}, 88) = 10413 [pid 16466] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16466] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16467] <... futex resumed>) = 0 [pid 16467] memfd_create("syzkaller", 0) = 3 [pid 16467] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 16466] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16467] <... mmap resumed>) = 0x7fbc5eeed000 [pid 16467] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16467] munmap(0x7fbc5eeed000, 262144) = 0 [pid 16467] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16467] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16467] close(3) = 0 [pid 16467] mkdir("./file1", 0777) = 0 [pid 16467] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16467] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16467] chdir("./file1") = 0 [pid 16467] ioctl(4, LOOP_CLR_FD) = 0 [pid 16467] close(4) = 0 [pid 16467] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16466] <... futex resumed>) = 0 [pid 16467] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16466] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16466] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16467] <... futex resumed>) = 0 [pid 16467] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 16467] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16466] <... futex resumed>) = 0 [pid 16466] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16466] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16467] memfd_create("syzkaller", 0 [pid 16466] <... futex resumed>) = 0 [pid 16466] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 16466] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16466] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16466] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[10414]}, 88) = 10414 [pid 16466] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16466] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16466] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16466] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 16466] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16466] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16466] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[10415]}, 88) = 10415 [pid 16466] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16466] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16466] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16467] <... memfd_create resumed>) = 4 [pid 16467] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16467] close(4) = 0 [pid 16467] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16467] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 16471 attached [pid 16471] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 16471] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16471] memfd_create("syzkaller", 0) = 4 [pid 16471] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16471] close(4) = 0 [pid 16471] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 16466] <... futex resumed>) = 0 [pid 16466] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16466] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16467] <... futex resumed>) = 0 [pid 16467] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 16467] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16466] <... futex resumed>) = 0 [pid 16466] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16466] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16467] <... futex resumed>) = 1 [pid 16467] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 ./strace-static-x86_64: Process 16470 attached [pid 16467] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16466] <... futex resumed>) = 0 [pid 16466] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16466] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16467] <... futex resumed>) = 1 [pid 16467] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 16467] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16466] <... futex resumed>) = 0 [pid 16466] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16466] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16467] <... futex resumed>) = 1 [pid 16467] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 16471] <... futex resumed>) = 1 [pid 16470] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 16470] rt_sigprocmask(SIG_SETMASK, [], [pid 16471] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16470] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16470] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 16467] <... write resumed>) = 262144 [pid 16467] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16466] <... futex resumed>) = 0 [pid 16467] <... futex resumed>) = 1 [pid 16467] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16470] <... setxattr resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 16470] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16470] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16466] close(3) = 0 [pid 16466] close(4) = 0 [pid 16466] close(5) = 0 [pid 16466] close(6) = -1 EBADF (Bad file descriptor) [pid 16466] close(7) = -1 EBADF (Bad file descriptor) [pid 16466] close(8) = -1 EBADF (Bad file descriptor) [pid 16466] close(9) = -1 EBADF (Bad file descriptor) [pid 16466] close(10) = -1 EBADF (Bad file descriptor) [pid 16466] close(11) = -1 EBADF (Bad file descriptor) [pid 16466] close(12) = -1 EBADF (Bad file descriptor) [pid 16466] close(13) = -1 EBADF (Bad file descriptor) [pid 16466] close(14) = -1 EBADF (Bad file descriptor) [pid 16466] close(15) = -1 EBADF (Bad file descriptor) [pid 16466] close(16) = -1 EBADF (Bad file descriptor) [pid 16466] close(17) = -1 EBADF (Bad file descriptor) [pid 16466] close(18) = -1 EBADF (Bad file descriptor) [pid 16466] close(19) = -1 EBADF (Bad file descriptor) [pid 16466] close(20) = -1 EBADF (Bad file descriptor) [pid 16466] close(21) = -1 EBADF (Bad file descriptor) [pid 16466] close(22) = -1 EBADF (Bad file descriptor) [pid 16466] close(23) = -1 EBADF (Bad file descriptor) [pid 16466] close(24) = -1 EBADF (Bad file descriptor) [pid 16466] close(25) = -1 EBADF (Bad file descriptor) [pid 16466] close(26) = -1 EBADF (Bad file descriptor) [pid 16466] close(27) = -1 EBADF (Bad file descriptor) [pid 16466] close(28) = -1 EBADF (Bad file descriptor) [pid 16466] close(29) = -1 EBADF (Bad file descriptor) [pid 16466] exit_group(0 [pid 16471] <... futex resumed>) = ? [pid 16467] <... futex resumed>) = 231 [pid 16466] <... exit_group resumed>) = ? [pid 16470] <... futex resumed>) = ? [pid 16471] +++ exited with 0 +++ [pid 16467] +++ exited with 0 +++ [pid 16470] +++ exited with 0 +++ [pid 16466] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10412, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2729", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2729", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2729/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2729/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2729/binderfs") = 0 [ 327.582304][T16467] EXT4-fs (loop0): 1 truncate cleaned up [ 327.597898][T16470] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5886: Corrupt filesystem [pid 289] umount2("./2729/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2729/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2729/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2729/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2729/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2729/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2729") = 0 [pid 289] mkdir("./2730", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10416 ./strace-static-x86_64: Process 16473 attached [pid 16473] set_robust_list(0x555556f746a0, 24) = 0 [pid 16473] chdir("./2730") = 0 [pid 16473] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16473] setpgid(0, 0) = 0 [pid 16473] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16473] write(3, "1000", 4) = 4 [pid 16473] close(3) = 0 [pid 16473] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16473] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16473] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 16473] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 16473] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 16473] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16473] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16473] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10417]}, 88) = 10417 [pid 16473] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16473] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 16474 attached [pid 16473] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16474] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 16474] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16474] memfd_create("syzkaller", 0) = 3 [pid 16474] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 16474] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16474] munmap(0x7fbc5eeed000, 262144) = 0 [pid 16474] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16474] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16474] close(3) = 0 [pid 16474] mkdir("./file1", 0777) = 0 [pid 16474] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16474] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16474] chdir("./file1") = 0 [pid 16474] ioctl(4, LOOP_CLR_FD) = 0 [pid 16474] close(4) = 0 [pid 16474] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16473] <... futex resumed>) = 0 [pid 16473] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16473] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16474] <... futex resumed>) = 1 [pid 16474] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 16474] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16473] <... futex resumed>) = 0 [pid 16473] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16473] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16473] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 16473] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16473] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16473] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0}./strace-static-x86_64: Process 16477 attached => {parent_tid=[10418]}, 88) = 10418 [pid 16473] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16473] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16473] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16473] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 16473] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16477] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 16473] rt_sigprocmask(SIG_BLOCK, ~[], [pid 16477] <... set_robust_list resumed>) = 0 [pid 16473] <... rt_sigprocmask resumed>[], 8) = 0 [pid 16473] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0}./strace-static-x86_64: Process 16478 attached [pid 16477] rt_sigprocmask(SIG_SETMASK, [], [pid 16473] <... clone3 resumed> => {parent_tid=[10419]}, 88) = 10419 [pid 16473] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16473] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16473] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16474] <... futex resumed>) = 1 [pid 16474] memfd_create("syzkaller", 0) = 4 [pid 16474] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16474] close(4) = 0 [pid 16478] set_robust_list(0x7fbc5ef0b9a0, 24 [pid 16477] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16474] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16474] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16478] <... set_robust_list resumed>) = 0 [pid 16478] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16478] memfd_create("syzkaller", 0 [pid 16477] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 16478] <... memfd_create resumed>) = 4 [pid 16478] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16478] close(4) = 0 [pid 16478] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 16473] <... futex resumed>) = 0 [pid 16473] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16477] <... setxattr resumed>) = 0 [pid 16473] <... futex resumed>) = 1 [pid 16473] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16474] <... futex resumed>) = 0 [pid 16474] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 16477] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16478] <... futex resumed>) = 1 [pid 16478] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16477] <... futex resumed>) = 0 [pid 16477] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16474] <... open resumed>) = 4 [pid 16474] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16473] <... futex resumed>) = 0 [pid 16473] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16473] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16474] <... futex resumed>) = 1 [pid 16474] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 16474] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16473] <... futex resumed>) = 0 [pid 16473] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16473] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16474] <... futex resumed>) = 1 [pid 16474] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 16474] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16473] <... futex resumed>) = 0 [pid 16473] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16473] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16474] <... futex resumed>) = 1 [pid 16474] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 16474] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16473] <... futex resumed>) = 0 [pid 16473] close(3) = 0 [pid 16473] close(4) = 0 [pid 16473] close(5) = 0 [pid 16473] close(6) = -1 EBADF (Bad file descriptor) [pid 16473] close(7) = -1 EBADF (Bad file descriptor) [pid 16473] close(8) = -1 EBADF (Bad file descriptor) [pid 16474] <... futex resumed>) = 1 [pid 16473] close(9 [pid 16474] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16473] <... close resumed>) = -1 EBADF (Bad file descriptor) [pid 16473] close(10) = -1 EBADF (Bad file descriptor) [pid 16473] close(11) = -1 EBADF (Bad file descriptor) [pid 16473] close(12) = -1 EBADF (Bad file descriptor) [pid 16473] close(13) = -1 EBADF (Bad file descriptor) [pid 16473] close(14) = -1 EBADF (Bad file descriptor) [pid 16473] close(15) = -1 EBADF (Bad file descriptor) [pid 16473] close(16) = -1 EBADF (Bad file descriptor) [pid 16473] close(17) = -1 EBADF (Bad file descriptor) [pid 16473] close(18) = -1 EBADF (Bad file descriptor) [pid 16473] close(19) = -1 EBADF (Bad file descriptor) [pid 16473] close(20) = -1 EBADF (Bad file descriptor) [pid 16473] close(21) = -1 EBADF (Bad file descriptor) [pid 16473] close(22) = -1 EBADF (Bad file descriptor) [pid 16473] close(23) = -1 EBADF (Bad file descriptor) [pid 16473] close(24) = -1 EBADF (Bad file descriptor) [pid 16473] close(25) = -1 EBADF (Bad file descriptor) [pid 16473] close(26) = -1 EBADF (Bad file descriptor) [pid 16473] close(27) = -1 EBADF (Bad file descriptor) [pid 16473] close(28) = -1 EBADF (Bad file descriptor) [pid 16473] close(29) = -1 EBADF (Bad file descriptor) [pid 16473] exit_group(0 [pid 16477] <... futex resumed>) = ? [pid 16473] <... exit_group resumed>) = ? [pid 16477] +++ exited with 0 +++ [pid 16478] <... futex resumed>) = ? [pid 16474] <... futex resumed>) = ? [pid 16478] +++ exited with 0 +++ [pid 16474] +++ exited with 0 +++ [pid 16473] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10416, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2730", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2730", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2730/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2730/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2730/binderfs") = 0 [ 327.701565][T16474] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2730/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2730/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2730/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2730/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2730/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2730/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2730") = 0 [pid 289] mkdir("./2731", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10420 ./strace-static-x86_64: Process 16479 attached [pid 16479] set_robust_list(0x555556f746a0, 24) = 0 [pid 16479] chdir("./2731") = 0 [pid 16479] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16479] setpgid(0, 0) = 0 [pid 16479] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16479] write(3, "1000", 4) = 4 [pid 16479] close(3) = 0 [pid 16479] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16479] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16479] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 16479] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 16479] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 16479] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16479] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16479] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10421]}, 88) = 10421 [pid 16479] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16479] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16479] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 16480 attached [pid 16480] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 16480] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16480] memfd_create("syzkaller", 0) = 3 [pid 16480] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 16480] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16480] munmap(0x7fbc5eeed000, 262144) = 0 [pid 16480] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16480] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16480] close(3) = 0 [pid 16480] mkdir("./file1", 0777) = 0 [pid 16480] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16480] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16480] chdir("./file1") = 0 [pid 16480] ioctl(4, LOOP_CLR_FD) = 0 [pid 16480] close(4) = 0 [pid 16480] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16479] <... futex resumed>) = 0 [pid 16479] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16479] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16480] <... futex resumed>) = 1 [pid 16480] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 16480] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16480] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16479] <... futex resumed>) = 0 [pid 16479] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16480] <... futex resumed>) = 0 [pid 16479] <... futex resumed>) = 1 [pid 16479] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16480] memfd_create("syzkaller", 0 [pid 16479] <... futex resumed>) = 0 [pid 16479] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 16479] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16479] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16479] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} [pid 16480] <... memfd_create resumed>) = 4 [pid 16479] <... clone3 resumed> => {parent_tid=[10422]}, 88) = 10422 [pid 16479] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 16483 attached [pid 16479] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16483] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 16479] <... futex resumed>) = 0 [pid 16480] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 16479] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16479] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 16480] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 16479] <... mmap resumed>) = 0x7fbc5eeeb000 [pid 16483] <... set_robust_list resumed>) = 0 [pid 16479] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE [pid 16483] rt_sigprocmask(SIG_SETMASK, [], [pid 16479] <... mprotect resumed>) = 0 [pid 16480] close(4 [pid 16483] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16479] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16479] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} [pid 16483] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 16479] <... clone3 resumed> => {parent_tid=[10423]}, 88) = 10423 [pid 16479] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16479] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16479] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 16484 attached [pid 16480] <... close resumed>) = 0 [pid 16483] <... setxattr resumed>) = 0 [pid 16483] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16483] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16484] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 16484] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16484] memfd_create("syzkaller", 0 [pid 16480] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16484] <... memfd_create resumed>) = 4 [pid 16484] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16484] close(4) = 0 [pid 16480] <... futex resumed>) = 0 [pid 16484] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16484] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16480] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16479] <... futex resumed>) = 0 [pid 16479] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16479] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16480] <... futex resumed>) = 0 [pid 16480] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 16480] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16479] <... futex resumed>) = 0 [pid 16479] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16479] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16480] <... futex resumed>) = 1 [pid 16480] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 16480] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16479] <... futex resumed>) = 0 [pid 16479] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16479] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16480] <... futex resumed>) = 1 [pid 16480] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 16480] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16479] <... futex resumed>) = 0 [pid 16479] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16479] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16480] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 16480] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16479] <... futex resumed>) = 0 [pid 16480] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16479] close(3) = 0 [pid 16479] close(4) = 0 [pid 16479] close(5) = 0 [pid 16479] close(6) = -1 EBADF (Bad file descriptor) [pid 16479] close(7) = -1 EBADF (Bad file descriptor) [pid 16479] close(8) = -1 EBADF (Bad file descriptor) [pid 16479] close(9) = -1 EBADF (Bad file descriptor) [pid 16479] close(10) = -1 EBADF (Bad file descriptor) [pid 16479] close(11) = -1 EBADF (Bad file descriptor) [pid 16479] close(12) = -1 EBADF (Bad file descriptor) [pid 16479] close(13) = -1 EBADF (Bad file descriptor) [pid 16479] close(14) = -1 EBADF (Bad file descriptor) [pid 16479] close(15) = -1 EBADF (Bad file descriptor) [pid 16479] close(16) = -1 EBADF (Bad file descriptor) [pid 16479] close(17) = -1 EBADF (Bad file descriptor) [pid 16479] close(18) = -1 EBADF (Bad file descriptor) [pid 16479] close(19) = -1 EBADF (Bad file descriptor) [pid 16479] close(20) = -1 EBADF (Bad file descriptor) [pid 16479] close(21) = -1 EBADF (Bad file descriptor) [pid 16479] close(22) = -1 EBADF (Bad file descriptor) [pid 16479] close(23) = -1 EBADF (Bad file descriptor) [pid 16479] close(24) = -1 EBADF (Bad file descriptor) [pid 16479] close(25) = -1 EBADF (Bad file descriptor) [pid 16479] close(26) = -1 EBADF (Bad file descriptor) [pid 16479] close(27) = -1 EBADF (Bad file descriptor) [pid 16479] close(28) = -1 EBADF (Bad file descriptor) [pid 16479] close(29) = -1 EBADF (Bad file descriptor) [pid 16479] exit_group(0) = ? [pid 16483] <... futex resumed>) = ? [pid 16480] <... futex resumed>) = ? [pid 16484] <... futex resumed>) = ? [pid 16483] +++ exited with 0 +++ [pid 16480] +++ exited with 0 +++ [pid 16484] +++ exited with 0 +++ [pid 16479] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10420, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2731", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2731", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2731/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2731/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2731/binderfs") = 0 [ 327.779085][T16480] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2731/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2731/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2731/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2731/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2731/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2731/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2731") = 0 [pid 289] mkdir("./2732", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10424 ./strace-static-x86_64: Process 16485 attached [pid 16485] set_robust_list(0x555556f746a0, 24) = 0 [pid 16485] chdir("./2732") = 0 [pid 16485] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16485] setpgid(0, 0) = 0 [pid 16485] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16485] write(3, "1000", 4) = 4 [pid 16485] close(3) = 0 [pid 16485] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16485] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16485] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 16485] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 16485] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 16485] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16485] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16485] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10425]}, 88) = 10425 [pid 16485] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16485] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16485] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 16486 attached [pid 16486] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 16486] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16486] memfd_create("syzkaller", 0) = 3 [pid 16486] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 16486] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16486] munmap(0x7fbc5eeed000, 262144) = 0 [pid 16486] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16486] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16486] close(3) = 0 [pid 16486] mkdir("./file1", 0777) = 0 [pid 16486] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16486] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16486] chdir("./file1") = 0 [pid 16486] ioctl(4, LOOP_CLR_FD) = 0 [pid 16486] close(4) = 0 [pid 16486] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16485] <... futex resumed>) = 0 [pid 16485] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16485] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16486] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 16486] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16485] <... futex resumed>) = 0 [pid 16485] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16485] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16485] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 16485] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16485] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16485] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[10426]}, 88) = 10426 [pid 16485] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16485] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16485] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16485] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 16485] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16485] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16485] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[10427]}, 88) = 10427 [pid 16485] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 16490 attached ./strace-static-x86_64: Process 16489 attached [pid 16486] <... futex resumed>) = 1 [pid 16485] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16485] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16490] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 16490] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16490] memfd_create("syzkaller", 0) = 4 [pid 16486] memfd_create("syzkaller", 0 [pid 16490] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16490] close(4) = 0 [pid 16490] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 16485] <... futex resumed>) = 0 [pid 16485] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16485] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16490] <... futex resumed>) = 1 [pid 16490] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 16489] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 16486] <... memfd_create resumed>) = 5 [pid 16489] rt_sigprocmask(SIG_SETMASK, [], [pid 16486] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 16489] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16489] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 16490] <... open resumed>) = 4 [pid 16489] <... setxattr resumed>) = 0 [pid 16486] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 16489] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16486] close(5 [pid 16489] <... futex resumed>) = 0 [pid 16489] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16490] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 16485] <... futex resumed>) = 0 [pid 16485] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16485] futex(0x7fbc673d96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16489] <... futex resumed>) = 0 [pid 16489] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 16489] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16485] <... futex resumed>) = 0 [pid 16485] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16485] futex(0x7fbc673d96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16489] <... futex resumed>) = 1 [pid 16489] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 16489] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16485] <... futex resumed>) = 0 [pid 16485] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16485] futex(0x7fbc673d96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16489] <... futex resumed>) = 1 [pid 16489] write(6, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 16490] <... futex resumed>) = 1 [pid 16486] <... close resumed>) = 0 [pid 16486] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16486] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16490] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16489] <... write resumed>) = 262144 [pid 16489] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16485] <... futex resumed>) = 0 [pid 16489] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16485] close(3) = 0 [pid 16485] close(4) = 0 [pid 16485] close(5) = -1 EBADF (Bad file descriptor) [pid 16485] close(6) = 0 [pid 16485] close(7) = -1 EBADF (Bad file descriptor) [pid 16485] close(8) = -1 EBADF (Bad file descriptor) [pid 16485] close(9) = -1 EBADF (Bad file descriptor) [pid 16485] close(10) = -1 EBADF (Bad file descriptor) [pid 16485] close(11) = -1 EBADF (Bad file descriptor) [pid 16485] close(12) = -1 EBADF (Bad file descriptor) [pid 16485] close(13) = -1 EBADF (Bad file descriptor) [pid 16485] close(14) = -1 EBADF (Bad file descriptor) [pid 16485] close(15) = -1 EBADF (Bad file descriptor) [pid 16485] close(16) = -1 EBADF (Bad file descriptor) [pid 16485] close(17) = -1 EBADF (Bad file descriptor) [pid 16485] close(18) = -1 EBADF (Bad file descriptor) [pid 16485] close(19) = -1 EBADF (Bad file descriptor) [pid 16485] close(20) = -1 EBADF (Bad file descriptor) [pid 16485] close(21) = -1 EBADF (Bad file descriptor) [pid 16485] close(22) = -1 EBADF (Bad file descriptor) [pid 16485] close(23) = -1 EBADF (Bad file descriptor) [pid 16485] close(24) = -1 EBADF (Bad file descriptor) [pid 16485] close(25) = -1 EBADF (Bad file descriptor) [pid 16485] close(26) = -1 EBADF (Bad file descriptor) [pid 16485] close(27) = -1 EBADF (Bad file descriptor) [pid 16485] close(28) = -1 EBADF (Bad file descriptor) [pid 16485] close(29) = -1 EBADF (Bad file descriptor) [pid 16485] exit_group(0 [pid 16486] <... futex resumed>) = ? [pid 16485] <... exit_group resumed>) = ? [pid 16486] +++ exited with 0 +++ [pid 16490] <... futex resumed>) = ? [pid 16490] +++ exited with 0 +++ [pid 16489] <... futex resumed>) = ? [pid 16489] +++ exited with 0 +++ [pid 16485] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10424, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2732", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2732", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2732/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2732/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2732/binderfs") = 0 [ 327.945286][T16486] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2732/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2732/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2732/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2732/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2732/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2732/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2732") = 0 [pid 289] mkdir("./2733", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10428 ./strace-static-x86_64: Process 16491 attached [pid 16491] set_robust_list(0x555556f746a0, 24) = 0 [pid 16491] chdir("./2733") = 0 [pid 16491] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16491] setpgid(0, 0) = 0 [pid 16491] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16491] write(3, "1000", 4) = 4 [pid 16491] close(3) = 0 [pid 16491] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16491] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16491] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 16491] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 16491] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 16491] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16491] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16491] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0}./strace-static-x86_64: Process 16492 attached => {parent_tid=[10429]}, 88) = 10429 [pid 16492] set_robust_list(0x7fbc6730d9a0, 24 [pid 16491] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16491] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16491] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16492] <... set_robust_list resumed>) = 0 [pid 