./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2484517165 <...> DUID 00:04:e3:38:52:80:67:3f:e9:c9:a2:47:22:a3:59:23:7d:1e forked to background, child pid 5490 [ 49.934104][ T5491] 8021q: adding VLAN 0 to HW filter on device bond0 [ 49.949992][ T5491] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.92' (ED25519) to the list of known hosts. execve("./syz-executor2484517165", ["./syz-executor2484517165"], 0x7ffd0bab0f50 /* 10 vars */) = 0 brk(NULL) = 0x555589733000 brk(0x555589733d40) = 0x555589733d40 arch_prctl(ARCH_SET_FS, 0x5555897333c0) = 0 set_tid_address(0x555589733690) = 5821 set_robust_list(0x5555897336a0, 24) = 0 rseq(0x555589733ce0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2484517165", 4096) = 28 getrandom("\x5e\x8a\xdc\xa5\x62\x9f\x06\x73", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555589733d40 brk(0x555589754d40) = 0x555589754d40 brk(0x555589755000) = 0x555589755000 mprotect(0x7f17bbe15000, 16384, PROT_READ) = 0 mmap(0x3ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x3ffffffff000 mmap(0x400000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x400000000000 mmap(0x400001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x400001000000 mkdir("./syzkaller.iS4ler", 0700) = 0 chmod("./syzkaller.iS4ler", 0777) = 0 chdir("./syzkaller.iS4ler") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5822 attached [pid 5822] set_robust_list(0x5555897336a0, 24 [pid 5821] <... clone resumed>, child_tidptr=0x555589733690) = 5822 [pid 5822] <... set_robust_list resumed>) = 0 [pid 5822] chdir("./0") = 0 [pid 5822] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5822] setpgid(0, 0) = 0 [pid 5822] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5822] write(3, "1000", 4) = 4 [pid 5822] close(3) = 0 [pid 5822] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5822] write(1, "executing program\n", 18) = 18 [pid 5822] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5822] rt_sigaction(SIGRT_1, {sa_handler=0x7f17bbd941f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f17bbd853a0}, NULL, 8) = 0 [pid 5822] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5822] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17bbd04000 [pid 5822] mprotect(0x7f17bbd05000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5822] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5822] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17bbd24990, parent_tid=0x7f17bbd24990, exit_signal=0, stack=0x7f17bbd04000, stack_size=0x20300, tls=0x7f17bbd246c0}./strace-static-x86_64: Process 5824 attached [pid 5824] rseq(0x7f17bbd24fe0, 0x20, 0, 0x53053053 [pid 5822] <... clone3 resumed> => {parent_tid=[5824]}, 88) = 5824 [pid 5822] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5822] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5822] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5824] <... rseq resumed>) = 0 [pid 5824] set_robust_list(0x7f17bbd249a0, 24) = 0 [pid 5824] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5824] memfd_create("syzkaller", 0) = 3 [pid 5824] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17b3800000 [pid 5824] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5824] munmap(0x7f17b3800000, 138412032) = 0 [pid 5824] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5824] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5824] close(3) = 0 [pid 5824] close(4) = 0 [pid 5824] mkdir("./file0", 0777) = 0 [pid 5824] mount("/dev/loop0", "./file0", "jfs", MS_REC, "") = 0 [pid 5824] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 syzkaller login: [ 79.320362][ T5824] loop0: detected capacity change from 0 to 32768 [pid 5824] chdir("./file0") = 0 [pid 5824] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5824] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5822] <... futex resumed>) = 0 [pid 5824] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5822] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5824] <... futex resumed>) = 0 [pid 5822] <... futex resumed>) = 1 [pid 5822] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5824] creat("./file1", 004) = 4 [pid 5824] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5822] <... futex resumed>) = 0 [pid 5824] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5822] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5824] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5822] <... futex resumed>) = 0 [pid 5824] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 392007683 [pid 5822] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5822] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5822] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17bbce3000 [pid 5822] mprotect(0x7f17bbce4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5822] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5822] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17bbd03990, parent_tid=0x7f17bbd03990, exit_signal=0, stack=0x7f17bbce3000, stack_size=0x20300, tls=0x7f17bbd036c0}./strace-static-x86_64: Process 5825 attached => {parent_tid=[5825]}, 88) = 5825 [pid 5825] rseq(0x7f17bbd03fe0, 0x20, 0, 0x53053053 [pid 5822] rt_sigprocmask(SIG_SETMASK, [], [pid 5825] <... rseq resumed>) = 0 [pid 5822] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5825] set_robust_list(0x7f17bbd039a0, 24 [pid 5822] futex(0x7f17bbe1b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5825] <... set_robust_list resumed>) = 0 [pid 5822] <... futex resumed>) = 0 [pid 5825] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5822] futex(0x7f17bbe1b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5825] memfd_create("syzkaller", 0) = 5 [pid 5825] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17b3800000 [pid 5825] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5825] munmap(0x7f17b3800000, 138412032) = 0 [ 79.553188][ T5824] ERROR: (device loop0): dbAdjCtl: the maximum free buddy is not the old root [ 79.553188][ T5824] [ 79.565696][ T5824] ERROR: (device loop0): remounting filesystem as read-only [pid 5825] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5825] close(5) = 0 [pid 5825] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5822] <... futex resumed>) = 0 [pid 5825] quotactl(QCMD(Q_SETINFO, USRQUOTA), NULL, NULL [pid 5822] futex(0x7f17bbe1b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5825] <... quotactl resumed>) = -1 ENODEV (No such device) [pid 5822] <... futex resumed>) = 0 [pid 5825] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5822] futex(0x7f17bbe1b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5825] futex(0x7f17bbe1b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5822] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5824] <... write resumed>) = 15335424 [pid 5824] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5824] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5822] exit_group(0 [pid 5825] <... futex resumed>) = ? [pid 5824] <... futex resumed>) = ? [pid 5822] <... exit_group resumed>) = ? [pid 5825] +++ exited with 0 +++ [pid 5824] +++ exited with 0 +++ [pid 5822] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5822, si_uid=0, si_status=0, si_utime=0, si_stime=56 /* 0.56 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555589734730 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558973c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558973c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file0") = 0 getdents64(3, 0x555589734730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5826 attached , child_tidptr=0x555589733690) = 5826 [pid 5826] set_robust_list(0x5555897336a0, 24) = 0 [pid 5826] chdir("./1") = 0 [pid 5826] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5826] setpgid(0, 0) = 0 [pid 5826] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5826] write(3, "1000", 4) = 4 [pid 5826] close(3) = 0 [pid 5826] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5826] write(1, "executing program\n", 18) = 18 [pid 5826] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5826] rt_sigaction(SIGRT_1, {sa_handler=0x7f17bbd941f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f17bbd853a0}, NULL, 8) = 0 [pid 5826] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5826] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17bbd04000 [pid 5826] mprotect(0x7f17bbd05000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5826] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5826] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17bbd24990, parent_tid=0x7f17bbd24990, exit_signal=0, stack=0x7f17bbd04000, stack_size=0x20300, tls=0x7f17bbd246c0}./strace-static-x86_64: Process 5827 attached [pid 5827] rseq(0x7f17bbd24fe0, 0x20, 0, 0x53053053) = 0 [pid 5826] <... clone3 resumed> => {parent_tid=[5827]}, 88) = 5827 [pid 5827] set_robust_list(0x7f17bbd249a0, 24 [pid 5826] rt_sigprocmask(SIG_SETMASK, [], [pid 5827] <... set_robust_list resumed>) = 0 [pid 5826] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5827] rt_sigprocmask(SIG_SETMASK, [], [pid 5826] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5827] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5826] <... futex resumed>) = 0 [pid 5827] memfd_create("syzkaller", 0 [pid 5826] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5827] <... memfd_create resumed>) = 3 [pid 5827] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17b3800000 [pid 5827] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5827] munmap(0x7f17b3800000, 138412032) = 0 [pid 5827] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5827] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5827] close(3) = 0 [pid 5827] close(4) = 0 [pid 5827] mkdir("./file0", 0777) = 0 [pid 5827] mount("/dev/loop0", "./file0", "jfs", MS_REC, "") = 0 [pid 5827] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5827] chdir("./file0") = 0 [pid 5827] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5827] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5826] <... futex resumed>) = 0 [pid 5827] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5826] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 80.823315][ T5827] loop0: detected capacity change from 0 to 32768 [pid 5826] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5827] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5827] creat("./file1", 004) = 4 [pid 5827] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5826] <... futex resumed>) = 0 [pid 5827] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5826] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5827] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5826] <... futex resumed>) = 0 [pid 5827] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 392007683 [pid 5826] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5826] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5826] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17bbce3000 [pid 5826] mprotect(0x7f17bbce4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5826] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5826] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17bbd03990, parent_tid=0x7f17bbd03990, exit_signal=0, stack=0x7f17bbce3000, stack_size=0x20300, tls=0x7f17bbd036c0}./strace-static-x86_64: Process 5828 attached [pid 5828] rseq(0x7f17bbd03fe0, 0x20, 0, 0x53053053 [pid 5826] <... clone3 resumed> => {parent_tid=[5828]}, 88) = 5828 [pid 5828] <... rseq resumed>) = 0 [pid 5826] rt_sigprocmask(SIG_SETMASK, [], [pid 5828] set_robust_list(0x7f17bbd039a0, 24 [pid 5826] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5828] <... set_robust_list resumed>) = 0 [pid 5826] futex(0x7f17bbe1b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5828] rt_sigprocmask(SIG_SETMASK, [], [pid 5826] <... futex resumed>) = 0 [pid 5828] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5826] futex(0x7f17bbe1b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5828] memfd_create("syzkaller", 0) = 5 [pid 5828] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17b3800000 [pid 5828] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5828] munmap(0x7f17b3800000, 138412032) = 0 [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5828] close(5) = 0 [pid 5828] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5826] <... futex resumed>) = 0 [pid 5828] <... futex resumed>) = 1 [pid 5826] futex(0x7f17bbe1b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5828] quotactl(QCMD(Q_SETINFO, USRQUOTA), NULL, NULL [ 81.047336][ T5827] ERROR: (device loop0): dbAdjCtl: the maximum free buddy is not the old root [ 81.047336][ T5827] [ 81.059741][ T5827] ERROR: (device loop0): remounting filesystem as read-only [pid 5826] <... futex resumed>) = 0 [pid 5828] <... quotactl resumed>) = -1 ENODEV (No such device) [pid 5826] futex(0x7f17bbe1b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5828] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5826] <... futex resumed>) = 0 [pid 5828] futex(0x7f17bbe1b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5827] <... write resumed>) = 15335424 [pid 5827] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5826] exit_group(0 [pid 5827] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5826] <... exit_group resumed>) = ? [pid 5828] <... futex resumed>) = ? [pid 5827] <... futex resumed>) = ? [pid 5827] +++ exited with 0 +++ [pid 5828] +++ exited with 0 +++ [pid 5826] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5826, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=51 /* 0.51 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555589734730 /* 4 entries */, 32768) = 112 umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558973c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558973c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file0") = 0 getdents64(3, 0x555589734730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5829 attached , child_tidptr=0x555589733690) = 5829 [pid 5829] set_robust_list(0x5555897336a0, 24) = 0 [pid 5829] chdir("./2") = 0 [pid 5829] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5829] setpgid(0, 0) = 0 [pid 5829] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5829] write(3, "1000", 4) = 4 [pid 5829] close(3) = 0 [pid 5829] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5829] write(1, "executing program\n", 18) = 18 [pid 5829] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5829] rt_sigaction(SIGRT_1, {sa_handler=0x7f17bbd941f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f17bbd853a0}, NULL, 8) = 0 [pid 5829] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5829] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17bbd04000 [pid 5829] mprotect(0x7f17bbd05000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5829] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5829] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17bbd24990, parent_tid=0x7f17bbd24990, exit_signal=0, stack=0x7f17bbd04000, stack_size=0x20300, tls=0x7f17bbd246c0}./strace-static-x86_64: Process 5830 attached [pid 5830] rseq(0x7f17bbd24fe0, 0x20, 0, 0x53053053) = 0 [pid 5829] <... clone3 resumed> => {parent_tid=[5830]}, 88) = 5830 [pid 5830] set_robust_list(0x7f17bbd249a0, 24 [pid 5829] rt_sigprocmask(SIG_SETMASK, [], [pid 5830] <... set_robust_list resumed>) = 0 [pid 5829] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5830] rt_sigprocmask(SIG_SETMASK, [], [pid 5829] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5830] memfd_create("syzkaller", 0 [pid 5829] <... futex resumed>) = 0 [pid 5830] <... memfd_create resumed>) = 3 [pid 5829] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5830] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17b3800000 [pid 5830] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5830] munmap(0x7f17b3800000, 138412032) = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5830] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5830] close(3) = 0 [pid 5830] close(4) = 0 [pid 5830] mkdir("./file0", 0777) = 0 [ 82.241301][ T5830] loop0: detected capacity change from 0 to 32768 [pid 5830] mount("/dev/loop0", "./file0", "jfs", MS_REC, "") = 0 [pid 5830] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5830] chdir("./file0") = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5830] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5829] <... futex resumed>) = 0 [pid 5830] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5829] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5829] <... futex resumed>) = 0 [pid 5830] creat("./file1", 004 [pid 5829] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5830] <... creat resumed>) = 4 [pid 5830] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5830] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5829] <... futex resumed>) = 0 [pid 5830] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5829] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 392007683 [pid 5829] <... futex resumed>) = 0 [pid 5829] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5829] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5829] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17bbce3000 [pid 5829] mprotect(0x7f17bbce4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5829] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5829] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17bbd03990, parent_tid=0x7f17bbd03990, exit_signal=0, stack=0x7f17bbce3000, stack_size=0x20300, tls=0x7f17bbd036c0}./strace-static-x86_64: Process 5831 attached [pid 5831] rseq(0x7f17bbd03fe0, 0x20, 0, 0x53053053 [pid 5829] <... clone3 resumed> => {parent_tid=[5831]}, 88) = 5831 [pid 5831] <... rseq resumed>) = 0 [pid 5831] set_robust_list(0x7f17bbd039a0, 24 [pid 5829] rt_sigprocmask(SIG_SETMASK, [], [pid 5831] <... set_robust_list resumed>) = 0 [pid 5831] rt_sigprocmask(SIG_SETMASK, [], [pid 5829] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5831] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5829] futex(0x7f17bbe1b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] memfd_create("syzkaller", 0 [pid 5829] <... futex resumed>) = 0 [pid 5829] futex(0x7f17bbe1b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5831] <... memfd_create resumed>) = 5 [pid 5831] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17b3800000 [pid 5831] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5831] munmap(0x7f17b3800000, 138412032) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5831] close(5) = 0 [ 82.486031][ T5830] ERROR: (device loop0): dbAdjCtl: the maximum free buddy is not the old root [ 82.486031][ T5830] [ 82.497532][ T5830] ERROR: (device loop0): remounting filesystem as read-only [pid 5831] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5829] <... futex resumed>) = 0 [pid 5831] futex(0x7f17bbe1b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5829] futex(0x7f17bbe1b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5831] quotactl(QCMD(Q_SETINFO, USRQUOTA), NULL, NULL [pid 5829] <... futex resumed>) = 0 [pid 5831] <... quotactl resumed>) = -1 ENODEV (No such device) [pid 5829] futex(0x7f17bbe1b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5831] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5829] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5831] <... futex resumed>) = 0 [pid 5831] futex(0x7f17bbe1b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5830] <... write resumed>) = 15335424 [pid 5830] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5830] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5829] exit_group(0 [pid 5831] <... futex resumed>) = ? [pid 5830] <... futex resumed>) = ? [pid 5831] +++ exited with 0 +++ [pid 5830] +++ exited with 0 +++ [pid 5829] <... exit_group resumed>) = ? [pid 5829] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5829, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=42 /* 0.42 s */} --- umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555589734730 /* 4 entries */, 32768) = 112 umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/binderfs") = 0 umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558973c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558973c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file0") = 0 getdents64(3, 0x555589734730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5832 attached , child_tidptr=0x555589733690) = 5832 [pid 5832] set_robust_list(0x5555897336a0, 24) = 0 [pid 5832] chdir("./3") = 0 [pid 5832] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5832] setpgid(0, 0) = 0 [pid 5832] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5832] write(3, "1000", 4) = 4 [pid 5832] close(3) = 0 [pid 5832] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5832] write(1, "executing program\n", 18executing program ) = 18 [pid 5832] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5832] rt_sigaction(SIGRT_1, {sa_handler=0x7f17bbd941f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f17bbd853a0}, NULL, 8) = 0 [pid 5832] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5832] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17bbd04000 [pid 5832] mprotect(0x7f17bbd05000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5832] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5832] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17bbd24990, parent_tid=0x7f17bbd24990, exit_signal=0, stack=0x7f17bbd04000, stack_size=0x20300, tls=0x7f17bbd246c0}./strace-static-x86_64: Process 5833 attached [pid 5833] rseq(0x7f17bbd24fe0, 0x20, 0, 0x53053053) = 0 [pid 5832] <... clone3 resumed> => {parent_tid=[5833]}, 88) = 5833 [pid 5833] set_robust_list(0x7f17bbd249a0, 24 [pid 5832] rt_sigprocmask(SIG_SETMASK, [], [pid 5833] <... set_robust_list resumed>) = 0 [pid 5832] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5833] rt_sigprocmask(SIG_SETMASK, [], [pid 5832] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5832] <... futex resumed>) = 0 [pid 5833] memfd_create("syzkaller", 0 [pid 5832] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5833] <... memfd_create resumed>) = 3 [pid 5833] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17b3800000 [pid 5833] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5833] munmap(0x7f17b3800000, 138412032) = 0 [pid 5833] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5833] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5833] close(3) = 0 [pid 5833] close(4) = 0 [pid 5833] mkdir("./file0", 0777) = 0 [ 83.663585][ T5833] loop0: detected capacity change from 0 to 32768 [pid 5833] mount("/dev/loop0", "./file0", "jfs", MS_REC, "") = 0 [pid 5833] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5833] chdir("./file0") = 0 [pid 5833] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5833] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5832] <... futex resumed>) = 0 [pid 5832] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] creat("./file1", 004 [pid 5832] <... futex resumed>) = 0 [pid 5832] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] <... creat resumed>) = 4 [pid 5833] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] <... futex resumed>) = 0 [pid 5833] <... futex resumed>) = 1 [pid 5832] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 392007683 [pid 5832] <... futex resumed>) = 0 [pid 5832] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5832] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5832] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17bbce3000 [pid 5832] mprotect(0x7f17bbce4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5832] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5832] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17bbd03990, parent_tid=0x7f17bbd03990, exit_signal=0, stack=0x7f17bbce3000, stack_size=0x20300, tls=0x7f17bbd036c0}./strace-static-x86_64: Process 5834 attached [pid 5834] rseq(0x7f17bbd03fe0, 0x20, 0, 0x53053053 [pid 5832] <... clone3 resumed> => {parent_tid=[5834]}, 88) = 5834 [pid 5834] <... rseq resumed>) = 0 [pid 5832] rt_sigprocmask(SIG_SETMASK, [], [pid 5834] set_robust_list(0x7f17bbd039a0, 24 [pid 5832] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5834] <... set_robust_list resumed>) = 0 [pid 5834] rt_sigprocmask(SIG_SETMASK, [], [pid 5832] futex(0x7f17bbe1b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5832] <... futex resumed>) = 0 [pid 5834] memfd_create("syzkaller", 0 [pid 5832] futex(0x7f17bbe1b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5834] <... memfd_create resumed>) = 5 [pid 5834] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17b3800000 [pid 5834] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5834] munmap(0x7f17b3800000, 138412032) = 0 [ 83.896477][ T5833] ERROR: (device loop0): dbAdjCtl: the maximum free buddy is not the old root [ 83.896477][ T5833] [ 83.908029][ T5833] ERROR: (device loop0): remounting filesystem as read-only [pid 5834] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5834] close(5) = 0 [pid 5834] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] <... futex resumed>) = 0 [pid 5834] <... futex resumed>) = 1 [pid 5832] futex(0x7f17bbe1b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] quotactl(QCMD(Q_SETINFO, USRQUOTA), NULL, NULL [pid 5832] <... futex resumed>) = 0 [pid 5834] <... quotactl resumed>) = -1 ENODEV (No such device) [pid 5832] futex(0x7f17bbe1b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5834] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5832] <... futex resumed>) = 0 [pid 5834] futex(0x7f17bbe1b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5833] <... write resumed>) = 15335424 [pid 5833] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5833] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5832] exit_group(0 [pid 5834] <... futex resumed>) = ? [pid 5833] <... futex resumed>) = ? [pid 5832] <... exit_group resumed>) = ? [pid 5834] +++ exited with 0 +++ [pid 5833] +++ exited with 0 +++ [pid 5832] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5832, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=49 /* 0.49 s */} --- umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555589734730 /* 4 entries */, 32768) = 112 umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/binderfs") = 0 umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558973c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558973c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file0") = 0 getdents64(3, 0x555589734730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5835 attached , child_tidptr=0x555589733690) = 5835 [pid 5835] set_robust_list(0x5555897336a0, 24) = 0 [pid 5835] chdir("./4") = 0 [pid 5835] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5835] setpgid(0, 0) = 0 [pid 5835] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5835] write(3, "1000", 4) = 4 [pid 5835] close(3) = 0 [pid 5835] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5835] write(1, "executing program\n", 18) = 18 [pid 5835] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5835] rt_sigaction(SIGRT_1, {sa_handler=0x7f17bbd941f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f17bbd853a0}, NULL, 8) = 0 [pid 5835] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5835] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17bbd04000 [pid 5835] mprotect(0x7f17bbd05000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5835] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5835] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17bbd24990, parent_tid=0x7f17bbd24990, exit_signal=0, stack=0x7f17bbd04000, stack_size=0x20300, tls=0x7f17bbd246c0}./strace-static-x86_64: Process 5836 attached [pid 5836] rseq(0x7f17bbd24fe0, 0x20, 0, 0x53053053) = 0 [pid 5836] set_robust_list(0x7f17bbd249a0, 24 [pid 5835] <... clone3 resumed> => {parent_tid=[5836]}, 88) = 5836 [pid 5836] <... set_robust_list resumed>) = 0 [pid 5835] rt_sigprocmask(SIG_SETMASK, [], [pid 5836] rt_sigprocmask(SIG_SETMASK, [], [pid 5835] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5836] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5835] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5836] memfd_create("syzkaller", 0 [pid 5835] <... futex resumed>) = 0 [pid 5835] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5836] <... memfd_create resumed>) = 3 [pid 5836] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17b3800000 [pid 5836] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5836] munmap(0x7f17b3800000, 138412032) = 0 [pid 5836] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5836] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5836] close(3) = 0 [pid 5836] close(4) = 0 [pid 5836] mkdir("./file0", 0777) = 0 [pid 5836] mount("/dev/loop0", "./file0", "jfs", MS_REC, "") = 0 [pid 5836] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5836] chdir("./file0") = 0 [pid 5836] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5836] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5835] <... futex resumed>) = 0 [ 84.942761][ T5836] loop0: detected capacity change from 0 to 32768 [pid 5836] creat("./file1", 004 [pid 5835] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5836] <... creat resumed>) = 4 [pid 5835] <... futex resumed>) = 0 [pid 