16492] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16492] memfd_create("syzkaller", 0) = 3 [pid 16492] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 16492] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16492] munmap(0x7fbc5eeed000, 262144) = 0 [pid 16492] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16492] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16492] close(3) = 0 [pid 16492] mkdir("./file1", 0777) = 0 [pid 16492] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16492] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16492] chdir("./file1") = 0 [pid 16492] ioctl(4, LOOP_CLR_FD) = 0 [pid 16492] close(4) = 0 [pid 16492] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16491] <... futex resumed>) = 0 [pid 16491] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16491] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16492] <... futex resumed>) = 1 [pid 16492] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 16492] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16491] <... futex resumed>) = 0 [pid 16491] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16491] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16491] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 16491] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16491] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16491] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[10430]}, 88) = 10430 [pid 16491] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16491] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16491] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16491] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 16491] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16491] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16491] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0}./strace-static-x86_64: Process 16496 attached ./strace-static-x86_64: Process 16495 attached => {parent_tid=[10431]}, 88) = 10431 [pid 16496] set_robust_list(0x7fbc5ef0b9a0, 24 [pid 16495] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 16491] rt_sigprocmask(SIG_SETMASK, [], [pid 16496] <... set_robust_list resumed>) = 0 [pid 16495] <... set_robust_list resumed>) = 0 [pid 16491] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16496] rt_sigprocmask(SIG_SETMASK, [], [pid 16491] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16495] rt_sigprocmask(SIG_SETMASK, [], [pid 16496] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16491] <... futex resumed>) = 0 [pid 16495] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16491] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16496] memfd_create("syzkaller", 0 [pid 16495] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 16496] <... memfd_create resumed>) = 4 [pid 16495] <... setxattr resumed>) = 0 [pid 16496] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 16492] <... futex resumed>) = 1 [pid 16492] memfd_create("syzkaller", 0) = 5 [pid 16492] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16492] close(5) = 0 [pid 16492] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16492] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16495] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16495] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16496] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 16496] close(4) = 0 [pid 16496] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 16491] <... futex resumed>) = 0 [pid 16491] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16491] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16492] <... futex resumed>) = 0 [pid 16492] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 16496] <... futex resumed>) = 1 [pid 16496] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16492] <... open resumed>) = 4 [pid 16492] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16491] <... futex resumed>) = 0 [pid 16491] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16491] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16492] <... futex resumed>) = 1 [pid 16492] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 16492] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16491] <... futex resumed>) = 0 [pid 16491] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16491] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16492] <... futex resumed>) = 1 [pid 16492] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 16492] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16491] <... futex resumed>) = 0 [pid 16491] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16491] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16492] <... futex resumed>) = 1 [pid 16492] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 16492] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16491] <... futex resumed>) = 0 [pid 16492] <... futex resumed>) = 1 [pid 16492] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16491] close(3) = 0 [pid 16491] close(4) = 0 [pid 16491] close(5) = 0 [pid 16491] close(6) = -1 EBADF (Bad file descriptor) [pid 16491] close(7) = -1 EBADF (Bad file descriptor) [pid 16491] close(8) = -1 EBADF (Bad file descriptor) [pid 16491] close(9) = -1 EBADF (Bad file descriptor) [pid 16491] close(10) = -1 EBADF (Bad file descriptor) [pid 16491] close(11) = -1 EBADF (Bad file descriptor) [pid 16491] close(12) = -1 EBADF (Bad file descriptor) [pid 16491] close(13) = -1 EBADF (Bad file descriptor) [pid 16491] close(14) = -1 EBADF (Bad file descriptor) [pid 16491] close(15) = -1 EBADF (Bad file descriptor) [pid 16491] close(16) = -1 EBADF (Bad file descriptor) [pid 16491] close(17) = -1 EBADF (Bad file descriptor) [pid 16491] close(18) = -1 EBADF (Bad file descriptor) [pid 16491] close(19) = -1 EBADF (Bad file descriptor) [pid 16491] close(20) = -1 EBADF (Bad file descriptor) [pid 16491] close(21) = -1 EBADF (Bad file descriptor) [pid 16491] close(22) = -1 EBADF (Bad file descriptor) [pid 16491] close(23) = -1 EBADF (Bad file descriptor) [pid 16491] close(24) = -1 EBADF (Bad file descriptor) [pid 16491] close(25) = -1 EBADF (Bad file descriptor) [pid 16491] close(26) = -1 EBADF (Bad file descriptor) [pid 16491] close(27) = -1 EBADF (Bad file descriptor) [pid 16491] close(28) = -1 EBADF (Bad file descriptor) [pid 16491] close(29) = -1 EBADF (Bad file descriptor) [pid 16491] exit_group(0) = ? [pid 16495] <... futex resumed>) = ? [pid 16495] +++ exited with 0 +++ [pid 16496] <... futex resumed>) = ? [pid 16496] +++ exited with 0 +++ [pid 16492] <... futex resumed>) = ? [pid 16492] +++ exited with 0 +++ [pid 16491] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10428, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2733", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2733", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2733/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2733/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2733/binderfs") = 0 [ 328.094268][T16492] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2733/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2733/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2733/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2733/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2733/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2733/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2733") = 0 [pid 289] mkdir("./2734", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10432 ./strace-static-x86_64: Process 16497 attached [pid 16497] set_robust_list(0x555556f746a0, 24) = 0 [pid 16497] chdir("./2734") = 0 [pid 16497] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16497] setpgid(0, 0) = 0 [pid 16497] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16497] write(3, "1000", 4) = 4 [pid 16497] close(3) = 0 [pid 16497] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16497] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16497] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 16497] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 16497] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 16497] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16497] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16497] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10433]}, 88) = 10433 [pid 16497] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16497] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16497] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 16498 attached [pid 16498] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 16498] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16498] memfd_create("syzkaller", 0) = 3 [pid 16498] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 16498] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16498] munmap(0x7fbc5eeed000, 262144) = 0 [pid 16498] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16498] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16498] close(3) = 0 [pid 16498] mkdir("./file1", 0777) = 0 [pid 16498] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16498] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16498] chdir("./file1") = 0 [pid 16498] ioctl(4, LOOP_CLR_FD) = 0 [pid 16498] close(4) = 0 [pid 16498] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16497] <... futex resumed>) = 0 [pid 16497] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16497] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16498] <... futex resumed>) = 1 [pid 16498] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 16498] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16497] <... futex resumed>) = 0 [pid 16497] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16497] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16497] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 16497] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16497] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16497] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[10434]}, 88) = 10434 [pid 16497] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16497] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16497] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16497] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 16497] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16497] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16497] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[10435]}, 88) = 10435 [pid 16497] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16497] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16497] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16498] <... futex resumed>) = 1 [pid 16498] memfd_create("syzkaller", 0) = 4 [pid 16498] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) ./strace-static-x86_64: Process 16502 attached ./strace-static-x86_64: Process 16501 attached [pid 16502] set_robust_list(0x7fbc5ef0b9a0, 24 [pid 16501] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 16502] <... set_robust_list resumed>) = 0 [pid 16498] close(4 [pid 16502] rt_sigprocmask(SIG_SETMASK, [], [pid 16501] <... set_robust_list resumed>) = 0 [pid 16498] <... close resumed>) = 0 [pid 16501] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16501] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0) = 0 [pid 16502] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16498] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16502] memfd_create("syzkaller", 0 [pid 16501] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16498] <... futex resumed>) = 0 [pid 16502] <... memfd_create resumed>) = 4 [pid 16501] <... futex resumed>) = 0 [pid 16498] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16501] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16502] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16502] close(4) = 0 [pid 16502] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 16497] <... futex resumed>) = 0 [pid 16497] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16497] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16498] <... futex resumed>) = 0 [pid 16498] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 16502] <... futex resumed>) = 1 [pid 16498] <... open resumed>) = 4 [pid 16498] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16497] <... futex resumed>) = 0 [pid 16497] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16497] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16498] <... futex resumed>) = 1 [pid 16498] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 16498] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16497] <... futex resumed>) = 0 [pid 16497] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16497] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16498] <... futex resumed>) = 1 [pid 16498] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 16498] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16497] <... futex resumed>) = 0 [pid 16497] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16497] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16498] <... futex resumed>) = 1 [pid 16498] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 16502] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16498] <... write resumed>) = 262144 [pid 16498] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16498] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16497] <... futex resumed>) = 0 [pid 16497] close(3) = 0 [pid 16497] close(4) = 0 [pid 16497] close(5) = 0 [pid 16497] close(6) = -1 EBADF (Bad file descriptor) [pid 16497] close(7) = -1 EBADF (Bad file descriptor) [pid 16497] close(8) = -1 EBADF (Bad file descriptor) [pid 16497] close(9) = -1 EBADF (Bad file descriptor) [pid 16497] close(10) = -1 EBADF (Bad file descriptor) [pid 16497] close(11) = -1 EBADF (Bad file descriptor) [pid 16497] close(12) = -1 EBADF (Bad file descriptor) [pid 16497] close(13) = -1 EBADF (Bad file descriptor) [pid 16497] close(14) = -1 EBADF (Bad file descriptor) [pid 16497] close(15) = -1 EBADF (Bad file descriptor) [pid 16497] close(16) = -1 EBADF (Bad file descriptor) [pid 16497] close(17) = -1 EBADF (Bad file descriptor) [pid 16497] close(18) = -1 EBADF (Bad file descriptor) [pid 16497] close(19) = -1 EBADF (Bad file descriptor) [pid 16497] close(20) = -1 EBADF (Bad file descriptor) [pid 16497] close(21) = -1 EBADF (Bad file descriptor) [pid 16497] close(22) = -1 EBADF (Bad file descriptor) [pid 16497] close(23) = -1 EBADF (Bad file descriptor) [pid 16497] close(24) = -1 EBADF (Bad file descriptor) [pid 16497] close(25) = -1 EBADF (Bad file descriptor) [pid 16497] close(26) = -1 EBADF (Bad file descriptor) [pid 16497] close(27) = -1 EBADF (Bad file descriptor) [pid 16497] close(28) = -1 EBADF (Bad file descriptor) [pid 16497] close(29) = -1 EBADF (Bad file descriptor) [pid 16497] exit_group(0) = ? [pid 16502] <... futex resumed>) = 231 [pid 16498] <... futex resumed>) = ? [pid 16498] +++ exited with 0 +++ [pid 16502] +++ exited with 0 +++ [pid 16501] <... futex resumed>) = ? [pid 16501] +++ exited with 0 +++ [pid 16497] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10432, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2734", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2734", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2734/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2734/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2734/binderfs") = 0 [ 328.259378][T16498] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2734/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2734/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2734/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2734/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2734/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2734/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2734") = 0 [pid 289] mkdir("./2735", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10436 ./strace-static-x86_64: Process 16503 attached [pid 16503] set_robust_list(0x555556f746a0, 24) = 0 [pid 16503] chdir("./2735") = 0 [pid 16503] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16503] setpgid(0, 0) = 0 [pid 16503] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16503] write(3, "1000", 4) = 4 [pid 16503] close(3) = 0 [pid 16503] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16503] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16503] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 16503] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 16503] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 16503] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16503] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16503] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10437]}, 88) = 10437 [pid 16503] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16503] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16503] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 16504 attached [pid 16504] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 16504] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16504] memfd_create("syzkaller", 0) = 3 [pid 16504] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 16504] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16504] munmap(0x7fbc5eeed000, 262144) = 0 [pid 16504] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16504] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16504] close(3) = 0 [pid 16504] mkdir("./file1", 0777) = 0 [pid 16504] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16504] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16504] chdir("./file1") = 0 [pid 16504] ioctl(4, LOOP_CLR_FD) = 0 [pid 16504] close(4) = 0 [pid 16504] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16503] <... futex resumed>) = 0 [pid 16503] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16503] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16504] <... futex resumed>) = 1 [pid 16504] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 16504] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16503] <... futex resumed>) = 0 [pid 16503] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16503] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16503] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 16503] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16503] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16503] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[10438]}, 88) = 10438 [pid 16503] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16503] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16503] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16503] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 16503] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16503] rt_sigprocmask(SIG_BLOCK, ~[], ./strace-static-x86_64: Process 16507 attached [pid 16504] <... futex resumed>) = 1 [pid 16503] <... rt_sigprocmask resumed>[], 8) = 0 [pid 16503] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} [pid 16507] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 16504] memfd_create("syzkaller", 0 [pid 16503] <... clone3 resumed> => {parent_tid=[10439]}, 88) = 10439 [pid 16503] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16503] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16503] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 16508 attached [pid 16508] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 16508] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16508] memfd_create("syzkaller", 0) = 4 [pid 16508] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16508] close(4) = 0 [pid 16508] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 16503] <... futex resumed>) = 0 [pid 16503] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16503] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16508] <... futex resumed>) = 1 [pid 16508] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 16507] <... set_robust_list resumed>) = 0 [pid 16508] <... open resumed>) = 4 [pid 16507] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16507] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0) = 0 [pid 16508] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 16503] <... futex resumed>) = 0 [pid 16503] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16503] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16508] <... futex resumed>) = 1 [pid 16508] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 16508] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 16503] <... futex resumed>) = 0 [pid 16503] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16503] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16508] <... futex resumed>) = 1 [pid 16507] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16508] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 16507] <... futex resumed>) = 0 [pid 16508] <... open resumed>) = 5 [pid 16507] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16508] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 16503] <... futex resumed>) = 0 [pid 16503] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16503] futex(0x7fbc673d96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16507] <... futex resumed>) = 0 [pid 16508] <... futex resumed>) = 1 [pid 16507] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 16504] <... memfd_create resumed>) = 6 [pid 16508] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16504] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16504] close(6) = 0 [pid 16504] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16504] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16507] <... write resumed>) = 262144 [pid 16507] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16503] <... futex resumed>) = 0 [pid 16503] close(3) = 0 [pid 16503] close(4) = 0 [pid 16503] close(5) = 0 [pid 16503] close(6) = -1 EBADF (Bad file descriptor) [pid 16503] close(7) = -1 EBADF (Bad file descriptor) [pid 16503] close(8) = -1 EBADF (Bad file descriptor) [pid 16503] close(9) = -1 EBADF (Bad file descriptor) [pid 16503] close(10) = -1 EBADF (Bad file descriptor) [pid 16503] close(11) = -1 EBADF (Bad file descriptor) [pid 16503] close(12) = -1 EBADF (Bad file descriptor) [pid 16503] close(13) = -1 EBADF (Bad file descriptor) [pid 16503] close(14) = -1 EBADF (Bad file descriptor) [pid 16503] close(15) = -1 EBADF (Bad file descriptor) [pid 16503] close(16) = -1 EBADF (Bad file descriptor) [pid 16503] close(17) = -1 EBADF (Bad file descriptor) [pid 16503] close(18) = -1 EBADF (Bad file descriptor) [pid 16503] close(19) = -1 EBADF (Bad file descriptor) [pid 16503] close(20) = -1 EBADF (Bad file descriptor) [pid 16503] close(21) = -1 EBADF (Bad file descriptor) [pid 16503] close(22) = -1 EBADF (Bad file descriptor) [pid 16503] close(23) = -1 EBADF (Bad file descriptor) [pid 16503] close(24) = -1 EBADF (Bad file descriptor) [pid 16503] close(25) = -1 EBADF (Bad file descriptor) [pid 16503] close(26) = -1 EBADF (Bad file descriptor) [pid 16503] close(27) = -1 EBADF (Bad file descriptor) [pid 16503] close(28) = -1 EBADF (Bad file descriptor) [pid 16503] close(29) = -1 EBADF (Bad file descriptor) [pid 16503] exit_group(0) = ? [pid 16507] <... futex resumed>) = ? [pid 16507] +++ exited with 0 +++ [pid 16508] <... futex resumed>) = ? [pid 16504] <... futex resumed>) = ? [pid 16508] +++ exited with 0 +++ [pid 16504] +++ exited with 0 +++ [pid 16503] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10436, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2735", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2735", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2735/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2735/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2735/binderfs") = 0 [ 328.380878][T16504] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2735/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2735/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2735/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2735/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2735/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2735/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2735") = 0 [pid 289] mkdir("./2736", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10440 ./strace-static-x86_64: Process 16510 attached [pid 16510] set_robust_list(0x555556f746a0, 24) = 0 [pid 16510] chdir("./2736") = 0 [pid 16510] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16510] setpgid(0, 0) = 0 [pid 16510] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16510] write(3, "1000", 4) = 4 [pid 16510] close(3) = 0 [pid 16510] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16510] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16510] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 16510] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 16510] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 16510] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16510] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16510] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10441]}, 88) = 10441 [pid 16510] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16510] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16510] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 16511 attached [pid 16511] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 16511] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16511] memfd_create("syzkaller", 0) = 3 [pid 16511] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 16511] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16511] munmap(0x7fbc5eeed000, 262144) = 0 [pid 16511] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16511] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16511] close(3) = 0 [pid 16511] mkdir("./file1", 0777) = 0 [pid 16511] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16511] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16511] chdir("./file1") = 0 [pid 16511] ioctl(4, LOOP_CLR_FD) = 0 [pid 16511] close(4) = 0 [pid 16511] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16510] <... futex resumed>) = 0 [pid 16510] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16510] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16511] <... futex resumed>) = 1 [pid 16511] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 16511] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16510] <... futex resumed>) = 0 [pid 16510] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16510] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16510] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 16510] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16510] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16510] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0}./strace-static-x86_64: Process 16514 attached => {parent_tid=[10442]}, 88) = 10442 [pid 16514] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 16511] <... futex resumed>) = 1 [pid 16510] rt_sigprocmask(SIG_SETMASK, [], [pid 16514] <... set_robust_list resumed>) = 0 [pid 16511] memfd_create("syzkaller", 0 [pid 16510] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16510] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16510] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16510] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 16510] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16510] rt_sigprocmask(SIG_BLOCK, ~[], [pid 16514] rt_sigprocmask(SIG_SETMASK, [], [pid 16511] <... memfd_create resumed>) = 4 [pid 16514] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16511] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 16514] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 16511] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 16510] <... rt_sigprocmask resumed>[], 8) = 0 [pid 16514] <... setxattr resumed>) = 0 [pid 16511] close(4 [pid 16510] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} [pid 16514] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16511] <... close resumed>) = 0 [pid 16510] <... clone3 resumed> => {parent_tid=[10443]}, 88) = 10443 [pid 16510] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16510] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16514] <... futex resumed>) = 0 [pid 16511] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16510] <... futex resumed>) = 0 [pid 16510] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 16515 attached [pid 16515] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 16514] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16511] <... futex resumed>) = 0 [pid 16515] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16515] memfd_create("syzkaller", 0) = 4 [pid 16511] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16515] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16515] close(4) = 0 [pid 16515] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 16510] <... futex resumed>) = 0 [pid 16510] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16510] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16515] <... futex resumed>) = 1 [pid 16515] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16511] <... futex resumed>) = 0 [pid 16511] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 16511] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16510] <... futex resumed>) = 0 [pid 16510] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16510] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16511] <... futex resumed>) = 1 [pid 16511] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 16511] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16510] <... futex resumed>) = 0 [pid 16510] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16510] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16511] <... futex resumed>) = 1 [pid 16511] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 16511] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16510] <... futex resumed>) = 0 [pid 16510] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16510] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16511] <... futex resumed>) = 1 [pid 16511] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 16511] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16510] <... futex resumed>) = 0 [pid 16510] close(3) = 0 [pid 16510] close(4) = 0 [pid 16510] close(5) = 0 [pid 16510] close(6) = -1 EBADF (Bad file descriptor) [pid 16510] close(7) = -1 EBADF (Bad file descriptor) [pid 16510] close(8) = -1 EBADF (Bad file descriptor) [pid 16510] close(9) = -1 EBADF (Bad file descriptor) [pid 16510] close(10) = -1 EBADF (Bad file descriptor) [pid 16510] close(11) = -1 EBADF (Bad file descriptor) [pid 16510] close(12) = -1 EBADF (Bad file descriptor) [pid 16510] close(13) = -1 EBADF (Bad file descriptor) [pid 16510] close(14) = -1 EBADF (Bad file descriptor) [pid 16510] close(15) = -1 EBADF (Bad file descriptor) [pid 16510] close(16) = -1 EBADF (Bad file descriptor) [pid 16510] close(17) = -1 EBADF (Bad file descriptor) [pid 16510] close(18) = -1 EBADF (Bad file descriptor) [pid 16510] close(19) = -1 EBADF (Bad file descriptor) [pid 16510] close(20) = -1 EBADF (Bad file descriptor) [pid 16510] close(21) = -1 EBADF (Bad file descriptor) [pid 16510] close(22) = -1 EBADF (Bad file descriptor) [pid 16510] close(23) = -1 EBADF (Bad file descriptor) [pid 16510] close(24) = -1 EBADF (Bad file descriptor) [pid 16510] close(25) = -1 EBADF (Bad file descriptor) [pid 16510] close(26) = -1 EBADF (Bad file descriptor) [pid 16510] close(27) = -1 EBADF (Bad file descriptor) [pid 16510] close(28) = -1 EBADF (Bad file descriptor) [pid 16510] close(29) = -1 EBADF (Bad file descriptor) [pid 16510] exit_group(0) = ? [pid 16515] <... futex resumed>) = ? [pid 16515] +++ exited with 0 +++ [pid 16511] <... futex resumed>) = ? [pid 16511] +++ exited with 0 +++ [pid 16514] <... futex resumed>) = ? [pid 16514] +++ exited with 0 +++ [pid 16510] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10440, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2736", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2736", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2736/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2736/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2736/binderfs") = 0 [ 328.486240][T16511] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2736/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2736/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2736/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2736/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2736/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2736/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2736") = 0 [pid 289] mkdir("./2737", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10444 ./strace-static-x86_64: Process 16516 attached [pid 16516] set_robust_list(0x555556f746a0, 24) = 0 [pid 16516] chdir("./2737") = 0 [pid 16516] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16516] setpgid(0, 0) = 0 [pid 16516] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16516] write(3, "1000", 4) = 4 [pid 16516] close(3) = 0 [pid 16516] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16516] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16516] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 16516] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 16516] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 16516] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16516] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16516] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10445]}, 88) = 10445 [pid 16516] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16516] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16516] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 16517 attached [pid 16517] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 16517] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16517] memfd_create("syzkaller", 0) = 3 [pid 16517] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 16517] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16517] munmap(0x7fbc5eeed000, 262144) = 0 [pid 16517] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16517] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16517] close(3) = 0 [pid 16517] mkdir("./file1", 0777) = 0 [pid 16517] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16517] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16517] chdir("./file1") = 0 [pid 16517] ioctl(4, LOOP_CLR_FD) = 0 [pid 16517] close(4) = 0 [pid 16517] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16516] <... futex