5835] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5836] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5835] <... futex resumed>) = 0 [pid 5836] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5835] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5836] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5835] <... futex resumed>) = 0 [pid 5836] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 392007683 [pid 5835] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5835] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5835] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17bbce3000 [pid 5835] mprotect(0x7f17bbce4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5835] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5835] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17bbd03990, parent_tid=0x7f17bbd03990, exit_signal=0, stack=0x7f17bbce3000, stack_size=0x20300, tls=0x7f17bbd036c0}./strace-static-x86_64: Process 5837 attached [pid 5837] rseq(0x7f17bbd03fe0, 0x20, 0, 0x53053053 [pid 5835] <... clone3 resumed> => {parent_tid=[5837]}, 88) = 5837 [pid 5837] <... rseq resumed>) = 0 [pid 5837] set_robust_list(0x7f17bbd039a0, 24 [pid 5835] rt_sigprocmask(SIG_SETMASK, [], [pid 5837] <... set_robust_list resumed>) = 0 [pid 5837] rt_sigprocmask(SIG_SETMASK, [], [pid 5835] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5837] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5837] memfd_create("syzkaller", 0 [pid 5835] futex(0x7f17bbe1b6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5835] futex(0x7f17bbe1b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5837] <... memfd_create resumed>) = 5 [pid 5837] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17b3800000 [pid 5837] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5837] munmap(0x7f17b3800000, 138412032) = 0 [pid 5837] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5837] close(5) = 0 [pid 5837] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5835] <... futex resumed>) = 0 [pid 5837] <... futex resumed>) = 1 [pid 5835] futex(0x7f17bbe1b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5837] quotactl(QCMD(Q_SETINFO, USRQUOTA), NULL, NULL [pid 5835] <... futex resumed>) = 0 [pid 5835] futex(0x7f17bbe1b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5837] <... quotactl resumed>) = -1 ENODEV (No such device) [pid 5837] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5835] <... futex resumed>) = 0 [pid 5837] <... futex resumed>) = 1 [ 85.160800][ T5836] ERROR: (device loop0): dbAdjCtl: the maximum free buddy is not the old root [ 85.160800][ T5836] [ 85.172351][ T5836] ERROR: (device loop0): remounting filesystem as read-only [pid 5837] futex(0x7f17bbe1b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5836] <... write resumed>) = 15335424 [pid 5836] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5836] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5835] exit_group(0 [pid 5837] <... futex resumed>) = ? [pid 5837] +++ exited with 0 +++ [pid 5836] <... futex resumed>) = ? [pid 5836] +++ exited with 0 +++ [pid 5835] <... exit_group resumed>) = ? [pid 5835] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5835, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=49 /* 0.49 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555589734730 /* 4 entries */, 32768) = 112 umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/binderfs") = 0 umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558973c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558973c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file0") = 0 getdents64(3, 0x555589734730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5838 attached , child_tidptr=0x555589733690) = 5838 [pid 5838] set_robust_list(0x5555897336a0, 24) = 0 [pid 5838] chdir("./5") = 0 [pid 5838] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5838] setpgid(0, 0) = 0 [pid 5838] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5838] write(3, "1000", 4) = 4 [pid 5838] close(3) = 0 [pid 5838] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5838] write(1, "executing program\n", 18executing program ) = 18 [pid 5838] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5838] rt_sigaction(SIGRT_1, {sa_handler=0x7f17bbd941f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f17bbd853a0}, NULL, 8) = 0 [pid 5838] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5838] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17bbd04000 [pid 5838] mprotect(0x7f17bbd05000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5838] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5838] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17bbd24990, parent_tid=0x7f17bbd24990, exit_signal=0, stack=0x7f17bbd04000, stack_size=0x20300, tls=0x7f17bbd246c0}./strace-static-x86_64: Process 5839 attached => {parent_tid=[5839]}, 88) = 5839 [pid 5839] rseq(0x7f17bbd24fe0, 0x20, 0, 0x53053053) = 0 [pid 5838] rt_sigprocmask(SIG_SETMASK, [], [pid 5839] set_robust_list(0x7f17bbd249a0, 24 [pid 5838] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5839] <... set_robust_list resumed>) = 0 [pid 5838] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5839] rt_sigprocmask(SIG_SETMASK, [], [pid 5838] <... futex resumed>) = 0 [pid 5839] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5838] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5839] memfd_create("syzkaller", 0) = 3 [pid 5839] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17b3800000 [pid 5839] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5839] munmap(0x7f17b3800000, 138412032) = 0 [pid 5839] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5839] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5839] close(3) = 0 [pid 5839] close(4) = 0 [pid 5839] mkdir("./file0", 0777) = 0 [pid 5839] mount("/dev/loop0", "./file0", "jfs", MS_REC, "") = 0 [pid 5839] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5839] chdir("./file0") = 0 [pid 5839] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 86.466743][ T5839] loop0: detected capacity change from 0 to 32768 [pid 5839] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5838] <... futex resumed>) = 0 [pid 5839] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5838] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5839] <... futex resumed>) = 0 [pid 5838] <... futex resumed>) = 1 [pid 5838] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5839] creat("./file1", 004) = 4 [pid 5839] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5838] <... futex resumed>) = 0 [pid 5839] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 392007683 [pid 5838] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5838] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5838] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5838] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17bbce3000 [pid 5838] mprotect(0x7f17bbce4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5838] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5838] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17bbd03990, parent_tid=0x7f17bbd03990, exit_signal=0, stack=0x7f17bbce3000, stack_size=0x20300, tls=0x7f17bbd036c0}./strace-static-x86_64: Process 5840 attached [pid 5840] rseq(0x7f17bbd03fe0, 0x20, 0, 0x53053053 [pid 5838] <... clone3 resumed> => {parent_tid=[5840]}, 88) = 5840 [pid 5840] <... rseq resumed>) = 0 [pid 5838] rt_sigprocmask(SIG_SETMASK, [], [pid 5840] set_robust_list(0x7f17bbd039a0, 24 [pid 5838] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5840] <... set_robust_list resumed>) = 0 [pid 5840] rt_sigprocmask(SIG_SETMASK, [], [pid 5838] futex(0x7f17bbe1b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5840] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5838] <... futex resumed>) = 0 [pid 5840] memfd_create("syzkaller", 0 [pid 5838] futex(0x7f17bbe1b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5840] <... memfd_create resumed>) = 5 [pid 5840] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17b3800000 [pid 5840] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5840] munmap(0x7f17b3800000, 138412032) = 0 [pid 5840] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5840] close(5) = 0 [ 86.705608][ T5839] ERROR: (device loop0): dbAdjCtl: the maximum free buddy is not the old root [ 86.705608][ T5839] [ 86.717138][ T5839] ERROR: (device loop0): remounting filesystem as read-only [pid 5840] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5838] <... futex resumed>) = 0 [pid 5840] quotactl(QCMD(Q_SETINFO, USRQUOTA), NULL, NULL [pid 5838] futex(0x7f17bbe1b6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5840] <... quotactl resumed>) = -1 ENODEV (No such device) [pid 5838] futex(0x7f17bbe1b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5840] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5838] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5840] <... futex resumed>) = 0 [pid 5840] futex(0x7f17bbe1b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5839] <... write resumed>) = 15335424 [pid 5839] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5839] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5838] exit_group(0 [pid 5840] <... futex resumed>) = ? [pid 5839] <... futex resumed>) = ? [pid 5838] <... exit_group resumed>) = ? [pid 5840] +++ exited with 0 +++ [pid 5839] +++ exited with 0 +++ [pid 5838] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5838, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=44 /* 0.44 s */} --- umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555589734730 /* 4 entries */, 32768) = 112 umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/binderfs") = 0 umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558973c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558973c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file0") = 0 getdents64(3, 0x555589734730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5842 attached , child_tidptr=0x555589733690) = 5842 [pid 5842] set_robust_list(0x5555897336a0, 24) = 0 [pid 5842] chdir("./6") = 0 [pid 5842] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5842] setpgid(0, 0) = 0 [pid 5842] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5842] write(3, "1000", 4) = 4 [pid 5842] close(3) = 0 [pid 5842] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5842] write(1, "executing program\n", 18) = 18 [pid 5842] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5842] rt_sigaction(SIGRT_1, {sa_handler=0x7f17bbd941f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f17bbd853a0}, NULL, 8) = 0 [pid 5842] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5842] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17bbd04000 [pid 5842] mprotect(0x7f17bbd05000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5842] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5842] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17bbd24990, parent_tid=0x7f17bbd24990, exit_signal=0, stack=0x7f17bbd04000, stack_size=0x20300, tls=0x7f17bbd246c0}./strace-static-x86_64: Process 5843 attached [pid 5843] rseq(0x7f17bbd24fe0, 0x20, 0, 0x53053053) = 0 [pid 5842] <... clone3 resumed> => {parent_tid=[5843]}, 88) = 5843 [pid 5843] set_robust_list(0x7f17bbd249a0, 24 [pid 5842] rt_sigprocmask(SIG_SETMASK, [], [pid 5843] <... set_robust_list resumed>) = 0 [pid 5842] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5843] rt_sigprocmask(SIG_SETMASK, [], [pid 5842] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5843] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5842] <... futex resumed>) = 0 [pid 5843] memfd_create("syzkaller", 0 [pid 5842] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5843] <... memfd_create resumed>) = 3 [pid 5843] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17b3800000 [pid 5843] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5843] munmap(0x7f17b3800000, 138412032) = 0 [pid 5843] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5843] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5843] close(3) = 0 [pid 5843] close(4) = 0 [pid 5843] mkdir("./file0", 0777) = 0 [pid 5843] mount("/dev/loop0", "./file0", "jfs", MS_REC, "") = 0 [pid 5843] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5843] chdir("./file0") = 0 [ 87.817759][ T5843] loop0: detected capacity change from 0 to 32768 [pid 5843] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5843] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5842] <... futex resumed>) = 0 [pid 5843] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5842] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5843] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5842] <... futex resumed>) = 0 [pid 5843] creat("./file1", 004 [pid 5842] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5843] <... creat resumed>) = 4 [pid 5843] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5842] <... futex resumed>) = 0 [pid 5843] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 392007683 [pid 5842] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5842] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5842] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5842] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17bbce3000 [pid 5842] mprotect(0x7f17bbce4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5842] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5842] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17bbd03990, parent_tid=0x7f17bbd03990, exit_signal=0, stack=0x7f17bbce3000, stack_size=0x20300, tls=0x7f17bbd036c0}./strace-static-x86_64: Process 5844 attached [pid 5844] rseq(0x7f17bbd03fe0, 0x20, 0, 0x53053053) = 0 [pid 5844] set_robust_list(0x7f17bbd039a0, 24 [pid 5842] <... clone3 resumed> => {parent_tid=[5844]}, 88) = 5844 [pid 5844] <... set_robust_list resumed>) = 0 [pid 5842] rt_sigprocmask(SIG_SETMASK, [], [pid 5844] rt_sigprocmask(SIG_SETMASK, [], [pid 5842] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5844] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5842] futex(0x7f17bbe1b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5844] memfd_create("syzkaller", 0 [pid 5842] <... futex resumed>) = 0 [pid 5842] futex(0x7f17bbe1b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5844] <... memfd_create resumed>) = 5 [pid 5844] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17b3800000 [pid 5844] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5844] munmap(0x7f17b3800000, 138412032) = 0 [pid 5844] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5844] close(5) = 0 [pid 5844] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5842] <... futex resumed>) = 0 [pid 5844] futex(0x7f17bbe1b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5842] futex(0x7f17bbe1b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5844] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5842] <... futex resumed>) = 0 [pid 5844] quotactl(QCMD(Q_SETINFO, USRQUOTA), NULL, NULL [pid 5842] futex(0x7f17bbe1b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5844] <... quotactl resumed>) = -1 ENODEV (No such device) [pid 5844] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5842] <... futex resumed>) = 0 [ 88.049355][ T5843] ERROR: (device loop0): dbAdjCtl: the maximum free buddy is not the old root [ 88.049355][ T5843] [ 88.061327][ T5843] ERROR: (device loop0): remounting filesystem as read-only [pid 5844] <... futex resumed>) = 1 [pid 5844] futex(0x7f17bbe1b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5843] <... write resumed>) = 15335424 [pid 5843] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5843] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5842] exit_group(0 [pid 5844] <... futex resumed>) = ? [pid 5843] <... futex resumed>) = ? [pid 5842] <... exit_group resumed>) = ? [pid 5844] +++ exited with 0 +++ [pid 5843] +++ exited with 0 +++ [pid 5842] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5842, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=47 /* 0.47 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555589734730 /* 4 entries */, 32768) = 112 umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/binderfs") = 0 umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558973c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558973c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file0") = 0 getdents64(3, 0x555589734730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5845 attached , child_tidptr=0x555589733690) = 5845 [pid 5845] set_robust_list(0x5555897336a0, 24) = 0 [pid 5845] chdir("./7") = 0 [pid 5845] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5845] setpgid(0, 0) = 0 [pid 5845] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5845] write(3, "1000", 4) = 4 [pid 5845] close(3) = 0 [pid 5845] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5845] write(1, "executing program\n", 18executing program ) = 18 [pid 5845] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5845] rt_sigaction(SIGRT_1, {sa_handler=0x7f17bbd941f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f17bbd853a0}, NULL, 8) = 0 [pid 5845] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5845] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17bbd04000 [pid 5845] mprotect(0x7f17bbd05000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5845] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5845] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17bbd24990, parent_tid=0x7f17bbd24990, exit_signal=0, stack=0x7f17bbd04000, stack_size=0x20300, tls=0x7f17bbd246c0}./strace-static-x86_64: Process 5846 attached [pid 5846] rseq(0x7f17bbd24fe0, 0x20, 0, 0x53053053) = 0 [pid 5845] <... clone3 resumed> => {parent_tid=[5846]}, 88) = 5846 [pid 5846] set_robust_list(0x7f17bbd249a0, 24 [pid 5845] rt_sigprocmask(SIG_SETMASK, [], [pid 5846] <... set_robust_list resumed>) = 0 [pid 5845] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5846] rt_sigprocmask(SIG_SETMASK, [], [pid 5845] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5846] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5845] <... futex resumed>) = 0 [pid 5846] memfd_create("syzkaller", 0 [pid 5845] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5846] <... memfd_create resumed>) = 3 [pid 5846] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17b3800000 [pid 5846] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5846] munmap(0x7f17b3800000, 138412032) = 0 [pid 5846] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5846] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5846] close(3) = 0 [pid 5846] close(4) = 0 [pid 5846] mkdir("./file0", 0777) = 0 [pid 5846] mount("/dev/loop0", "./file0", "jfs", MS_REC, "") = 0 [pid 5846] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [ 89.292226][ T5846] loop0: detected capacity change from 0 to 32768 [pid 5846] chdir("./file0") = 0 [pid 5846] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5846] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5845] <... futex resumed>) = 0 [pid 5846] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5845] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5846] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5845] <... futex resumed>) = 0 [pid 5846] creat("./file1", 004 [pid 5845] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5846] <... creat resumed>) = 4 [pid 5846] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5845] <... futex resumed>) = 0 [pid 5846] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5845] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5846] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5845] <... futex resumed>) = 0 [pid 5846] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 392007683 [pid 5845] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5845] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5845] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17bbce3000 [pid 5845] mprotect(0x7f17bbce4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5845] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5845] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17bbd03990, parent_tid=0x7f17bbd03990, exit_signal=0, stack=0x7f17bbce3000, stack_size=0x20300, tls=0x7f17bbd036c0}./strace-static-x86_64: Process 5847 attached [pid 5847] rseq(0x7f17bbd03fe0, 0x20, 0, 0x53053053 [pid 5845] <... clone3 resumed> => {parent_tid=[5847]}, 88) = 5847 [pid 5845] rt_sigprocmask(SIG_SETMASK, [], [pid 5847] <... rseq resumed>) = 0 [pid 5847] set_robust_list(0x7f17bbd039a0, 24 [pid 5845] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5847] <... set_robust_list resumed>) = 0 [pid 5847] rt_sigprocmask(SIG_SETMASK, [], [pid 5845] futex(0x7f17bbe1b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5847] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5845] <... futex resumed>) = 0 [pid 5847] memfd_create("syzkaller", 0 [pid 5845] futex(0x7f17bbe1b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5847] <... memfd_create resumed>) = 5 [pid 5847] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17b3800000 [pid 5847] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [ 89.549573][ T5846] ERROR: (device loop0): dbAdjCtl: the maximum free buddy is not the old root [ 89.549573][ T5846] [ 89.561096][ T5846] ERROR: (device loop0): remounting filesystem as read-only [pid 5847] munmap(0x7f17b3800000, 138412032) = 0 [pid 5847] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5847] close(5) = 0 [pid 5847] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5847] futex(0x7f17bbe1b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5845] <... futex resumed>) = 0 [pid 5847] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5845] futex(0x7f17bbe1b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5847] quotactl(QCMD(Q_SETINFO, USRQUOTA), NULL, NULL [pid 5845] <... futex resumed>) = 0 [pid 5847] <... quotactl resumed>) = -1 ENODEV (No such device) [pid 5845] futex(0x7f17bbe1b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5847] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5845] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5847] futex(0x7f17bbe1b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5846] <... write resumed>) = 15335424 [pid 5846] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5845] exit_group(0 [pid 5847] <... futex resumed>) = ? [pid 5845] <... exit_group resumed>) = ? [pid 5847] +++ exited with 0 +++ [pid 5846] +++ exited with 0 +++ [pid 5845] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5845, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=51 /* 0.51 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555589734730 /* 4 entries */, 32768) = 112 umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/binderfs") = 0 umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558973c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558973c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file0") = 0 getdents64(3, 0x555589734730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5848 attached , child_tidptr=0x555589733690) = 5848 [pid 5848] set_robust_list(0x5555897336a0, 24) = 0 [pid 5848] chdir("./8") = 0 [pid 5848] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5848] setpgid(0, 0) = 0 [pid 5848] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5848] write(3, "1000", 4) = 4 [pid 5848] close(3) = 0 [pid 5848] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5848] write(1, "executing program\n", 18) = 18 [pid 5848] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5848] rt_sigaction(SIGRT_1, {sa_handler=0x7f17bbd941f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f17bbd853a0}, NULL, 8) = 0 [pid 5848] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5848] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17bbd04000 [pid 5848] mprotect(0x7f17bbd05000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5848] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5848] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17bbd24990, parent_tid=0x7f17bbd24990, exit_signal=0, stack=0x7f17bbd04000, stack_size=0x20300, tls=0x7f17bbd246c0}./strace-static-x86_64: Process 5849 attached [pid 5849] rseq(0x7f17bbd24fe0, 0x20, 0, 0x53053053) = 0 [pid 5849] set_robust_list(0x7f17bbd249a0, 24 [pid 5848] <... clone3 resumed> => {parent_tid=[5849]}, 88) = 5849 [pid 5849] <... set_robust_list resumed>) = 0 [pid 5848] rt_sigprocmask(SIG_SETMASK, [], [pid 5849] rt_sigprocmask(SIG_SETMASK, [], [pid 5848] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5849] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5848] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5849] memfd_create("syzkaller", 0 [pid 5848] <... futex resumed>) = 0 [pid 5848] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5849] <... memfd_create resumed>) = 3 [pid 5849] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17b3800000 [pid 5849] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5849] munmap(0x7f17b3800000, 138412032) = 0 [pid 5849] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5849] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5849] close(3) = 0 [pid 5849] close(4) = 0 [pid 5849] mkdir("./file0", 0777) = 0 [pid 5849] mount("/dev/loop0", "./file0", "jfs", MS_REC, "") = 0 [pid 5849] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5849] chdir("./file0") = 0 [pid 5849] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5849] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5848] <... futex resumed>) = 0 [pid 5849] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5848] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5849] <... futex resumed>) = 0 [pid 5848] <... futex resumed>) = 1 [pid 5849] creat("./file1", 004 [pid 5848] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5849] <... creat resumed>) = 4 [pid 5849] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5849] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5848] <... futex resumed>) = 0 [pid 5848] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5849] <... futex resumed>) = 0 [pid 5848] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 90.796887][ T5849] loop0: detected capacity change from 0 to 32768 [pid 5849] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 392007683 [pid 5848] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5848] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5848] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17bbce3000 [pid 5848] mprotect(0x7f17bbce4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5848] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5848] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17bbd03990, parent_tid=0x7f17bbd03990, exit_signal=0, stack=0x7f17bbce3000, stack_size=0x20300, tls=0x7f17bbd036c0}./strace-static-x86_64: Process 5850 attached => {parent_tid=[5850]}, 88) = 5850 [pid 5850] rseq(0x7f17bbd03fe0, 0x20, 0, 0x53053053 [pid 5848] rt_sigprocmask(SIG_SETMASK, [], [pid 5850] <... rseq resumed>) = 0 [pid 5848] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5850] set_robust_list(0x7f17bbd039a0, 24 [pid 5848] futex(0x7f17bbe1b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5850] <... set_robust_list resumed>) = 0 [pid 5848] <... futex resumed>) = 0 [pid 5850] rt_sigprocmask(SIG_SETMASK, [], [pid 5848] futex(0x7f17bbe1b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5850] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5850] memfd_create("syzkaller", 0) = 5 [pid 5850] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17b3800000 [pid 5850] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5850] munmap(0x7f17b3800000, 138412032) = 0 [pid 5850] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 90.993020][ T5849] ERROR: (device loop0): dbAdjCtl: the maximum free buddy is not the old root [ 90.993020][ T5849] [ 91.004455][ T5849] ERROR: (device loop0): remounting filesystem as read-only [pid 5850] close(5) = 0 [pid 5850] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5848] <... futex resumed>) = 0 [pid 5850] futex(0x7f17bbe1b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5848] futex(0x7f17bbe1b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5850] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5848] <... futex resumed>) = 0 [pid 5850] quotactl(QCMD(Q_SETINFO, USRQUOTA), NULL, NULL [pid 5848] futex(0x7f17bbe1b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5850] <... quotactl resumed>) = -1 ENODEV (No such device) [pid 5850] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5848] <... futex resumed>) = 0 [pid 5850] futex(0x7f17bbe1b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5849] <... write resumed>) = 15335424 [pid 5849] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5849] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5848] exit_group(0 [pid 5850] <... futex resumed>) = ? [pid 5850] +++ exited with 0 +++ [pid 5849] <... futex resumed>) = ? [pid 5848] <... exit_group resumed>) = ? [pid 5849] +++ exited with 0 +++ [pid 5848] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5848, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=49 /* 0.49 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555589734730 /* 4 entries */, 32768) = 112 umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/binderfs") = 