resumed>) = 0 [pid 16516] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16516] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16517] <... futex resumed>) = 1 [pid 16517] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 16517] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16516] <... futex resumed>) = 0 [pid 16516] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16516] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16516] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 16516] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16516] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16516] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[10446]}, 88) = 10446 [pid 16516] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16516] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16516] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16516] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 16516] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16516] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16516] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[10447]}, 88) = 10447 [pid 16516] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16516] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16516] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16517] <... futex resumed>) = 1 [pid 16517] memfd_create("syzkaller", 0) = 4 [pid 16517] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16517] close(4) = 0 [pid 16517] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16517] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 16520 attached [pid 16520] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 16520] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16520] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0) = 0 [pid 16520] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16520] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 16521 attached [pid 16521] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 16521] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16521] memfd_create("syzkaller", 0) = 4 [pid 16521] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16521] close(4) = 0 [pid 16521] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16516] <... futex resumed>) = 0 [pid 16521] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16516] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16516] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16517] <... futex resumed>) = 0 [pid 16517] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 16517] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16516] <... futex resumed>) = 0 [pid 16517] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 16516] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16517] <... mount resumed>) = 0 [pid 16516] <... futex resumed>) = 0 [pid 16517] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16516] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16517] <... futex resumed>) = 0 [pid 16516] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 16517] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 16516] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16517] <... open resumed>) = 5 [pid 16516] <... futex resumed>) = 0 [pid 16517] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16516] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16517] <... futex resumed>) = 0 [pid 16516] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 16517] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 16516] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16516] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16517] <... write resumed>) = 262144 [pid 16517] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16516] <... futex resumed>) = 0 [pid 16516] close(3) = 0 [pid 16516] close(4) = 0 [pid 16516] close(5) = 0 [pid 16516] close(6) = -1 EBADF (Bad file descriptor) [pid 16516] close(7) = -1 EBADF (Bad file descriptor) [pid 16516] close(8) = -1 EBADF (Bad file descriptor) [pid 16516] close(9) = -1 EBADF (Bad file descriptor) [pid 16516] close(10) = -1 EBADF (Bad file descriptor) [pid 16516] close(11) = -1 EBADF (Bad file descriptor) [pid 16516] close(12) = -1 EBADF (Bad file descriptor) [pid 16516] close(13) = -1 EBADF (Bad file descriptor) [pid 16516] close(14) = -1 EBADF (Bad file descriptor) [pid 16516] close(15) = -1 EBADF (Bad file descriptor) [pid 16516] close(16) = -1 EBADF (Bad file descriptor) [pid 16516] close(17) = -1 EBADF (Bad file descriptor) [pid 16516] close(18) = -1 EBADF (Bad file descriptor) [pid 16516] close(19) = -1 EBADF (Bad file descriptor) [pid 16516] close(20) = -1 EBADF (Bad file descriptor) [pid 16516] close(21) = -1 EBADF (Bad file descriptor) [pid 16516] close(22) = -1 EBADF (Bad file descriptor) [pid 16516] close(23) = -1 EBADF (Bad file descriptor) [pid 16516] close(24) = -1 EBADF (Bad file descriptor) [pid 16516] close(25) = -1 EBADF (Bad file descriptor) [pid 16516] close(26) = -1 EBADF (Bad file descriptor) [pid 16516] close(27) = -1 EBADF (Bad file descriptor) [pid 16516] close(28) = -1 EBADF (Bad file descriptor) [pid 16516] close(29) = -1 EBADF (Bad file descriptor) [pid 16516] exit_group(0 [pid 16520] <... futex resumed>) = ? [pid 16516] <... exit_group resumed>) = ? [pid 16520] +++ exited with 0 +++ [pid 16517] <... futex resumed>) = ? [pid 16517] +++ exited with 0 +++ [pid 16521] <... futex resumed>) = ? [pid 16521] +++ exited with 0 +++ [pid 16516] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10444, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2737", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2737", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2737/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2737/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2737/binderfs") = 0 [ 328.578374][T16517] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2737/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2737/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2737/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2737/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2737/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2737/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2737") = 0 [pid 289] mkdir("./2738", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10448 ./strace-static-x86_64: Process 16522 attached [pid 16522] set_robust_list(0x555556f746a0, 24) = 0 [pid 16522] chdir("./2738") = 0 [pid 16522] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16522] setpgid(0, 0) = 0 [pid 16522] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16522] write(3, "1000", 4) = 4 [pid 16522] close(3) = 0 [pid 16522] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16522] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16522] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 16522] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 16522] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 16522] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16522] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16522] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10449]}, 88) = 10449 [pid 16522] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16522] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16522] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 16523 attached [pid 16523] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 16523] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16523] memfd_create("syzkaller", 0) = 3 [pid 16523] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 16523] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16523] munmap(0x7fbc5eeed000, 262144) = 0 [pid 16523] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16523] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16523] close(3) = 0 [pid 16523] mkdir("./file1", 0777) = 0 [pid 16523] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16523] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16523] chdir("./file1") = 0 [pid 16523] ioctl(4, LOOP_CLR_FD) = 0 [pid 16523] close(4) = 0 [pid 16523] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16522] <... futex resumed>) = 0 [pid 16522] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16522] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16523] <... futex resumed>) = 1 [pid 16523] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 16523] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16522] <... futex resumed>) = 0 [pid 16522] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16522] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16522] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 16522] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16522] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16522] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[10450]}, 88) = 10450 [pid 16522] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16522] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16522] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16522] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 16522] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16522] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16522] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[10451]}, 88) = 10451 [pid 16522] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 16527 attached ./strace-static-x86_64: Process 16526 attached [pid 16522] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16523] <... futex resumed>) = 1 [pid 16522] <... futex resumed>) = 0 [pid 16522] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16527] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 16527] rt_sigprocmask(SIG_SETMASK, [], [pid 16526] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 16523] memfd_create("syzkaller", 0 [pid 16527] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16523] <... memfd_create resumed>) = 4 [pid 16527] memfd_create("syzkaller", 0 [pid 16523] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 16526] <... set_robust_list resumed>) = 0 [pid 16527] <... memfd_create resumed>) = 5 [pid 16527] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16527] close(5 [pid 16523] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 16527] <... close resumed>) = 0 [pid 16527] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 16526] rt_sigprocmask(SIG_SETMASK, [], [pid 16527] <... futex resumed>) = 1 [pid 16523] close(4 [pid 16522] <... futex resumed>) = 0 [pid 16522] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16522] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16527] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 16526] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16523] <... close resumed>) = 0 [pid 16523] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16523] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16526] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 16527] <... open resumed>) = 4 [pid 16527] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 16526] <... setxattr resumed>) = 0 [pid 16522] <... futex resumed>) = 0 [pid 16522] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16522] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16527] <... futex resumed>) = 1 [pid 16527] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16523] <... futex resumed>) = 0 [pid 16523] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 16523] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16522] <... futex resumed>) = 0 [pid 16522] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16522] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16523] <... futex resumed>) = 1 [pid 16523] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 16526] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16526] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16523] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16522] <... futex resumed>) = 0 [pid 16522] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16522] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16523] <... futex resumed>) = 1 [pid 16523] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 16523] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16522] <... futex resumed>) = 0 [pid 16522] close(3) = 0 [pid 16522] close(4) = 0 [pid 16522] close(5 [pid 16523] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16522] <... close resumed>) = 0 [pid 16522] close(6) = -1 EBADF (Bad file descriptor) [pid 16522] close(7) = -1 EBADF (Bad file descriptor) [pid 16522] close(8) = -1 EBADF (Bad file descriptor) [pid 16522] close(9) = -1 EBADF (Bad file descriptor) [pid 16522] close(10) = -1 EBADF (Bad file descriptor) [pid 16522] close(11) = -1 EBADF (Bad file descriptor) [pid 16522] close(12) = -1 EBADF (Bad file descriptor) [pid 16522] close(13) = -1 EBADF (Bad file descriptor) [pid 16522] close(14) = -1 EBADF (Bad file descriptor) [pid 16522] close(15) = -1 EBADF (Bad file descriptor) [pid 16522] close(16) = -1 EBADF (Bad file descriptor) [pid 16522] close(17) = -1 EBADF (Bad file descriptor) [pid 16522] close(18) = -1 EBADF (Bad file descriptor) [pid 16522] close(19) = -1 EBADF (Bad file descriptor) [pid 16522] close(20) = -1 EBADF (Bad file descriptor) [pid 16522] close(21) = -1 EBADF (Bad file descriptor) [pid 16522] close(22) = -1 EBADF (Bad file descriptor) [pid 16522] close(23) = -1 EBADF (Bad file descriptor) [pid 16522] close(24) = -1 EBADF (Bad file descriptor) [pid 16522] close(25) = -1 EBADF (Bad file descriptor) [pid 16522] close(26) = -1 EBADF (Bad file descriptor) [pid 16522] close(27) = -1 EBADF (Bad file descriptor) [pid 16522] close(28) = -1 EBADF (Bad file descriptor) [pid 16522] close(29) = -1 EBADF (Bad file descriptor) [pid 16522] exit_group(0 [pid 16527] <... futex resumed>) = ? [pid 16526] <... futex resumed>) = ? [pid 16523] <... futex resumed>) = 231 [pid 16522] <... exit_group resumed>) = ? [pid 16527] +++ exited with 0 +++ [pid 16526] +++ exited with 0 +++ [pid 16523] +++ exited with 0 +++ [pid 16522] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10448, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2738", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2738", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2738/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2738/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2738/binderfs") = 0 [ 328.699063][T16523] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2738/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2738/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2738/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2738/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2738/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2738/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2738") = 0 [pid 289] mkdir("./2739", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10452 ./strace-static-x86_64: Process 16528 attached [pid 16528] set_robust_list(0x555556f746a0, 24) = 0 [pid 16528] chdir("./2739") = 0 [pid 16528] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16528] setpgid(0, 0) = 0 [pid 16528] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16528] write(3, "1000", 4) = 4 [pid 16528] close(3) = 0 [pid 16528] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16528] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16528] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 16528] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 16528] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 16528] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16528] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16528] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0}./strace-static-x86_64: Process 16529 attached => {parent_tid=[10453]}, 88) = 10453 [pid 16529] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 16529] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16529] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16528] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16528] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16529] <... futex resumed>) = 0 [pid 16528] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16529] memfd_create("syzkaller", 0) = 3 [pid 16529] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 16529] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16529] munmap(0x7fbc5eeed000, 262144) = 0 [pid 16529] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16529] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16529] close(3) = 0 [pid 16529] mkdir("./file1", 0777) = 0 [pid 16529] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16529] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16529] chdir("./file1") = 0 [pid 16529] ioctl(4, LOOP_CLR_FD) = 0 [pid 16529] close(4) = 0 [pid 16529] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16528] <... futex resumed>) = 0 [pid 16528] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16528] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16529] <... futex resumed>) = 1 [pid 16529] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 16529] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16528] <... futex resumed>) = 0 [pid 16528] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16528] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16528] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 16528] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16528] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16528] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[10454]}, 88) = 10454 [pid 16528] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16528] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16528] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16528] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 16528] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16528] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16528] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[10455]}, 88) = 10455 [pid 16528] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16528] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16528] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16529] <... futex resumed>) = 1 [pid 16529] memfd_create("syzkaller", 0) = 4 [pid 16529] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16529] close(4) = 0 [pid 16529] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16529] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 16532 attached [pid 16532] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 16532] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16532] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0) = 0 [pid 16532] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16532] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 16533 attached [pid 16533] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 16533] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16533] memfd_create("syzkaller", 0) = 4 [pid 16533] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16533] close(4) = 0 [pid 16533] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 16528] <... futex resumed>) = 0 [pid 16528] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16529] <... futex resumed>) = 0 [pid 16528] <... futex resumed>) = 1 [pid 16529] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 16528] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16529] <... open resumed>) = 4 [pid 16529] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16528] <... futex resumed>) = 0 [pid 16529] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 16528] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16529] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 16528] <... futex resumed>) = 0 [pid 16528] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16529] <... mount resumed>) = 0 [pid 16529] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16528] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 16529] <... futex resumed>) = 0 [pid 16529] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 16528] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16529] <... open resumed>) = 5 [pid 16528] <... futex resumed>) = 0 [pid 16529] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16528] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16529] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16528] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 16528] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16529] <... futex resumed>) = 0 [pid 16528] <... futex resumed>) = 1 [pid 16529] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 16528] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16533] <... futex resumed>) = 1 [pid 16533] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16529] <... write resumed>) = 262144 [pid 16529] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16528] <... futex resumed>) = 0 [pid 16528] close(3) = 0 [pid 16528] close(4) = 0 [pid 16528] close(5) = 0 [pid 16528] close(6) = -1 EBADF (Bad file descriptor) [pid 16528] close(7) = -1 EBADF (Bad file descriptor) [pid 16528] close(8) = -1 EBADF (Bad file descriptor) [pid 16528] close(9) = -1 EBADF (Bad file descriptor) [pid 16528] close(10) = -1 EBADF (Bad file descriptor) [pid 16528] close(11) = -1 EBADF (Bad file descriptor) [pid 16528] close(12) = -1 EBADF (Bad file descriptor) [pid 16528] close(13) = -1 EBADF (Bad file descriptor) [pid 16528] close(14) = -1 EBADF (Bad file descriptor) [pid 16528] close(15) = -1 EBADF (Bad file descriptor) [pid 16528] close(16) = -1 EBADF (Bad file descriptor) [pid 16528] close(17) = -1 EBADF (Bad file descriptor) [pid 16528] close(18) = -1 EBADF (Bad file descriptor) [pid 16528] close(19) = -1 EBADF (Bad file descriptor) [pid 16528] close(20) = -1 EBADF (Bad file descriptor) [pid 16528] close(21) = -1 EBADF (Bad file descriptor) [pid 16528] close(22) = -1 EBADF (Bad file descriptor) [pid 16528] close(23) = -1 EBADF (Bad file descriptor) [pid 16528] close(24) = -1 EBADF (Bad file descriptor) [pid 16528] close(25) = -1 EBADF (Bad file descriptor) [pid 16528] close(26) = -1 EBADF (Bad file descriptor) [pid 16528] close(27) = -1 EBADF (Bad file descriptor) [pid 16528] close(28) = -1 EBADF (Bad file descriptor) [pid 16528] close(29) = -1 EBADF (Bad file descriptor) [pid 16528] exit_group(0 [pid 16532] <... futex resumed>) = ? [pid 16528] <... exit_group resumed>) = ? [pid 16532] +++ exited with 0 +++ [pid 16529] <... futex resumed>) = ? [pid 16529] +++ exited with 0 +++ [pid 16533] <... futex resumed>) = ? [pid 16533] +++ exited with 0 +++ [pid 16528] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10452, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] umount2("./2739", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2739", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2739/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2739/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2739/binderfs") = 0 [pid 289] umount2("./2739/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2739/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2739/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2739/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2739/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2739/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2739") = 0 [pid 289] mkdir("./2740", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10456 ./strace-static-x86_64: Process 16534 attached [pid 16534] set_robust_list(0x555556f746a0, 24) = 0 [pid 16534] chdir("./2740") = 0 [pid 16534] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16534] setpgid(0, 0) = 0 [pid 16534] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16534] write(3, "1000", 4) = 4 [pid 16534] close(3) = 0 [pid 16534] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16534] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16534] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 16534] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 16534] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 16534] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16534] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16534] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0}./strace-static-x86_64: Process 16535 attached => {parent_tid=[10457]}, 88) = 10457 [pid 16534] rt_sigprocmask(SIG_SETMASK, [], [pid 16535] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 16535] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16535] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16534] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16534] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16535] <... futex resumed>) = 0 [pid 16534] <... futex resumed>) = 1 [pid 16534] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16535] memfd_create("syzkaller", 0) = 3 [pid 16535] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 16535] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16535] munmap(0x7fbc5eeed000, 262144) = 0 [pid 16535] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16535] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16535] close(3) = 0 [pid 16535] mkdir("./file1", 0777) = 0 [ 328.823726][T16529] EXT4-fs (loop0): 1 truncate cleaned up [pid 16535] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16535] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16535] chdir("./file1") = 0 [pid 16535] ioctl(4, LOOP_CLR_FD) = 0 [pid 16535] close(4) = 0 [pid 16535] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16534] <... futex resumed>) = 0 [pid 16534] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16535] setxattr("./file1", NULL, NULL, 0, 0 [pid 16534] <... futex resumed>) = 0 [pid 16534] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16535] <... setxattr resumed>) = -1 EFAULT (Bad address) [pid 16535] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16534] <... futex resumed>) = 0 [pid 16534] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16535] memfd_create("syzkaller", 0 [pid 16534] <... futex resumed>) = 0 [pid 16535] <... memfd_create resumed>) = 4 [pid 16534] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16535] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 16534] <... futex resumed>) = 0 [pid 16535] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 16534] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 16535] close(4 [pid 16534] <... mmap resumed>) = 0x7fbc5ef0c000 [pid 16534] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16534] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16534] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0}./strace-static-x86_64: Process 16538 attached => {parent_tid=[10458]}, 88) = 10458 [pid 16538] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 16534] rt_sigprocmask(SIG_SETMASK, [], [pid 16538] <... set_robust_list resumed>) = 0 [pid 16534] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16538] rt_sigprocmask(SIG_SETMASK, [], [pid 16534] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16538] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16534] <... futex resumed>) = 0 [pid 16538] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 16534] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16534] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 16534] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16534] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16534] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} [pid 16538] <... setxattr resumed>) = 0 [pid 16534] <... clone3 resumed> => {parent_tid=[10459]}, 88) = 10459 [pid 16538] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16534] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16534] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16534] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16538] <... futex resumed>) = 0 [pid 16538] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 16539 attached [pid 16539] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 16539] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16539] memfd_create("syzkaller", 0) = 5 [pid 16539] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16539] close(5) = 0 [pid 16539] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16534] <... futex resumed>) = 0 [pid 16539] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16534] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16538] <... futex resumed>) = 0 [pid 16534] <... futex resumed>) = 1 [pid 16538] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 16534] futex(0x7fbc673d96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16535] <... close resumed>) = 0 [pid 16535] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16538] <... open resumed>) = 4 [pid 16538] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16534] <... futex resumed>) = 0 [pid 16538] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16534] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16534] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16535] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 16535] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16534] <... futex resumed>) = 0 [pid 16534] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16534] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16535] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 16535] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16534] <... futex resumed>) = 0 [pid 16534] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16534] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16535] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 16535] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16534] <... futex resumed>) = 0 [pid 16535] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16534] close(3) = 0 [pid 16534] close(4) = 0 [pid 16534] close(5) = 0 [pid 16534] close(6) = -1 EBADF (Bad file descriptor) [pid 16534] close(7) = -1 EBADF (Bad file descriptor) [pid 16534] close(8) = -1 EBADF (Bad file descriptor) [pid 16534] close(9) = -1 EBADF (Bad file descriptor) [pid 16534] close(10) = -1 EBADF (Bad file descriptor) [pid 16534] close(11) = -1 EBADF (Bad file descriptor) [pid 16534] close(12) = -1 EBADF (Bad file descriptor) [pid 16534] close(13) = -1 EBADF (Bad file descriptor) [pid 16534] close(14) = -1 EBADF (Bad file descriptor) [pid 16534] close(15) = -1 EBADF (Bad file descriptor) [pid 16534] close(16) = -1 EBADF (Bad file descriptor) [pid 16534] close(17) = -1 EBADF (Bad file descriptor) [pid 16534] close(18) = -1 EBADF (Bad file descriptor) [pid 16534] close(19) = -1 EBADF (Bad file descriptor) [pid 16534] close(20) = -1 EBADF (Bad file descriptor) [pid 16534] close(21) = -1 EBADF (Bad file descriptor) [pid 16534] close(22) = -1 EBADF (Bad file descriptor) [pid 16534] close(23) = -1 EBADF (Bad file descriptor) [pid 16534] close(24) = -1 EBADF (Bad file descriptor) [pid 16534] close(25) = -1 EBADF (Bad file descriptor) [pid 16534] close(26) = -1 EBADF (Bad file descriptor) [pid 16534] close(27) = -1 EBADF (Bad file descriptor) [pid 16534] close(28) = -1 EBADF (Bad file descriptor) [pid 16534] close(29) = -1 EBADF (Bad file descriptor) [pid 16534] exit_group(0 [pid 16538] <... futex resumed>) = 231 [pid 16534] <... exit_group resumed>) = ? [pid 16535] <... futex resumed>) = ? [pid 16538] +++ exited with 0 +++ [pid 16535] +++ exited with 0 +++ [pid 16539] <... futex resumed>) = 230 [pid 16539] +++ exited with 0 +++ [pid 16534] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10456, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2740", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2740", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2740/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2740/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2740/binderfs") = 0 [ 328.871949][T16535] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2740/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2740/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2740/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2740/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2740/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2740/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2740") = 0 [pid 289] mkdir("./2741", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10460 ./strace-static-x86_64: Process 16540 attached [pid 16540] set_robust_list(0x555556f746a0, 24) = 0 [pid 16540] chdir("./2741") = 0 [pid 16540] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16540] setpgid(0, 0) = 0 [pid 16540] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16540] write(3, "1000", 4) = 4 [pid 16540] close(3) = 0 [pid 16540] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16540] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16540] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 16540] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 16540] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 16540] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16540] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16540] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0}./strace-static-x86_64: Process 16541 attached => {parent_tid=[10461]}, 88) = 10461 [pid 16541] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 16541] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16541] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16540] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16540] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16541] <... futex resumed>) = 0 [pid 16540] <... futex resumed>) = 1 [pid 16541] memfd_create("syzkaller", 0) = 3 [pid 16541] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 16540] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16541] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16541] munmap(0x7fbc5eeed000, 262144) = 0 [pid 16541] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16541] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16541] close(3) = 0 [pid 16541] mkdir("./file1", 0777) = 0 [pid 16541] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16541] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16541] chdir("./file1") = 0 [pid 16541] ioctl(4, LOOP_CLR_FD) = 0 [pid 16541] close(4) = 0 [pid 16541] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16540] <... futex resumed>) = 0 [pid 16541] setxattr("./file1", NULL, NULL, 0, 0 [pid 16540] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16540] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16541] <... setxattr resumed>) = -1 EFAULT (Bad address) [pid 16541] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16540] <... futex resumed>) = 0 [pid 16540] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16541] memfd_create("syzkaller", 0 [pid 16540] <... futex resumed>) = 0 [pid 16540] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16540] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 16540] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE [pid 16541] <... memfd_create resumed>) = 4 [pid 16541] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 16540] <... mprotect resumed>) = 0 [pid 16541] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 16540] rt_sigprocmask(SIG_BLOCK, ~[], [pid 16541] close(4 [pid 16540] <... rt_sigprocmask resumed>[], 8) = 0 [pid 16540] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0}./strace-static-x86_64: Process 16544 attached [pid 16544] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 16544] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16544] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16540] <... clone3 resumed> => {parent_tid=[10462]}, 88) = 10462 [pid 16541] <... close resumed>) = 0 [pid 16541] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16540] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16541] <... futex resumed>) = 0 [pid 16540] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16541] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16540] <... futex resumed>) = 1 [pid 16544] <... futex resumed>) = 0 [pid 16544] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 16540] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16541] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 16544] <... setxattr resumed>) = 0 [pid 16540] <... futex resumed>) = 0 [pid 16544] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16540] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16544] <... futex resumed>) = 0 [pid 16544] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16541] memfd_create("syzkaller", 0) = 4 [pid 16541] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16541] close(4) = 0 [pid 16541] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16540] <... futex resumed>) = 0 [pid 16541] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 16540] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16540] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16541] <... open resumed>) = 4 [pid 16541] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16540] <... futex resumed>) = 0 [pid 16540] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16540] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16541] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 16541] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16540] <... futex resumed>) = 0 [pid 16540] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16540] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16541] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 16541] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16540] <... futex resumed>) = 0 [pid 16540] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16540] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16541] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 16541] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16540] <... futex resumed>) = 0 [pid 16541] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16540] close(3) = 0 [pid 16540] close(4) = 0 [pid 16540] close(5) = 0 [pid 16540] close(6) = -1 EBADF (Bad file descriptor) [pid 16540] close(7) = -1 EBADF (Bad file descriptor) [pid 16540] close(8) = -1 EBADF (Bad file descriptor) [pid 16540] close(9) = -1 EBADF (Bad file descriptor) [pid 16540] close(10) = -1 EBADF (Bad file descriptor) [pid 16540] close(11) = -1 EBADF (Bad file descriptor) [pid 16540] close(12) = -1 EBADF (Bad file descriptor) [pid 16540] close(13) = -1 EBADF (Bad file descriptor) [pid 16540] close(14) = -1 EBADF (Bad file descriptor) [pid 16540] close(15) = -1 EBADF (Bad file descriptor) [pid 16540] close(16) = -1 EBADF (Bad file descriptor) [pid 16540] close(17) = -1 EBADF (Bad file descriptor) [pid 16540] close(18) = -1 EBADF (Bad file descriptor) [pid 16540] close(19) = -1 EBADF (Bad file descriptor) [pid 16540] close(20) = -1 EBADF (Bad file descriptor) [pid 16540] close(21) = -1 EBADF (Bad file descriptor) [pid 16540] close(22) = -1 EBADF (Bad file descriptor) [pid 16540] close(23) = -1 EBADF (Bad file descriptor) [pid 16540] close(24) = -1 EBADF (Bad file descriptor) [pid 16540] close(25) = -1 EBADF (Bad file descriptor) [pid 16540] close(26) = -1 EBADF (Bad file descriptor) [pid 16540] close(27) = -1 EBADF (Bad file descriptor) [pid 16540] close(28) = -1 EBADF (Bad file descriptor) [pid 16540] close(29) = -1 EBADF (Bad file descriptor) [pid 16540] exit_group(0) = ? [pid 16544] <... futex resumed>) = ? [pid 16544] +++ exited with 0 +++ [pid 16541] <... futex resumed>) = ? [pid 16541] +++ exited with 0 +++ [pid 16540] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10460, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2741", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2741", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2741/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2741/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2741/binderfs") = 0 [ 329.013015][T16541] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2741/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2741/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2741/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2741/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2741/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2741/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2741") = 0 [pid 289] mkdir("./2742", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10463 ./strace-static-x86_64: Process 16545 attached [pid 16545] set_robust_list(0x555556f746a0, 24) = 0 [pid 16545] chdir("./2742") = 0 [pid 16545] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16545] setpgid(0, 0) = 0 [pid 16545] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16545] write(3, "1000", 4) = 4 [pid 16545] close(3) = 0 [pid 16545] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16545] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16545] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 16545] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 16545] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 16545] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16545] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16545] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0}./strace-static-x86_64: Process 16546 attached => {parent_tid=[10464]}, 88) = 10464 [pid 16545] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16545] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16545] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16546] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 16546] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16546] memfd_create("syzkaller", 0) = 3 [pid 16546] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 16546] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16546] munmap(0x7fbc5eeed000, 262144) = 0 [pid 16546] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16546] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16546] close(3) = 0 [pid 16546] mkdir("./file1", 0777) = 0 [pid 16546] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16546] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16546] chdir("./file1") = 0 [pid 16546] ioctl(4, LOOP_CLR_FD) = 0 [pid 16546] close(4) = 0 [pid 16546] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16545] <... futex resumed>) = 0 [pid 16545] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16545] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16546] <... futex resumed>) = 1 [pid 16546] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 16546] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16545] <... futex resumed>) = 0 [pid 16545] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16545] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16545] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 16545] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16545] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16545] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[10465]}, 88) = 10465 [pid 16545] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16545] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16545] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16545] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 16545] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16545] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16545] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[10466]}, 88) = 10466 [pid 16545] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 16550 attached ./strace-static-x86_64: Process 16549 attached [pid 16545] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16550] set_robust_list(0x7fbc5ef0b9a0, 24 [pid 16549] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 16545] <... futex resumed>) = 0 [pid 16545] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16546] <... futex resumed>) = 1 [pid 16546] memfd_create("syzkaller", 0 [pid 16550] <... set_robust_list resumed>) = 0 [pid 16549] <... set_robust_list resumed>) = 0 [pid 16546] <... memfd_create resumed>) = 4 [pid 16546] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16546] close(4) = 0 [pid 16546] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16546] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16550] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16550] memfd_create("syzkaller", 0 [pid 16549] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16550] <... memfd_create resumed>) = 4 [pid 16549] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 16550] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16550] close(4) = 0 [pid 16550] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 16545] <... futex resumed>) = 0 [pid 16545] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16545] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16546] <... futex resumed>) = 0 [pid 16550] <... futex resumed>) = 1 [pid 16549] <... setxattr resumed>) = 0 [pid 16550] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16549] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16546] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 16549] <... futex resumed>) = 0 [pid 16549] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16546] <... open resumed>) = 4 [pid 16546] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16545] <... futex resumed>) = 0 [pid 16546] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 16545] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16545] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16546] <... mount resumed>) = 0 [pid 16546] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16545] <... futex resumed>) = 0 [pid 16546] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 16545] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16546] <... open resumed>) = 5 [pid 16545] <... futex resumed>) = 0 [pid 16546] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16545] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16546] <... futex resumed>) = 0 [pid 16545] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 16546] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 16545] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16545] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16546] <... write resumed>) = 262144 [pid 16546] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16545] <... futex resumed>) = 0 [pid 16545] close(3) = 0 [pid 16545] close(4 [pid 16546] <... futex resumed>) = 1 [pid 16545] <... close resumed>) = 0 [pid 16546] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16545] close(5) = 0 [pid 16545] close(6) = -1 EBADF (Bad file descriptor) [pid 16545] close(7) = -1 EBADF (Bad file descriptor) [pid 16545] close(8) = -1 EBADF (Bad file descriptor) [pid 16545] close(9) = -1 EBADF (Bad file descriptor) [pid 16545] close(10) = -1 EBADF (Bad file descriptor) [pid 16545] close(11) = -1 EBADF (Bad file descriptor) [pid 16545] close(12) = -1 EBADF (Bad file descriptor) [pid 16545] close(13) = -1 EBADF (Bad file descriptor) [pid 16545] close(14) = -1 EBADF (Bad file descriptor) [pid 16545] close(15) = -1 EBADF (Bad file descriptor) [pid 16545] close(16) = -1 EBADF (Bad file descriptor) [pid 16545] close(17) = -1 EBADF (Bad file descriptor) [pid 16545] close(18) = -1 EBADF (Bad file descriptor) [pid 16545] close(19) = -1 EBADF (Bad file descriptor) [pid 16545] close(20) = -1 EBADF (Bad file descriptor) [pid 16545] close(21) = -1 EBADF (Bad file descriptor) [pid 16545] close(22) = -1 EBADF (Bad file descriptor) [pid 16545] close(23) = -1 EBADF (Bad file descriptor) [pid 16545] close(24) = -1 EBADF (Bad file descriptor) [pid 16545] close(25) = -1 EBADF (Bad file descriptor) [pid 16545] close(26) = -1 EBADF (Bad file descriptor) [pid 16545] close(27) = -1 EBADF (Bad file descriptor) [pid 16545] close(28) = -1 EBADF (Bad file descriptor) [pid 16545] close(29) = -1 EBADF (Bad file descriptor) [pid 16545] exit_group(0) = ? [pid 16549] <... futex resumed>) = ? [pid 16549] +++ exited with 0 +++ [pid 16546] <... futex resumed>) = ? [pid 16550] <... futex resumed>) = ? [pid 16550] +++ exited with 0 +++ [pid 16546] +++ exited with 0 +++ [pid 16545] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10463, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2742", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2742", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2742/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2742/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2742/binderfs") = 0 [ 329.103882][T16546] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2742/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2742/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2742/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2742/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2742/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2742/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2742") = 0 [pid 289] mkdir("./2743", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10467 ./strace-static-x86_64: Process 16551 attached [pid 16551] set_robust_list(0x555556f746a0, 24) = 0 [pid 16551] chdir("./2743") = 0 [pid 16551] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16551] setpgid(0, 0) = 0 [pid 16551] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16551] write(3, "1000", 4) = 4 [pid 16551] close(3) = 0 [pid 16551] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16551] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16551] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 16551] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 16551] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 16551] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16551] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16551] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10468]}, 88) = 10468 [pid 16551] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16551] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16551] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 16552 attached [pid 16552] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 16552] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16552] memfd_create("syzkaller", 0) = 3 [pid 16552] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 16552] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16552] munmap(0x7fbc5eeed000, 262144) = 0 [pid 16552] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16552] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16552] close(3) = 0 [pid 16552] mkdir("./file1", 0777) = 0 [pid 16552] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16552] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16552] chdir("./file1") = 0 [pid 16552] ioctl(4, LOOP_CLR_FD) = 0 [pid 16552] close(4) = 0 [pid 16552] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16551] <... futex resumed>) = 0 [pid 16552] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16551] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16552] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 16551] <... futex resumed>) = 0 [pid 16552] setxattr("./file1", NULL, NULL, 0, 0 [pid 16551] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16552] <... setxattr resumed>) = -1 EFAULT (Bad address) [pid 16552] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16551] <... futex resumed>) = 0 [pid 16552] <... futex resumed>) = 1 [pid 16551] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16552] memfd_create("syzkaller", 0 [pid 16551] <... futex resumed>) = 0 [pid 16551] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16552] <... memfd_create resumed>) = 4 [pid 16551] <... futex resumed>) = 0 [pid 16552] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 16551] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 16552] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 16551] <... mmap resumed>) = 0x7fbc5ef0c000 [pid 16552] close(4 [pid 16551] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16552] <... close resumed>) = 0 [pid 16551] rt_sigprocmask(SIG_BLOCK, ~[], [pid 16552] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16551] <... rt_sigprocmask resumed>[], 8) = 0 [pid 16552] <... futex resumed>) = 0 [pid 16552] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16551] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[10469]}, 88) = 10469 [pid 16551] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16551] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16551] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16552] <... futex resumed>) = 0 [pid 16551] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16552] memfd_create("syzkaller", 0) = 4 [pid 16552] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16552] close(4) = 0 [pid 16552] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16551] <... futex resumed>) = 0 [pid 16552] <... futex resumed>) = 1 [pid 16551] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16552] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 16551] <... futex resumed>) = 0 [pid 16551] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16552] <... open resumed>) = 4 [pid 16552] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16551] <... futex resumed>) = 0 [pid 16551] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16551] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16552] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 16552] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16551] <... futex resumed>) = 0 [pid 16552] <... futex resumed>) = 1 [pid 16551] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16552] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 16551] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16552] <... open resumed>) = 5 [pid 16552] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16551] <... futex resumed>) = 0 [pid 16552] <... futex resumed>) = 1 [pid 16551] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16552] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 16551] <... futex resumed>) = 0 [pid 16551] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 16555 attached [pid 16555] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 16555] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16555] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 16555] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16552] <... write resumed>) = 262144 [pid 16552] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16552] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16555] <... futex resumed>) = 0 [pid 16555] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16551] <... futex resumed>) = 0 [pid 16551] close(3) = 0 [pid 16551] close(4) = 0 [pid 16551] close(5) = 0 [pid 16551] close(6) = -1 EBADF (Bad file descriptor) [pid 16551] close(7) = -1 EBADF (Bad file descriptor) [pid 16551] close(8) = -1 EBADF (Bad file descriptor) [pid 16551] close(9) = -1 EBADF (Bad file descriptor) [pid 16551] close(10) = -1 EBADF (Bad file descriptor) [pid 16551] close(11) = -1 EBADF (Bad file descriptor) [pid 16551] close(12) = -1 EBADF (Bad file descriptor) [pid 16551] close(13) = -1 EBADF (Bad file descriptor) [pid 16551] close(14) = -1 EBADF (Bad file descriptor) [pid 16551] close(15) = -1 EBADF (Bad file descriptor) [pid 16551] close(16) = -1 EBADF (Bad file descriptor) [pid 16551] close(17) = -1 EBADF (Bad file descriptor) [pid 16551] close(18) = -1 EBADF (Bad file descriptor) [pid 16551] close(19) = -1 EBADF (Bad file descriptor) [pid 16551] close(20) = -1 EBADF (Bad file descriptor) [pid 16551] close(21) = -1 EBADF (Bad file descriptor) [pid 16551] close(22) = -1 EBADF (Bad file descriptor) [pid 16551] close(23) = -1 EBADF (Bad file descriptor) [pid 16551] close(24) = -1 EBADF (Bad file descriptor) [pid 16551] close(25) = -1 EBADF (Bad file descriptor) [pid 16551] close(26) = -1 EBADF (Bad file descriptor) [pid 16551] close(27) = -1 EBADF (Bad file descriptor) [pid 16551] close(28) = -1 EBADF (Bad file descriptor) [pid 16551] close(29) = -1 EBADF (Bad file descriptor) [pid 16551] exit_group(0 [pid 16555] <... futex resumed>) = ? [pid 16551] <... exit_group resumed>) = ? [pid 16552] <... futex resumed>) = ? [pid 16555] +++ exited with 0 +++ [pid 16552] +++ exited with 0 +++ [pid 16551] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10467, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2743", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2743", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2743/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2743/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 329.189092][T16552] EXT4-fs (loop0): 1 truncate cleaned up [ 329.203320][T16555] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5886: Corrupt filesystem [pid 289] unlink("./2743/binderfs") = 0 [pid 289] umount2("./2743/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2743/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2743/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2743/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2743/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2743/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2743") = 0 [pid 289] mkdir("./2744", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10470 ./strace-static-x86_64: Process 16556 attached [pid 16556] set_robust_list(0x555556f746a0, 24) = 0 [pid 16556] chdir("./2744") = 0 [pid 16556] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16556] setpgid(0, 0) = 0 [pid 16556] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16556] write(3, "1000", 4) = 4 [pid 16556] close(3) = 0 [pid 16556] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16556] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16556] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 16556] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 16556] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 16556] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16556] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16556] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10471]}, 88) = 10471 [pid 16556] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16556] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16556] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 16557 attached [pid 16557] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 16557] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16557] memfd_create("syzkaller", 0) = 3 [pid 16557] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 16557] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16557] munmap(0x7fbc5eeed000, 262144) = 0 [pid 16557] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16557] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16557] close(3) = 0 [pid 16557] mkdir("./file1", 0777) = 0 [pid 16557] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16557] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16557] chdir("./file1") = 0 [pid 16557] ioctl(4, LOOP_CLR_FD) = 0 [pid 16557] close(4) = 0 [pid 16557] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16556] <... futex resumed>) = 0 [pid 16556] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16556] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16557] <... futex resumed>) = 1 [pid 16557] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 16557] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16556] <... futex resumed>) = 0 [pid 16556] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16556] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16556] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 16556] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16556] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16556] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[10472]}, 88) = 10472 [pid 16556] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16556] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 16560 attached [pid 16557] <... futex resumed>) = 1 [pid 16556] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16556] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 16556] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16557] memfd_create("syzkaller", 0 [pid 16556] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16556] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[10473]}, 88) = 10473 [pid 16560] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 16556] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16556] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16556] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16560] <... set_robust_list resumed>) = 0 [pid 16557] <... memfd_create resumed>) = 4 [pid 16560] rt_sigprocmask(SIG_SETMASK, [], [pid 16557] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0./strace-static-x86_64: Process 16561 attached [pid 16560] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16561] set_robust_list(0x7fbc5ef0b9a0, 24 [pid 16557] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 16560] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 16557] close(4 [pid 16561] <... set_robust_list resumed>) = 0 [pid 16560] <... setxattr resumed>) = 0 [pid 16557] <... close resumed>) = 0 [pid 16557] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16560] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16561] rt_sigprocmask(SIG_SETMASK, [], [pid 16557] <... futex resumed>) = 0 [pid 16560] <... futex resumed>) = 0 [pid 16557] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16560] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16561] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16561] memfd_create("syzkaller", 0) = 4 [pid 16561] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16561] close(4) = 0 [pid 16561] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 16556] <... futex resumed>) = 0 [pid 16556] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16561] <... futex resumed>) = 1 [pid 16557] <... futex resumed>) = 0 [pid 16556] <... futex resumed>) = 1 [pid 16561] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16557] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 16556] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16557] <... open resumed>) = 4 [pid 16557] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16556] <... futex resumed>) = 0 [pid 16556] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16556] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16557] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 16557] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16556] <... futex resumed>) = 0 [pid 16557] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16556] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16557] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 16556] <... futex resumed>) = 0 [pid 16557] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 16556] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16557] <... open resumed>) = 5 [pid 16557] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16556] <... futex resumed>) = 0 [pid 16556] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16557] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 16556] <... futex resumed>) = 0 [pid 16556] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16557] <... write resumed>) = 262144 [pid 16557] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16556] <... futex resumed>) = 0 [pid 16556] close(3) = 0 [pid 16556] close(4) = 0 [pid 16556] close(5) = 0 [pid 16556] close(6) = -1 EBADF (Bad file descriptor) [pid 16556] close(7) = -1 EBADF (Bad file descriptor) [pid 16556] close(8) = -1 EBADF (Bad file descriptor) [pid 16556] close(9) = -1 EBADF (Bad file descriptor) [pid 16556] close(10) = -1 EBADF (Bad file descriptor) [pid 16556] close(11) = -1 EBADF (Bad file descriptor) [pid 16556] close(12) = -1 EBADF (Bad file descriptor) [pid 16556] close(13) = -1 EBADF (Bad file descriptor) [pid 16556] close(14) = -1 EBADF (Bad file descriptor) [pid 16556] close(15) = -1 EBADF (Bad file descriptor) [pid 16556] close(16) = -1 EBADF (Bad file descriptor) [pid 16556] close(17) = -1 EBADF (Bad file descriptor) [pid 16556] close(18) = -1 EBADF (Bad file descriptor) [pid 16556] close(19) = -1 EBADF (Bad file descriptor) [pid 16556] close(20) = -1 EBADF (Bad file descriptor) [pid 16556] close(21) = -1 EBADF (Bad file descriptor) [pid 16556] close(22) = -1 EBADF (Bad file descriptor) [pid 16556] close(23) = -1 EBADF (Bad file descriptor) [pid 16556] close(24) = -1 EBADF (Bad file descriptor) [pid 16556] close(25) = -1 EBADF (Bad file descriptor) [pid 16556] close(26) = -1 EBADF (Bad file descriptor) [pid 16556] close(27) = -1 EBADF (Bad file descriptor) [pid 16556] close(28) = -1 EBADF (Bad file descriptor) [pid 16556] close(29) = -1 EBADF (Bad file descriptor) [pid 16556] exit_group(0 [pid 16560] <... futex resumed>) = ? [pid 16556] <... exit_group resumed>) = ? [pid 16560] +++ exited with 0 +++ [pid 16557] <... futex resumed>) = ? [pid 16557] +++ exited with 0 +++ [pid 16561] <... futex resumed>) = ? [pid 16561] +++ exited with 0 +++ [pid 16556] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10470, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] umount2("./2744", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2744", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2744/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2744/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2744/binderfs") = 0 [ 329.339802][T16557] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2744/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2744/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2744/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2744/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2744/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2744/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2744") = 0 [pid 289] mkdir("./2745", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10474 ./strace-static-x86_64: Process 16562 attached [pid 16562] set_robust_list(0x555556f746a0, 24) = 0 [pid 16562] chdir("./2745") = 0 [pid 16562] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16562] setpgid(0, 0) = 0 [pid 16562] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16562] write(3, "1000", 4) = 4 [pid 16562] close(3) = 0 [pid 16562] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16562] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16562] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 16562] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 16562] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 16562] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16562] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16562] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10475]}, 88) = 10475 [pid 16562] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16562] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16562] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 16563 attached [pid 16563] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 16563] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16563] memfd_create("syzkaller", 0) = 3 [pid 16563] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 16563] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16563] munmap(0x7fbc5eeed000, 262144) = 0 [pid 16563] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16563] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16563] close(3) = 0 [pid 16563] mkdir("./file1", 0777) = 0 [pid 16563] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16563] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16563] chdir("./file1") = 0 [pid 16563] ioctl(4, LOOP_CLR_FD) = 0 [pid 16563] close(4) = 0 [pid 16563] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16562] <... futex resumed>) = 0 [pid 16562] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16562] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16563] <... futex resumed>) = 1 [pid 16563] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 16563] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16562] <... futex resumed>) = 0 [pid 16562] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16562] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16562] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 16562] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16562] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16562] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[10476]}, 88) = 10476 [pid 16562] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16562] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16562] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16562] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 16562] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16562] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16562] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[10477]}, 88) = 10477 [pid 16562] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16562] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16562] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16563] <... futex