0 umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558973c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558973c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file0") = 0 getdents64(3, 0x555589734730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5851 attached , child_tidptr=0x555589733690) = 5851 [pid 5851] set_robust_list(0x5555897336a0, 24) = 0 [pid 5851] chdir("./9") = 0 [pid 5851] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5851] setpgid(0, 0) = 0 [pid 5851] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5851] write(3, "1000", 4) = 4 [pid 5851] close(3) = 0 [pid 5851] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5851] write(1, "executing program\n", 18executing program ) = 18 [pid 5851] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5851] rt_sigaction(SIGRT_1, {sa_handler=0x7f17bbd941f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f17bbd853a0}, NULL, 8) = 0 [pid 5851] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5851] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17bbd04000 [pid 5851] mprotect(0x7f17bbd05000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5851] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5851] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17bbd24990, parent_tid=0x7f17bbd24990, exit_signal=0, stack=0x7f17bbd04000, stack_size=0x20300, tls=0x7f17bbd246c0}./strace-static-x86_64: Process 5852 attached [pid 5852] rseq(0x7f17bbd24fe0, 0x20, 0, 0x53053053) = 0 [pid 5851] <... clone3 resumed> => {parent_tid=[5852]}, 88) = 5852 [pid 5852] set_robust_list(0x7f17bbd249a0, 24 [pid 5851] rt_sigprocmask(SIG_SETMASK, [], [pid 5852] <... set_robust_list resumed>) = 0 [pid 5851] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5852] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5851] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5852] memfd_create("syzkaller", 0 [pid 5851] <... futex resumed>) = 0 [pid 5852] <... memfd_create resumed>) = 3 [pid 5851] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5852] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17b3800000 [pid 5852] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5852] munmap(0x7f17b3800000, 138412032) = 0 [ 92.188417][ T52] cfg80211: failed to load regulatory.db [pid 5852] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5852] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5852] close(3) = 0 [pid 5852] close(4) = 0 [pid 5852] mkdir("./file0", 0777) = 0 [pid 5852] mount("/dev/loop0", "./file0", "jfs", MS_REC, "") = 0 [pid 5852] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5852] chdir("./file0") = 0 [pid 5852] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5852] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5851] <... futex resumed>) = 0 [pid 5852] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5851] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5852] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5851] <... futex resumed>) = 0 [pid 5852] creat("./file1", 004 [pid 5851] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5852] <... creat resumed>) = 4 [pid 5852] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5851] <... futex resumed>) = 0 [pid 5852] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [ 92.259289][ T5852] loop0: detected capacity change from 0 to 32768 [pid 5851] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5852] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5852] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 392007683 [pid 5851] <... futex resumed>) = 0 [pid 5851] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5851] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5851] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17bbce3000 [pid 5851] mprotect(0x7f17bbce4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5851] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5851] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17bbd03990, parent_tid=0x7f17bbd03990, exit_signal=0, stack=0x7f17bbce3000, stack_size=0x20300, tls=0x7f17bbd036c0}./strace-static-x86_64: Process 5853 attached [pid 5853] rseq(0x7f17bbd03fe0, 0x20, 0, 0x53053053) = 0 [pid 5853] set_robust_list(0x7f17bbd039a0, 24 [pid 5851] <... clone3 resumed> => {parent_tid=[5853]}, 88) = 5853 [pid 5853] <... set_robust_list resumed>) = 0 [pid 5851] rt_sigprocmask(SIG_SETMASK, [], [pid 5853] rt_sigprocmask(SIG_SETMASK, [], [pid 5851] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5853] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5851] futex(0x7f17bbe1b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5853] memfd_create("syzkaller", 0 [pid 5851] <... futex resumed>) = 0 [pid 5851] futex(0x7f17bbe1b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5853] <... memfd_create resumed>) = 5 [pid 5853] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17b3800000 [pid 5853] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5853] munmap(0x7f17b3800000, 138412032) = 0 [pid 5853] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5853] close(5) = 0 [pid 5853] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5851] <... futex resumed>) = 0 [pid 5853] futex(0x7f17bbe1b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [ 92.472782][ T5852] ERROR: (device loop0): dbAdjCtl: the maximum free buddy is not the old root [ 92.472782][ T5852] [ 92.485747][ T5852] ERROR: (device loop0): remounting filesystem as read-only [pid 5851] futex(0x7f17bbe1b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5853] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5851] <... futex resumed>) = 0 [pid 5853] quotactl(QCMD(Q_SETINFO, USRQUOTA), NULL, NULL [pid 5851] futex(0x7f17bbe1b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5853] <... quotactl resumed>) = -1 ENODEV (No such device) [pid 5853] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5851] <... futex resumed>) = 0 [pid 5853] <... futex resumed>) = 1 [pid 5853] futex(0x7f17bbe1b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5852] <... write resumed>) = 15335424 [pid 5852] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5852] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5851] exit_group(0 [pid 5853] <... futex resumed>) = ? [pid 5852] <... futex resumed>) = ? [pid 5851] <... exit_group resumed>) = ? [pid 5853] +++ exited with 0 +++ [pid 5852] +++ exited with 0 +++ [pid 5851] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5851, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=48 /* 0.48 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555589734730 /* 4 entries */, 32768) = 112 umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/binderfs") = 0 umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558973c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558973c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/file0") = 0 getdents64(3, 0x555589734730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5854 attached , child_tidptr=0x555589733690) = 5854 [pid 5854] set_robust_list(0x5555897336a0, 24) = 0 [pid 5854] chdir("./10") = 0 [pid 5854] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5854] setpgid(0, 0) = 0 [pid 5854] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5854] write(3, "1000", 4) = 4 [pid 5854] close(3) = 0 [pid 5854] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5854] write(1, "executing program\n", 18) = 18 [pid 5854] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5854] rt_sigaction(SIGRT_1, {sa_handler=0x7f17bbd941f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f17bbd853a0}, NULL, 8) = 0 [pid 5854] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5854] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17bbd04000 [pid 5854] mprotect(0x7f17bbd05000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5854] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5854] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17bbd24990, parent_tid=0x7f17bbd24990, exit_signal=0, stack=0x7f17bbd04000, stack_size=0x20300, tls=0x7f17bbd246c0}./strace-static-x86_64: Process 5855 attached [pid 5855] rseq(0x7f17bbd24fe0, 0x20, 0, 0x53053053) = 0 [pid 5854] <... clone3 resumed> => {parent_tid=[5855]}, 88) = 5855 [pid 5855] set_robust_list(0x7f17bbd249a0, 24 [pid 5854] rt_sigprocmask(SIG_SETMASK, [], [pid 5855] <... set_robust_list resumed>) = 0 [pid 5854] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5855] rt_sigprocmask(SIG_SETMASK, [], [pid 5854] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5855] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5854] <... futex resumed>) = 0 [pid 5854] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5855] memfd_create("syzkaller", 0) = 3 [pid 5855] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17b3800000 [pid 5855] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5855] munmap(0x7f17b3800000, 138412032) = 0 [pid 5855] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5855] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5855] close(3) = 0 [pid 5855] close(4) = 0 [pid 5855] mkdir("./file0", 0777) = 0 [pid 5855] mount("/dev/loop0", "./file0", "jfs", MS_REC, "") = 0 [pid 5855] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5855] chdir("./file0") = 0 [pid 5855] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5855] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5855] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5854] <... futex resumed>) = 0 [pid 5854] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5855] <... futex resumed>) = 0 [pid 5854] <... futex resumed>) = 1 [pid 5855] creat("./file1", 004 [pid 5854] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5855] <... creat resumed>) = 4 [pid 5855] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5854] <... futex resumed>) = 0 [ 93.753018][ T5855] loop0: detected capacity change from 0 to 32768 [pid 5855] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5854] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5855] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 392007683 [pid 5854] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5854] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5854] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17bbce3000 [pid 5854] mprotect(0x7f17bbce4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5854] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5854] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17bbd03990, parent_tid=0x7f17bbd03990, exit_signal=0, stack=0x7f17bbce3000, stack_size=0x20300, tls=0x7f17bbd036c0}./strace-static-x86_64: Process 5856 attached => {parent_tid=[5856]}, 88) = 5856 [pid 5856] rseq(0x7f17bbd03fe0, 0x20, 0, 0x53053053 [pid 5854] rt_sigprocmask(SIG_SETMASK, [], [pid 5856] <... rseq resumed>) = 0 [pid 5856] set_robust_list(0x7f17bbd039a0, 24 [pid 5854] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5856] <... set_robust_list resumed>) = 0 [pid 5856] rt_sigprocmask(SIG_SETMASK, [], [pid 5854] futex(0x7f17bbe1b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5856] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5856] memfd_create("syzkaller", 0 [pid 5854] <... futex resumed>) = 0 [pid 5854] futex(0x7f17bbe1b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5856] <... memfd_create resumed>) = 5 [pid 5856] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17b3800000 [pid 5856] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5856] munmap(0x7f17b3800000, 138412032) = 0 [pid 5856] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5856] close(5) = 0 [pid 5856] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5854] <... futex resumed>) = 0 [pid 5854] futex(0x7f17bbe1b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5856] quotactl(QCMD(Q_SETINFO, USRQUOTA), NULL, NULL [pid 5854] <... futex resumed>) = 0 [pid 5856] <... quotactl resumed>) = -1 ENODEV (No such device) [ 93.974068][ T5855] ERROR: (device loop0): dbAdjCtl: the maximum free buddy is not the old root [ 93.974068][ T5855] [ 93.986197][ T5855] ERROR: (device loop0): remounting filesystem as read-only [pid 5854] futex(0x7f17bbe1b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5856] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5854] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5856] <... futex resumed>) = 0 [pid 5856] futex(0x7f17bbe1b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5855] <... write resumed>) = 15335424 [pid 5855] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5855] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5854] exit_group(0 [pid 5856] <... futex resumed>) = ? [pid 5855] <... futex resumed>) = ? [pid 5854] <... exit_group resumed>) = ? [pid 5856] +++ exited with 0 +++ [pid 5855] +++ exited with 0 +++ [pid 5854] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5854, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=48 /* 0.48 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555589734730 /* 4 entries */, 32768) = 112 umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/binderfs") = 0 umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558973c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558973c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/file0") = 0 getdents64(3, 0x555589734730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5857 attached , child_tidptr=0x555589733690) = 5857 [pid 5857] set_robust_list(0x5555897336a0, 24) = 0 [pid 5857] chdir("./11") = 0 [pid 5857] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5857] setpgid(0, 0) = 0 [pid 5857] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5857] write(3, "1000", 4) = 4 [pid 5857] close(3) = 0 [pid 5857] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5857] write(1, "executing program\n", 18) = 18 [pid 5857] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5857] rt_sigaction(SIGRT_1, {sa_handler=0x7f17bbd941f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f17bbd853a0}, NULL, 8) = 0 [pid 5857] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5857] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17bbd04000 [pid 5857] mprotect(0x7f17bbd05000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5857] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5857] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17bbd24990, parent_tid=0x7f17bbd24990, exit_signal=0, stack=0x7f17bbd04000, stack_size=0x20300, tls=0x7f17bbd246c0}./strace-static-x86_64: Process 5858 attached [pid 5858] rseq(0x7f17bbd24fe0, 0x20, 0, 0x53053053) = 0 [pid 5858] set_robust_list(0x7f17bbd249a0, 24) = 0 [pid 5858] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5857] <... clone3 resumed> => {parent_tid=[5858]}, 88) = 5858 [pid 5858] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5857] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5857] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5858] <... futex resumed>) = 0 [pid 5858] memfd_create("syzkaller", 0 [pid 5857] <... futex resumed>) = 1 [pid 5858] <... memfd_create resumed>) = 3 [pid 5857] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5858] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17b3800000 [pid 5858] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5858] munmap(0x7f17b3800000, 138412032) = 0 [pid 5858] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5858] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5858] close(3) = 0 [pid 5858] close(4) = 0 [pid 5858] mkdir("./file0", 0777) = 0 [pid 5858] mount("/dev/loop0", "./file0", "jfs", MS_REC, "") = 0 [pid 5858] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [ 95.195730][ T5858] loop0: detected capacity change from 0 to 32768 [pid 5858] chdir("./file0") = 0 [pid 5858] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5858] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5857] <... futex resumed>) = 0 [pid 5858] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5857] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5858] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5857] <... futex resumed>) = 0 [pid 5858] creat("./file1", 004) = 4 [pid 5857] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5858] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5857] <... futex resumed>) = 0 [pid 5858] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5857] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5858] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5857] <... futex resumed>) = 0 [pid 5858] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 392007683 [pid 5857] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5857] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5857] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17bbce3000 [pid 5857] mprotect(0x7f17bbce4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5857] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5857] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17bbd03990, parent_tid=0x7f17bbd03990, exit_signal=0, stack=0x7f17bbce3000, stack_size=0x20300, tls=0x7f17bbd036c0}./strace-static-x86_64: Process 5859 attached => {parent_tid=[5859]}, 88) = 5859 [pid 5859] rseq(0x7f17bbd03fe0, 0x20, 0, 0x53053053 [pid 5857] rt_sigprocmask(SIG_SETMASK, [], [pid 5859] <... rseq resumed>) = 0 [pid 5857] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5859] set_robust_list(0x7f17bbd039a0, 24 [pid 5857] futex(0x7f17bbe1b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5859] <... set_robust_list resumed>) = 0 [pid 5859] rt_sigprocmask(SIG_SETMASK, [], [pid 5857] <... futex resumed>) = 0 [pid 5859] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5857] futex(0x7f17bbe1b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5859] memfd_create("syzkaller", 0) = 5 [pid 5859] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17b3800000 [pid 5859] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5859] munmap(0x7f17b3800000, 138412032) = 0 [pid 5859] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5859] close(5) = 0 [ 95.424078][ T5858] ERROR: (device loop0): dbAdjCtl: the maximum free buddy is not the old root [ 95.424078][ T5858] [ 95.436249][ T5858] ERROR: (device loop0): remounting filesystem as read-only [pid 5859] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5857] <... futex resumed>) = 0 [pid 5857] futex(0x7f17bbe1b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5859] quotactl(QCMD(Q_SETINFO, USRQUOTA), NULL, NULL [pid 5857] <... futex resumed>) = 0 [pid 5859] <... quotactl resumed>) = -1 ENODEV (No such device) [pid 5857] futex(0x7f17bbe1b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5859] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5857] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5859] <... futex resumed>) = 0 [pid 5859] futex(0x7f17bbe1b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5858] <... write resumed>) = 15335424 [pid 5858] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5858] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5857] exit_group(0 [pid 5859] <... futex resumed>) = ? [pid 5859] +++ exited with 0 +++ [pid 5857] <... exit_group resumed>) = ? [pid 5858] <... futex resumed>) = ? [pid 5858] +++ exited with 0 +++ [pid 5857] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5857, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=47 /* 0.47 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555589734730 /* 4 entries */, 32768) = 112 umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/binderfs") = 0 umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558973c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558973c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/file0") = 0 getdents64(3, 0x555589734730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5860 attached , child_tidptr=0x555589733690) = 5860 [pid 5860] set_robust_list(0x5555897336a0, 24) = 0 [pid 5860] chdir("./12") = 0 [pid 5860] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5860] setpgid(0, 0) = 0 [pid 5860] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5860] write(3, "1000", 4) = 4 [pid 5860] close(3) = 0 [pid 5860] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5860] write(1, "executing program\n", 18) = 18 [pid 5860] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5860] rt_sigaction(SIGRT_1, {sa_handler=0x7f17bbd941f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f17bbd853a0}, NULL, 8) = 0 [pid 5860] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5860] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17bbd04000 [pid 5860] mprotect(0x7f17bbd05000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5860] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5860] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17bbd24990, parent_tid=0x7f17bbd24990, exit_signal=0, stack=0x7f17bbd04000, stack_size=0x20300, tls=0x7f17bbd246c0}./strace-static-x86_64: Process 5861 attached [pid 5861] rseq(0x7f17bbd24fe0, 0x20, 0, 0x53053053) = 0 [pid 5861] set_robust_list(0x7f17bbd249a0, 24) = 0 [pid 5860] <... clone3 resumed> => {parent_tid=[5861]}, 88) = 5861 [pid 5861] rt_sigprocmask(SIG_SETMASK, [], [pid 5860] rt_sigprocmask(SIG_SETMASK, [], [pid 5861] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5860] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5861] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5860] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5861] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5860] <... futex resumed>) = 0 [pid 5861] memfd_create("syzkaller", 0 [pid 5860] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5861] <... memfd_create resumed>) = 3 [pid 5861] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17b3800000 [pid 5861] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5861] munmap(0x7f17b3800000, 138412032) = 0 [pid 5861] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5861] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5861] close(3) = 0 [pid 5861] close(4) = 0 [pid 5861] mkdir("./file0", 0777) = 0 [pid 5861] mount("/dev/loop0", "./file0", "jfs", MS_REC, "") = 0 [pid 5861] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5861] chdir("./file0") = 0 [pid 5861] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5861] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5860] <... futex resumed>) = 0 [pid 5861] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5860] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5861] <... futex resumed>) = 0 [pid 5860] <... futex resumed>) = 1 [pid 5861] creat("./file1", 004 [pid 5860] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5861] <... creat resumed>) = 4 [ 96.720744][ T5861] loop0: detected capacity change from 0 to 32768 [pid 5861] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5860] <... futex resumed>) = 0 [pid 5861] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5860] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5861] <... futex resumed>) = 0 [pid 5860] <... futex resumed>) = 1 [pid 5861] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 392007683 [pid 5860] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5860] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5860] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17bbce3000 [pid 5860] mprotect(0x7f17bbce4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5860] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5860] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17bbd03990, parent_tid=0x7f17bbd03990, exit_signal=0, stack=0x7f17bbce3000, stack_size=0x20300, tls=0x7f17bbd036c0}./strace-static-x86_64: Process 5862 attached => {parent_tid=[5862]}, 88) = 5862 [pid 5862] rseq(0x7f17bbd03fe0, 0x20, 0, 0x53053053) = 0 [pid 5860] rt_sigprocmask(SIG_SETMASK, [], [pid 5862] set_robust_list(0x7f17bbd039a0, 24 [pid 5860] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5862] <... set_robust_list resumed>) = 0 [pid 5860] futex(0x7f17bbe1b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5862] rt_sigprocmask(SIG_SETMASK, [], [pid 5860] <... futex resumed>) = 0 [pid 5862] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5860] futex(0x7f17bbe1b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5862] memfd_create("syzkaller", 0) = 5 [pid 5862] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17b3800000 [pid 5862] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [ 96.923834][ T5861] ERROR: (device loop0): dbAdjCtl: the maximum free buddy is not the old root [ 96.923834][ T5861] [ 96.935500][ T5861] ERROR: (device loop0): remounting filesystem as read-only [pid 5862] munmap(0x7f17b3800000, 138412032) = 0 [pid 5862] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5862] close(5) = 0 [pid 5862] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5860] <... futex resumed>) = 0 [pid 5862] futex(0x7f17bbe1b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5860] futex(0x7f17bbe1b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5862] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5860] <... futex resumed>) = 0 [pid 5862] quotactl(QCMD(Q_SETINFO, USRQUOTA), NULL, NULL [pid 5860] futex(0x7f17bbe1b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5862] <... quotactl resumed>) = -1 ENODEV (No such device) [pid 5862] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5860] <... futex resumed>) = 0 [pid 5862] futex(0x7f17bbe1b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5861] <... write resumed>) = 15335424 [pid 5861] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5861] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5860] exit_group(0 [pid 5862] <... futex resumed>) = ? [pid 5861] <... futex resumed>) = ? [pid 5862] +++ exited with 0 +++ [pid 5861] +++ exited with 0 +++ [pid 5860] <... exit_group resumed>) = ? [pid 5860] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5860, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=48 /* 0.48 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555589734730 /* 4 entries */, 32768) = 112 umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/binderfs") = 0 umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558973c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558973c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/file0") = 0 getdents64(3, 0x555589734730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5863 attached , child_tidptr=0x555589733690) = 5863 [pid 5863] set_robust_list(0x5555897336a0, 24) = 0 [pid 5863] chdir("./13") = 0 [pid 5863] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5863] setpgid(0, 0) = 0 [pid 5863] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5863] write(3, "1000", 4) = 4 [pid 5863] close(3) = 0 [pid 5863] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5863] write(1, "executing program\n", 18executing program ) = 18 [pid 5863] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5863] rt_sigaction(SIGRT_1, {sa_handler=0x7f17bbd941f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f17bbd853a0}, NULL, 8) = 0 [pid 5863] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5863] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17bbd04000 [pid 5863] mprotect(0x7f17bbd05000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5863] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5863] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17bbd24990, parent_tid=0x7f17bbd24990, exit_signal=0, stack=0x7f17bbd04000, stack_size=0x20300, tls=0x7f17bbd246c0}./strace-static-x86_64: Process 5864 attached [pid 5864] rseq(0x7f17bbd24fe0, 0x20, 0, 0x53053053) = 0 [pid 5863] <... clone3 resumed> => {parent_tid=[5864]}, 88) = 5864 [pid 5864] set_robust_list(0x7f17bbd249a0, 24 [pid 5863] rt_sigprocmask(SIG_SETMASK, [], [pid 5864] <... set_robust_list resumed>) = 0 [pid 5863] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5864] rt_sigprocmask(SIG_SETMASK, [], [pid 5863] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5864] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5863] <... futex resumed>) = 0 [pid 5864] memfd_create("syzkaller", 0 [pid 5863] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5864] <... memfd_create resumed>) = 3 [pid 5864] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17b3800000 [pid 5864] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5864] munmap(0x7f17b3800000, 138412032) = 0 [pid 5864] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5864] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5864] close(3) = 0 [pid 5864] close(4) = 0 [pid 5864] mkdir("./file0", 0777) = 0 [pid 5864] mount("/dev/loop0", "./file0", "jfs", MS_REC, "") = 0 [pid 5864] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5864] chdir("./file0") = 0 [pid 5864] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5864] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5863] <... futex resumed>) = 0 [pid 5864] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5863] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5863] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5864] <... futex resumed>) = 0 [pid 5864] creat("./file1", 004) = 4 [ 98.175213][ T5864] loop0: detected capacity change from 0 to 32768 [pid 5864] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5863] <... futex resumed>) = 0 [pid 