resumed>) = 1 [pid 16563] memfd_create("syzkaller", 0) = 4 [pid 16563] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16563] close(4) = 0 [pid 16563] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16563] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 16566 attached [pid 16566] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 16566] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16566] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0) = 0 [pid 16566] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16566] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 16567 attached [pid 16567] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 16567] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16567] memfd_create("syzkaller", 0) = 4 [pid 16567] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16567] close(4) = 0 [pid 16567] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 16562] <... futex resumed>) = 0 [pid 16562] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16563] <... futex resumed>) = 0 [pid 16562] <... futex resumed>) = 1 [pid 16563] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 16562] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16563] <... open resumed>) = 4 [pid 16563] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16562] <... futex resumed>) = 0 [pid 16563] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 16562] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16563] <... mount resumed>) = 0 [pid 16562] <... futex resumed>) = 0 [pid 16563] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16562] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16563] <... futex resumed>) = 0 [pid 16562] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 16563] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 16562] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16563] <... open resumed>) = 5 [pid 16562] <... futex resumed>) = 0 [pid 16563] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16562] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16563] <... futex resumed>) = 0 [pid 16562] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 16563] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 16562] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16562] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16567] <... futex resumed>) = 1 [pid 16567] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16563] <... write resumed>) = 262144 [pid 16563] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16562] <... futex resumed>) = 0 [pid 16563] <... futex resumed>) = 1 [pid 16562] close(3) = 0 [pid 16562] close(4) = 0 [pid 16562] close(5) = 0 [pid 16562] close(6) = -1 EBADF (Bad file descriptor) [pid 16562] close(7) = -1 EBADF (Bad file descriptor) [pid 16562] close(8) = -1 EBADF (Bad file descriptor) [pid 16562] close(9) = -1 EBADF (Bad file descriptor) [pid 16562] close(10) = -1 EBADF (Bad file descriptor) [pid 16562] close(11) = -1 EBADF (Bad file descriptor) [pid 16562] close(12) = -1 EBADF (Bad file descriptor) [pid 16562] close(13) = -1 EBADF (Bad file descriptor) [pid 16562] close(14) = -1 EBADF (Bad file descriptor) [pid 16562] close(15) = -1 EBADF (Bad file descriptor) [pid 16562] close(16) = -1 EBADF (Bad file descriptor) [pid 16562] close(17) = -1 EBADF (Bad file descriptor) [pid 16562] close(18) = -1 EBADF (Bad file descriptor) [pid 16562] close(19) = -1 EBADF (Bad file descriptor) [pid 16562] close(20) = -1 EBADF (Bad file descriptor) [pid 16562] close(21) = -1 EBADF (Bad file descriptor) [pid 16562] close(22) = -1 EBADF (Bad file descriptor) [pid 16562] close(23) = -1 EBADF (Bad file descriptor) [pid 16562] close(24) = -1 EBADF (Bad file descriptor) [pid 16562] close(25) = -1 EBADF (Bad file descriptor) [pid 16562] close(26) = -1 EBADF (Bad file descriptor) [pid 16562] close(27) = -1 EBADF (Bad file descriptor) [pid 16562] close(28) = -1 EBADF (Bad file descriptor) [pid 16562] close(29) = -1 EBADF (Bad file descriptor) [pid 16562] exit_group(0) = ? [pid 16566] <... futex resumed>) = ? [pid 16566] +++ exited with 0 +++ [pid 16563] +++ exited with 0 +++ [pid 16567] <... futex resumed>) = ? [pid 16567] +++ exited with 0 +++ [pid 16562] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10474, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2745", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2745", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2745/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2745/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2745/binderfs") = 0 [pid 289] umount2("./2745/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2745/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2745/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2745/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2745/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2745/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2745") = 0 [pid 289] mkdir("./2746", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10478 ./strace-static-x86_64: Process 16569 attached [pid 16569] set_robust_list(0x555556f746a0, 24) = 0 [pid 16569] chdir("./2746") = 0 [pid 16569] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16569] setpgid(0, 0) = 0 [pid 16569] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16569] write(3, "1000", 4) = 4 [pid 16569] close(3) = 0 [pid 16569] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16569] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16569] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 16569] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 16569] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 16569] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16569] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16569] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10479]}, 88) = 10479 [pid 16569] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 16570 attached NULL, 8) = 0 [pid 16569] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16569] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16570] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 16570] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16570] memfd_create("syzkaller", 0) = 3 [pid 16570] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 16570] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16570] munmap(0x7fbc5eeed000, 262144) = 0 [pid 16570] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16570] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16570] close(3) = 0 [pid 16570] mkdir("./file1", 0777) = 0 [ 329.458371][T16563] EXT4-fs (loop0): 1 truncate cleaned up [pid 16570] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16570] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16570] chdir("./file1") = 0 [pid 16570] ioctl(4, LOOP_CLR_FD) = 0 [pid 16570] close(4) = 0 [pid 16570] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16569] <... futex resumed>) = 0 [pid 16569] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16569] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16570] <... futex resumed>) = 1 [pid 16570] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 16570] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16569] <... futex resumed>) = 0 [pid 16569] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16569] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16569] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 16569] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16569] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16569] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[10480]}, 88) = 10480 [pid 16569] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16569] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16569] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16569] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 16569] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16569] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16569] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0}./strace-static-x86_64: Process 16573 attached ./strace-static-x86_64: Process 16574 attached [pid 16570] <... futex resumed>) = 1 [pid 16569] <... clone3 resumed> => {parent_tid=[10481]}, 88) = 10481 [pid 16570] memfd_create("syzkaller", 0 [pid 16569] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16569] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16569] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16573] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 16573] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16570] <... memfd_create resumed>) = 4 [pid 16573] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 16574] set_robust_list(0x7fbc5ef0b9a0, 24 [pid 16570] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16574] <... set_robust_list resumed>) = 0 [pid 16573] <... setxattr resumed>) = 0 [pid 16570] close(4) = 0 [pid 16570] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16570] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16574] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16574] memfd_create("syzkaller", 0) = 4 [pid 16574] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16574] close(4) = 0 [pid 16574] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 16569] <... futex resumed>) = 0 [pid 16569] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16570] <... futex resumed>) = 0 [pid 16569] <... futex resumed>) = 1 [pid 16570] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 16569] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16574] <... futex resumed>) = 1 [pid 16570] <... open resumed>) = 4 [pid 16570] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16569] <... futex resumed>) = 0 [pid 16570] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 16569] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16570] <... mount resumed>) = 0 [pid 16569] <... futex resumed>) = 0 [pid 16570] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16569] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16570] <... futex resumed>) = 0 [pid 16569] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 16570] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 16569] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16570] <... open resumed>) = 5 [pid 16569] <... futex resumed>) = 0 [pid 16570] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16569] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16570] <... futex resumed>) = 0 [pid 16569] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 16570] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 16569] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16574] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16573] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16569] <... futex resumed>) = 0 [pid 16573] <... futex resumed>) = 0 [pid 16573] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16569] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16570] <... write resumed>) = 262144 [pid 16570] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16569] <... futex resumed>) = 0 [pid 16569] close(3) = 0 [pid 16569] close(4) = 0 [pid 16569] close(5) = 0 [pid 16569] close(6) = -1 EBADF (Bad file descriptor) [pid 16569] close(7) = -1 EBADF (Bad file descriptor) [pid 16569] close(8) = -1 EBADF (Bad file descriptor) [pid 16569] close(9) = -1 EBADF (Bad file descriptor) [pid 16569] close(10) = -1 EBADF (Bad file descriptor) [pid 16569] close(11) = -1 EBADF (Bad file descriptor) [pid 16569] close(12) = -1 EBADF (Bad file descriptor) [pid 16569] close(13) = -1 EBADF (Bad file descriptor) [pid 16569] close(14) = -1 EBADF (Bad file descriptor) [pid 16569] close(15) = -1 EBADF (Bad file descriptor) [pid 16569] close(16) = -1 EBADF (Bad file descriptor) [pid 16569] close(17) = -1 EBADF (Bad file descriptor) [pid 16569] close(18) = -1 EBADF (Bad file descriptor) [pid 16569] close(19) = -1 EBADF (Bad file descriptor) [pid 16569] close(20) = -1 EBADF (Bad file descriptor) [pid 16569] close(21) = -1 EBADF (Bad file descriptor) [pid 16569] close(22) = -1 EBADF (Bad file descriptor) [pid 16569] close(23) = -1 EBADF (Bad file descriptor) [pid 16569] close(24) = -1 EBADF (Bad file descriptor) [pid 16569] close(25) = -1 EBADF (Bad file descriptor) [pid 16569] close(26) = -1 EBADF (Bad file descriptor) [pid 16569] close(27) = -1 EBADF (Bad file descriptor) [pid 16569] close(28) = -1 EBADF (Bad file descriptor) [pid 16569] close(29) = -1 EBADF (Bad file descriptor) [pid 16570] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16569] exit_group(0 [pid 16573] <... futex resumed>) = ? [pid 16569] <... exit_group resumed>) = ? [pid 16573] +++ exited with 0 +++ [pid 16574] <... futex resumed>) = ? [pid 16570] <... futex resumed>) = ? [pid 16574] +++ exited with 0 +++ [pid 16570] +++ exited with 0 +++ [pid 16569] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10478, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2746", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2746", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2746/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2746/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2746/binderfs") = 0 [ 329.519767][T16570] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2746/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2746/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2746/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2746/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2746/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2746/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2746") = 0 [pid 289] mkdir("./2747", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10482 ./strace-static-x86_64: Process 16575 attached [pid 16575] set_robust_list(0x555556f746a0, 24) = 0 [pid 16575] chdir("./2747") = 0 [pid 16575] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16575] setpgid(0, 0) = 0 [pid 16575] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16575] write(3, "1000", 4) = 4 [pid 16575] close(3) = 0 [pid 16575] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16575] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16575] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 16575] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 16575] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 16575] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16575] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16575] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0}./strace-static-x86_64: Process 16576 attached => {parent_tid=[10483]}, 88) = 10483 [pid 16575] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16575] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16575] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16576] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 16576] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16576] memfd_create("syzkaller", 0) = 3 [pid 16576] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 16576] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16576] munmap(0x7fbc5eeed000, 262144) = 0 [pid 16576] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16576] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16576] close(3) = 0 [pid 16576] mkdir("./file1", 0777) = 0 [pid 16576] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16576] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16576] chdir("./file1") = 0 [pid 16576] ioctl(4, LOOP_CLR_FD) = 0 [pid 16576] close(4) = 0 [pid 16576] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16575] <... futex resumed>) = 0 [pid 16575] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16575] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16576] <... futex resumed>) = 1 [pid 16576] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 16576] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16576] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16575] <... futex resumed>) = 0 [pid 16575] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16576] <... futex resumed>) = 0 [pid 16575] <... futex resumed>) = 1 [pid 16576] memfd_create("syzkaller", 0 [pid 16575] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16575] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 16575] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16575] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16575] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0}./strace-static-x86_64: Process 16579 attached => {parent_tid=[10484]}, 88) = 10484 [pid 16576] <... memfd_create resumed>) = 4 [pid 16576] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16576] close(4) = 0 [pid 16576] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16576] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16579] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 16579] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16579] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16575] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16575] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16575] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16575] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16576] <... futex resumed>) = 0 [pid 16576] memfd_create("syzkaller", 0) = 4 [pid 16579] <... futex resumed>) = 0 [pid 16579] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 16576] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16576] close(4) = 0 [pid 16576] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16575] <... futex resumed>) = 0 [pid 16575] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16575] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16576] <... futex resumed>) = 1 [pid 16576] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 16579] <... setxattr resumed>) = 0 [pid 16579] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16576] <... open resumed>) = 4 [pid 16579] <... futex resumed>) = 0 [pid 16579] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16576] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16575] <... futex resumed>) = 0 [pid 16575] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16575] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16576] <... futex resumed>) = 1 [pid 16576] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 16576] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16575] <... futex resumed>) = 0 [pid 16575] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16575] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16576] <... futex resumed>) = 1 [pid 16576] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 16576] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16575] <... futex resumed>) = 0 [pid 16575] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16575] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16576] <... futex resumed>) = 1 [pid 16576] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 16576] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16575] <... futex resumed>) = 0 [pid 16575] close(3) = 0 [pid 16575] close(4) = 0 [pid 16575] close(5) = 0 [pid 16575] close(6) = -1 EBADF (Bad file descriptor) [pid 16575] close(7) = -1 EBADF (Bad file descriptor) [pid 16575] close(8) = -1 EBADF (Bad file descriptor) [pid 16575] close(9) = -1 EBADF (Bad file descriptor) [pid 16575] close(10) = -1 EBADF (Bad file descriptor) [pid 16575] close(11) = -1 EBADF (Bad file descriptor) [pid 16575] close(12) = -1 EBADF (Bad file descriptor) [pid 16575] close(13) = -1 EBADF (Bad file descriptor) [pid 16575] close(14) = -1 EBADF (Bad file descriptor) [pid 16575] close(15) = -1 EBADF (Bad file descriptor) [pid 16575] close(16) = -1 EBADF (Bad file descriptor) [pid 16575] close(17) = -1 EBADF (Bad file descriptor) [pid 16575] close(18) = -1 EBADF (Bad file descriptor) [pid 16575] close(19) = -1 EBADF (Bad file descriptor) [pid 16575] close(20) = -1 EBADF (Bad file descriptor) [pid 16575] close(21) = -1 EBADF (Bad file descriptor) [pid 16575] close(22) = -1 EBADF (Bad file descriptor) [pid 16575] close(23) = -1 EBADF (Bad file descriptor) [pid 16575] close(24) = -1 EBADF (Bad file descriptor) [pid 16575] close(25) = -1 EBADF (Bad file descriptor) [pid 16575] close(26) = -1 EBADF (Bad file descriptor) [pid 16575] close(27) = -1 EBADF (Bad file descriptor) [pid 16575] close(28) = -1 EBADF (Bad file descriptor) [pid 16575] close(29) = -1 EBADF (Bad file descriptor) [pid 16575] exit_group(0) = ? [pid 16579] <... futex resumed>) = ? [pid 16579] +++ exited with 0 +++ [pid 16576] +++ exited with 0 +++ [pid 16575] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10482, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2747", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2747", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2747/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2747/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2747/binderfs") = 0 [ 329.625641][T16576] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2747/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2747/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2747/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2747/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2747/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2747/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2747") = 0 [pid 289] mkdir("./2748", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10485 ./strace-static-x86_64: Process 16580 attached [pid 16580] set_robust_list(0x555556f746a0, 24) = 0 [pid 16580] chdir("./2748") = 0 [pid 16580] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16580] setpgid(0, 0) = 0 [pid 16580] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16580] write(3, "1000", 4) = 4 [pid 16580] close(3) = 0 [pid 16580] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16580] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16580] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 16580] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 16580] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 16580] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16580] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16580] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10486]}, 88) = 10486 [pid 16580] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16580] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16580] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 16581 attached [pid 16581] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 16581] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16581] memfd_create("syzkaller", 0) = 3 [pid 16581] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 16581] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16581] munmap(0x7fbc5eeed000, 262144) = 0 [pid 16581] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16581] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16581] close(3) = 0 [pid 16581] mkdir("./file1", 0777) = 0 [pid 16581] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16581] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16581] chdir("./file1") = 0 [pid 16581] ioctl(4, LOOP_CLR_FD) = 0 [pid 16581] close(4) = 0 [pid 16581] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16581] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16580] <... futex resumed>) = 0 [pid 16580] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16581] <... futex resumed>) = 0 [pid 16580] <... futex resumed>) = 1 [pid 16580] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16581] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 16581] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16580] <... futex resumed>) = 0 [pid 16580] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16580] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16580] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 16581] <... futex resumed>) = 1 [pid 16580] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16580] rt_sigprocmask(SIG_BLOCK, ~[], [pid 16581] memfd_create("syzkaller", 0 [pid 16580] <... rt_sigprocmask resumed>[], 8) = 0 [pid 16580] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[10487]}, 88) = 10487 [pid 16580] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16580] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16580] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16580] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 16580] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16580] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16580] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[10488]}, 88) = 10488 [pid 16580] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16580] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16580] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 16584 attached ./strace-static-x86_64: Process 16585 attached [pid 16585] set_robust_list(0x7fbc5ef0b9a0, 24 [pid 16584] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 16585] <... set_robust_list resumed>) = 0 [pid 16584] <... set_robust_list resumed>) = 0 [pid 16585] rt_sigprocmask(SIG_SETMASK, [], [pid 16584] rt_sigprocmask(SIG_SETMASK, [], [pid 16585] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16584] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16585] memfd_create("syzkaller", 0 [pid 16584] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0) = 0 [pid 16585] <... memfd_create resumed>) = 4 [pid 16585] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16585] close(4) = 0 [pid 16585] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 16580] <... futex resumed>) = 0 [pid 16580] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16580] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16585] <... futex resumed>) = 1 [pid 16585] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 16584] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16584] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16585] <... open resumed>) = 4 [pid 16585] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 16580] <... futex resumed>) = 0 [pid 16580] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16580] futex(0x7fbc673d96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16584] <... futex resumed>) = 0 [pid 16584] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 16584] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16580] <... futex resumed>) = 0 [pid 16580] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16580] futex(0x7fbc673d96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16584] <... futex resumed>) = 1 [pid 16584] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 16585] <... futex resumed>) = 1 [pid 16585] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16584] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16580] <... futex resumed>) = 0 [pid 16580] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16580] futex(0x7fbc673d96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16584] <... futex resumed>) = 1 [pid 16584] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 16581] <... memfd_create resumed>) = 6 [pid 16581] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 16584] <... write resumed>) = 262144 [pid 16581] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 16581] close(6) = 0 [pid 16581] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16581] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16584] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16580] <... futex resumed>) = 0 [pid 16580] close(3) = 0 [pid 16580] close(4) = 0 [pid 16580] close(5) = 0 [pid 16580] close(6) = -1 EBADF (Bad file descriptor) [pid 16580] close(7) = -1 EBADF (Bad file descriptor) [pid 16580] close(8) = -1 EBADF (Bad file descriptor) [pid 16580] close(9) = -1 EBADF (Bad file descriptor) [pid 16580] close(10) = -1 EBADF (Bad file descriptor) [pid 16580] close(11) = -1 EBADF (Bad file descriptor) [pid 16580] close(12) = -1 EBADF (Bad file descriptor) [pid 16580] close(13) = -1 EBADF (Bad file descriptor) [pid 16580] close(14) = -1 EBADF (Bad file descriptor) [pid 16580] close(15) = -1 EBADF (Bad file descriptor) [pid 16580] close(16) = -1 EBADF (Bad file descriptor) [pid 16580] close(17) = -1 EBADF (Bad file descriptor) [pid 16580] close(18) = -1 EBADF (Bad file descriptor) [pid 16580] close(19) = -1 EBADF (Bad file descriptor) [pid 16580] close(20) = -1 EBADF (Bad file descriptor) [pid 16580] close(21) = -1 EBADF (Bad file descriptor) [pid 16580] close(22) = -1 EBADF (Bad file descriptor) [pid 16580] close(23) = -1 EBADF (Bad file descriptor) [pid 16580] close(24) = -1 EBADF (Bad file descriptor) [pid 16580] close(25) = -1 EBADF (Bad file descriptor) [pid 16580] close(26) = -1 EBADF (Bad file descriptor) [pid 16580] close(27) = -1 EBADF (Bad file descriptor) [pid 16580] close(28) = -1 EBADF (Bad file descriptor) [pid 16580] close(29) = -1 EBADF (Bad file descriptor) [pid 16580] exit_group(0) = ? [pid 16585] <... futex resumed>) = ? [pid 16585] +++ exited with 0 +++ [pid 16581] <... futex resumed>) = ? [pid 16581] +++ exited with 0 +++ [pid 16584] <... futex resumed>) = ? [pid 16584] +++ exited with 0 +++ [pid 16580] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10485, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2748", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2748", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2748/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2748/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2748/binderfs") = 0 [ 329.781457][T16581] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2748/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2748/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2748/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2748/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2748/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2748/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2748") = 0 [pid 289] mkdir("./2749", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10489 ./strace-static-x86_64: Process 16586 attached [pid 16586] set_robust_list(0x555556f746a0, 24) = 0 [pid 16586] chdir("./2749") = 0 [pid 16586] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16586] setpgid(0, 0) = 0 [pid 16586] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16586] write(3, "1000", 4) = 4 [pid 16586] close(3) = 0 [pid 16586] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16586] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16586] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 16586] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 16586] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 16586] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16586] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16586] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10490]}, 88) = 10490 ./strace-static-x86_64: Process 16587 attached [pid 16586] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16586] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16586] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16587] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 16587] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16587] memfd_create("syzkaller", 0) = 3 [pid 16587] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 16587] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16587] munmap(0x7fbc5eeed000, 262144) = 0 [pid 16587] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16587] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16587] close(3) = 0 [pid 16587] mkdir("./file1", 0777) = 0 [pid 16587] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16587] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16587] chdir("./file1") = 0 [pid 16587] ioctl(4, LOOP_CLR_FD) = 0 [pid 16587] close(4) = 0 [pid 16587] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16586] <... futex resumed>) = 0 [pid 16587] setxattr("./file1", NULL, NULL, 0, 0 [pid 16586] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16587] <... setxattr resumed>) = -1 EFAULT (Bad address) [pid 16586] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16587] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16586] <... futex resumed>) = 0 [pid 16587] memfd_create("syzkaller", 0 [pid 16586] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16587] <... memfd_create resumed>) = 4 [pid 16587] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 16586] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16587] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 16586] <... futex resumed>) = 0 [pid 16587] close(4 [pid 16586] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 16587] <... close resumed>) = 0 [pid 16586] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16586] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16586] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0}./strace-static-x86_64: Process 16590 attached [pid 16590] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 16590] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16590] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16587] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16586] <... clone3 resumed> => {parent_tid=[10491]}, 88) = 10491 [pid 16586] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16586] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16590] <... futex resumed>) = 0 [pid 16586] <... futex resumed>) = 1 [pid 16586] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16586] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16590] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 16586] <... futex resumed>) = 0 [pid 16586] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=49000000} [pid 16587] <... futex resumed>) = 1 [pid 16587] memfd_create("syzkaller", 0 [pid 16590] <... setxattr resumed>) = 0 [pid 16587] <... memfd_create resumed>) = 4 [pid 16590] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16590] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16587] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16587] close(4) = 0 [pid 16587] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16586] <... futex resumed>) = 0 [pid 16586] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16586] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16587] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 16587] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16586] <... futex resumed>) = 0 [pid 