5864] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5863] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5864] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5863] <... futex resumed>) = 0 [pid 5864] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 392007683 [pid 5863] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5863] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5863] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17bbce3000 [pid 5863] mprotect(0x7f17bbce4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5863] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5863] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17bbd03990, parent_tid=0x7f17bbd03990, exit_signal=0, stack=0x7f17bbce3000, stack_size=0x20300, tls=0x7f17bbd036c0}./strace-static-x86_64: Process 5865 attached [pid 5865] rseq(0x7f17bbd03fe0, 0x20, 0, 0x53053053 [pid 5863] <... clone3 resumed> => {parent_tid=[5865]}, 88) = 5865 [pid 5865] <... rseq resumed>) = 0 [pid 5863] rt_sigprocmask(SIG_SETMASK, [], [pid 5865] set_robust_list(0x7f17bbd039a0, 24 [pid 5863] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5865] <... set_robust_list resumed>) = 0 [pid 5865] rt_sigprocmask(SIG_SETMASK, [], [pid 5863] futex(0x7f17bbe1b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5865] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5865] memfd_create("syzkaller", 0 [pid 5863] <... futex resumed>) = 0 [pid 5863] futex(0x7f17bbe1b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5865] <... memfd_create resumed>) = 5 [pid 5865] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17b3800000 [pid 5865] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5865] munmap(0x7f17b3800000, 138412032) = 0 [pid 5865] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 98.392331][ T5864] ERROR: (device loop0): dbAdjCtl: the maximum free buddy is not the old root [ 98.392331][ T5864] [ 98.404940][ T5864] ERROR: (device loop0): remounting filesystem as read-only [pid 5865] close(5) = 0 [pid 5865] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5865] futex(0x7f17bbe1b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5863] <... futex resumed>) = 0 [pid 5863] futex(0x7f17bbe1b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5865] <... futex resumed>) = 0 [pid 5863] <... futex resumed>) = 1 [pid 5865] quotactl(QCMD(Q_SETINFO, USRQUOTA), NULL, NULL [pid 5863] futex(0x7f17bbe1b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5865] <... quotactl resumed>) = -1 ENODEV (No such device) [pid 5865] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5863] <... futex resumed>) = 0 [pid 5865] futex(0x7f17bbe1b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5864] <... write resumed>) = 15335424 [pid 5864] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5863] exit_group(0 [pid 5864] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5865] <... futex resumed>) = ? [pid 5864] <... futex resumed>) = ? [pid 5863] <... exit_group resumed>) = ? [pid 5865] +++ exited with 0 +++ [pid 5864] +++ exited with 0 +++ [pid 5863] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5863, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=50 /* 0.50 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555589734730 /* 4 entries */, 32768) = 112 umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/binderfs") = 0 umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558973c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558973c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/file0") = 0 getdents64(3, 0x555589734730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5866 attached , child_tidptr=0x555589733690) = 5866 [pid 5866] set_robust_list(0x5555897336a0, 24) = 0 [pid 5866] chdir("./14") = 0 [pid 5866] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5866] setpgid(0, 0) = 0 [pid 5866] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5866] write(3, "1000", 4) = 4 [pid 5866] close(3) = 0 [pid 5866] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5866] write(1, "executing program\n", 18) = 18 [pid 5866] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5866] rt_sigaction(SIGRT_1, {sa_handler=0x7f17bbd941f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f17bbd853a0}, NULL, 8) = 0 [pid 5866] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5866] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17bbd04000 [pid 5866] mprotect(0x7f17bbd05000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5866] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5866] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17bbd24990, parent_tid=0x7f17bbd24990, exit_signal=0, stack=0x7f17bbd04000, stack_size=0x20300, tls=0x7f17bbd246c0}./strace-static-x86_64: Process 5867 attached [pid 5867] rseq(0x7f17bbd24fe0, 0x20, 0, 0x53053053 [pid 5866] <... clone3 resumed> => {parent_tid=[5867]}, 88) = 5867 [pid 5867] <... rseq resumed>) = 0 [pid 5867] set_robust_list(0x7f17bbd249a0, 24) = 0 [pid 5867] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5867] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5866] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5866] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5867] <... futex resumed>) = 0 [pid 5867] memfd_create("syzkaller", 0 [pid 5866] <... futex resumed>) = 1 [pid 5866] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5867] <... memfd_create resumed>) = 3 [pid 5867] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17b3800000 [pid 5867] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5867] munmap(0x7f17b3800000, 138412032) = 0 [pid 5867] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5867] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5867] close(3) = 0 [pid 5867] close(4) = 0 [pid 5867] mkdir("./file0", 0777) = 0 [pid 5867] mount("/dev/loop0", "./file0", "jfs", MS_REC, "") = 0 [ 99.688293][ T5867] loop0: detected capacity change from 0 to 32768 [pid 5867] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5867] chdir("./file0") = 0 [pid 5867] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5867] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5867] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5866] <... futex resumed>) = 0 [pid 5866] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5867] <... futex resumed>) = 0 [pid 5866] <... futex resumed>) = 1 [pid 5867] creat("./file1", 004 [pid 5866] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5867] <... creat resumed>) = 4 [pid 5867] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5866] <... futex resumed>) = 0 [pid 5867] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5866] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5867] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5866] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5867] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 392007683 [pid 5866] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5866] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5866] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17bbce3000 [pid 5866] mprotect(0x7f17bbce4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5866] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5866] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17bbd03990, parent_tid=0x7f17bbd03990, exit_signal=0, stack=0x7f17bbce3000, stack_size=0x20300, tls=0x7f17bbd036c0}./strace-static-x86_64: Process 5868 attached [pid 5868] rseq(0x7f17bbd03fe0, 0x20, 0, 0x53053053 [pid 5866] <... clone3 resumed> => {parent_tid=[5868]}, 88) = 5868 [pid 5866] rt_sigprocmask(SIG_SETMASK, [], [pid 5868] <... rseq resumed>) = 0 [pid 5866] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5868] set_robust_list(0x7f17bbd039a0, 24) = 0 [pid 5866] futex(0x7f17bbe1b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] rt_sigprocmask(SIG_SETMASK, [], [pid 5866] <... futex resumed>) = 0 [pid 5868] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5866] futex(0x7f17bbe1b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5868] memfd_create("syzkaller", 0) = 5 [pid 5868] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17b3800000 [pid 5868] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5868] munmap(0x7f17b3800000, 138412032) = 0 [pid 5868] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5868] close(5) = 0 [pid 5868] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 99.946867][ T5867] ERROR: (device loop0): dbAdjCtl: the maximum free buddy is not the old root [ 99.946867][ T5867] [ 99.958558][ T5867] ERROR: (device loop0): remounting filesystem as read-only [pid 5866] <... futex resumed>) = 0 [pid 5868] futex(0x7f17bbe1b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5866] futex(0x7f17bbe1b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5866] <... futex resumed>) = 0 [pid 5868] quotactl(QCMD(Q_SETINFO, USRQUOTA), NULL, NULL [pid 5866] futex(0x7f17bbe1b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5868] <... quotactl resumed>) = -1 ENODEV (No such device) [pid 5868] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5866] <... futex resumed>) = 0 [pid 5868] futex(0x7f17bbe1b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5867] <... write resumed>) = 15335424 [pid 5867] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5867] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5866] exit_group(0 [pid 5868] <... futex resumed>) = ? [pid 5867] <... futex resumed>) = ? [pid 5866] <... exit_group resumed>) = ? [pid 5868] +++ exited with 0 +++ [pid 5867] +++ exited with 0 +++ [pid 5866] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5866, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=49 /* 0.49 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555589734730 /* 4 entries */, 32768) = 112 umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/binderfs") = 0 umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558973c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558973c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/file0") = 0 getdents64(3, 0x555589734730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5869 attached , child_tidptr=0x555589733690) = 5869 [pid 5869] set_robust_list(0x5555897336a0, 24) = 0 [pid 5869] chdir("./15") = 0 [pid 5869] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5869] setpgid(0, 0) = 0 [pid 5869] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5869] write(3, "1000", 4) = 4 [pid 5869] close(3) = 0 [pid 5869] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5869] write(1, "executing program\n", 18executing program ) = 18 [pid 5869] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5869] rt_sigaction(SIGRT_1, {sa_handler=0x7f17bbd941f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f17bbd853a0}, NULL, 8) = 0 [pid 5869] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5869] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17bbd04000 [pid 5869] mprotect(0x7f17bbd05000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5869] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5869] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17bbd24990, parent_tid=0x7f17bbd24990, exit_signal=0, stack=0x7f17bbd04000, stack_size=0x20300, tls=0x7f17bbd246c0}./strace-static-x86_64: Process 5870 attached [pid 5870] rseq(0x7f17bbd24fe0, 0x20, 0, 0x53053053) = 0 [pid 5869] <... clone3 resumed> => {parent_tid=[5870]}, 88) = 5870 [pid 5870] set_robust_list(0x7f17bbd249a0, 24 [pid 5869] rt_sigprocmask(SIG_SETMASK, [], [pid 5870] <... set_robust_list resumed>) = 0 [pid 5869] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5870] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5869] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5869] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5870] memfd_create("syzkaller", 0) = 3 [pid 5870] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17b3800000 [pid 5870] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5870] munmap(0x7f17b3800000, 138412032) = 0 [pid 5870] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5870] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5870] close(3) = 0 [pid 5870] close(4) = 0 [pid 5870] mkdir("./file0", 0777) = 0 [pid 5870] mount("/dev/loop0", "./file0", "jfs", MS_REC, "") = 0 [pid 5870] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5870] chdir("./file0") = 0 [pid 5870] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5870] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5869] <... futex resumed>) = 0 [ 101.247792][ T5870] loop0: detected capacity change from 0 to 32768 [pid 5869] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] creat("./file1", 004 [pid 5869] <... futex resumed>) = 0 [pid 5869] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] <... creat resumed>) = 4 [pid 5870] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5869] <... futex resumed>) = 0 [pid 5870] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5869] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5869] <... futex resumed>) = 0 [pid 5870] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 392007683 [pid 5869] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5869] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5869] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17bbce3000 [pid 5869] mprotect(0x7f17bbce4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5869] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5869] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17bbd03990, parent_tid=0x7f17bbd03990, exit_signal=0, stack=0x7f17bbce3000, stack_size=0x20300, tls=0x7f17bbd036c0}./strace-static-x86_64: Process 5871 attached [pid 5871] rseq(0x7f17bbd03fe0, 0x20, 0, 0x53053053 [pid 5869] <... clone3 resumed> => {parent_tid=[5871]}, 88) = 5871 [pid 5871] <... rseq resumed>) = 0 [pid 5871] set_robust_list(0x7f17bbd039a0, 24 [pid 5869] rt_sigprocmask(SIG_SETMASK, [], [pid 5871] <... set_robust_list resumed>) = 0 [pid 5869] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5871] rt_sigprocmask(SIG_SETMASK, [], [pid 5869] futex(0x7f17bbe1b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5869] <... futex resumed>) = 0 [pid 5871] memfd_create("syzkaller", 0 [pid 5869] futex(0x7f17bbe1b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5871] <... memfd_create resumed>) = 5 [pid 5871] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17b3800000 [pid 5871] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5871] munmap(0x7f17b3800000, 138412032) = 0 [pid 5871] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5871] close(5) = 0 [pid 5871] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] <... futex resumed>) = 0 [pid 5869] futex(0x7f17bbe1b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] <... futex resumed>) = 1 [pid 5869] <... futex resumed>) = 0 [pid 5871] quotactl(QCMD(Q_SETINFO, USRQUOTA), NULL, NULL [pid 5869] futex(0x7f17bbe1b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] <... quotactl resumed>) = -1 ENODEV (No such device) [pid 5871] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] <... futex resumed>) = 0 [ 101.486599][ T5870] ERROR: (device loop0): dbAdjCtl: the maximum free buddy is not the old root [ 101.486599][ T5870] [ 101.498739][ T5870] ERROR: (device loop0): remounting filesystem as read-only [pid 5871] <... futex resumed>) = 1 [pid 5871] futex(0x7f17bbe1b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5870] <... write resumed>) = 15335424 [pid 5870] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5870] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5869] exit_group(0 [pid 5871] <... futex resumed>) = ? [pid 5870] <... futex resumed>) = ? [pid 5869] <... exit_group resumed>) = ? [pid 5871] +++ exited with 0 +++ [pid 5870] +++ exited with 0 +++ [pid 5869] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5869, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=51 /* 0.51 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555589734730 /* 4 entries */, 32768) = 112 umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/binderfs") = 0 umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558973c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558973c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/file0") = 0 getdents64(3, 0x555589734730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5872 attached , child_tidptr=0x555589733690) = 5872 [pid 5872] set_robust_list(0x5555897336a0, 24) = 0 [pid 5872] chdir("./16") = 0 [pid 5872] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5872] setpgid(0, 0) = 0 [pid 5872] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5872] write(3, "1000", 4) = 4 [pid 5872] close(3) = 0 [pid 5872] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5872] write(1, "executing program\n", 18executing program ) = 18 [pid 5872] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5872] rt_sigaction(SIGRT_1, {sa_handler=0x7f17bbd941f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f17bbd853a0}, NULL, 8) = 0 [pid 5872] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5872] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17bbd04000 [pid 5872] mprotect(0x7f17bbd05000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5872] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5872] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17bbd24990, parent_tid=0x7f17bbd24990, exit_signal=0, stack=0x7f17bbd04000, stack_size=0x20300, tls=0x7f17bbd246c0}./strace-static-x86_64: Process 5873 attached [pid 5873] rseq(0x7f17bbd24fe0, 0x20, 0, 0x53053053) = 0 [pid 5872] <... clone3 resumed> => {parent_tid=[5873]}, 88) = 5873 [pid 5873] set_robust_list(0x7f17bbd249a0, 24 [pid 5872] rt_sigprocmask(SIG_SETMASK, [], [pid 5873] <... set_robust_list resumed>) = 0 [pid 5872] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5873] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5872] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5873] memfd_create("syzkaller", 0 [pid 5872] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5873] <... memfd_create resumed>) = 3 [pid 5873] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17b3800000 [pid 5873] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5873] munmap(0x7f17b3800000, 138412032) = 0 [pid 5873] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5873] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5873] close(3) = 0 [pid 5873] close(4) = 0 [pid 5873] mkdir("./file0", 0777) = 0 [pid 5873] mount("/dev/loop0", "./file0", "jfs", MS_REC, "") = 0 [pid 5873] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5873] chdir("./file0") = 0 [pid 5873] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5873] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5872] <... futex resumed>) = 0 [pid 5873] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5872] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5873] <... futex resumed>) = 0 [pid 5872] <... futex resumed>) = 1 [pid 5873] creat("./file1", 004) = 4 [pid 5872] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5873] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5872] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5873] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5872] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5873] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 392007683 [pid 5872] <... futex resumed>) = 0 [ 102.723314][ T5873] loop0: detected capacity change from 0 to 32768 [pid 5872] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5872] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5872] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17bbce3000 [pid 5872] mprotect(0x7f17bbce4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5872] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5872] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17bbd03990, parent_tid=0x7f17bbd03990, exit_signal=0, stack=0x7f17bbce3000, stack_size=0x20300, tls=0x7f17bbd036c0}./strace-static-x86_64: Process 5874 attached [pid 5874] rseq(0x7f17bbd03fe0, 0x20, 0, 0x53053053) = 0 [pid 5872] <... clone3 resumed> => {parent_tid=[5874]}, 88) = 5874 [pid 5874] set_robust_list(0x7f17bbd039a0, 24) = 0 [pid 5872] rt_sigprocmask(SIG_SETMASK, [], [pid 5874] rt_sigprocmask(SIG_SETMASK, [], [pid 5872] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5874] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5872] futex(0x7f17bbe1b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5874] memfd_create("syzkaller", 0 [pid 5872] <... futex resumed>) = 0 [pid 5872] futex(0x7f17bbe1b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5874] <... memfd_create resumed>) = 5 [pid 5874] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17b3800000 [pid 5874] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [ 102.915676][ T5873] ERROR: (device loop0): dbAdjCtl: the maximum free buddy is not the old root [ 102.915676][ T5873] [ 102.927300][ T5873] ERROR: (device loop0): remounting filesystem as read-only [pid 5874] munmap(0x7f17b3800000, 138412032) = 0 [pid 5874] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5874] close(5) = 0 [pid 5874] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5872] <... futex resumed>) = 0 [pid 5872] futex(0x7f17bbe1b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5874] quotactl(QCMD(Q_SETINFO, USRQUOTA), NULL, NULL [pid 5872] <... futex resumed>) = 0 [pid 5874] <... quotactl resumed>) = -1 ENODEV (No such device) [pid 5872] futex(0x7f17bbe1b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5874] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5874] <... futex resumed>) = 0 [pid 5874] futex(0x7f17bbe1b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5873] <... write resumed>) = 15335424 [pid 5873] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5873] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5872] exit_group(0 [pid 5874] <... futex resumed>) = ? [pid 5873] <... futex resumed>) = ? [pid 5872] <... exit_group resumed>) = ? [pid 5874] +++ exited with 0 +++ [pid 5873] +++ exited with 0 +++ [pid 5872] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5872, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=49 /* 0.49 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555589734730 /* 4 entries */, 32768) = 112 umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/binderfs") = 0 umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558973c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558973c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/file0") = 0 getdents64(3, 0x555589734730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5875 attached , child_tidptr=0x555589733690) = 5875 [pid 5875] set_robust_list(0x5555897336a0, 24) = 0 [pid 5875] chdir("./17") = 0 [pid 5875] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5875] setpgid(0, 0) = 0 [pid 5875] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5875] write(3, "1000", 4) = 4 [pid 5875] close(3) = 0 [pid 5875] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5875] write(1, "executing program\n", 18) = 18 [pid 5875] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5875] rt_sigaction(SIGRT_1, {sa_handler=0x7f17bbd941f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f17bbd853a0}, NULL, 8) = 0 [pid 5875] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5875] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17bbd04000 [pid 5875] mprotect(0x7f17bbd05000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5875] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5875] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17bbd24990, parent_tid=0x7f17bbd24990, exit_signal=0, stack=0x7f17bbd04000, stack_size=0x20300, tls=0x7f17bbd246c0}./strace-static-x86_64: Process 5876 attached [pid 5876] rseq(0x7f17bbd24fe0, 0x20, 0, 0x53053053) = 0 [pid 5875] <... clone3 resumed> => {parent_tid=[5876]}, 88) = 5876 [pid 5876] set_robust_list(0x7f17bbd249a0, 24 [pid 5875] rt_sigprocmask(SIG_SETMASK, [], [pid 5876] <... set_robust_list resumed>) = 0 [pid 5875] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5876] rt_sigprocmask(SIG_SETMASK, [], [pid 5875] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5876] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5875] <... futex resumed>) = 0 [pid 5876] memfd_create("syzkaller", 0 [pid 5875] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5876] <... memfd_create resumed>) = 3 [pid 5876] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17b3800000 [pid 5876] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5876] munmap(0x7f17b3800000, 138412032) = 0 [pid 5876] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5876] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5876] close(3) = 0 [pid 5876] close(4) = 0 [pid 5876] mkdir("./file0", 0777) = 0 [pid 5876] mount("/dev/loop0", "./file0", "jfs", MS_REC, "") = 0 [pid 5876] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5876] chdir("./file0") = 0 [pid 5876] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 104.209207][ T5876] loop0: detected capacity change from 0 to 32768 [pid 5876] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5875] <... futex resumed>) = 0 [pid 5876] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5875] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5876] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5875] <... futex resumed>) = 0 [pid 5876] creat("./file1", 004 [pid 5875] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5876] <... creat resumed>) = 4 [pid 5876] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5875] <... futex resumed>) = 0 [pid 5876] <... futex resumed>) = 1 [pid 5875] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5876] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 392007683 [pid 5875] <... futex resumed>) = 0 [pid 5875] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5875] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5875] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17bbce3000 [pid 5875] mprotect(0x7f17bbce4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5875] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5875] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17bbd03990, parent_tid=0x7f17bbd03990, exit_signal=0, stack=0x7f17bbce3000, stack_size=0x20300, tls=0x7f17bbd036c0}./strace-static-x86_64: Process 5877 attached [pid 5877] rseq(0x7f17bbd03fe0, 0x20, 0, 0x53053053 [pid 5875] <... clone3 resumed> => {parent_tid=[5877]}, 88) = 5877 [pid 5877] <... rseq resumed>) = 0 [pid 5877] set_robust_list(0x7f17bbd039a0, 24 [pid 5875] rt_sigprocmask(SIG_SETMASK, [], [pid 5877] <... set_robust_list resumed>) = 0 [pid 5875] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5877] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5875] futex(0x7f17bbe1b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5877] memfd_create("syzkaller", 0 [pid 5875] <... futex resumed>) = 0 [pid 5875] futex(0x7f17bbe1b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5877] <... memfd_create resumed>) = 5 [pid 5877] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17b3800000 [pid 5877] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5877] munmap(0x7f17b3800000, 138412032) = 0 [pid 5877] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 104.424702][ T5876] ERROR: (device loop0): dbAdjCtl: the maximum free buddy is not the old root [ 104.424702][ T5876] [ 104.437737][ T5876] ERROR: (device loop0): remounting filesystem as read-only [pid 5877] close(5) = 0 [pid 5877] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5875] <... futex resumed>) = 0 [pid 5877] futex(0x7f17bbe1b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5875] futex(0x7f17bbe1b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5877] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5875] <... futex resumed>) = 0 [pid 5877] quotactl(QCMD(Q_SETINFO, USRQUOTA), NULL, NULL [pid 5875] futex(0x7f17bbe1b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5877] <... quotactl resumed>) = -1 ENODEV (No such device) [pid 5877] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5875] <... futex resumed>) = 0 [pid 5877] futex(0x7f17bbe1b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5876] <... write resumed>) = 15335424 [pid 5876] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5876] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5875] exit_group(0 [pid 5877] <... futex resumed>) = ? [pid 5875] <... exit_group resumed>) = ? [pid 5877] +++ exited with 0 +++ [pid 5876] <... futex resumed>) = ? [pid 5876] +++ exited with 0 +++ [pid 5875] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5875, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=49 /* 0.49 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./17", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555589734730 /* 4 entries */, 32768) = 112 umount2("./17/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/binderfs") = 0 umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558973c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558973c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/file0") = 0 getdents64(3, 0x555589734730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5878 attached , child_tidptr=0x555589733690) = 