16586] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16586] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16587] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 16587] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16586] <... futex resumed>) = 0 [pid 16586] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16586] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16587] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 16587] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16586] <... futex resumed>) = 0 [pid 16586] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16586] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16587] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 16587] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16586] <... futex resumed>) = 0 [pid 16587] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16586] close(3) = 0 [pid 16586] close(4) = 0 [pid 16586] close(5) = 0 [pid 16586] close(6) = -1 EBADF (Bad file descriptor) [pid 16586] close(7) = -1 EBADF (Bad file descriptor) [pid 16586] close(8) = -1 EBADF (Bad file descriptor) [pid 16586] close(9) = -1 EBADF (Bad file descriptor) [pid 16586] close(10) = -1 EBADF (Bad file descriptor) [pid 16586] close(11) = -1 EBADF (Bad file descriptor) [pid 16586] close(12) = -1 EBADF (Bad file descriptor) [pid 16586] close(13) = -1 EBADF (Bad file descriptor) [pid 16586] close(14) = -1 EBADF (Bad file descriptor) [pid 16586] close(15) = -1 EBADF (Bad file descriptor) [pid 16586] close(16) = -1 EBADF (Bad file descriptor) [pid 16586] close(17) = -1 EBADF (Bad file descriptor) [pid 16586] close(18) = -1 EBADF (Bad file descriptor) [pid 16586] close(19) = -1 EBADF (Bad file descriptor) [pid 16586] close(20) = -1 EBADF (Bad file descriptor) [pid 16586] close(21) = -1 EBADF (Bad file descriptor) [pid 16586] close(22) = -1 EBADF (Bad file descriptor) [pid 16586] close(23) = -1 EBADF (Bad file descriptor) [pid 16586] close(24) = -1 EBADF (Bad file descriptor) [pid 16586] close(25) = -1 EBADF (Bad file descriptor) [pid 16586] close(26) = -1 EBADF (Bad file descriptor) [pid 16586] close(27) = -1 EBADF (Bad file descriptor) [pid 16586] close(28) = -1 EBADF (Bad file descriptor) [pid 16586] close(29) = -1 EBADF (Bad file descriptor) [pid 16586] exit_group(0) = ? [pid 16590] <... futex resumed>) = ? [pid 16587] <... futex resumed>) = ? [pid 16590] +++ exited with 0 +++ [pid 16587] +++ exited with 0 +++ [pid 16586] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10489, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2749", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2749", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2749/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2749/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2749/binderfs") = 0 [ 329.903940][T16587] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2749/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2749/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2749/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2749/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2749/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2749/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2749") = 0 [pid 289] mkdir("./2750", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10492 ./strace-static-x86_64: Process 16591 attached [pid 16591] set_robust_list(0x555556f746a0, 24) = 0 [pid 16591] chdir("./2750") = 0 [pid 16591] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16591] setpgid(0, 0) = 0 [pid 16591] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16591] write(3, "1000", 4) = 4 [pid 16591] close(3) = 0 [pid 16591] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16591] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16591] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 16591] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 16591] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 16591] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16591] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16591] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10493]}, 88) = 10493 [pid 16591] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16591] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16591] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 16592 attached [pid 16592] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 16592] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16592] memfd_create("syzkaller", 0) = 3 [pid 16592] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 16592] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16592] munmap(0x7fbc5eeed000, 262144) = 0 [pid 16592] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16592] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16592] close(3) = 0 [pid 16592] mkdir("./file1", 0777) = 0 [pid 16592] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16592] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16592] chdir("./file1") = 0 [pid 16592] ioctl(4, LOOP_CLR_FD) = 0 [pid 16592] close(4) = 0 [pid 16592] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16591] <... futex resumed>) = 0 [pid 16591] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16591] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16592] <... futex resumed>) = 1 [pid 16592] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 16592] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16591] <... futex resumed>) = 0 [pid 16591] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16592] memfd_create("syzkaller", 0 [pid 16591] <... futex resumed>) = 0 [pid 16592] <... memfd_create resumed>) = 4 [pid 16592] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16592] close(4) = 0 [pid 16592] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16592] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16591] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16591] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16591] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 16591] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16591] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16591] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[10494]}, 88) = 10494 [pid 16592] <... futex resumed>) = 0 [pid 16592] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 16591] rt_sigprocmask(SIG_SETMASK, [], [pid 16592] <... setxattr resumed>) = 0 [pid 16591] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16592] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16592] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 16595 attached [pid 16595] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 16595] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16595] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16591] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16591] futex(0x7fbc673d96dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16595] <... futex resumed>) = 0 [pid 16595] memfd_create("syzkaller", 0) = 4 [pid 16595] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16595] close(4) = 0 [pid 16595] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16591] <... futex resumed>) = 0 [pid 16591] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16591] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16592] <... futex resumed>) = 0 [pid 16592] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 16595] <... futex resumed>) = 1 [pid 16595] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16592] <... open resumed>) = 4 [pid 16592] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16591] <... futex resumed>) = 0 [pid 16591] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16591] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16592] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 16592] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16591] <... futex resumed>) = 0 [pid 16591] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16591] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16592] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 16592] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16591] <... futex resumed>) = 0 [pid 16591] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16591] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16592] <... futex resumed>) = 1 [pid 16592] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 16592] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16591] <... futex resumed>) = 0 [pid 16591] close(3) = 0 [pid 16591] close(4) = 0 [pid 16591] close(5) = 0 [pid 16591] close(6) = -1 EBADF (Bad file descriptor) [pid 16591] close(7) = -1 EBADF (Bad file descriptor) [pid 16591] close(8) = -1 EBADF (Bad file descriptor) [pid 16591] close(9) = -1 EBADF (Bad file descriptor) [pid 16591] close(10) = -1 EBADF (Bad file descriptor) [pid 16591] close(11) = -1 EBADF (Bad file descriptor) [pid 16591] close(12) = -1 EBADF (Bad file descriptor) [pid 16591] close(13) = -1 EBADF (Bad file descriptor) [pid 16591] close(14) = -1 EBADF (Bad file descriptor) [pid 16591] close(15) = -1 EBADF (Bad file descriptor) [pid 16591] close(16) = -1 EBADF (Bad file descriptor) [pid 16591] close(17) = -1 EBADF (Bad file descriptor) [pid 16591] close(18) = -1 EBADF (Bad file descriptor) [pid 16591] close(19) = -1 EBADF (Bad file descriptor) [pid 16591] close(20) = -1 EBADF (Bad file descriptor) [pid 16591] close(21) = -1 EBADF (Bad file descriptor) [pid 16591] close(22) = -1 EBADF (Bad file descriptor) [pid 16591] close(23) = -1 EBADF (Bad file descriptor) [pid 16591] close(24) = -1 EBADF (Bad file descriptor) [pid 16591] close(25) = -1 EBADF (Bad file descriptor) [pid 16591] close(26) = -1 EBADF (Bad file descriptor) [pid 16591] close(27) = -1 EBADF (Bad file descriptor) [pid 16591] close(28) = -1 EBADF (Bad file descriptor) [pid 16591] close(29) = -1 EBADF (Bad file descriptor) [pid 16591] exit_group(0) = ? [pid 16595] <... futex resumed>) = ? [pid 16595] +++ exited with 0 +++ [pid 16592] <... futex resumed>) = ? [pid 16592] +++ exited with 0 +++ [pid 16591] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10492, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 289] umount2("./2750", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2750", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2750/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2750/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2750/binderfs") = 0 [pid 289] umount2("./2750/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2750/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2750/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2750/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2750/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2750/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2750") = 0 [pid 289] mkdir("./2751", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10495 ./strace-static-x86_64: Process 16596 attached [pid 16596] set_robust_list(0x555556f746a0, 24) = 0 [pid 16596] chdir("./2751") = 0 [pid 16596] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16596] setpgid(0, 0) = 0 [pid 16596] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16596] write(3, "1000", 4) = 4 [pid 16596] close(3) = 0 [pid 16596] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16596] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16596] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 16596] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 16596] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 16596] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16596] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16596] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10496]}, 88) = 10496 [pid 16596] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16596] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16596] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 16597 attached [pid 16597] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 16597] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16597] memfd_create("syzkaller", 0) = 3 [pid 16597] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 16597] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16597] munmap(0x7fbc5eeed000, 262144) = 0 [ 330.025845][T16592] EXT4-fs (loop0): 1 truncate cleaned up [pid 16597] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16597] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16597] close(3) = 0 [pid 16597] mkdir("./file1", 0777) = 0 [pid 16597] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16597] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16597] chdir("./file1") = 0 [pid 16597] ioctl(4, LOOP_CLR_FD) = 0 [pid 16597] close(4) = 0 [pid 16597] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16596] <... futex resumed>) = 0 [pid 16596] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16596] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16597] <... futex resumed>) = 1 [pid 16597] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 16597] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16596] <... futex resumed>) = 0 [pid 16596] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16596] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16596] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 16596] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16596] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16596] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[10497]}, 88) = 10497 [pid 16596] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16596] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16596] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16596] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 16596] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16596] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16596] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[10498]}, 88) = 10498 [pid 16596] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16596] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16596] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 16600 attached ./strace-static-x86_64: Process 16601 attached [pid 16600] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 16597] <... futex resumed>) = 1 [pid 16601] set_robust_list(0x7fbc5ef0b9a0, 24 [pid 16600] rt_sigprocmask(SIG_SETMASK, [], [pid 16597] memfd_create("syzkaller", 0 [pid 16601] <... set_robust_list resumed>) = 0 [pid 16600] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16600] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 16601] rt_sigprocmask(SIG_SETMASK, [], [pid 16597] <... memfd_create resumed>) = 4 [pid 16600] <... setxattr resumed>) = 0 [pid 16597] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 16601] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16600] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16597] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 16600] <... futex resumed>) = 0 [pid 16597] close(4 [pid 16601] memfd_create("syzkaller", 0 [pid 16600] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16597] <... close resumed>) = 0 [pid 16601] <... memfd_create resumed>) = 4 [pid 16597] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16601] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 16597] <... futex resumed>) = 0 [pid 16597] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16601] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 16601] close(4) = 0 [pid 16601] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 16596] <... futex resumed>) = 0 [pid 16596] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16596] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16597] <... futex resumed>) = 0 [pid 16597] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 16601] <... futex resumed>) = 1 [pid 16601] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16597] <... open resumed>) = 4 [pid 16597] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16596] <... futex resumed>) = 0 [pid 16596] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16596] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16597] <... futex resumed>) = 1 [pid 16597] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 16597] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16596] <... futex resumed>) = 0 [pid 16596] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16596] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16597] <... futex resumed>) = 1 [pid 16597] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 16597] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16596] <... futex resumed>) = 0 [pid 16596] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16596] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16597] <... futex resumed>) = 1 [pid 16597] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 16597] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16596] <... futex resumed>) = 0 [pid 16596] close(3) = 0 [pid 16596] close(4) = 0 [pid 16596] close(5) = 0 [pid 16596] close(6) = -1 EBADF (Bad file descriptor) [pid 16596] close(7) = -1 EBADF (Bad file descriptor) [pid 16596] close(8) = -1 EBADF (Bad file descriptor) [pid 16596] close(9) = -1 EBADF (Bad file descriptor) [pid 16596] close(10) = -1 EBADF (Bad file descriptor) [pid 16596] close(11) = -1 EBADF (Bad file descriptor) [pid 16596] close(12) = -1 EBADF (Bad file descriptor) [pid 16596] close(13) = -1 EBADF (Bad file descriptor) [pid 16596] close(14) = -1 EBADF (Bad file descriptor) [pid 16596] close(15) = -1 EBADF (Bad file descriptor) [pid 16596] close(16) = -1 EBADF (Bad file descriptor) [pid 16596] close(17) = -1 EBADF (Bad file descriptor) [pid 16596] close(18) = -1 EBADF (Bad file descriptor) [pid 16596] close(19) = -1 EBADF (Bad file descriptor) [pid 16596] close(20) = -1 EBADF (Bad file descriptor) [pid 16596] close(21) = -1 EBADF (Bad file descriptor) [pid 16596] close(22) = -1 EBADF (Bad file descriptor) [pid 16596] close(23) = -1 EBADF (Bad file descriptor) [pid 16596] close(24) = -1 EBADF (Bad file descriptor) [pid 16596] close(25) = -1 EBADF (Bad file descriptor) [pid 16596] close(26) = -1 EBADF (Bad file descriptor) [pid 16596] close(27) = -1 EBADF (Bad file descriptor) [pid 16596] close(28) = -1 EBADF (Bad file descriptor) [pid 16596] close(29) = -1 EBADF (Bad file descriptor) [pid 16596] exit_group(0) = ? [pid 16601] <... futex resumed>) = ? [pid 16601] +++ exited with 0 +++ [pid 16597] <... futex resumed>) = ? [pid 16597] +++ exited with 0 +++ [pid 16600] <... futex resumed>) = ? [pid 16600] +++ exited with 0 +++ [pid 16596] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10495, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2751", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2751", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2751/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2751/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2751/binderfs") = 0 [ 330.089078][T16597] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2751/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2751/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2751/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2751/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2751/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2751/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2751") = 0 [pid 289] mkdir("./2752", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10499 ./strace-static-x86_64: Process 16602 attached [pid 16602] set_robust_list(0x555556f746a0, 24) = 0 [pid 16602] chdir("./2752") = 0 [pid 16602] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16602] setpgid(0, 0) = 0 [pid 16602] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16602] write(3, "1000", 4) = 4 [pid 16602] close(3) = 0 [pid 16602] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16602] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16602] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 16602] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 16602] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 16602] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16602] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16602] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10500]}, 88) = 10500 [pid 16602] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16602] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16602] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 16603 attached [pid 16603] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 16603] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16603] memfd_create("syzkaller", 0) = 3 [pid 16603] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 16603] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16603] munmap(0x7fbc5eeed000, 262144) = 0 [pid 16603] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16603] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16603] close(3) = 0 [pid 16603] mkdir("./file1", 0777) = 0 [pid 16603] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16603] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16603] chdir("./file1") = 0 [pid 16603] ioctl(4, LOOP_CLR_FD) = 0 [pid 16603] close(4) = 0 [pid 16603] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16602] <... futex resumed>) = 0 [pid 16602] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16602] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16603] <... futex resumed>) = 1 [pid 16603] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 16603] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16602] <... futex resumed>) = 0 [pid 16602] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16602] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16602] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 16602] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16602] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16602] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[10501]}, 88) = 10501 [pid 16602] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16602] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16602] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16602] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 16602] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16602] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16602] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[10502]}, 88) = 10502 [pid 16602] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16602] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16602] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16603] <... futex resumed>) = 1 [pid 16603] memfd_create("syzkaller", 0) = 4 [pid 16603] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16603] close(4) = 0 [pid 16603] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16603] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 16606 attached [pid 16606] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 16606] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 16607 attached NULL, 8) = 0 [pid 16607] set_robust_list(0x7fbc5ef0b9a0, 24 [pid 16606] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 16607] <... set_robust_list resumed>) = 0 [pid 16607] rt_sigprocmask(SIG_SETMASK, [], [pid 16606] <... setxattr resumed>) = 0 [pid 16607] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16607] memfd_create("syzkaller", 0) = 4 [pid 16607] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16607] close(4) = 0 [pid 16607] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 16602] <... futex resumed>) = 0 [pid 16602] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16602] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16603] <... futex resumed>) = 0 [pid 16603] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 16606] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16607] <... futex resumed>) = 1 [pid 16607] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16606] <... futex resumed>) = 0 [pid 16603] <... open resumed>) = 4 [pid 16603] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16603] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16606] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16602] <... futex resumed>) = 0 [pid 16602] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16602] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16603] <... futex resumed>) = 0 [pid 16603] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 16603] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16602] <... futex resumed>) = 0 [pid 16602] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16603] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 16602] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16603] <... open resumed>) = 5 [pid 16603] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16602] <... futex resumed>) = 0 [pid 16602] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16602] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16603] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 16603] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16602] <... futex resumed>) = 0 [pid 16602] close(3) = 0 [pid 16602] close(4) = 0 [pid 16602] close(5 [pid 16603] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16602] <... close resumed>) = 0 [pid 16602] close(6) = -1 EBADF (Bad file descriptor) [pid 16602] close(7) = -1 EBADF (Bad file descriptor) [pid 16602] close(8) = -1 EBADF (Bad file descriptor) [pid 16602] close(9) = -1 EBADF (Bad file descriptor) [pid 16602] close(10) = -1 EBADF (Bad file descriptor) [pid 16602] close(11) = -1 EBADF (Bad file descriptor) [pid 16602] close(12) = -1 EBADF (Bad file descriptor) [pid 16602] close(13) = -1 EBADF (Bad file descriptor) [pid 16602] close(14) = -1 EBADF (Bad file descriptor) [pid 16602] close(15) = -1 EBADF (Bad file descriptor) [pid 16602] close(16) = -1 EBADF (Bad file descriptor) [pid 16602] close(17) = -1 EBADF (Bad file descriptor) [pid 16602] close(18) = -1 EBADF (Bad file descriptor) [pid 16602] close(19) = -1 EBADF (Bad file descriptor) [pid 16602] close(20) = -1 EBADF (Bad file descriptor) [pid 16602] close(21) = -1 EBADF (Bad file descriptor) [pid 16602] close(22) = -1 EBADF (Bad file descriptor) [pid 16602] close(23) = -1 EBADF (Bad file descriptor) [pid 16602] close(24) = -1 EBADF (Bad file descriptor) [pid 16602] close(25) = -1 EBADF (Bad file descriptor) [pid 16602] close(26) = -1 EBADF (Bad file descriptor) [pid 16602] close(27) = -1 EBADF (Bad file descriptor) [pid 16602] close(28) = -1 EBADF (Bad file descriptor) [pid 16602] close(29) = -1 EBADF (Bad file descriptor) [pid 16602] exit_group(0) = ? [pid 16606] <... futex resumed>) = ? [pid 16606] +++ exited with 0 +++ [pid 16607] <... futex resumed>) = ? [pid 16603] <... futex resumed>) = ? [pid 16607] +++ exited with 0 +++ [pid 16603] +++ exited with 0 +++ [pid 16602] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10499, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2752", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2752", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2752/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2752/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2752/binderfs") = 0 [ 330.218338][T16603] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2752/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2752/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2752/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2752/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2752/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2752/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2752") = 0 [pid 289] mkdir("./2753", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10503 ./strace-static-x86_64: Process 16608 attached [pid 16608] set_robust_list(0x555556f746a0, 24) = 0 [pid 16608] chdir("./2753") = 0 [pid 16608] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16608] setpgid(0, 0) = 0 [pid 16608] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16608] write(3, "1000", 4) = 4 [pid 16608] close(3) = 0 [pid 16608] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16608] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16608] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 16608] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 16608] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 16608] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16608] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16608] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10504]}, 88) = 10504 [pid 16608] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16608] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16608] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 16609 attached [pid 16609] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 16609] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16609] memfd_create("syzkaller", 0) = 3 [pid 16609] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 16609] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16609] munmap(0x7fbc5eeed000, 262144) = 0 [pid 16609] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16609] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16609] close(3) = 0 [pid 16609] mkdir("./file1", 0777) = 0 [pid 16609] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16609] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16609] chdir("./file1") = 0 [pid 16609] ioctl(4, LOOP_CLR_FD) = 0 [pid 16609] close(4) = 0 [pid 16609] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16608] <... futex resumed>) = 0 [pid 16608] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16608] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16609] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 16609] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16608] <... futex resumed>) = 0 [pid 16608] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16608] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16608] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 16608] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16608] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16608] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0}./strace-static-x86_64: Process 16612 attached [pid 16609] <... futex resumed>) = 1 [pid 16612] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 16609] memfd_create("syzkaller", 0 [pid 16612] <... set_robust_list resumed>) = 0 [pid 16609] <... memfd_create resumed>) = 4 [pid 16612] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16612] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16609] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16609] close(4) = 0 [pid 16609] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16609] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16608] <... clone3 resumed> => {parent_tid=[10505]}, 88) = 10505 [pid 16608] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16608] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16608] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16612] <... futex resumed>) = 0 [pid 16608] <... futex resumed>) = 1 [pid 16612] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 16608] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16609] <... futex resumed>) = 0 [pid 16612] <... setxattr resumed>) = 0 [pid 16609] memfd_create("syzkaller", 0 [pid 16612] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16612] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16609] <... memfd_create resumed>) = 4 [pid 16609] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16609] close(4) = 0 [pid 16609] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16608] <... futex resumed>) = 0 [pid 16609] <... futex resumed>) = 1 [pid 16608] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16609] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 16608] <... futex resumed>) = 0 [pid 16608] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16609] <... open resumed>) = 4 [pid 16609] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16608] <... futex resumed>) = 0 [pid 16609] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 16608] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16608] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16609] <... mount resumed>) = 0 [pid 16609] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16608] <... futex resumed>) = 0 [pid 16609] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 16608] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16608] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16609] <... open resumed>) = 5 [pid 16609] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16608] <... futex resumed>) = 0 [pid 16608] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16608] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16609] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 16609] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16608] <... futex resumed>) = 0 [pid 16609] <... futex resumed>) = 1 [pid 16608] close(3) = 0 [pid 16608] close(4) = 0 [pid 16608] close(5 [pid 16609] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16608] <... close resumed>) = 0 [pid 16608] close(6) = -1 EBADF (Bad file descriptor) [pid 16608] close(7) = -1 EBADF (Bad file descriptor) [pid 16608] close(8) = -1 EBADF (Bad file descriptor) [pid 16608] close(9) = -1 EBADF (Bad file descriptor) [pid 16608] close(10) = -1 EBADF (Bad file descriptor) [pid 16608] close(11) = -1 EBADF (Bad file descriptor) [pid 16608] close(12) = -1 EBADF (Bad file descriptor) [pid 16608] close(13) = -1 EBADF (Bad file descriptor) [pid 16608] close(14) = -1 EBADF (Bad file descriptor) [pid 16608] close(15) = -1 EBADF (Bad file descriptor) [pid 16608] close(16) = -1 EBADF (Bad file descriptor) [pid 16608] close(17) = -1 EBADF (Bad file descriptor) [pid 16608] close(18) = -1 EBADF (Bad file descriptor) [pid 16608] close(19) = -1 EBADF (Bad file descriptor) [pid 16608] close(20) = -1 EBADF (Bad file descriptor) [pid 16608] close(21) = -1 EBADF (Bad file descriptor) [pid 16608] close(22) = -1 EBADF (Bad file descriptor) [pid 16608] close(23) = -1 EBADF (Bad file descriptor) [pid 16608] close(24) = -1 EBADF (Bad file descriptor) [pid 16608] close(25) = -1 EBADF (Bad file descriptor) [pid 16608] close(26) = -1 EBADF (Bad file descriptor) [pid 16608] close(27) = -1 EBADF (Bad file descriptor) [pid 16608] close(28) = -1 EBADF (Bad file descriptor) [pid 16608] close(29) = -1 EBADF (Bad file descriptor) [pid 16608] exit_group(0 [pid 16612] <... futex resumed>) = ? [pid 16612] +++ exited with 0 +++ [pid 16608] <... exit_group