5878 [pid 5878] set_robust_list(0x5555897336a0, 24) = 0 [pid 5878] chdir("./18") = 0 [pid 5878] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5878] setpgid(0, 0) = 0 [pid 5878] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5878] write(3, "1000", 4) = 4 [pid 5878] close(3) = 0 [pid 5878] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5878] write(1, "executing program\n", 18) = 18 [pid 5878] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5878] rt_sigaction(SIGRT_1, {sa_handler=0x7f17bbd941f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f17bbd853a0}, NULL, 8) = 0 [pid 5878] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5878] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17bbd04000 [pid 5878] mprotect(0x7f17bbd05000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5878] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5878] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17bbd24990, parent_tid=0x7f17bbd24990, exit_signal=0, stack=0x7f17bbd04000, stack_size=0x20300, tls=0x7f17bbd246c0}./strace-static-x86_64: Process 5879 attached [pid 5879] rseq(0x7f17bbd24fe0, 0x20, 0, 0x53053053) = 0 [pid 5879] set_robust_list(0x7f17bbd249a0, 24 [pid 5878] <... clone3 resumed> => {parent_tid=[5879]}, 88) = 5879 [pid 5879] <... set_robust_list resumed>) = 0 [pid 5878] rt_sigprocmask(SIG_SETMASK, [], [pid 5879] rt_sigprocmask(SIG_SETMASK, [], [pid 5878] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5879] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5878] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5879] memfd_create("syzkaller", 0 [pid 5878] <... futex resumed>) = 0 [pid 5878] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5879] <... memfd_create resumed>) = 3 [pid 5879] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17b3800000 [pid 5879] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5879] munmap(0x7f17b3800000, 138412032) = 0 [pid 5879] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5879] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5879] close(3) = 0 [pid 5879] close(4) = 0 [pid 5879] mkdir("./file0", 0777) = 0 [pid 5879] mount("/dev/loop0", "./file0", "jfs", MS_REC, "") = 0 [pid 5879] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5879] chdir("./file0") = 0 [pid 5879] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5879] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5878] <... futex resumed>) = 0 [pid 5879] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5878] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5879] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5878] <... futex resumed>) = 0 [pid 5879] creat("./file1", 004 [pid 5878] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5879] <... creat resumed>) = 4 [pid 5879] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5878] <... futex resumed>) = 0 [pid 5879] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5878] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5879] <... futex resumed>) = 0 [pid 5879] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 392007683 [ 105.712102][ T5879] loop0: detected capacity change from 0 to 32768 [pid 5878] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5878] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5878] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17bbce3000 [pid 5878] mprotect(0x7f17bbce4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5878] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5878] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17bbd03990, parent_tid=0x7f17bbd03990, exit_signal=0, stack=0x7f17bbce3000, stack_size=0x20300, tls=0x7f17bbd036c0}./strace-static-x86_64: Process 5880 attached [pid 5880] rseq(0x7f17bbd03fe0, 0x20, 0, 0x53053053) = 0 [pid 5880] set_robust_list(0x7f17bbd039a0, 24) = 0 [pid 5878] <... clone3 resumed> => {parent_tid=[5880]}, 88) = 5880 [pid 5880] rt_sigprocmask(SIG_SETMASK, [], [pid 5878] rt_sigprocmask(SIG_SETMASK, [], [pid 5880] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5878] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5880] futex(0x7f17bbe1b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5878] futex(0x7f17bbe1b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5880] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5878] <... futex resumed>) = 0 [pid 5878] futex(0x7f17bbe1b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5880] memfd_create("syzkaller", 0) = 5 [pid 5880] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17b3800000 [pid 5880] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5880] munmap(0x7f17b3800000, 138412032) = 0 [pid 5880] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 105.916736][ T5879] ERROR: (device loop0): dbAdjCtl: the maximum free buddy is not the old root [ 105.916736][ T5879] [ 105.928151][ T5879] ERROR: (device loop0): remounting filesystem as read-only [pid 5880] close(5) = 0 [pid 5880] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5878] <... futex resumed>) = 0 [pid 5880] futex(0x7f17bbe1b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5878] futex(0x7f17bbe1b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5880] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5878] <... futex resumed>) = 0 [pid 5880] quotactl(QCMD(Q_SETINFO, USRQUOTA), NULL, NULL [pid 5878] futex(0x7f17bbe1b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5880] <... quotactl resumed>) = -1 ENODEV (No such device) [pid 5880] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5878] <... futex resumed>) = 0 [pid 5880] <... futex resumed>) = 1 [pid 5880] futex(0x7f17bbe1b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5879] <... write resumed>) = 15335424 [pid 5879] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5879] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5878] exit_group(0 [pid 5879] <... futex resumed>) = ? [pid 5880] <... futex resumed>) = ? [pid 5878] <... exit_group resumed>) = ? [pid 5879] +++ exited with 0 +++ [pid 5880] +++ exited with 0 +++ [pid 5878] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5878, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=48 /* 0.48 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./18", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555589734730 /* 4 entries */, 32768) = 112 umount2("./18/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/binderfs") = 0 umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558973c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558973c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/file0") = 0 getdents64(3, 0x555589734730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5881 attached , child_tidptr=0x555589733690) = 5881 [pid 5881] set_robust_list(0x5555897336a0, 24) = 0 [pid 5881] chdir("./19") = 0 [pid 5881] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5881] setpgid(0, 0) = 0 [pid 5881] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5881] write(3, "1000", 4) = 4 [pid 5881] close(3) = 0 [pid 5881] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5881] write(1, "executing program\n", 18) = 18 [pid 5881] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5881] rt_sigaction(SIGRT_1, {sa_handler=0x7f17bbd941f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f17bbd853a0}, NULL, 8) = 0 [pid 5881] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5881] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17bbd04000 [pid 5881] mprotect(0x7f17bbd05000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5881] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5881] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17bbd24990, parent_tid=0x7f17bbd24990, exit_signal=0, stack=0x7f17bbd04000, stack_size=0x20300, tls=0x7f17bbd246c0}./strace-static-x86_64: Process 5882 attached [pid 5882] rseq(0x7f17bbd24fe0, 0x20, 0, 0x53053053 [pid 5881] <... clone3 resumed> => {parent_tid=[5882]}, 88) = 5882 [pid 5882] <... rseq resumed>) = 0 [pid 5882] set_robust_list(0x7f17bbd249a0, 24) = 0 [pid 5881] rt_sigprocmask(SIG_SETMASK, [], [pid 5882] rt_sigprocmask(SIG_SETMASK, [], [pid 5881] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5882] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5881] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5881] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5882] memfd_create("syzkaller", 0) = 3 [pid 5882] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17b3800000 [pid 5882] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5882] munmap(0x7f17b3800000, 138412032) = 0 [pid 5882] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5882] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5882] close(3) = 0 [pid 5882] close(4) = 0 [pid 5882] mkdir("./file0", 0777) = 0 [pid 5882] mount("/dev/loop0", "./file0", "jfs", MS_REC, "") = 0 [pid 5882] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5882] chdir("./file0") = 0 [pid 5882] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5882] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5881] <... futex resumed>) = 0 [pid 5882] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5881] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5882] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5881] <... futex resumed>) = 0 [ 107.191498][ T5882] loop0: detected capacity change from 0 to 32768 [pid 5882] creat("./file1", 004 [pid 5881] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5882] <... creat resumed>) = 4 [pid 5882] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5881] <... futex resumed>) = 0 [pid 5882] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5881] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5882] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5881] <... futex resumed>) = 0 [pid 5882] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 392007683 [pid 5881] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5881] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5881] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17bbce3000 [pid 5881] mprotect(0x7f17bbce4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5881] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5881] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17bbd03990, parent_tid=0x7f17bbd03990, exit_signal=0, stack=0x7f17bbce3000, stack_size=0x20300, tls=0x7f17bbd036c0}./strace-static-x86_64: Process 5883 attached => {parent_tid=[5883]}, 88) = 5883 [pid 5883] rseq(0x7f17bbd03fe0, 0x20, 0, 0x53053053 [pid 5881] rt_sigprocmask(SIG_SETMASK, [], [pid 5883] <... rseq resumed>) = 0 [pid 5881] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5883] set_robust_list(0x7f17bbd039a0, 24) = 0 [pid 5881] futex(0x7f17bbe1b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5883] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5881] <... futex resumed>) = 0 [pid 5883] memfd_create("syzkaller", 0 [pid 5881] futex(0x7f17bbe1b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5883] <... memfd_create resumed>) = 5 [pid 5883] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17b3800000 [pid 5883] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5883] munmap(0x7f17b3800000, 138412032) = 0 [pid 5883] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 107.398490][ T5882] ERROR: (device loop0): dbAdjCtl: the maximum free buddy is not the old root [ 107.398490][ T5882] [ 107.410206][ T5882] ERROR: (device loop0): remounting filesystem as read-only [pid 5883] close(5) = 0 [pid 5883] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5881] <... futex resumed>) = 0 [pid 5883] futex(0x7f17bbe1b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5881] futex(0x7f17bbe1b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5883] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5881] <... futex resumed>) = 0 [pid 5883] quotactl(QCMD(Q_SETINFO, USRQUOTA), NULL, NULL [pid 5881] futex(0x7f17bbe1b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5883] <... quotactl resumed>) = -1 ENODEV (No such device) [pid 5883] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5881] <... futex resumed>) = 0 [pid 5883] futex(0x7f17bbe1b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5882] <... write resumed>) = 15335424 [pid 5882] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5881] exit_group(0 [pid 5882] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5883] <... futex resumed>) = ? [pid 5882] <... futex resumed>) = ? [pid 5881] <... exit_group resumed>) = ? [pid 5883] +++ exited with 0 +++ [pid 5882] +++ exited with 0 +++ [pid 5881] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5881, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=49 /* 0.49 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./19", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555589734730 /* 4 entries */, 32768) = 112 umount2("./19/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/binderfs") = 0 umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558973c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558973c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/file0") = 0 getdents64(3, 0x555589734730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5884 attached , child_tidptr=0x555589733690) = 5884 [pid 5884] set_robust_list(0x5555897336a0, 24) = 0 [pid 5884] chdir("./20") = 0 [pid 5884] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5884] setpgid(0, 0) = 0 [pid 5884] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5884] write(3, "1000", 4) = 4 [pid 5884] close(3) = 0 [pid 5884] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5884] write(1, "executing program\n", 18) = 18 [pid 5884] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5884] rt_sigaction(SIGRT_1, {sa_handler=0x7f17bbd941f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f17bbd853a0}, NULL, 8) = 0 [pid 5884] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5884] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17bbd04000 [pid 5884] mprotect(0x7f17bbd05000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5884] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5884] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17bbd24990, parent_tid=0x7f17bbd24990, exit_signal=0, stack=0x7f17bbd04000, stack_size=0x20300, tls=0x7f17bbd246c0}./strace-static-x86_64: Process 5885 attached [pid 5885] rseq(0x7f17bbd24fe0, 0x20, 0, 0x53053053 [pid 5884] <... clone3 resumed> => {parent_tid=[5885]}, 88) = 5885 [pid 5885] <... rseq resumed>) = 0 [pid 5885] set_robust_list(0x7f17bbd249a0, 24) = 0 [pid 5885] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5884] rt_sigprocmask(SIG_SETMASK, [], [pid 5885] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5884] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5884] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5885] <... futex resumed>) = 0 [pid 5884] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5885] memfd_create("syzkaller", 0) = 3 [pid 5885] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17b3800000 [pid 5885] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5885] munmap(0x7f17b3800000, 138412032) = 0 [pid 5885] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5885] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5885] close(3) = 0 [pid 5885] close(4) = 0 [pid 5885] mkdir("./file0", 0777) = 0 [pid 5885] mount("/dev/loop0", "./file0", "jfs", MS_REC, "") = 0 [pid 5885] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5885] chdir("./file0") = 0 [pid 5885] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5885] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5884] <... futex resumed>) = 0 [pid 5885] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5884] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5885] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5884] <... futex resumed>) = 0 [pid 5885] creat("./file1", 004 [pid 5884] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5885] <... creat resumed>) = 4 [pid 5885] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5884] <... futex resumed>) = 0 [pid 5885] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5884] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5885] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5884] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 108.691461][ T5885] loop0: detected capacity change from 0 to 32768 [pid 5885] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 392007683 [pid 5884] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5884] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5884] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17bbce3000 [pid 5884] mprotect(0x7f17bbce4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5884] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5884] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17bbd03990, parent_tid=0x7f17bbd03990, exit_signal=0, stack=0x7f17bbce3000, stack_size=0x20300, tls=0x7f17bbd036c0}./strace-static-x86_64: Process 5886 attached [pid 5886] rseq(0x7f17bbd03fe0, 0x20, 0, 0x53053053 [pid 5884] <... clone3 resumed> => {parent_tid=[5886]}, 88) = 5886 [pid 5886] <... rseq resumed>) = 0 [pid 5884] rt_sigprocmask(SIG_SETMASK, [], [pid 5886] set_robust_list(0x7f17bbd039a0, 24 [pid 5884] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5884] futex(0x7f17bbe1b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5886] <... set_robust_list resumed>) = 0 [pid 5884] <... futex resumed>) = 0 [pid 5886] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5884] futex(0x7f17bbe1b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5886] memfd_create("syzkaller", 0) = 5 [pid 5886] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17b3800000 [pid 5886] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5886] munmap(0x7f17b3800000, 138412032) = 0 [pid 5886] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5886] close(5) = 0 [pid 5886] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5884] <... futex resumed>) = 0 [pid 5886] <... futex resumed>) = 1 [pid 5884] futex(0x7f17bbe1b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5886] quotactl(QCMD(Q_SETINFO, USRQUOTA), NULL, NULL [pid 5884] <... futex resumed>) = 0 [pid 5886] <... quotactl resumed>) = -1 ENODEV (No such device) [pid 5884] futex(0x7f17bbe1b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5886] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5884] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5886] <... futex resumed>) = 0 [ 108.895160][ T5885] ERROR: (device loop0): dbAdjCtl: the maximum free buddy is not the old root [ 108.895160][ T5885] [ 108.906565][ T5885] ERROR: (device loop0): remounting filesystem as read-only [pid 5886] futex(0x7f17bbe1b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5885] <... write resumed>) = 15335424 [pid 5885] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5884] exit_group(0 [pid 5885] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5886] <... futex resumed>) = ? [pid 5884] <... exit_group resumed>) = ? [pid 5885] <... futex resumed>) = ? [pid 5886] +++ exited with 0 +++ [pid 5885] +++ exited with 0 +++ [pid 5884] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5884, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=51 /* 0.51 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./20", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555589734730 /* 4 entries */, 32768) = 112 umount2("./20/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/binderfs") = 0 umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558973c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558973c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/file0") = 0 getdents64(3, 0x555589734730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5887 attached , child_tidptr=0x555589733690) = 5887 [pid 5887] set_robust_list(0x5555897336a0, 24) = 0 [pid 5887] chdir("./21") = 0 [pid 5887] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5887] setpgid(0, 0) = 0 [pid 5887] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5887] write(3, "1000", 4) = 4 [pid 5887] close(3) = 0 [pid 5887] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5887] write(1, "executing program\n", 18executing program ) = 18 [pid 5887] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5887] rt_sigaction(SIGRT_1, {sa_handler=0x7f17bbd941f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f17bbd853a0}, NULL, 8) = 0 [pid 5887] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5887] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17bbd04000 [pid 5887] mprotect(0x7f17bbd05000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5887] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5887] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17bbd24990, parent_tid=0x7f17bbd24990, exit_signal=0, stack=0x7f17bbd04000, stack_size=0x20300, tls=0x7f17bbd246c0}./strace-static-x86_64: Process 5888 attached [pid 5888] rseq(0x7f17bbd24fe0, 0x20, 0, 0x53053053) = 0 [pid 5887] <... clone3 resumed> => {parent_tid=[5888]}, 88) = 5888 [pid 5888] set_robust_list(0x7f17bbd249a0, 24 [pid 5887] rt_sigprocmask(SIG_SETMASK, [], [pid 5888] <... set_robust_list resumed>) = 0 [pid 5887] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5888] rt_sigprocmask(SIG_SETMASK, [], [pid 5887] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5888] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5887] <... futex resumed>) = 0 [pid 5887] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5888] memfd_create("syzkaller", 0) = 3 [pid 5888] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17b3800000 [pid 5888] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5888] munmap(0x7f17b3800000, 138412032) = 0 [pid 5888] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5888] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5888] close(3) = 0 [pid 5888] close(4) = 0 [pid 5888] mkdir("./file0", 0777) = 0 [pid 5888] mount("/dev/loop0", "./file0", "jfs", MS_REC, "") = 0 [pid 5888] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5888] chdir("./file0") = 0 [pid 5888] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5888] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5887] <... futex resumed>) = 0 [pid 5888] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5887] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5888] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5888] creat("./file1", 004 [pid 5887] <... futex resumed>) = 0 [pid 5887] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5888] <... creat resumed>) = 4 [ 110.154749][ T5888] loop0: detected capacity change from 0 to 32768 [pid 5888] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5887] <... futex resumed>) = 0 [pid 5888] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5887] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5888] <... futex resumed>) = 0 [pid 5887] <... futex resumed>) = 1 [pid 5888] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 392007683 [pid 5887] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5887] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5887] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17bbce3000 [pid 5887] mprotect(0x7f17bbce4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5887] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5887] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17bbd03990, parent_tid=0x7f17bbd03990, exit_signal=0, stack=0x7f17bbce3000, stack_size=0x20300, tls=0x7f17bbd036c0}./strace-static-x86_64: Process 5889 attached [pid 5889] rseq(0x7f17bbd03fe0, 0x20, 0, 0x53053053 [pid 5887] <... clone3 resumed> => {parent_tid=[5889]}, 88) = 5889 [pid 5889] <... rseq resumed>) = 0 [pid 5889] set_robust_list(0x7f17bbd039a0, 24 [pid 5887] rt_sigprocmask(SIG_SETMASK, [], [pid 5889] <... set_robust_list resumed>) = 0 [pid 5887] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5889] rt_sigprocmask(SIG_SETMASK, [], [pid 5887] futex(0x7f17bbe1b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5889] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5887] <... futex resumed>) = 0 [pid 5889] memfd_create("syzkaller", 0 [pid 5887] futex(0x7f17bbe1b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5889] <... memfd_create resumed>) = 5 [pid 5889] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17b3800000 [pid 5889] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5889] munmap(0x7f17b3800000, 138412032) = 0 [pid 5889] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 110.350740][ T5888] ERROR: (device loop0): dbAdjCtl: the maximum free buddy is not the old root [ 110.350740][ T5888] [ 110.362415][ T5888] ERROR: (device loop0): remounting filesystem as read-only [pid 5889] close(5) = 0 [pid 5889] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5887] <... futex resumed>) = 0 [pid 5889] futex(0x7f17bbe1b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5887] futex(0x7f17bbe1b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5889] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5887] <... futex resumed>) = 0 [pid 5889] quotactl(QCMD(Q_SETINFO, USRQUOTA), NULL, NULL [pid 5887] futex(0x7f17bbe1b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5889] <... quotactl resumed>) = -1 ENODEV (No such device) [pid 5889] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5887] <... futex resumed>) = 0 [pid 5889] <... futex resumed>) = 1 [pid 5889] futex(0x7f17bbe1b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5888] <... write resumed>) = 15335424 [pid 5888] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5888] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5887] exit_group(0 [pid 5889] <... futex resumed>) = ? [pid 5888] <... futex resumed>) = ? [pid 5887] <... exit_group resumed>) = ? [pid 5889] +++ exited with 0 +++ [pid 5888] +++ exited with 0 +++ [pid 5887] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5887, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=49 /* 0.49 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./21", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555589734730 /* 4 entries */, 32768) = 112 umount2("./21/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/binderfs") = 0 umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558973c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558973c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/file0") = 0 getdents64(3, 0x555589734730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5890 attached , child_tidptr=0x555589733690) = 5890 [pid 5890] set_robust_list(0x5555897336a0, 24) = 0 [pid 5890] chdir("./22") = 0 [pid 5890] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5890] setpgid(0, 0) = 0 [pid 5890] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5890] write(3, "1000", 4) = 4 [pid 5890] close(3) = 0 [pid 5890] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5890] write(1, "executing program\n", 18) = 18 [pid 5890] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5890] rt_sigaction(SIGRT_1, {sa_handler=0x7f17bbd941f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f17bbd853a0}, NULL, 8) = 0 [pid 5890] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5890] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17bbd04000 [pid 5890] mprotect(0x7f17bbd05000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5890] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5890] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17bbd24990, parent_tid=0x7f17bbd24990, exit_signal=0, stack=0x7f17bbd04000, stack_size=0x20300, tls=0x7f17bbd246c0}./strace-static-x86_64: Process 5891 attached [pid 5891] rseq(0x7f17bbd24fe0, 0x20, 0, 0x53053053) = 0 [pid 5891] set_robust_list(0x7f17bbd249a0, 24) = 0 [pid 5890] <... clone3 resumed> => {parent_tid=[5891]}, 88) = 5891 [pid 5891] rt_sigprocmask(SIG_SETMASK, [], [pid 5890] rt_sigprocmask(SIG_SETMASK, [], [pid 5891] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5890] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5891] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5890] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5891] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5890] <... futex resumed>) = 0 [pid 5891] memfd_create("syzkaller", 0 [pid 5890] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5891] <... memfd_create resumed>) = 3 [pid 5891] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17b3800000 [pid 5891] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5891] munmap(0x7f17b3800000, 138412032) = 0 [pid 5891] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5891] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5891] close(3) = 0 [pid 5891] close(4) = 0 [pid 5891] mkdir("./file0", 0777) = 0 [pid 5891] mount("/dev/loop0", "./file0", "jfs", MS_REC, "") = 0 [pid 5891] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5891] chdir("./file0") = 0 [pid 5891] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 111.713099][ T5891] loop0: detected capacity change from 0 to 32768 [pid 5891] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5891] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5890] <... futex resumed>) = 0 [pid 5890] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5891] <... futex resumed>) = 0 [pid 