resumed>) = ? [pid 16609] <... futex resumed>) = ? [pid 16609] +++ exited with 0 +++ [pid 16608] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10503, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2753", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2753", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2753/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2753/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2753/binderfs") = 0 [ 330.343550][T16609] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2753/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2753/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2753/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2753/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2753/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2753/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2753") = 0 [pid 289] mkdir("./2754", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10506 ./strace-static-x86_64: Process 16613 attached [pid 16613] set_robust_list(0x555556f746a0, 24) = 0 [pid 16613] chdir("./2754") = 0 [pid 16613] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16613] setpgid(0, 0) = 0 [pid 16613] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16613] write(3, "1000", 4) = 4 [pid 16613] close(3) = 0 [pid 16613] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16613] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16613] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 16613] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 16613] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 16613] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16613] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16613] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10507]}, 88) = 10507 [pid 16613] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16613] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16613] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 16614 attached [pid 16614] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 16614] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16614] memfd_create("syzkaller", 0) = 3 [pid 16614] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 16614] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16614] munmap(0x7fbc5eeed000, 262144) = 0 [pid 16614] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16614] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16614] close(3) = 0 [pid 16614] mkdir("./file1", 0777) = 0 [pid 16614] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16614] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16614] chdir("./file1") = 0 [pid 16614] ioctl(4, LOOP_CLR_FD) = 0 [pid 16614] close(4) = 0 [pid 16614] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16613] <... futex resumed>) = 0 [pid 16613] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16613] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16614] <... futex resumed>) = 1 [pid 16614] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 16614] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16613] <... futex resumed>) = 0 [pid 16613] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16613] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16613] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 16613] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16613] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16613] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[10508]}, 88) = 10508 [pid 16613] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16613] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16613] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16613] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 16613] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16613] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16613] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[10509]}, 88) = 10509 [pid 16613] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16613] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16613] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16614] <... futex resumed>) = 1 [pid 16614] memfd_create("syzkaller", 0) = 4 [pid 16614] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16614] close(4) = 0 [pid 16614] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16614] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 16617 attached ./strace-static-x86_64: Process 16618 attached [pid 16618] set_robust_list(0x7fbc5ef0b9a0, 24 [pid 16617] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 16618] <... set_robust_list resumed>) = 0 [pid 16617] <... set_robust_list resumed>) = 0 [pid 16618] rt_sigprocmask(SIG_SETMASK, [], [pid 16617] rt_sigprocmask(SIG_SETMASK, [], [pid 16618] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16617] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16617] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 16618] memfd_create("syzkaller", 0 [pid 16617] <... setxattr resumed>) = 0 [pid 16618] <... memfd_create resumed>) = 4 [pid 16618] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16618] close(4) = 0 [pid 16618] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 16613] <... futex resumed>) = 0 [pid 16613] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16613] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16614] <... futex resumed>) = 0 [pid 16614] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 16618] <... futex resumed>) = 1 [pid 16618] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16617] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16617] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16614] <... open resumed>) = 4 [pid 16614] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16613] <... futex resumed>) = 0 [pid 16613] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16613] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16614] <... futex resumed>) = 1 [pid 16614] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 16614] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16613] <... futex resumed>) = 0 [pid 16613] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16613] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16614] <... futex resumed>) = 1 [pid 16614] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 16614] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16613] <... futex resumed>) = 0 [pid 16613] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16613] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16614] <... futex resumed>) = 1 [pid 16614] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 16614] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16613] <... futex resumed>) = 0 [pid 16613] close(3) = 0 [pid 16613] close(4) = 0 [pid 16613] close(5) = 0 [pid 16613] close(6) = -1 EBADF (Bad file descriptor) [pid 16613] close(7) = -1 EBADF (Bad file descriptor) [pid 16613] close(8) = -1 EBADF (Bad file descriptor) [pid 16613] close(9) = -1 EBADF (Bad file descriptor) [pid 16613] close(10) = -1 EBADF (Bad file descriptor) [pid 16613] close(11) = -1 EBADF (Bad file descriptor) [pid 16613] close(12) = -1 EBADF (Bad file descriptor) [pid 16613] close(13) = -1 EBADF (Bad file descriptor) [pid 16613] close(14) = -1 EBADF (Bad file descriptor) [pid 16613] close(15) = -1 EBADF (Bad file descriptor) [pid 16613] close(16) = -1 EBADF (Bad file descriptor) [pid 16613] close(17) = -1 EBADF (Bad file descriptor) [pid 16613] close(18) = -1 EBADF (Bad file descriptor) [pid 16613] close(19) = -1 EBADF (Bad file descriptor) [pid 16613] close(20) = -1 EBADF (Bad file descriptor) [pid 16613] close(21) = -1 EBADF (Bad file descriptor) [pid 16613] close(22) = -1 EBADF (Bad file descriptor) [pid 16613] close(23) = -1 EBADF (Bad file descriptor) [pid 16613] close(24) = -1 EBADF (Bad file descriptor) [pid 16613] close(25) = -1 EBADF (Bad file descriptor) [pid 16613] close(26) = -1 EBADF (Bad file descriptor) [pid 16613] close(27) = -1 EBADF (Bad file descriptor) [pid 16613] close(28) = -1 EBADF (Bad file descriptor) [pid 16613] close(29) = -1 EBADF (Bad file descriptor) [pid 16613] exit_group(0) = ? [pid 16618] <... futex resumed>) = ? [pid 16618] +++ exited with 0 +++ [pid 16617] <... futex resumed>) = ? [pid 16617] +++ exited with 0 +++ [pid 16614] <... futex resumed>) = ? [pid 16614] +++ exited with 0 +++ [pid 16613] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10506, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] umount2("./2754", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2754", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2754/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2754/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2754/binderfs") = 0 [ 330.433556][T16614] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2754/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2754/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2754/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2754/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2754/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2754/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2754") = 0 [pid 289] mkdir("./2755", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10510 ./strace-static-x86_64: Process 16620 attached [pid 16620] set_robust_list(0x555556f746a0, 24) = 0 [pid 16620] chdir("./2755") = 0 [pid 16620] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16620] setpgid(0, 0) = 0 [pid 16620] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16620] write(3, "1000", 4) = 4 [pid 16620] close(3) = 0 [pid 16620] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16620] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16620] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 16620] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 16620] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 16620] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16620] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16620] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10511]}, 88) = 10511 [pid 16620] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16620] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16620] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 16621 attached [pid 16621] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 16621] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16621] memfd_create("syzkaller", 0) = 3 [pid 16621] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 16621] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16621] munmap(0x7fbc5eeed000, 262144) = 0 [pid 16621] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16621] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16621] close(3) = 0 [pid 16621] mkdir("./file1", 0777) = 0 [pid 16621] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16621] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16621] chdir("./file1") = 0 [pid 16621] ioctl(4, LOOP_CLR_FD) = 0 [pid 16621] close(4) = 0 [pid 16621] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16620] <... futex resumed>) = 0 [pid 16620] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16620] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16621] <... futex resumed>) = 1 [pid 16621] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 16621] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16620] <... futex resumed>) = 0 [pid 16620] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16620] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16620] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 16620] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16620] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16620] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[10512]}, 88) = 10512 [pid 16620] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16620] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16620] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16620] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 16620] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16620] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16620] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[10513]}, 88) = 10513 [pid 16620] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16620] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16620] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16621] <... futex resumed>) = 1 [pid 16621] memfd_create("syzkaller", 0) = 4 [pid 16621] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16621] close(4) = 0 [pid 16621] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16621] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 16624 attached [pid 16624] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 16624] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16624] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0) = 0 [pid 16624] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16624] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 16625 attached [pid 16625] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 16625] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16625] memfd_create("syzkaller", 0) = 4 [pid 16625] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16625] close(4) = 0 [pid 16625] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 16620] <... futex resumed>) = 0 [pid 16620] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16621] <... futex resumed>) = 0 [pid 16620] <... futex resumed>) = 1 [pid 16621] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 16620] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16625] <... futex resumed>) = 1 [pid 16625] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16621] <... open resumed>) = 4 [pid 16621] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16620] <... futex resumed>) = 0 [pid 16621] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 16620] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16621] <... mount resumed>) = 0 [pid 16620] <... futex resumed>) = 0 [pid 16621] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16620] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16621] <... futex resumed>) = 0 [pid 16620] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 16621] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 16620] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16621] <... open resumed>) = 5 [pid 16620] <... futex resumed>) = 0 [pid 16621] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16620] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16621] <... futex resumed>) = 0 [pid 16620] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 16621] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 16620] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16620] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16621] <... write resumed>) = 262144 [pid 16621] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16620] <... futex resumed>) = 0 [pid 16621] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16620] close(3) = 0 [pid 16620] close(4) = 0 [pid 16620] close(5) = 0 [pid 16620] close(6) = -1 EBADF (Bad file descriptor) [pid 16620] close(7) = -1 EBADF (Bad file descriptor) [pid 16620] close(8) = -1 EBADF (Bad file descriptor) [pid 16620] close(9) = -1 EBADF (Bad file descriptor) [pid 16620] close(10) = -1 EBADF (Bad file descriptor) [pid 16620] close(11) = -1 EBADF (Bad file descriptor) [pid 16620] close(12) = -1 EBADF (Bad file descriptor) [pid 16620] close(13) = -1 EBADF (Bad file descriptor) [pid 16620] close(14) = -1 EBADF (Bad file descriptor) [pid 16620] close(15) = -1 EBADF (Bad file descriptor) [pid 16620] close(16) = -1 EBADF (Bad file descriptor) [pid 16620] close(17) = -1 EBADF (Bad file descriptor) [pid 16620] close(18) = -1 EBADF (Bad file descriptor) [pid 16620] close(19) = -1 EBADF (Bad file descriptor) [pid 16620] close(20) = -1 EBADF (Bad file descriptor) [pid 16620] close(21) = -1 EBADF (Bad file descriptor) [pid 16620] close(22) = -1 EBADF (Bad file descriptor) [pid 16620] close(23) = -1 EBADF (Bad file descriptor) [pid 16620] close(24) = -1 EBADF (Bad file descriptor) [pid 16620] close(25) = -1 EBADF (Bad file descriptor) [pid 16620] close(26) = -1 EBADF (Bad file descriptor) [pid 16620] close(27) = -1 EBADF (Bad file descriptor) [pid 16620] close(28) = -1 EBADF (Bad file descriptor) [pid 16620] close(29) = -1 EBADF (Bad file descriptor) [pid 16620] exit_group(0) = ? [pid 16624] <... futex resumed>) = ? [pid 16624] +++ exited with 0 +++ [pid 16625] <... futex resumed>) = ? [pid 16621] <... futex resumed>) = ? [pid 16625] +++ exited with 0 +++ [pid 16621] +++ exited with 0 +++ [pid 16620] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10510, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2755", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2755", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2755/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2755/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2755/binderfs") = 0 [ 330.578482][T16621] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2755/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2755/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2755/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2755/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2755/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2755/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2755") = 0 [pid 289] mkdir("./2756", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10514 ./strace-static-x86_64: Process 16626 attached [pid 16626] set_robust_list(0x555556f746a0, 24) = 0 [pid 16626] chdir("./2756") = 0 [pid 16626] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16626] setpgid(0, 0) = 0 [pid 16626] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16626] write(3, "1000", 4) = 4 [pid 16626] close(3) = 0 [pid 16626] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16626] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16626] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 16626] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 16626] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 16626] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16626] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16626] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0}./strace-static-x86_64: Process 16627 attached => {parent_tid=[10515]}, 88) = 10515 [pid 16627] set_robust_list(0x7fbc6730d9a0, 24 [pid 16626] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16626] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16626] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16627] <... set_robust_list resumed>) = 0 [pid 16627] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16627] memfd_create("syzkaller", 0) = 3 [pid 16627] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 16627] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16627] munmap(0x7fbc5eeed000, 262144) = 0 [pid 16627] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16627] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16627] close(3) = 0 [pid 16627] mkdir("./file1", 0777) = 0 [pid 16627] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16627] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16627] chdir("./file1") = 0 [pid 16627] ioctl(4, LOOP_CLR_FD) = 0 [pid 16627] close(4) = 0 [pid 16627] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16626] <... futex resumed>) = 0 [pid 16626] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16626] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16627] <... futex resumed>) = 1 [pid 16627] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 16627] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16626] <... futex resumed>) = 0 [pid 16626] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16626] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16626] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 16626] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16626] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16626] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[10516]}, 88) = 10516 [pid 16626] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16626] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16626] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16626] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 16626] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16626] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16626] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[10517]}, 88) = 10517 [pid 16626] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16626] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16626] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16627] <... futex resumed>) = 1 [pid 16627] memfd_create("syzkaller", 0) = 4 [pid 16627] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16627] close(4) = 0 [pid 16627] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16627] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 16630 attached [pid 16630] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 ./strace-static-x86_64: Process 16631 attached [pid 16631] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 16630] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16630] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0) = 0 [pid 16630] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16630] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16631] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16631] memfd_create("syzkaller", 0) = 4 [pid 16631] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16631] close(4) = 0 [pid 16631] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 16626] <... futex resumed>) = 0 [pid 16626] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16626] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16627] <... futex resumed>) = 0 [pid 16627] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 16627] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16626] <... futex resumed>) = 0 [pid 16626] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16626] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16627] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 16627] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16626] <... futex resumed>) = 0 [pid 16626] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16626] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16627] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 16627] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16626] <... futex resumed>) = 0 [pid 16626] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16626] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16627] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 16631] <... futex resumed>) = 1 [pid 16631] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16627] <... write resumed>) = 262144 [pid 16627] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16626] <... futex resumed>) = 0 [pid 16626] close(3) = 0 [pid 16626] close(4) = 0 [pid 16626] close(5) = 0 [pid 16627] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16626] close(6) = -1 EBADF (Bad file descriptor) [pid 16626] close(7) = -1 EBADF (Bad file descriptor) [pid 16626] close(8) = -1 EBADF (Bad file descriptor) [pid 16626] close(9) = -1 EBADF (Bad file descriptor) [pid 16626] close(10) = -1 EBADF (Bad file descriptor) [pid 16626] close(11) = -1 EBADF (Bad file descriptor) [pid 16626] close(12) = -1 EBADF (Bad file descriptor) [pid 16626] close(13) = -1 EBADF (Bad file descriptor) [pid 16626] close(14) = -1 EBADF (Bad file descriptor) [pid 16626] close(15) = -1 EBADF (Bad file descriptor) [pid 16626] close(16) = -1 EBADF (Bad file descriptor) [pid 16626] close(17) = -1 EBADF (Bad file descriptor) [pid 16626] close(18) = -1 EBADF (Bad file descriptor) [pid 16626] close(19) = -1 EBADF (Bad file descriptor) [pid 16626] close(20) = -1 EBADF (Bad file descriptor) [pid 16626] close(21) = -1 EBADF (Bad file descriptor) [pid 16626] close(22) = -1 EBADF (Bad file descriptor) [pid 16626] close(23) = -1 EBADF (Bad file descriptor) [pid 16626] close(24) = -1 EBADF (Bad file descriptor) [pid 16626] close(25) = -1 EBADF (Bad file descriptor) [pid 16626] close(26) = -1 EBADF (Bad file descriptor) [pid 16626] close(27) = -1 EBADF (Bad file descriptor) [pid 16626] close(28) = -1 EBADF (Bad file descriptor) [pid 16626] close(29) = -1 EBADF (Bad file descriptor) [pid 16626] exit_group(0) = ? [pid 16627] <... futex resumed>) = ? [pid 16627] +++ exited with 0 +++ [pid 16631] <... futex resumed>) = ? [pid 16630] <... futex resumed>) = ? [pid 16630] +++ exited with 0 +++ [pid 16631] +++ exited with 0 +++ [pid 16626] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10514, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2756", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2756", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2756/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2756/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2756/binderfs") = 0 [ 330.705573][T16627] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2756/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2756/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2756/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2756/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2756/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2756/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2756") = 0 [pid 289] mkdir("./2757", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10518 ./strace-static-x86_64: Process 16632 attached [pid 16632] set_robust_list(0x555556f746a0, 24) = 0 [pid 16632] chdir("./2757") = 0 [pid 16632] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16632] setpgid(0, 0) = 0 [pid 16632] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16632] write(3, "1000", 4) = 4 [pid 16632] close(3) = 0 [pid 16632] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16632] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16632] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 16632] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 16632] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 16632] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16632] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16632] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10519]}, 88) = 10519 [pid 16632] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16632] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16632] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 16633 attached [pid 16633] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 16633] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16633] memfd_create("syzkaller", 0) = 3 [pid 16633] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 16633] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16633] munmap(0x7fbc5eeed000, 262144) = 0 [pid 16633] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16633] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16633] close(3) = 0 [pid 16633] mkdir("./file1", 0777) = 0 [pid 16633] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16633] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16633] chdir("./file1") = 0 [pid 16633] ioctl(4, LOOP_CLR_FD) = 0 [pid 16633] close(4) = 0 [pid 16633] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16633] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16632] <... futex resumed>) = 0 [pid 16632] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16632] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16633] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 16633] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 16633] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16632] <... futex resumed>) = 0 [pid 16632] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16632] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16632] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 16632] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE [pid 16633] memfd_create("syzkaller", 0) = 4 [pid 16633] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16633] close(4) = 0 [pid 16633] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16633] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16632] <... mprotect resumed>) = 0 [pid 16632] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16632] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[10520]}, 88) = 10520 [pid 16632] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16632] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16632] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16632] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 16636 attached [pid 16633] <... futex resumed>) = 0 [pid 16633] memfd_create("syzkaller", 0) = 4 [pid 16633] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16633] close(4) = 0 [pid 16633] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16632] <... futex resumed>) = 0 [pid 16633] <... futex resumed>) = 1 [pid 16632] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16633] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 16632] <... futex resumed>) = 0 [pid 16632] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16633] <... open resumed>) = 4 [pid 16633] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16632] <... futex resumed>) = 0 [pid 16632] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16633] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 16632] <... futex resumed>) = 0 [pid 16632] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16633] <... mount resumed>) = 0 [pid 16633] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16632] <... futex resumed>) = 0 [pid 16633] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16632] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16633] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 16632] <... futex resumed>) = 0 [pid 16633] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 16632] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16633] <... open resumed>) = 5 [pid 16633] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16632] <... futex resumed>) = 0 [pid 16633] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 16632] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16632] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16636] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 16633] <... write resumed>) = 262144 [pid 16633] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16636] rt_sigprocmask(SIG_SETMASK, [], [pid 16633] <... futex resumed>) = 1 [pid 16632] <... futex resumed>) = 0 [pid 16636] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16633] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16636] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 16636] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16632] close(3) = 0 [pid 16632] close(4) = 0 [pid 16632] close(5 [pid 16636] <... futex resumed>) = 0 [pid 16632] <... close resumed>) = 0 [pid 16632] close(6) = -1 EBADF (Bad file descriptor) [pid 16632] close(7) = -1 EBADF (Bad file descriptor) [pid 16632] close(8) = -1 EBADF (Bad file descriptor) [pid 16632] close(9) = -1 EBADF (Bad file descriptor) [pid 16632] close(10) = -1 EBADF (Bad file descriptor) [pid 16632] close(11) = -1 EBADF (Bad file descriptor) [pid 16632] close(12) = -1 EBADF (Bad file descriptor) [pid 16632] close(13) = -1 EBADF (Bad file descriptor) [pid 16632] close(14) = -1 EBADF (Bad file descriptor) [pid 16632] close(15) = -1 EBADF (Bad file descriptor) [pid 16632] close(16) = -1 EBADF (Bad file descriptor) [pid 16632] close(17) = -1 EBADF (Bad file descriptor) [pid 16632] close(18) = -1 EBADF (Bad file descriptor) [pid 16632] close(19) = -1 EBADF (Bad file descriptor) [pid 16632] close(20) = -1 EBADF (Bad file descriptor) [pid 16632] close(21) = -1 EBADF (Bad file descriptor) [pid 16632] close(22) = -1 EBADF (Bad file descriptor) [pid 16632] close(23) = -1 EBADF (Bad file descriptor) [pid 16632] close(24) = -1 EBADF (Bad file descriptor) [pid 16632] close(25) = -1 EBADF (Bad file descriptor) [pid 16632] close(26) = -1 EBADF (Bad file descriptor) [pid 16632] close(27) = -1 EBADF (Bad file descriptor) [pid 16632] close(28) = -1 EBADF (Bad file descriptor) [pid 16632] close(29) = -1 EBADF (Bad file descriptor) [pid 16632] exit_group(0 [pid 16633] <... futex resumed>) = ? [pid 16632] <... exit_group resumed>) = ? [pid 16633] +++ exited with 0 +++ [pid 16636] +++ exited with 0 +++ [pid 16632] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10518, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2757", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2757", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2757/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2757/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2757/binderfs") = 0 [ 330.823212][T16633] EXT4-fs (loop0): 1 truncate cleaned up [ 330.844536][T16636] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5886: Corrupt filesystem [pid 289] umount2("./2757/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2757/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2757/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2757/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2757/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2757/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2757") = 0 [pid 289] mkdir("./2758", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10521 ./strace-static-x86_64: Process 16637 attached [pid 16637] set_robust_list(0x555556f746a0, 24) = 0 [pid 16637] chdir("./2758") = 0 [pid 16637] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16637] setpgid(0, 0) = 0 [pid 16637] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16637] write(3, "1000", 4) = 4 [pid 16637] close(3) = 0 [pid 16637] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16637] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16637] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 16637] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 16637] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 16637] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16637] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16637] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10522]}, 88) = 10522 [pid 16637] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16637] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16637] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 