5890] <... futex resumed>) = 1 [pid 5891] creat("./file1", 004 [pid 5890] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5891] <... creat resumed>) = 4 [pid 5891] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5890] <... futex resumed>) = 0 [pid 5891] <... futex resumed>) = 1 [pid 5890] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5891] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 392007683 [pid 5890] <... futex resumed>) = 0 [pid 5890] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5890] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5890] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17bbce3000 [pid 5890] mprotect(0x7f17bbce4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5890] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5890] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17bbd03990, parent_tid=0x7f17bbd03990, exit_signal=0, stack=0x7f17bbce3000, stack_size=0x20300, tls=0x7f17bbd036c0}./strace-static-x86_64: Process 5892 attached [pid 5892] rseq(0x7f17bbd03fe0, 0x20, 0, 0x53053053 [pid 5890] <... clone3 resumed> => {parent_tid=[5892]}, 88) = 5892 [pid 5892] <... rseq resumed>) = 0 [pid 5890] rt_sigprocmask(SIG_SETMASK, [], [pid 5892] set_robust_list(0x7f17bbd039a0, 24 [pid 5890] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5892] <... set_robust_list resumed>) = 0 [pid 5890] futex(0x7f17bbe1b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5892] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5890] <... futex resumed>) = 0 [pid 5892] memfd_create("syzkaller", 0 [pid 5890] futex(0x7f17bbe1b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5892] <... memfd_create resumed>) = 5 [pid 5892] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17b3800000 [pid 5892] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5892] munmap(0x7f17b3800000, 138412032) = 0 [pid 5892] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 111.930106][ T5891] ERROR: (device loop0): dbAdjCtl: the maximum free buddy is not the old root [ 111.930106][ T5891] [ 111.941875][ T5891] ERROR: (device loop0): remounting filesystem as read-only [pid 5892] close(5) = 0 [pid 5892] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5890] <... futex resumed>) = 0 [pid 5892] futex(0x7f17bbe1b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5890] futex(0x7f17bbe1b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5892] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5890] <... futex resumed>) = 0 [pid 5892] quotactl(QCMD(Q_SETINFO, USRQUOTA), NULL, NULL [pid 5890] futex(0x7f17bbe1b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5892] <... quotactl resumed>) = -1 ENODEV (No such device) [pid 5892] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5890] <... futex resumed>) = 0 [pid 5892] <... futex resumed>) = 1 [pid 5892] futex(0x7f17bbe1b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5891] <... write resumed>) = 15335424 [pid 5891] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5890] exit_group(0 [pid 5891] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5892] <... futex resumed>) = ? [pid 5892] +++ exited with 0 +++ [pid 5890] <... exit_group resumed>) = ? [pid 5891] <... futex resumed>) = ? [pid 5891] +++ exited with 0 +++ [pid 5890] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5890, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=53 /* 0.53 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./22", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555589734730 /* 4 entries */, 32768) = 112 umount2("./22/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/binderfs") = 0 umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558973c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558973c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/file0") = 0 getdents64(3, 0x555589734730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5895 attached , child_tidptr=0x555589733690) = 5895 [pid 5895] set_robust_list(0x5555897336a0, 24) = 0 [pid 5895] chdir("./23") = 0 [pid 5895] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5895] setpgid(0, 0) = 0 [pid 5895] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5895] write(3, "1000", 4) = 4 [pid 5895] close(3) = 0 [pid 5895] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5895] write(1, "executing program\n", 18) = 18 [pid 5895] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5895] rt_sigaction(SIGRT_1, {sa_handler=0x7f17bbd941f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f17bbd853a0}, NULL, 8) = 0 [pid 5895] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5895] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17bbd04000 [pid 5895] mprotect(0x7f17bbd05000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5895] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5895] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17bbd24990, parent_tid=0x7f17bbd24990, exit_signal=0, stack=0x7f17bbd04000, stack_size=0x20300, tls=0x7f17bbd246c0}./strace-static-x86_64: Process 5896 attached [pid 5896] rseq(0x7f17bbd24fe0, 0x20, 0, 0x53053053) = 0 [pid 5896] set_robust_list(0x7f17bbd249a0, 24 [pid 5895] <... clone3 resumed> => {parent_tid=[5896]}, 88) = 5896 [pid 5896] <... set_robust_list resumed>) = 0 [pid 5895] rt_sigprocmask(SIG_SETMASK, [], [pid 5896] rt_sigprocmask(SIG_SETMASK, [], [pid 5895] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5896] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5895] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5895] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5896] memfd_create("syzkaller", 0) = 3 [pid 5896] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17b3800000 [pid 5896] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5896] munmap(0x7f17b3800000, 138412032) = 0 [pid 5896] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5896] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5896] close(3) = 0 [pid 5896] close(4) = 0 [pid 5896] mkdir("./file0", 0777) = 0 [pid 5896] mount("/dev/loop0", "./file0", "jfs", MS_REC, "") = 0 [pid 5896] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5896] chdir("./file0") = 0 [pid 5896] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5896] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5895] <... futex resumed>) = 0 [pid 5896] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5895] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5896] <... futex resumed>) = 0 [pid 5896] creat("./file1", 004 [pid 5895] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5896] <... creat resumed>) = 4 [pid 5896] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5895] <... futex resumed>) = 0 [pid 5896] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5895] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5895] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5896] <... futex resumed>) = 0 [ 113.160785][ T5896] loop0: detected capacity change from 0 to 32768 [pid 5896] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 392007683 [pid 5895] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5895] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5895] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17bbce3000 [pid 5895] mprotect(0x7f17bbce4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5895] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5895] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17bbd03990, parent_tid=0x7f17bbd03990, exit_signal=0, stack=0x7f17bbce3000, stack_size=0x20300, tls=0x7f17bbd036c0}./strace-static-x86_64: Process 5897 attached [pid 5897] rseq(0x7f17bbd03fe0, 0x20, 0, 0x53053053 [pid 5895] <... clone3 resumed> => {parent_tid=[5897]}, 88) = 5897 [pid 5897] <... rseq resumed>) = 0 [pid 5897] set_robust_list(0x7f17bbd039a0, 24 [pid 5895] rt_sigprocmask(SIG_SETMASK, [], [pid 5897] <... set_robust_list resumed>) = 0 [pid 5895] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5897] rt_sigprocmask(SIG_SETMASK, [], [pid 5895] futex(0x7f17bbe1b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5897] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5897] memfd_create("syzkaller", 0 [pid 5895] <... futex resumed>) = 0 [pid 5895] futex(0x7f17bbe1b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5897] <... memfd_create resumed>) = 5 [pid 5897] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17b3800000 [pid 5897] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [ 113.347243][ T5896] ERROR: (device loop0): dbAdjCtl: the maximum free buddy is not the old root [ 113.347243][ T5896] [ 113.358922][ T5896] ERROR: (device loop0): remounting filesystem as read-only [pid 5897] munmap(0x7f17b3800000, 138412032) = 0 [pid 5897] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5897] close(5) = 0 [pid 5897] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5895] <... futex resumed>) = 0 [pid 5897] quotactl(QCMD(Q_SETINFO, USRQUOTA), NULL, NULL [pid 5895] futex(0x7f17bbe1b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5897] <... quotactl resumed>) = -1 ENODEV (No such device) [pid 5895] <... futex resumed>) = 0 [pid 5897] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5895] futex(0x7f17bbe1b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5897] <... futex resumed>) = 0 [pid 5895] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5897] futex(0x7f17bbe1b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5896] <... write resumed>) = 15335424 [pid 5896] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5896] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5895] exit_group(0 [pid 5896] <... futex resumed>) = ? [pid 5895] <... exit_group resumed>) = ? [pid 5897] <... futex resumed>) = ? [pid 5897] +++ exited with 0 +++ [pid 5896] +++ exited with 0 +++ [pid 5895] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5895, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=48 /* 0.48 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./23", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555589734730 /* 4 entries */, 32768) = 112 umount2("./23/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/binderfs") = 0 umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558973c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558973c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/file0") = 0 getdents64(3, 0x555589734730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5900 attached , child_tidptr=0x555589733690) = 5900 [pid 5900] set_robust_list(0x5555897336a0, 24) = 0 [pid 5900] chdir("./24") = 0 [pid 5900] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5900] setpgid(0, 0) = 0 [pid 5900] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5900] write(3, "1000", 4) = 4 [pid 5900] close(3) = 0 [pid 5900] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5900] write(1, "executing program\n", 18) = 18 [pid 5900] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5900] rt_sigaction(SIGRT_1, {sa_handler=0x7f17bbd941f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f17bbd853a0}, NULL, 8) = 0 [pid 5900] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5900] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17bbd04000 [pid 5900] mprotect(0x7f17bbd05000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5900] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5900] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17bbd24990, parent_tid=0x7f17bbd24990, exit_signal=0, stack=0x7f17bbd04000, stack_size=0x20300, tls=0x7f17bbd246c0}./strace-static-x86_64: Process 5901 attached [pid 5901] rseq(0x7f17bbd24fe0, 0x20, 0, 0x53053053 [pid 5900] <... clone3 resumed> => {parent_tid=[5901]}, 88) = 5901 [pid 5901] <... rseq resumed>) = 0 [pid 5901] set_robust_list(0x7f17bbd249a0, 24) = 0 [pid 5901] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5901] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5900] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5900] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5901] <... futex resumed>) = 0 [pid 5900] <... futex resumed>) = 1 [pid 5901] memfd_create("syzkaller", 0 [pid 5900] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5901] <... memfd_create resumed>) = 3 [pid 5901] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17b3800000 [pid 5901] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5901] munmap(0x7f17b3800000, 138412032) = 0 [pid 5901] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5901] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5901] close(3) = 0 [pid 5901] close(4) = 0 [pid 5901] mkdir("./file0", 0777) = 0 [pid 5901] mount("/dev/loop0", "./file0", "jfs", MS_REC, "") = 0 [ 114.627827][ T5901] loop0: detected capacity change from 0 to 32768 [pid 5901] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5901] chdir("./file0") = 0 [pid 5901] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5901] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5900] <... futex resumed>) = 0 [pid 5901] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5900] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5901] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5900] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5901] creat("./file1", 004) = 4 [pid 5901] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5900] <... futex resumed>) = 0 [pid 5901] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5900] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5901] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5900] <... futex resumed>) = 0 [pid 5901] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 392007683 [pid 5900] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5900] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5900] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17bbce3000 [pid 5900] mprotect(0x7f17bbce4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5900] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5900] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17bbd03990, parent_tid=0x7f17bbd03990, exit_signal=0, stack=0x7f17bbce3000, stack_size=0x20300, tls=0x7f17bbd036c0}./strace-static-x86_64: Process 5903 attached [pid 5903] rseq(0x7f17bbd03fe0, 0x20, 0, 0x53053053) = 0 [pid 5900] <... clone3 resumed> => {parent_tid=[5903]}, 88) = 5903 [pid 5903] set_robust_list(0x7f17bbd039a0, 24 [pid 5900] rt_sigprocmask(SIG_SETMASK, [], [pid 5903] <... set_robust_list resumed>) = 0 [pid 5900] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5903] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5900] futex(0x7f17bbe1b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5903] memfd_create("syzkaller", 0 [pid 5900] <... futex resumed>) = 0 [pid 5900] futex(0x7f17bbe1b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5903] <... memfd_create resumed>) = 5 [pid 5903] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17b3800000 [pid 5903] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5903] munmap(0x7f17b3800000, 138412032) = 0 [pid 5903] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 114.866440][ T5901] ERROR: (device loop0): dbAdjCtl: the maximum free buddy is not the old root [ 114.866440][ T5901] [ 114.878057][ T5901] ERROR: (device loop0): remounting filesystem as read-only [pid 5903] close(5) = 0 [pid 5903] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5900] <... futex resumed>) = 0 [pid 5903] futex(0x7f17bbe1b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5900] futex(0x7f17bbe1b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5903] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5900] <... futex resumed>) = 0 [pid 5903] quotactl(QCMD(Q_SETINFO, USRQUOTA), NULL, NULL [pid 5900] futex(0x7f17bbe1b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5903] <... quotactl resumed>) = -1 ENODEV (No such device) [pid 5903] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5900] <... futex resumed>) = 0 [pid 5903] <... futex resumed>) = 1 [pid 5903] futex(0x7f17bbe1b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5901] <... write resumed>) = 15335424 [pid 5901] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5901] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5900] exit_group(0 [pid 5903] <... futex resumed>) = ? [pid 5901] <... futex resumed>) = ? [pid 5903] +++ exited with 0 +++ [pid 5900] <... exit_group resumed>) = ? [pid 5901] +++ exited with 0 +++ [pid 5900] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5900, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=47 /* 0.47 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./24", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555589734730 /* 4 entries */, 32768) = 112 umount2("./24/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/binderfs") = 0 umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558973c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558973c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/file0") = 0 getdents64(3, 0x555589734730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5905 attached , child_tidptr=0x555589733690) = 5905 [pid 5905] set_robust_list(0x5555897336a0, 24) = 0 [pid 5905] chdir("./25") = 0 [pid 5905] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5905] setpgid(0, 0) = 0 [pid 5905] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5905] write(3, "1000", 4) = 4 [pid 5905] close(3) = 0 [pid 5905] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5905] write(1, "executing program\n", 18) = 18 [pid 5905] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5905] rt_sigaction(SIGRT_1, {sa_handler=0x7f17bbd941f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f17bbd853a0}, NULL, 8) = 0 [pid 5905] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5905] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17bbd04000 [pid 5905] mprotect(0x7f17bbd05000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5905] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5905] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17bbd24990, parent_tid=0x7f17bbd24990, exit_signal=0, stack=0x7f17bbd04000, stack_size=0x20300, tls=0x7f17bbd246c0}./strace-static-x86_64: Process 5906 attached [pid 5906] rseq(0x7f17bbd24fe0, 0x20, 0, 0x53053053) = 0 [pid 5905] <... clone3 resumed> => {parent_tid=[5906]}, 88) = 5906 [pid 5906] set_robust_list(0x7f17bbd249a0, 24 [pid 5905] rt_sigprocmask(SIG_SETMASK, [], [pid 5906] <... set_robust_list resumed>) = 0 [pid 5905] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5906] rt_sigprocmask(SIG_SETMASK, [], [pid 5905] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5906] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5905] <... futex resumed>) = 0 [pid 5906] memfd_create("syzkaller", 0 [pid 5905] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5906] <... memfd_create resumed>) = 3 [pid 5906] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17b3800000 [pid 5906] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5906] munmap(0x7f17b3800000, 138412032) = 0 [pid 5906] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5906] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5906] close(3) = 0 [pid 5906] close(4) = 0 [pid 5906] mkdir("./file0", 0777) = 0 [pid 5906] mount("/dev/loop0", "./file0", "jfs", MS_REC, "") = 0 [pid 5906] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5906] chdir("./file0") = 0 [pid 5906] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5906] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5905] <... futex resumed>) = 0 [pid 5906] <... futex resumed>) = 1 [pid 5905] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5906] creat("./file1", 004 [pid 5905] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5906] <... creat resumed>) = 4 [pid 5906] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5905] <... futex resumed>) = 0 [pid 5906] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5905] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5906] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5905] <... futex resumed>) = 0 [pid 5906] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 392007683 [ 116.090019][ T5906] loop0: detected capacity change from 0 to 32768 [pid 5905] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5905] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5905] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17bbce3000 [pid 5905] mprotect(0x7f17bbce4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5905] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5905] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17bbd03990, parent_tid=0x7f17bbd03990, exit_signal=0, stack=0x7f17bbce3000, stack_size=0x20300, tls=0x7f17bbd036c0}./strace-static-x86_64: Process 5907 attached [pid 5907] rseq(0x7f17bbd03fe0, 0x20, 0, 0x53053053 [pid 5905] <... clone3 resumed> => {parent_tid=[5907]}, 88) = 5907 [pid 5907] <... rseq resumed>) = 0 [pid 5905] rt_sigprocmask(SIG_SETMASK, [], [pid 5907] set_robust_list(0x7f17bbd039a0, 24) = 0 [pid 5905] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5907] rt_sigprocmask(SIG_SETMASK, [], [pid 5905] futex(0x7f17bbe1b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5907] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5905] <... futex resumed>) = 0 [pid 5907] memfd_create("syzkaller", 0 [pid 5905] futex(0x7f17bbe1b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5907] <... memfd_create resumed>) = 5 [pid 5907] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17b3800000 [ 116.283478][ T5906] ERROR: (device loop0): dbAdjCtl: the maximum free buddy is not the old root [ 116.283478][ T5906] [ 116.295514][ T5906] ERROR: (device loop0): remounting filesystem as read-only [pid 5907] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5907] munmap(0x7f17b3800000, 138412032) = 0 [pid 5907] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5907] close(5) = 0 [pid 5907] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5905] <... futex resumed>) = 0 [pid 5907] futex(0x7f17bbe1b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5905] futex(0x7f17bbe1b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5907] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5905] <... futex resumed>) = 0 [pid 5907] quotactl(QCMD(Q_SETINFO, USRQUOTA), NULL, NULL [pid 5905] futex(0x7f17bbe1b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5907] <... quotactl resumed>) = -1 ENODEV (No such device) [pid 5907] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5907] futex(0x7f17bbe1b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5905] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5906] <... write resumed>) = 15335424 [pid 5906] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5906] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5905] exit_group(0 [pid 5907] <... futex resumed>) = ? [pid 5906] <... futex resumed>) = ? [pid 5905] <... exit_group resumed>) = ? [pid 5907] +++ exited with 0 +++ [pid 5906] +++ exited with 0 +++ [pid 5905] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5905, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=47 /* 0.47 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./25", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555589734730 /* 4 entries */, 32768) = 112 umount2("./25/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/binderfs") = 0 umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558973c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558973c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./25/file0") = 0 getdents64(3, 0x555589734730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./25") = 0 mkdir("./26", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5908 attached , child_tidptr=0x555589733690) = 5908 [pid 5908] set_robust_list(0x5555897336a0, 24) = 0 [pid 5908] chdir("./26") = 0 [pid 5908] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5908] setpgid(0, 0) = 0 [pid 5908] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5908] write(3, "1000", 4) = 4 [pid 5908] close(3) = 0 [pid 5908] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5908] write(1, "executing program\n", 18executing program ) = 18 [pid 5908] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5908] rt_sigaction(SIGRT_1, {sa_handler=0x7f17bbd941f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f17bbd853a0}, NULL, 8) = 0 [pid 5908] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5908] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17bbd04000 [pid 5908] mprotect(0x7f17bbd05000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5908] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5908] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17bbd24990, parent_tid=0x7f17bbd24990, exit_signal=0, stack=0x7f17bbd04000, stack_size=0x20300, tls=0x7f17bbd246c0}./strace-static-x86_64: Process 5909 attached [pid 5909] rseq(0x7f17bbd24fe0, 0x20, 0, 0x53053053 [pid 5908] <... clone3 resumed> => {parent_tid=[5909]}, 88) = 5909 [pid 5909] <... rseq resumed>) = 0 [pid 5909] set_robust_list(0x7f17bbd249a0, 24) = 0 [pid 5909] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5908] rt_sigprocmask(SIG_SETMASK, [], [pid 5909] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5908] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5908] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5909] <... futex resumed>) = 0 [pid 5908] <... futex resumed>) = 1 [pid 5909] memfd_create("syzkaller", 0 [pid 5908] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5909] <... memfd_create resumed>) = 3 [pid 5909] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17b3800000 [pid 5909] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5909] munmap(0x7f17b3800000, 138412032) = 0 [pid 5909] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5909] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5909] close(3) = 0 [pid 5909] close(4) = 0 [pid 5909] mkdir("./file0", 0777) = 0 [pid 5909] mount("/dev/loop0", "./file0", "jfs", MS_REC, "") = 0 [pid 5909] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5909] chdir("./file0") = 0 [pid 5909] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5909] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5908] <... futex resumed>) = 0 [ 117.523527][ T5909] loop0: detected capacity change from 0 to 32768 [pid 5909] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5908] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5909] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5908] <... futex resumed>) = 0 [pid 5909] creat("./file1", 004 [pid 5908] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5909] <... creat resumed>) = 4 [pid 5909] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5908] <... futex resumed>) = 0 [pid 5908] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5909] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 392007683 [pid 5908] <... futex resumed>) = 0 [pid 5908] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5908] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5908] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17bbce3000 [pid 5908] mprotect(0x7f17bbce4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5908] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5908] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17bbd03990, parent_tid=0x7f17bbd03990, exit_signal=0, stack=0x7f17bbce3000, stack_size=0x20300, tls=0x7f17bbd036c0}./strace-static-x86_64: Process 5910 attached [pid 5910] rseq(0x7f17bbd03fe0, 0x20, 0, 0x53053053 [pid 5908] <... clone3 resumed> => {parent_tid=[5910]}, 88) = 5910 [pid 5910] <... rseq resumed>) = 0 [pid 5910] set_robust_list(0x7f17bbd039a0, 24 [pid 5908] rt_sigprocmask(SIG_SETMASK, [], [pid 5910] <... set_robust_list resumed>) = 0 [pid 5908] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5910] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5908] futex(0x7f17bbe1b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5910] memfd_create("syzkaller", 0 [pid 5908] <... futex resumed>) = 0 [pid 5908] futex(0x7f17bbe1b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5910] <... memfd_create resumed>) = 5 [pid 5910] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17b3800000 [pid 5910] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5910] munmap(0x7f17b3800000, 138412032) = 0 [pid 5910] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5910] close(5) = 0 [pid 5910] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5908] <... futex resumed>) = 0 [pid 5910] futex(0x7f17bbe1b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5908] futex(0x7f17bbe1b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5910] <... futex resumed>) = 0 [pid 5908] <... futex resumed>) = 1 [pid 5910] quotactl(QCMD(Q_SETINFO, USRQUOTA), NULL, NULL) = -1 ENODEV (No such device) [pid 5908] futex(0x7f17bbe1b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5910] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5908] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 117.737419][ T5909] ERROR: (device loop0): dbAdjCtl: the maximum free buddy is not the old root [ 117.737419][ T5909] [ 117.749575][ T5909] ERROR: (device loop0): remounting filesystem as read-only [pid 5910] futex(0x7f17bbe1b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5909] <... write resumed>) = 15335424 [pid 5909] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5909] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5908] exit_group(0 [pid 5910] <... futex resumed>) = ? [pid 5910] +++ exited with 0 +++ [pid 5909] <... futex resumed>) = ? [pid 5908] <... exit_group resumed>) = ? [pid 5909] +++ exited with 0 +++ [pid 5908] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5908, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=48 /* 0.48 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./26", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555589734730 /* 4 entries */, 32768) = 112 umount2("./26/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/binderfs") = 0 umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558973c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558973c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./26/file0") = 0 getdents64(3, 0x555589734730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./26") = 0 mkdir("./27", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5911 attached , child_tidptr=0x555589733690) = 5911 [pid 5911] set_robust_list(0x5555897336a0, 24) = 0 [pid 5911] chdir("./27") = 0 [pid 5911] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5911] setpgid(0, 0) = 0 [pid 5911] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5911] write(3, "1000", 4) = 4 [pid 5911] close(3) = 0 [pid 5911] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5911] write(1, "executing program\n", 18executing program ) = 18 [pid 5911] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5911] rt_sigaction(SIGRT_1, {sa_handler=0x7f17bbd941f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f17bbd853a0}, NULL, 8) = 0 [pid 5911] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5911] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17bbd04000 [pid 5911] mprotect(0x7f17bbd05000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5911] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5911] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17bbd24990, parent_tid=0x7f17bbd24990, exit_signal=0, stack=0x7f17bbd04000, stack_size=0x20300, tls=0x7f17bbd246c0}./strace-static-x86_64: Process 5912 attached [pid 5912] rseq(0x7f17bbd24fe0, 0x20, 0, 0x53053053) = 0 [pid 5911] <... clone3 resumed> => {parent_tid=[5912]}, 88) = 5912 [pid 5912] set_robust_list(0x7f17bbd249a0, 24 [pid 5911] rt_sigprocmask(SIG_SETMASK, [], [pid 5912] <... set_robust_list resumed>) = 0 [pid 5911] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5912] rt_sigprocmask(SIG_SETMASK, [], [pid 5911] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5912] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5911] <... futex resumed>) = 0 [pid 5912] memfd_create("syzkaller", 0 [pid 5911] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5912] <... memfd_create resumed>) = 3 [pid 5912] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17b3800000 [pid 5912] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5912] munmap(0x7f17b3800000, 138412032) = 0 [pid 5912] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5912] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5912] close(3) = 0 [pid 5912] close(4) = 0 [pid 5912] mkdir("./file0", 0777) = 0 [pid 5912] mount("/dev/loop0", "./file0", "jfs", MS_REC, "") = 0 [pid 5912] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5912] chdir("./file0") = 0 [pid 5912] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5912] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5911] <... futex resumed>) = 0 [pid 5911] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5912] creat("./file1", 004 [pid 5911] <... futex resumed>) = 0 [pid 5911] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5912] <... creat resumed>) = 4 [pid 5912] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5911] <... futex resumed>) = 0 [pid 5912] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5911] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5912] <... futex resumed>) = 0 [pid 5912] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 392007683 [ 119.062158][ T5912] loop0: detected capacity change from 0 to 32768 [pid 5911] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5911] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5911] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17bbce3000 [pid 5911] mprotect(0x7f17bbce4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5911] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5911] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17bbd03990, parent_tid=0x7f17bbd03990, exit_signal=0, stack=0x7f17bbce3000, stack_size=0x20300, tls=0x7f17bbd036c0}./strace-static-x86_64: Process 5913 attached [pid 5913] rseq(0x7f17bbd03fe0, 0x20, 0, 0x53053053 [pid 5911] <... clone3 resumed> => {parent_tid=[5913]}, 88) = 5913 [pid 5913] <... rseq resumed>) = 0 [pid 5913] set_robust_list(0x7f17bbd039a0, 24 [pid 5911] rt_sigprocmask(SIG_SETMASK, [], [pid 5913] <... set_robust_list resumed>) = 0 [pid 5911] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5913] rt_sigprocmask(SIG_SETMASK, [], [pid 5911] futex(0x7f17bbe1b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5913] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5913] memfd_create("syzkaller", 0 [pid 5911] <... futex resumed>) = 0 [pid 5911] futex(0x7f17bbe1b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5913] <... memfd_create resumed>) = 5 [pid 5913] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17b3800000 [pid 5913] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5913] munmap(0x7f17b3800000, 138412032) = 0 [pid 5913] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5913] close(5) = 0 [pid 5913] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5913] futex(0x7f17bbe1b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5911] <... futex resumed>) = 0 [pid 5911] futex(0x7f17bbe1b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5913] <... futex resumed>) = 0 [pid 5911] <... futex resumed>) = 1 [pid 5913] quotactl(QCMD(Q_SETINFO, USRQUOTA), NULL, NULL [pid 5911] futex(0x7f17bbe1b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5913] <... quotactl resumed>) = -1 ENODEV (No such device) [pid 5913] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5911] <... futex resumed>) = 0 [pid 5913] <... futex resumed>) = 1 [ 119.266031][ T5912] ERROR: (device loop0): dbAdjCtl: the maximum free buddy is not the old root [ 119.266031][ T5912] [ 119.277705][ T5912] ERROR: (device loop0): remounting filesystem as read-only [pid 5913] futex(0x7f17bbe1b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5912] <... write resumed>) = 15335424 [pid 5912] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5911] exit_group(0 [pid 5912] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5913] <... futex resumed>) = ? [pid 5911] <... exit_group resumed>) = ? [pid 5912] <... futex resumed>) = ? [pid 5913] +++ exited with 0 +++ [pid 5912] +++ exited with 0 +++ [pid 5911] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5911, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=45 /* 0.45 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./27", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555589734730 /* 4 entries */, 32768) = 112 umount2("./27/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/binderfs") = 0 umount2("./27/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./27/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./27/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558973c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558973c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./27/file0") = 0 getdents64(3, 0x555589734730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./27") = 0 mkdir("./28", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5914 attached , child_tidptr=0x555589733690) = 5914 [pid 5914] set_robust_list(0x5555897336a0, 24) = 0 [pid 5914] chdir("./28") = 0 [pid 5914] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5914] setpgid(0, 0) = 0 [pid 5914] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5914] write(3, "1000", 4) = 4 [pid 5914] close(3) = 0 [pid 5914] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5914] write(1, "executing program\n", 18) = 18 [pid 5914] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5914] rt_sigaction(SIGRT_1, {sa_handler=0x7f17bbd941f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f17bbd853a0}, NULL, 8) = 0 [pid 5914] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5914] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17bbd04000 [pid 5914] mprotect(0x7f17bbd05000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5914] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5914] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17bbd24990, parent_tid=0x7f17bbd24990, exit_signal=0, stack=0x7f17bbd04000, stack_size=0x20300, tls=0x7f17bbd246c0}./strace-static-x86_64: Process 5915 attached [pid 5915] rseq(0x7f17bbd24fe0, 0x20, 0, 0x53053053) = 0 [pid 5914] <... clone3 resumed> => {parent_tid=[5915]}, 88) = 5915 [pid 5915] set_robust_list(0x7f17bbd249a0, 24 [pid 5914] rt_sigprocmask(SIG_SETMASK, [], [pid 5915] <... set_robust_list resumed>) = 0 [pid 5914] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5915] rt_sigprocmask(SIG_SETMASK, [], [pid 5914] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5915] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5915] memfd_create("syzkaller", 0 [pid 5914] <... futex resumed>) = 0 [pid 5914] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5915] <... memfd_create resumed>) = 3 [pid 5915] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17b3800000 [pid 5915] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5915] munmap(0x7f17b3800000, 138412032) = 0 [pid 5915] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5915] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5915] close(3) = 0 [pid 5915] close(4) = 0 [pid 5915] mkdir("./file0", 0777) = 0 [pid 5915] mount("/dev/loop0", "./file0", "jfs", MS_REC, "") = 0 [pid 5915] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5915] chdir("./file0") = 0 [ 120.485257][ T5915] loop0: detected capacity change from 0 to 32768 [pid 5915] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5915] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5914] <... futex resumed>) = 0 [pid 5915] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5914] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5915] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5915] creat("./file1", 004 [pid 5914] <... futex resumed>) = 0 [pid 5914] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5915] <... creat resumed>) = 4 [pid 5915] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5915] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5914] <... futex resumed>) = 0 [pid 5915] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5914] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5915] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 392007683 [pid 5914] <... futex resumed>) = 0 [pid 5914] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5914] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5914] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17bbce3000 [pid 5914] mprotect(0x7f17bbce4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5914] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5914] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17bbd03990, parent_tid=0x7f17bbd03990, exit_signal=0, stack=0x7f17bbce3000, stack_size=0x20300, tls=0x7f17bbd036c0}./strace-static-x86_64: Process 5916 attached [pid 5916] rseq(0x7f17bbd03fe0, 0x20, 0, 0x53053053 [pid 5914] <... clone3 resumed> => {parent_tid=[5916]}, 88) = 5916 [pid 5916] <... rseq resumed>) = 0 [pid 5916] set_robust_list(0x7f17bbd039a0, 24 [pid 5914] rt_sigprocmask(SIG_SETMASK, [], [pid 5916] <... set_robust_list resumed>) = 0 [pid 5914] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5916] rt_sigprocmask(SIG_SETMASK, [], [pid 5914] futex(0x7f17bbe1b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5916] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5914] <... futex resumed>) = 0 [pid 5916] memfd_create("syzkaller", 0 [pid 5914] futex(0x7f17bbe1b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5916] <... memfd_create resumed>) = 5 [pid 5916] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17b3800000 [pid 5916] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5916] munmap(0x7f17b3800000, 138412032) = 0 [pid 5916] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5916] close(5) = 0 [pid 5916] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5914] <... futex resumed>) = 0 [pid 5916] quotactl(QCMD(Q_SETINFO, USRQUOTA), NULL, NULL [pid 5914] futex(0x7f17bbe1b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5916] <... quotactl resumed>) = -1 ENODEV (No such device) [pid 5914] <... futex resumed>) = 0 [pid 5916] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5914] futex(0x7f17bbe1b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5916] <... futex resumed>) = 0 [pid 5914] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 120.750978][ T5915] ERROR: (device loop0): dbAdjCtl: the maximum free buddy is not the old root [ 120.750978][ T5915] [ 120.763043][ T5915] ERROR: (device loop0): remounting filesystem as read-only [pid 5916] futex(0x7f17bbe1b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5915] <... write resumed>) = 15335424 [pid 5915] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5915] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5914] exit_group(0 [pid 5915] <... futex resumed>) = ? [pid 5916] <... futex resumed>) = ? [pid 5914] <... exit_group resumed>) = ? [pid 5916] +++ exited with 0 +++ [pid 5915] +++ exited with 0 +++ [pid 5914] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5914, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=51 /* 0.51 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./28", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555589734730 /* 4 entries */, 32768) = 112 umount2("./28/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/binderfs") = 0 umount2("./28/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./28/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./28/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558973c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558973c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./28/file0") = 0 getdents64(3, 0x555589734730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./28") = 0 mkdir("./29", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5917 attached , child_tidptr=0x555589733690) = 5917 [pid 5917] set_robust_list(0x5555897336a0, 24) = 0 [pid 5917] chdir("./29") = 0 [pid 5917] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5917] setpgid(0, 0) = 0 [pid 5917] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5917] write(3, "1000", 4) = 4 [pid 5917] close(3) = 0 [pid 5917] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5917] write(1, "executing program\n", 18) = 18 [pid 5917] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5917] rt_sigaction(SIGRT_1, {sa_handler=0x7f17bbd941f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f17bbd853a0}, NULL, 8) = 0 [pid 5917] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5917] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17bbd04000 [pid 5917] mprotect(0x7f17bbd05000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5917] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5917] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17bbd24990, parent_tid=0x7f17bbd24990, exit_signal=0, stack=0x7f17bbd04000, stack_size=0x20300, tls=0x7f17bbd246c0}./strace-static-x86_64: Process 5918 attached [pid 5918] rseq(0x7f17bbd24fe0, 0x20, 0, 0x53053053) = 0 [pid 5917] <... clone3 resumed> => {parent_tid=[5918]}, 88) = 5918 [pid 5917] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5917] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5918] set_robust_list(0x7f17bbd249a0, 24) = 0 [pid 5917] <... futex resumed>) = 0 [pid 5918] rt_sigprocmask(SIG_SETMASK, [], [pid 5917] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5918] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5918] memfd_create("syzkaller", 0) = 3 [pid 5918] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17b3800000 [pid 5918] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5918] munmap(0x7f17b3800000, 138412032) = 0 [pid 5918] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5918] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5918] close(3) = 0 [pid 5918] close(4) = 0 [pid 5918] mkdir("./file0", 0777) = 0 [pid 5918] mount("/dev/loop0", "./file0", "jfs", MS_REC, "") = 0 [pid 5918] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5918] chdir("./file0") = 0 [pid 5918] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5918] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 122.046432][ T5918] loop0: detected capacity change from 0 to 32768 [pid 5917] <... futex resumed>) = 0 [pid 5918] creat("./file1", 004 [pid 5917] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5918] <... creat resumed>) = 4 [pid 5918] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5917] <... futex resumed>) = 0 [pid 5918] <... futex resumed>) = 0 [pid 5918] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5917] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5917] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5918] <... futex resumed>) = 0 [pid 5917] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5918] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 392007683 [pid 5917] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5917] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5917] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17bbce3000 [pid 5917] mprotect(0x7f17bbce4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5917] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5917] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17bbd03990, parent_tid=0x7f17bbd03990, exit_signal=0, stack=0x7f17bbce3000, stack_size=0x20300, tls=0x7f17bbd036c0}./strace-static-x86_64: Process 5919 attached => {parent_tid=[5919]}, 88) = 5919 [pid 5919] rseq(0x7f17bbd03fe0, 0x20, 0, 0x53053053 [pid 5917] rt_sigprocmask(SIG_SETMASK, [], [pid 5919] <... rseq resumed>) = 0 [pid 5917] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5919] set_robust_list(0x7f17bbd039a0, 24 [pid 5917] futex(0x7f17bbe1b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5919] <... set_robust_list resumed>) = 0 [pid 5919] rt_sigprocmask(SIG_SETMASK, [], [pid 5917] <... futex resumed>) = 0 [pid 5919] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5917] futex(0x7f17bbe1b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5919] memfd_create("syzkaller", 0) = 5 [pid 5919] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17b3800000 [pid 5919] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5919] munmap(0x7f17b3800000, 138412032) = 0 [pid 5919] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5919] close(5) = 0 [pid 5919] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5919] futex(0x7f17bbe1b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [ 122.278555][ T5918] ERROR: (device loop0): dbAdjCtl: the maximum free buddy is not the old root [ 122.278555][ T5918] [ 122.290434][ T5918] ERROR: (device loop0): remounting filesystem as read-only [pid 5917] <... futex resumed>) = 0 [pid 5917] futex(0x7f17bbe1b6d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5919] <... futex resumed>) = 0 [pid 5919] quotactl(QCMD(Q_SETINFO, USRQUOTA), NULL, NULL [pid 5917] futex(0x7f17bbe1b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5919] <... quotactl resumed>) = -1 ENODEV (No such device) [pid 5919] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5917] <... futex resumed>) = 0 [pid 5919] futex(0x7f17bbe1b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5918] <... write resumed>) = 15335424 [pid 5918] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5918] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5917] exit_group(0 [pid 5918] <... futex resumed>) = ? [pid 5917] <... exit_group resumed>) = ? [pid 5918] +++ exited with 0 +++ [pid 5919] <... futex resumed>) = ? [pid 5919] +++ exited with 0 +++ [pid 5917] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5917, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=50 /* 0.50 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./29", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555589734730 /* 4 entries */, 32768) = 112 umount2("./29/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/binderfs") = 0 umount2("./29/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./29/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./29/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558973c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558973c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./29/file0") = 0 getdents64(3, 0x555589734730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./29") = 0 mkdir("./30", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5920 attached , child_tidptr=0x555589733690) = 5920 [pid 5920] set_robust_list(0x5555897336a0, 24) = 0 [pid 5920] chdir("./30") = 0 [pid 5920] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5920] setpgid(0, 0) = 0 [pid 5920] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5920] write(3, "1000", 4) = 4 [pid 5920] close(3) = 0 [pid 5920] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5920] write(1, "executing program\n", 18) = 18 [pid 5920] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5920] rt_sigaction(SIGRT_1, {sa_handler=0x7f17bbd941f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f17bbd853a0}, NULL, 8) = 0 [pid 5920] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5920] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17bbd04000 [pid 5920] mprotect(0x7f17bbd05000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5920] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5920] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17bbd24990, parent_tid=0x7f17bbd24990, exit_signal=0, stack=0x7f17bbd04000, stack_size=0x20300, tls=0x7f17bbd246c0}./strace-static-x86_64: Process 5921 attached [pid 5921] rseq(0x7f17bbd24fe0, 0x20, 0, 0x53053053 [pid 5920] <... clone3 resumed> => {parent_tid=[5921]}, 88) = 5921 [pid 5921] <... rseq resumed>) = 0 [pid 5921] set_robust_list(0x7f17bbd249a0, 24) = 0 [pid 5921] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5921] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5920] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5920] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5921] <... futex resumed>) = 0 [pid 5920] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5921] memfd_create("syzkaller", 0) = 3 [pid 5921] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17b3800000 [pid 5921] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5921] munmap(0x7f17b3800000, 138412032) = 0 [pid 5921] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5921] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5921] close(3) = 0 [pid 5921] close(4) = 0 [pid 5921] mkdir("./file0", 0777) = 0 [pid 5921] mount("/dev/loop0", "./file0", "jfs", MS_REC, "") = 0 [pid 5921] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5921] chdir("./file0") = 0 [pid 5921] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5921] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5920] <... futex resumed>) = 0 [ 123.538619][ T5921] loop0: detected capacity change from 0 to 32768 [pid 5921] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5920] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5921] creat("./file1", 004 [pid 5920] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5921] <... creat resumed>) = 4 [pid 5921] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5920] <... futex resumed>) = 0 [pid 5921] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5920] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5921] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5920] <... futex resumed>) = 0 [pid 5921] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 392007683 [pid 5920] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5920] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5920] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17bbce3000 [pid 5920] mprotect(0x7f17bbce4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5920] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5920] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17bbd03990, parent_tid=0x7f17bbd03990, exit_signal=0, stack=0x7f17bbce3000, stack_size=0x20300, tls=0x7f17bbd036c0}./strace-static-x86_64: Process 5922 attached [pid 5922] rseq(0x7f17bbd03fe0, 0x20, 0, 0x53053053 [pid 5920] <... clone3 resumed> => {parent_tid=[5922]}, 88) = 5922 [pid 5922] <... rseq resumed>) = 0 [pid 5920] rt_sigprocmask(SIG_SETMASK, [], [pid 5922] set_robust_list(0x7f17bbd039a0, 24 [pid 5920] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5922] <... set_robust_list resumed>) = 0 [pid 5920] futex(0x7f17bbe1b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5922] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5920] <... futex resumed>) = 0 [pid 5920] futex(0x7f17bbe1b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5922] memfd_create("syzkaller", 0) = 5 [pid 5922] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17b3800000 [pid 5922] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5922] munmap(0x7f17b3800000, 138412032) = 0 [pid 5922] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 123.747619][ T5921] ERROR: (device loop0): dbAdjCtl: the maximum free buddy is not the old root [ 123.747619][ T5921] [ 123.759098][ T5921] ERROR: (device loop0): remounting filesystem as read-only [pid 5922] close(5) = 0 [pid 5922] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5920] <... futex resumed>) = 0 [pid 5920] futex(0x7f17bbe1b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5922] quotactl(QCMD(Q_SETINFO, USRQUOTA), NULL, NULL [pid 5920] <... futex resumed>) = 0 [pid 5922] <... quotactl resumed>) = -1 ENODEV (No such device) [pid 5922] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5922] futex(0x7f17bbe1b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5920] futex(0x7f17bbe1b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5921] <... write resumed>) = 15335424 [pid 5921] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5920] exit_group(0) = ? [pid 5922] <... futex resumed>) = ? [pid 5922] +++ exited with 0 +++ [pid 5921] +++ exited with 0 +++ [pid 5920] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5920, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=47 /* 0.47 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./30", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555589734730 /* 4 entries */, 32768) = 112 umount2("./30/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/binderfs") = 0 umount2("./30/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./30/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./30/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558973c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558973c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./30/file0") = 0 getdents64(3, 0x555589734730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./30") = 0 mkdir("./31", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555589733690) = 5923 ./strace-static-x86_64: Process 5923 attached [pid 5923] set_robust_list(0x5555897336a0, 24) = 0 [pid 5923] chdir("./31") = 0 [pid 5923] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5923] setpgid(0, 0) = 0 [pid 5923] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5923] write(3, "1000", 4) = 4 [pid 5923] close(3) = 0 [pid 5923] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5923] write(1, "executing program\n", 18executing program ) = 18 [pid 5923] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5923] rt_sigaction(SIGRT_1, {sa_handler=0x7f17bbd941f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f17bbd853a0}, NULL, 8) = 0 [pid 5923] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5923] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17bbd04000 [pid 5923] mprotect(0x7f17bbd05000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5923] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5923] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17bbd24990, parent_tid=0x7f17bbd24990, exit_signal=0, stack=0x7f17bbd04000, stack_size=0x20300, tls=0x7f17bbd246c0}./strace-static-x86_64: Process 5924 attached [pid 5924] rseq(0x7f17bbd24fe0, 0x20, 0, 0x53053053) = 0 [pid 5924] set_robust_list(0x7f17bbd249a0, 24 [pid 5923] <... clone3 resumed> => {parent_tid=[5924]}, 88) = 5924 [pid 5924] <... set_robust_list resumed>) = 0 [pid 5923] rt_sigprocmask(SIG_SETMASK, [], [pid 5924] rt_sigprocmask(SIG_SETMASK, [], [pid 5923] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5924] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5923] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5924] memfd_create("syzkaller", 