16638 attached [pid 16638] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 16638] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16638] memfd_create("syzkaller", 0) = 3 [pid 16638] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 16638] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16638] munmap(0x7fbc5eeed000, 262144) = 0 [pid 16638] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16638] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16638] close(3) = 0 [pid 16638] mkdir("./file1", 0777) = 0 [pid 16638] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16638] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16638] chdir("./file1") = 0 [pid 16638] ioctl(4, LOOP_CLR_FD) = 0 [pid 16638] close(4) = 0 [pid 16638] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16637] <... futex resumed>) = 0 [pid 16637] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16637] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16638] <... futex resumed>) = 1 [pid 16638] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 16638] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16637] <... futex resumed>) = 0 [pid 16637] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16637] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16637] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 16637] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16637] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16637] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[10523]}, 88) = 10523 [pid 16637] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16637] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16637] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16637] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 16637] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16637] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16637] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[10524]}, 88) = 10524 [pid 16637] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16637] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16637] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16638] <... futex resumed>) = 1 [pid 16638] memfd_create("syzkaller", 0) = 4 [pid 16638] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16638] close(4) = 0 [pid 16638] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16638] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 16641 attached [pid 16641] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 16641] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16641] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0) = 0 [pid 16641] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16641] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 16642 attached [pid 16642] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 16642] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16642] memfd_create("syzkaller", 0) = 4 [pid 16642] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16642] close(4) = 0 [pid 16642] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 16637] <... futex resumed>) = 0 [pid 16637] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16638] <... futex resumed>) = 0 [pid 16637] <... futex resumed>) = 1 [pid 16638] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 16637] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16638] <... open resumed>) = 4 [pid 16638] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16637] <... futex resumed>) = 0 [pid 16638] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 16637] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16638] <... mount resumed>) = 0 [pid 16637] <... futex resumed>) = 0 [pid 16638] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16637] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16638] <... futex resumed>) = 0 [pid 16637] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 16638] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 16637] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16638] <... open resumed>) = 5 [pid 16637] <... futex resumed>) = 0 [pid 16638] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16637] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16638] <... futex resumed>) = 0 [pid 16637] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 16638] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 16637] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16637] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16642] <... futex resumed>) = 1 [pid 16642] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16638] <... write resumed>) = 262144 [pid 16638] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16637] <... futex resumed>) = 0 [pid 16637] close(3) = 0 [pid 16637] close(4) = 0 [pid 16637] close(5) = 0 [pid 16637] close(6) = -1 EBADF (Bad file descriptor) [pid 16637] close(7) = -1 EBADF (Bad file descriptor) [pid 16637] close(8) = -1 EBADF (Bad file descriptor) [pid 16637] close(9) = -1 EBADF (Bad file descriptor) [pid 16637] close(10) = -1 EBADF (Bad file descriptor) [pid 16637] close(11) = -1 EBADF (Bad file descriptor) [pid 16637] close(12) = -1 EBADF (Bad file descriptor) [pid 16637] close(13) = -1 EBADF (Bad file descriptor) [pid 16637] close(14) = -1 EBADF (Bad file descriptor) [pid 16637] close(15) = -1 EBADF (Bad file descriptor) [pid 16637] close(16) = -1 EBADF (Bad file descriptor) [pid 16637] close(17) = -1 EBADF (Bad file descriptor) [pid 16637] close(18) = -1 EBADF (Bad file descriptor) [pid 16637] close(19) = -1 EBADF (Bad file descriptor) [pid 16637] close(20) = -1 EBADF (Bad file descriptor) [pid 16637] close(21) = -1 EBADF (Bad file descriptor) [pid 16637] close(22) = -1 EBADF (Bad file descriptor) [pid 16637] close(23) = -1 EBADF (Bad file descriptor) [pid 16637] close(24) = -1 EBADF (Bad file descriptor) [pid 16637] close(25) = -1 EBADF (Bad file descriptor) [pid 16637] close(26) = -1 EBADF (Bad file descriptor) [pid 16637] close(27) = -1 EBADF (Bad file descriptor) [pid 16637] close(28) = -1 EBADF (Bad file descriptor) [pid 16637] close(29) = -1 EBADF (Bad file descriptor) [pid 16637] exit_group(0 [pid 16641] <... futex resumed>) = ? [pid 16637] <... exit_group resumed>) = ? [pid 16641] +++ exited with 0 +++ [pid 16638] <... futex resumed>) = ? [pid 16638] +++ exited with 0 +++ [pid 16642] <... futex resumed>) = ? [pid 16642] +++ exited with 0 +++ [pid 16637] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10521, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2758", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2758", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2758/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2758/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2758/binderfs") = 0 [ 330.942580][T16638] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2758/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2758/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2758/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2758/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2758/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2758/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2758") = 0 [pid 289] mkdir("./2759", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10525 ./strace-static-x86_64: Process 16643 attached [pid 16643] set_robust_list(0x555556f746a0, 24) = 0 [pid 16643] chdir("./2759") = 0 [pid 16643] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16643] setpgid(0, 0) = 0 [pid 16643] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16643] write(3, "1000", 4) = 4 [pid 16643] close(3) = 0 [pid 16643] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16643] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16643] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 16643] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 16643] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 16643] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16643] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16643] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10526]}, 88) = 10526 [pid 16643] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16643] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16643] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 16644 attached [pid 16644] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 16644] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16644] memfd_create("syzkaller", 0) = 3 [pid 16644] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 16644] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16644] munmap(0x7fbc5eeed000, 262144) = 0 [pid 16644] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16644] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16644] close(3) = 0 [pid 16644] mkdir("./file1", 0777) = 0 [pid 16644] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16644] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16644] chdir("./file1") = 0 [pid 16644] ioctl(4, LOOP_CLR_FD) = 0 [pid 16644] close(4) = 0 [pid 16644] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16643] <... futex resumed>) = 0 [pid 16643] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16643] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16644] <... futex resumed>) = 1 [pid 16644] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 16644] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16643] <... futex resumed>) = 0 [pid 16643] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16643] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16643] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 16643] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16643] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16643] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[10527]}, 88) = 10527 [pid 16643] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16643] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16643] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16643] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 16643] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16643] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16643] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[10528]}, 88) = 10528 [pid 16643] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16643] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16643] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 16644] <... futex resumed>) = 1 [pid 16644] memfd_create("syzkaller", 0) = 4 [pid 16644] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16644] close(4) = 0 [pid 16644] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16644] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 16647 attached [pid 16647] set_robust_list(0x7fbc5ef2c9a0, 24) = 0 [pid 16647] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16647] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0) = 0 [pid 16647] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16647] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 16648 attached [pid 16648] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 16648] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16648] memfd_create("syzkaller", 0) = 4 [pid 16648] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16648] close(4) = 0 [pid 16648] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 16643] <... futex resumed>) = 0 [pid 16643] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16644] <... futex resumed>) = 0 [pid 16643] <... futex resumed>) = 1 [pid 16644] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 16643] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16648] <... futex resumed>) = 1 [pid 16648] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16644] <... open resumed>) = 4 [pid 16644] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16643] <... futex resumed>) = 0 [pid 16643] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16643] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16644] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 16644] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16643] <... futex resumed>) = 0 [pid 16643] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16643] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16644] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 16644] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16643] <... futex resumed>) = 0 [pid 16643] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16644] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 16643] <... futex resumed>) = 0 [pid 16643] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16644] <... write resumed>) = 262144 [pid 16644] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16643] <... futex resumed>) = 0 [pid 16643] close(3) = 0 [pid 16643] close(4) = 0 [pid 16643] close(5) = 0 [pid 16643] close(6) = -1 EBADF (Bad file descriptor) [pid 16643] close(7) = -1 EBADF (Bad file descriptor) [pid 16643] close(8) = -1 EBADF (Bad file descriptor) [pid 16643] close(9) = -1 EBADF (Bad file descriptor) [pid 16643] close(10) = -1 EBADF (Bad file descriptor) [pid 16643] close(11) = -1 EBADF (Bad file descriptor) [pid 16643] close(12) = -1 EBADF (Bad file descriptor) [pid 16643] close(13) = -1 EBADF (Bad file descriptor) [pid 16643] close(14) = -1 EBADF (Bad file descriptor) [pid 16643] close(15) = -1 EBADF (Bad file descriptor) [pid 16643] close(16) = -1 EBADF (Bad file descriptor) [pid 16643] close(17) = -1 EBADF (Bad file descriptor) [pid 16643] close(18) = -1 EBADF (Bad file descriptor) [pid 16643] close(19) = -1 EBADF (Bad file descriptor) [pid 16643] close(20) = -1 EBADF (Bad file descriptor) [pid 16643] close(21) = -1 EBADF (Bad file descriptor) [pid 16643] close(22) = -1 EBADF (Bad file descriptor) [pid 16643] close(23) = -1 EBADF (Bad file descriptor) [pid 16643] close(24) = -1 EBADF (Bad file descriptor) [pid 16643] close(25) = -1 EBADF (Bad file descriptor) [pid 16643] close(26) = -1 EBADF (Bad file descriptor) [pid 16643] close(27) = -1 EBADF (Bad file descriptor) [pid 16643] close(28) = -1 EBADF (Bad file descriptor) [pid 16643] close(29) = -1 EBADF (Bad file descriptor) [pid 16643] exit_group(0 [pid 16647] <... futex resumed>) = ? [pid 16644] <... futex resumed>) = ? [pid 16643] <... exit_group resumed>) = ? [pid 16647] +++ exited with 0 +++ [pid 16644] +++ exited with 0 +++ [pid 16648] <... futex resumed>) = ? [pid 16648] +++ exited with 0 +++ [pid 16643] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10525, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2759", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2759", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2759/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2759/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2759/binderfs") = 0 [pid 289] umount2("./2759/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2759/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2759/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2759/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2759/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2759/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2759") = 0 [pid 289] mkdir("./2760", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10529 ./strace-static-x86_64: Process 16649 attached [pid 16649] set_robust_list(0x555556f746a0, 24) = 0 [pid 16649] chdir("./2760") = 0 [pid 16649] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16649] setpgid(0, 0) = 0 [pid 16649] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16649] write(3, "1000", 4) = 4 [pid 16649] close(3) = 0 [pid 16649] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16649] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16649] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 16649] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 16649] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 16649] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16649] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16649] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10530]}, 88) = 10530 [pid 16649] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16649] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16649] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 16650 attached [pid 16650] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 16650] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16650] memfd_create("syzkaller", 0) = 3 [pid 16650] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 16650] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16650] munmap(0x7fbc5eeed000, 262144) = 0 [pid 16650] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16650] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16650] close(3) = 0 [pid 16650] mkdir("./file1", 0777) = 0 [ 331.048923][T16644] EXT4-fs (loop0): 1 truncate cleaned up [pid 16650] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16650] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16650] chdir("./file1") = 0 [pid 16650] ioctl(4, LOOP_CLR_FD) = 0 [pid 16650] close(4) = 0 [pid 16650] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16649] <... futex resumed>) = 0 [pid 16649] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16649] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16650] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 16650] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16649] <... futex resumed>) = 0 [pid 16649] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16649] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16649] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 16650] <... futex resumed>) = 1 [pid 16649] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16649] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16649] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} [pid 16650] memfd_create("syzkaller", 0 [pid 16649] <... clone3 resumed> => {parent_tid=[10531]}, 88) = 10531 ./strace-static-x86_64: Process 16653 attached [pid 16649] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16649] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16649] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16649] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 16649] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16649] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16649] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[10532]}, 88) = 10532 [pid 16649] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16649] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16649] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 16654 attached [pid 16654] set_robust_list(0x7fbc5ef0b9a0, 24) = 0 [pid 16654] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16654] memfd_create("syzkaller", 0) = 4 [pid 16654] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16654] close(4) = 0 [pid 16654] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 16649] <... futex resumed>) = 0 [pid 16649] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16649] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16654] <... futex resumed>) = 1 [pid 16654] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 16653] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 16650] <... memfd_create resumed>) = 5 [pid 16653] <... set_robust_list resumed>) = 0 [pid 16650] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 16654] <... open resumed>) = 4 [pid 16653] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16653] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 16650] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 16654] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 16653] <... setxattr resumed>) = 0 [pid 16653] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16653] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16650] close(5) = 0 [pid 16650] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16650] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16649] <... futex resumed>) = 0 [pid 16649] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16650] <... futex resumed>) = 0 [pid 16649] <... futex resumed>) = 1 [pid 16650] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 16649] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16650] <... mount resumed>) = 0 [pid 16650] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16649] <... futex resumed>) = 0 [pid 16650] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 16649] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16650] <... open resumed>) = 5 [pid 16649] <... futex resumed>) = 0 [pid 16650] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16649] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16650] <... futex resumed>) = 0 [pid 16649] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 16650] write(5, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 16649] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16654] <... futex resumed>) = 1 [pid 16649] <... futex resumed>) = 0 [pid 16654] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16649] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16650] <... write resumed>) = 262144 [pid 16650] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16650] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16649] <... futex resumed>) = 0 [pid 16649] close(3) = 0 [pid 16649] close(4) = 0 [pid 16649] close(5) = 0 [pid 16649] close(6) = -1 EBADF (Bad file descriptor) [pid 16649] close(7) = -1 EBADF (Bad file descriptor) [pid 16649] close(8) = -1 EBADF (Bad file descriptor) [pid 16649] close(9) = -1 EBADF (Bad file descriptor) [pid 16649] close(10) = -1 EBADF (Bad file descriptor) [pid 16649] close(11) = -1 EBADF (Bad file descriptor) [pid 16649] close(12) = -1 EBADF (Bad file descriptor) [pid 16649] close(13) = -1 EBADF (Bad file descriptor) [pid 16649] close(14) = -1 EBADF (Bad file descriptor) [pid 16649] close(15) = -1 EBADF (Bad file descriptor) [pid 16649] close(16) = -1 EBADF (Bad file descriptor) [pid 16649] close(17) = -1 EBADF (Bad file descriptor) [pid 16649] close(18) = -1 EBADF (Bad file descriptor) [pid 16649] close(19) = -1 EBADF (Bad file descriptor) [pid 16649] close(20) = -1 EBADF (Bad file descriptor) [pid 16649] close(21) = -1 EBADF (Bad file descriptor) [pid 16649] close(22) = -1 EBADF (Bad file descriptor) [pid 16649] close(23) = -1 EBADF (Bad file descriptor) [pid 16649] close(24) = -1 EBADF (Bad file descriptor) [pid 16649] close(25) = -1 EBADF (Bad file descriptor) [pid 16649] close(26) = -1 EBADF (Bad file descriptor) [pid 16649] close(27) = -1 EBADF (Bad file descriptor) [pid 16649] close(28) = -1 EBADF (Bad file descriptor) [pid 16649] close(29) = -1 EBADF (Bad file descriptor) [pid 16649] exit_group(0) = ? [pid 16650] <... futex resumed>) = ? [pid 16650] +++ exited with 0 +++ [pid 16653] <... futex resumed>) = ? [pid 16653] +++ exited with 0 +++ [pid 16654] <... futex resumed>) = ? [pid 16654] +++ exited with 0 +++ [pid 16649] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10529, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [pid 289] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 289] umount2("./2760", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2760", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2760/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2760/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2760/binderfs") = 0 [ 331.108833][T16650] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2760/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2760/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2760/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2760/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2760/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2760/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2760") = 0 [pid 289] mkdir("./2761", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 289] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 289] close(3) = 0 [pid 289] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f74690) = 10533 ./strace-static-x86_64: Process 16655 attached [pid 16655] set_robust_list(0x555556f746a0, 24) = 0 [pid 16655] chdir("./2761") = 0 [pid 16655] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 16655] setpgid(0, 0) = 0 [pid 16655] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 16655] write(3, "1000", 4) = 4 [pid 16655] close(3) = 0 [pid 16655] symlink("/dev/binderfs", "./binderfs") = 0 [pid 16655] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16655] rt_sigaction(SIGRT_1, {sa_handler=0x7fbc67377610, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc673687c0}, NULL, 8) = 0 [pid 16655] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 16655] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc672ed000 [pid 16655] mprotect(0x7fbc672ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16655] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16655] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc6730d990, parent_tid=0x7fbc6730d990, exit_signal=0, stack=0x7fbc672ed000, stack_size=0x20300, tls=0x7fbc6730d6c0} => {parent_tid=[10534]}, 88) = 10534 [pid 16655] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16655] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16655] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 16656 attached [pid 16656] set_robust_list(0x7fbc6730d9a0, 24) = 0 [pid 16656] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16656] memfd_create("syzkaller", 0) = 3 [pid 16656] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc5eeed000 [pid 16656] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 16656] munmap(0x7fbc5eeed000, 262144) = 0 [pid 16656] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 16656] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 16656] close(3) = 0 [pid 16656] mkdir("./file1", 0777) = 0 [pid 16656] mount("/dev/loop0", "./file1", "ext4", 0, "inode_readahead_blks=0x0000000000000000,init_itable=0x0000000000000009,errors=continue") = 0 [pid 16656] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 16656] chdir("./file1") = 0 [pid 16656] ioctl(4, LOOP_CLR_FD) = 0 [pid 16656] close(4) = 0 [pid 16656] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16655] <... futex resumed>) = 0 [pid 16655] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16655] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16656] <... futex resumed>) = 1 [pid 16656] setxattr("./file1", NULL, NULL, 0, 0) = -1 EFAULT (Bad address) [pid 16656] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16655] <... futex resumed>) = 0 [pid 16655] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16655] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16655] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5ef0c000 [pid 16655] mprotect(0x7fbc5ef0d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16655] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16655] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef2c990, parent_tid=0x7fbc5ef2c990, exit_signal=0, stack=0x7fbc5ef0c000, stack_size=0x20300, tls=0x7fbc5ef2c6c0} => {parent_tid=[10535]}, 88) = 10535 [pid 16655] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16655] futex(0x7fbc673d96d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16655] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16655] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc5eeeb000 [pid 16655] mprotect(0x7fbc5eeec000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 16655] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 16655] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc5ef0b990, parent_tid=0x7fbc5ef0b990, exit_signal=0, stack=0x7fbc5eeeb000, stack_size=0x20300, tls=0x7fbc5ef0b6c0} => {parent_tid=[10536]}, 88) = 10536 [pid 16655] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 16655] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16655] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 16660 attached ./strace-static-x86_64: Process 16659 attached [pid 16656] <... futex resumed>) = 1 [pid 16660] set_robust_list(0x7fbc5ef0b9a0, 24 [pid 16659] set_robust_list(0x7fbc5ef2c9a0, 24 [pid 16656] memfd_create("syzkaller", 0 [pid 16660] <... set_robust_list resumed>) = 0 [pid 16660] rt_sigprocmask(SIG_SETMASK, [], [pid 16659] <... set_robust_list resumed>) = 0 [pid 16656] <... memfd_create resumed>) = 4 [pid 16660] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16659] rt_sigprocmask(SIG_SETMASK, [], [pid 16656] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 16660] memfd_create("syzkaller", 0 [pid 16659] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 16656] <... mmap resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 16660] <... memfd_create resumed>) = 5 [pid 16659] setxattr("./file1", "trusted.overlay.upper", NULL, 0, 0 [pid 16656] close(4 [pid 16660] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) [pid 16660] close(5) = 0 [pid 16660] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 16655] <... futex resumed>) = 0 [pid 16655] futex(0x7fbc673d96e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16655] futex(0x7fbc673d96ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16660] <... futex resumed>) = 1 [pid 16660] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 16659] <... setxattr resumed>) = 0 [pid 16656] <... close resumed>) = 0 [pid 16659] futex(0x7fbc673d96dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16656] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 16660] <... open resumed>) = 5 [pid 16656] <... futex resumed>) = 0 [pid 16659] <... futex resumed>) = 0 [pid 16660] futex(0x7fbc673d96ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 16656] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16659] futex(0x7fbc673d96d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16655] <... futex resumed>) = 0 [pid 16655] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16655] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16660] <... futex resumed>) = 1 [pid 16660] futex(0x7fbc673d96e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16656] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 16656] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 16656] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16655] <... futex resumed>) = 0 [pid 16655] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 16655] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16656] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 4 [pid 16656] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16655] <... futex resumed>) = 0 [pid 16655] futex(0x7fbc673d96c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 16656] write(4, "\x30\x30\x30\x30\x30\x39\x00\x80\x65\x62\x75\x67\x5f\x77\x61\x6e\x74\x5f\x65\x78\x74\x72\x61\x5f\x69\x73\x69\x7a\x65\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x62\x68\x2c\x64\x69\x6f\x72\x65\x61\x64\x5f\x6c\x6f\x63\x6b\x2c\x67\x72\x70\x71\x75\x6f\x74\x61\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 16655] <... futex resumed>) = 0 [pid 16655] futex(0x7fbc673d96cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 16656] <... write resumed>) = 262144 [pid 16656] futex(0x7fbc673d96cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 16655] <... futex resumed>) = 0 [pid 16656] futex(0x7fbc673d96c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 16655] close(3) = 0 [pid 16655] close(4) = 0 [pid 16655] close(5) = 0 [pid 16655] close(6) = -1 EBADF (Bad file descriptor) [pid 16655] close(7) = -1 EBADF (Bad file descriptor) [pid 16655] close(8) = -1 EBADF (Bad file descriptor) [pid 16655] close(9) = -1 EBADF (Bad file descriptor) [pid 16655] close(10) = -1 EBADF (Bad file descriptor) [pid 16655] close(11) = -1 EBADF (Bad file descriptor) [pid 16655] close(12) = -1 EBADF (Bad file descriptor) [pid 16655] close(13) = -1 EBADF (Bad file descriptor) [pid 16655] close(14) = -1 EBADF (Bad file descriptor) [pid 16655] close(15) = -1 EBADF (Bad file descriptor) [pid 16655] close(16) = -1 EBADF (Bad file descriptor) [pid 16655] close(17) = -1 EBADF (Bad file descriptor) [pid 16655] close(18) = -1 EBADF (Bad file descriptor) [pid 16655] close(19) = -1 EBADF (Bad file descriptor) [pid 16655] close(20) = -1 EBADF (Bad file descriptor) [pid 16655] close(21) = -1 EBADF (Bad file descriptor) [pid 16655] close(22) = -1 EBADF (Bad file descriptor) [pid 16655] close(23) = -1 EBADF (Bad file descriptor) [pid 16655] close(24) = -1 EBADF (Bad file descriptor) [pid 16655] close(25) = -1 EBADF (Bad file descriptor) [pid 16655] close(26) = -1 EBADF (Bad file descriptor) [pid 16655] close(27) = -1 EBADF (Bad file descriptor) [pid 16655] close(28) = -1 EBADF (Bad file descriptor) [pid 16655] close(29) = -1 EBADF (Bad file descriptor) [pid 16655] exit_group(0 [pid 16660] <... futex resumed>) = ? [pid 16659] <... futex resumed>) = ? [pid 16656] <... futex resumed>) = ? [pid 16655] <... exit_group resumed>) = ? [pid 16660] +++ exited with 0 +++ [pid 16659] +++ exited with 0 +++ [pid 16656] +++ exited with 0 +++ [pid 16655] +++ exited with 0 +++ [pid 289] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10533, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 289] umount2("./2761", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2761", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 289] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(3, 0x555556f75730 /* 4 entries */, 32768) = 112 [pid 289] umount2("./2761/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2761/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] unlink("./2761/binderfs") = 0 [ 331.209574][T16656] EXT4-fs (loop0): 1 truncate cleaned up [pid 289] umount2("./2761/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [pid 289] umount2("./2761/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] newfstatat(AT_FDCWD, "./2761/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 289] umount2("./2761/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 289] openat(AT_FDCWD, "./2761/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 289] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 289] getdents64(4, 0x555556f7d770 /* 2 entries */, 32768) = 48 [pid 289] getdents64(4, 0x555556f7d770 /* 0 entries */, 32768) = 0 [pid 289] close(4) = 0 [pid 289] rmdir("./2761/file1") = 0 [pid 289] getdents64(3, 0x555556f75730 /* 0 entries */, 32768) = 0 [pid 289] close(3) = 0 [pid 289] rmdir("./2761") = 0 [pid 289] mkdir("./2762", 0777) = 0 [pid 289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3