0 [pid 5923] <... futex resumed>) = 0 [pid 5923] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5924] <... memfd_create resumed>) = 3 [pid 5924] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17b3800000 [pid 5924] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5924] munmap(0x7f17b3800000, 138412032) = 0 [pid 5924] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5924] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5924] close(3) = 0 [pid 5924] close(4) = 0 [pid 5924] mkdir("./file0", 0777) = 0 [pid 5924] mount("/dev/loop0", "./file0", "jfs", MS_REC, "") = 0 [pid 5924] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5924] chdir("./file0") = 0 [pid 5924] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5924] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5923] <... futex resumed>) = 0 [pid 5923] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5924] <... futex resumed>) = 1 [pid 5923] <... futex resumed>) = 0 [pid 5924] creat("./file1", 004 [pid 5923] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5924] <... creat resumed>) = 4 [pid 5924] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5923] <... futex resumed>) = 0 [pid 5924] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5923] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5924] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5923] <... futex resumed>) = 0 [pid 5924] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 392007683 [ 124.970958][ T5924] loop0: detected capacity change from 0 to 32768 [pid 5923] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5923] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5923] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17bbce3000 [pid 5923] mprotect(0x7f17bbce4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5923] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5923] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17bbd03990, parent_tid=0x7f17bbd03990, exit_signal=0, stack=0x7f17bbce3000, stack_size=0x20300, tls=0x7f17bbd036c0}./strace-static-x86_64: Process 5925 attached [pid 5925] rseq(0x7f17bbd03fe0, 0x20, 0, 0x53053053 [pid 5923] <... clone3 resumed> => {parent_tid=[5925]}, 88) = 5925 [pid 5925] <... rseq resumed>) = 0 [pid 5923] rt_sigprocmask(SIG_SETMASK, [], [pid 5925] set_robust_list(0x7f17bbd039a0, 24 [pid 5923] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5925] <... set_robust_list resumed>) = 0 [pid 5923] futex(0x7f17bbe1b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5925] rt_sigprocmask(SIG_SETMASK, [], [pid 5923] <... futex resumed>) = 0 [pid 5925] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5923] futex(0x7f17bbe1b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5925] memfd_create("syzkaller", 0) = 5 [pid 5925] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17b3800000 [pid 5925] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5925] munmap(0x7f17b3800000, 138412032) = 0 [ 125.168689][ T5924] ERROR: (device loop0): dbAdjCtl: the maximum free buddy is not the old root [ 125.168689][ T5924] [ 125.180245][ T5924] ERROR: (device loop0): remounting filesystem as read-only [pid 5925] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5925] close(5) = 0 [pid 5925] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5923] <... futex resumed>) = 0 [pid 5925] futex(0x7f17bbe1b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5923] futex(0x7f17bbe1b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5925] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5923] <... futex resumed>) = 0 [pid 5925] quotactl(QCMD(Q_SETINFO, USRQUOTA), NULL, NULL [pid 5923] futex(0x7f17bbe1b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5925] <... quotactl resumed>) = -1 ENODEV (No such device) [pid 5925] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5923] <... futex resumed>) = 0 [pid 5925] futex(0x7f17bbe1b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5924] <... write resumed>) = 15335424 [pid 5924] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5923] exit_group(0 [pid 5924] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5925] <... futex resumed>) = ? [pid 5924] <... futex resumed>) = ? [pid 5923] <... exit_group resumed>) = ? [pid 5925] +++ exited with 0 +++ [pid 5924] +++ exited with 0 +++ [pid 5923] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5923, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=49 /* 0.49 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./31", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555589734730 /* 4 entries */, 32768) = 112 umount2("./31/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/binderfs") = 0 umount2("./31/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./31/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./31/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558973c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558973c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./31/file0") = 0 getdents64(3, 0x555589734730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./31") = 0 mkdir("./32", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5926 attached , child_tidptr=0x555589733690) = 5926 [pid 5926] set_robust_list(0x5555897336a0, 24) = 0 [pid 5926] chdir("./32") = 0 [pid 5926] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5926] setpgid(0, 0) = 0 [pid 5926] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5926] write(3, "1000", 4) = 4 [pid 5926] close(3) = 0 [pid 5926] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5926] write(1, "executing program\n", 18executing program ) = 18 [pid 5926] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5926] rt_sigaction(SIGRT_1, {sa_handler=0x7f17bbd941f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f17bbd853a0}, NULL, 8) = 0 [pid 5926] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5926] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17bbd04000 [pid 5926] mprotect(0x7f17bbd05000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5926] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5926] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17bbd24990, parent_tid=0x7f17bbd24990, exit_signal=0, stack=0x7f17bbd04000, stack_size=0x20300, tls=0x7f17bbd246c0}./strace-static-x86_64: Process 5927 attached [pid 5927] rseq(0x7f17bbd24fe0, 0x20, 0, 0x53053053) = 0 [pid 5926] <... clone3 resumed> => {parent_tid=[5927]}, 88) = 5927 [pid 5927] set_robust_list(0x7f17bbd249a0, 24 [pid 5926] rt_sigprocmask(SIG_SETMASK, [], [pid 5927] <... set_robust_list resumed>) = 0 [pid 5926] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5927] rt_sigprocmask(SIG_SETMASK, [], [pid 5926] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5927] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5926] <... futex resumed>) = 0 [pid 5927] memfd_create("syzkaller", 0 [pid 5926] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5927] <... memfd_create resumed>) = 3 [pid 5927] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17b3800000 [pid 5927] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5927] munmap(0x7f17b3800000, 138412032) = 0 [pid 5927] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5927] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5927] close(3) = 0 [pid 5927] close(4) = 0 [pid 5927] mkdir("./file0", 0777) = 0 [pid 5927] mount("/dev/loop0", "./file0", "jfs", MS_REC, "") = 0 [pid 5927] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5927] chdir("./file0") = 0 [pid 5927] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5927] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5927] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5926] <... futex resumed>) = 0 [pid 5926] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5927] <... futex resumed>) = 0 [pid 5926] <... futex resumed>) = 1 [pid 5926] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5927] creat("./file1", 004) = 4 [pid 5927] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5926] <... futex resumed>) = 0 [pid 5927] <... futex resumed>) = 1 [pid 5926] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5927] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 392007683 [pid 5926] <... futex resumed>) = 0 [ 126.425668][ T5927] loop0: detected capacity change from 0 to 32768 [pid 5926] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5926] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5926] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17bbce3000 [pid 5926] mprotect(0x7f17bbce4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5926] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5926] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17bbd03990, parent_tid=0x7f17bbd03990, exit_signal=0, stack=0x7f17bbce3000, stack_size=0x20300, tls=0x7f17bbd036c0}./strace-static-x86_64: Process 5928 attached [pid 5928] rseq(0x7f17bbd03fe0, 0x20, 0, 0x53053053 [pid 5926] <... clone3 resumed> => {parent_tid=[5928]}, 88) = 5928 [pid 5928] <... rseq resumed>) = 0 [pid 5928] set_robust_list(0x7f17bbd039a0, 24 [pid 5926] rt_sigprocmask(SIG_SETMASK, [], [pid 5928] <... set_robust_list resumed>) = 0 [pid 5928] rt_sigprocmask(SIG_SETMASK, [], [pid 5926] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5928] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5928] memfd_create("syzkaller", 0 [pid 5926] futex(0x7f17bbe1b6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5926] futex(0x7f17bbe1b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5928] <... memfd_create resumed>) = 5 [pid 5928] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17b3800000 [pid 5928] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5928] munmap(0x7f17b3800000, 138412032) = 0 [pid 5928] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 126.622345][ T5927] ERROR: (device loop0): dbAdjCtl: the maximum free buddy is not the old root [ 126.622345][ T5927] [ 126.634010][ T5927] ERROR: (device loop0): remounting filesystem as read-only [pid 5928] close(5) = 0 [pid 5928] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5926] <... futex resumed>) = 0 [pid 5928] futex(0x7f17bbe1b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5926] futex(0x7f17bbe1b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5928] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5926] <... futex resumed>) = 0 [pid 5926] futex(0x7f17bbe1b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5928] quotactl(QCMD(Q_SETINFO, USRQUOTA), NULL, NULL) = -1 ENODEV (No such device) [pid 5928] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5926] <... futex resumed>) = 0 [pid 5928] futex(0x7f17bbe1b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5927] <... write resumed>) = 15335424 [pid 5927] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5927] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5926] exit_group(0 [pid 5928] <... futex resumed>) = ? [pid 5927] <... futex resumed>) = ? [pid 5928] +++ exited with 0 +++ [pid 5927] +++ exited with 0 +++ [pid 5926] <... exit_group resumed>) = ? [pid 5926] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5926, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=51 /* 0.51 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./32", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555589734730 /* 4 entries */, 32768) = 112 umount2("./32/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./32/binderfs") = 0 umount2("./32/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./32/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./32/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558973c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558973c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./32/file0") = 0 getdents64(3, 0x555589734730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./32") = 0 mkdir("./33", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5929 attached , child_tidptr=0x555589733690) = 5929 [pid 5929] set_robust_list(0x5555897336a0, 24) = 0 [pid 5929] chdir("./33") = 0 [pid 5929] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5929] setpgid(0, 0) = 0 [pid 5929] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5929] write(3, "1000", 4) = 4 [pid 5929] close(3) = 0 [pid 5929] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 5929] write(1, "executing program\n", 18) = 18 [pid 5929] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5929] rt_sigaction(SIGRT_1, {sa_handler=0x7f17bbd941f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f17bbd853a0}, NULL, 8) = 0 [pid 5929] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5929] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17bbd04000 [pid 5929] mprotect(0x7f17bbd05000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5929] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5929] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17bbd24990, parent_tid=0x7f17bbd24990, exit_signal=0, stack=0x7f17bbd04000, stack_size=0x20300, tls=0x7f17bbd246c0}./strace-static-x86_64: Process 5930 attached [pid 5930] rseq(0x7f17bbd24fe0, 0x20, 0, 0x53053053 [pid 5929] <... clone3 resumed> => {parent_tid=[5930]}, 88) = 5930 [pid 5930] <... rseq resumed>) = 0 [pid 5930] set_robust_list(0x7f17bbd249a0, 24) = 0 [pid 5930] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5930] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5929] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5929] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5930] <... futex resumed>) = 0 [pid 5929] <... futex resumed>) = 1 [pid 5929] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5930] memfd_create("syzkaller", 0) = 3 [pid 5930] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17b3800000 [pid 5930] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5930] munmap(0x7f17b3800000, 138412032) = 0 [pid 5930] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5930] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5930] close(3) = 0 [pid 5930] close(4) = 0 [pid 5930] mkdir("./file0", 0777) = 0 [pid 5930] mount("/dev/loop0", "./file0", "jfs", MS_REC, "") = 0 [pid 5930] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5930] chdir("./file0") = 0 [ 127.931736][ T5930] loop0: detected capacity change from 0 to 32768 [pid 5930] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5930] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5929] <... futex resumed>) = 0 [pid 5929] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5930] <... futex resumed>) = 1 [pid 5929] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5930] creat("./file1", 004) = 4 [pid 5930] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5929] <... futex resumed>) = 0 [pid 5930] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 392007683 [pid 5929] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5929] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5929] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5929] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17bbce3000 [pid 5929] mprotect(0x7f17bbce4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5929] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5929] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17bbd03990, parent_tid=0x7f17bbd03990, exit_signal=0, stack=0x7f17bbce3000, stack_size=0x20300, tls=0x7f17bbd036c0}./strace-static-x86_64: Process 5931 attached [pid 5931] rseq(0x7f17bbd03fe0, 0x20, 0, 0x53053053) = 0 [pid 5929] <... clone3 resumed> => {parent_tid=[5931]}, 88) = 5931 [pid 5931] set_robust_list(0x7f17bbd039a0, 24) = 0 [pid 5929] rt_sigprocmask(SIG_SETMASK, [], [pid 5931] rt_sigprocmask(SIG_SETMASK, [], [pid 5929] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5931] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5929] futex(0x7f17bbe1b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5931] memfd_create("syzkaller", 0 [pid 5929] <... futex resumed>) = 0 [pid 5929] futex(0x7f17bbe1b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5931] <... memfd_create resumed>) = 5 [pid 5931] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17b3800000 [pid 5931] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5931] munmap(0x7f17b3800000, 138412032) = 0 [pid 5931] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 128.154631][ T5930] ERROR: (device loop0): dbAdjCtl: the maximum free buddy is not the old root [ 128.154631][ T5930] [ 128.166340][ T5930] ERROR: (device loop0): remounting filesystem as read-only [pid 5931] close(5) = 0 [pid 5931] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5929] <... futex resumed>) = 0 [pid 5931] <... futex resumed>) = 1 [pid 5929] futex(0x7f17bbe1b6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5929] futex(0x7f17bbe1b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5931] quotactl(QCMD(Q_SETINFO, USRQUOTA), NULL, NULL) = -1 ENODEV (No such device) [pid 5931] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5929] <... futex resumed>) = 0 [pid 5931] <... futex resumed>) = 1 [pid 5931] futex(0x7f17bbe1b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5930] <... write resumed>) = 15335424 [pid 5930] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5930] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5929] exit_group(0 [pid 5931] <... futex resumed>) = ? [pid 5931] +++ exited with 0 +++ [pid 5929] <... exit_group resumed>) = ? [pid 5930] <... futex resumed>) = ? [pid 5930] +++ exited with 0 +++ [pid 5929] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5929, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=46 /* 0.46 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./33", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555589734730 /* 4 entries */, 32768) = 112 umount2("./33/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./33/binderfs") = 0 umount2("./33/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./33/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./33/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558973c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558973c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./33/file0") = 0 getdents64(3, 0x555589734730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./33") = 0 mkdir("./34", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5932 attached , child_tidptr=0x555589733690) = 5932 [pid 5932] set_robust_list(0x5555897336a0, 24) = 0 [pid 5932] chdir("./34") = 0 [pid 5932] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5932] setpgid(0, 0) = 0 [pid 5932] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5932] write(3, "1000", 4) = 4 [pid 5932] close(3) = 0 [pid 5932] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5932] write(1, "executing program\n", 18) = 18 [pid 5932] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5932] rt_sigaction(SIGRT_1, {sa_handler=0x7f17bbd941f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f17bbd853a0}, NULL, 8) = 0 [pid 5932] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5932] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17bbd04000 [pid 5932] mprotect(0x7f17bbd05000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5932] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5932] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17bbd24990, parent_tid=0x7f17bbd24990, exit_signal=0, stack=0x7f17bbd04000, stack_size=0x20300, tls=0x7f17bbd246c0}./strace-static-x86_64: Process 5933 attached [pid 5933] rseq(0x7f17bbd24fe0, 0x20, 0, 0x53053053) = 0 [pid 5933] set_robust_list(0x7f17bbd249a0, 24 [pid 5932] <... clone3 resumed> => {parent_tid=[5933]}, 88) = 5933 [pid 5933] <... set_robust_list resumed>) = 0 [pid 5932] rt_sigprocmask(SIG_SETMASK, [], [pid 5933] rt_sigprocmask(SIG_SETMASK, [], [pid 5932] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5933] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5932] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5933] memfd_create("syzkaller", 0 [pid 5932] <... futex resumed>) = 0 [pid 5932] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5933] <... memfd_create resumed>) = 3 [pid 5933] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17b3800000 [pid 5933] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5933] munmap(0x7f17b3800000, 138412032) = 0 [pid 5933] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5933] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5933] close(3) = 0 [pid 5933] close(4) = 0 [pid 5933] mkdir("./file0", 0777) = 0 [pid 5933] mount("/dev/loop0", "./file0", "jfs", MS_REC, "") = 0 [ 129.364849][ T5933] loop0: detected capacity change from 0 to 32768 [pid 5933] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5933] chdir("./file0") = 0 [pid 5933] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5933] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5932] <... futex resumed>) = 0 [pid 5933] <... futex resumed>) = 1 [pid 5932] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5933] creat("./file1", 004 [pid 5932] <... futex resumed>) = 0 [pid 5933] <... creat resumed>) = 4 [pid 5932] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5933] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5932] <... futex resumed>) = 0 [pid 5933] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 392007683 [pid 5932] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5932] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5932] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5932] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17bbce3000 [pid 5932] mprotect(0x7f17bbce4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5932] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5932] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17bbd03990, parent_tid=0x7f17bbd03990, exit_signal=0, stack=0x7f17bbce3000, stack_size=0x20300, tls=0x7f17bbd036c0}./strace-static-x86_64: Process 5934 attached [pid 5934] rseq(0x7f17bbd03fe0, 0x20, 0, 0x53053053) = 0 [pid 5934] set_robust_list(0x7f17bbd039a0, 24) = 0 [pid 5932] <... clone3 resumed> => {parent_tid=[5934]}, 88) = 5934 [pid 5934] rt_sigprocmask(SIG_SETMASK, [], [pid 5932] rt_sigprocmask(SIG_SETMASK, [], [pid 5934] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5932] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5934] futex(0x7f17bbe1b6d8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5932] futex(0x7f17bbe1b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5934] memfd_create("syzkaller", 0 [pid 5932] <... futex resumed>) = 0 [pid 5932] futex(0x7f17bbe1b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5934] <... memfd_create resumed>) = 5 [pid 5934] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17b3800000 [pid 5934] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5934] munmap(0x7f17b3800000, 138412032) = 0 [pid 5934] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5934] close(5) = 0 [ 129.594490][ T5933] ERROR: (device loop0): dbAdjCtl: the maximum free buddy is not the old root [ 129.594490][ T5933] [ 129.606404][ T5933] ERROR: (device loop0): remounting filesystem as read-only [pid 5934] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5934] futex(0x7f17bbe1b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5932] <... futex resumed>) = 0 [pid 5932] futex(0x7f17bbe1b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5934] <... futex resumed>) = 0 [pid 5932] <... futex resumed>) = 1 [pid 5934] quotactl(QCMD(Q_SETINFO, USRQUOTA), NULL, NULL [pid 5932] futex(0x7f17bbe1b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5934] <... quotactl resumed>) = -1 ENODEV (No such device) [pid 5934] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5932] <... futex resumed>) = 0 [pid 5934] futex(0x7f17bbe1b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5933] <... write resumed>) = 15335424 [pid 5933] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5933] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5932] exit_group(0 [pid 5934] <... futex resumed>) = ? [pid 5933] <... futex resumed>) = ? [pid 5932] <... exit_group resumed>) = ? [pid 5934] +++ exited with 0 +++ [pid 5933] +++ exited with 0 +++ [pid 5932] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5932, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=51 /* 0.51 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./34", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555589734730 /* 4 entries */, 32768) = 112 umount2("./34/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./34/binderfs") = 0 umount2("./34/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./34/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./34/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558973c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558973c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./34/file0") = 0 getdents64(3, 0x555589734730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./34") = 0 mkdir("./35", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5935 attached , child_tidptr=0x555589733690) = 5935 [pid 5935] set_robust_list(0x5555897336a0, 24) = 0 [pid 5935] chdir("./35") = 0 [pid 5935] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5935] setpgid(0, 0) = 0 [pid 5935] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5935] write(3, "1000", 4) = 4 [pid 5935] close(3) = 0 [pid 5935] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5935] write(1, "executing program\n", 18) = 18 [pid 5935] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5935] rt_sigaction(SIGRT_1, {sa_handler=0x7f17bbd941f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f17bbd853a0}, NULL, 8) = 0 [pid 5935] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5935] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17bbd04000 [pid 5935] mprotect(0x7f17bbd05000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5935] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5935] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17bbd24990, parent_tid=0x7f17bbd24990, exit_signal=0, stack=0x7f17bbd04000, stack_size=0x20300, tls=0x7f17bbd246c0}./strace-static-x86_64: Process 5936 attached [pid 5936] rseq(0x7f17bbd24fe0, 0x20, 0, 0x53053053) = 0 [pid 5935] <... clone3 resumed> => {parent_tid=[5936]}, 88) = 5936 [pid 5936] set_robust_list(0x7f17bbd249a0, 24 [pid 5935] rt_sigprocmask(SIG_SETMASK, [], [pid 5936] <... set_robust_list resumed>) = 0 [pid 5935] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5936] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5935] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5936] memfd_create("syzkaller", 0 [pid 5935] <... futex resumed>) = 0 [pid 5936] <... memfd_create resumed>) = 3 [pid 5935] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5936] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17b3800000 [pid 5936] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5936] munmap(0x7f17b3800000, 138412032) = 0 [pid 5936] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5936] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5936] close(3) = 0 [pid 5936] close(4) = 0 [pid 5936] mkdir("./file0", 0777) = 0 [pid 5936] mount("/dev/loop0", "./file0", "jfs", MS_REC, "") = 0 [pid 5936] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5936] chdir("./file0") = 0 [pid 5936] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5936] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5935] <... futex resumed>) = 0 [pid 5936] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5935] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5936] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5936] creat("./file1", 004 [pid 5935] <... futex resumed>) = 0 [pid 5935] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5936] <... creat resumed>) = 4 [pid 5936] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5935] <... futex resumed>) = 0 [pid 5936] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 392007683 [pid 5935] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 130.818660][ T5936] loop0: detected capacity change from 0 to 32768 [pid 5935] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5935] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5935] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17bbce3000 [pid 5935] mprotect(0x7f17bbce4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5935] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5935] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17bbd03990, parent_tid=0x7f17bbd03990, exit_signal=0, stack=0x7f17bbce3000, stack_size=0x20300, tls=0x7f17bbd036c0}./strace-static-x86_64: Process 5937 attached [pid 5937] rseq(0x7f17bbd03fe0, 0x20, 0, 0x53053053 [pid 5935] <... clone3 resumed> => {parent_tid=[5937]}, 88) = 5937 [pid 5937] <... rseq resumed>) = 0 [pid 5935] rt_sigprocmask(SIG_SETMASK, [], [pid 5937] set_robust_list(0x7f17bbd039a0, 24 [pid 5935] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5937] <... set_robust_list resumed>) = 0 [pid 5935] futex(0x7f17bbe1b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5937] rt_sigprocmask(SIG_SETMASK, [], [pid 5935] <... futex resumed>) = 0 [pid 5937] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5935] futex(0x7f17bbe1b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5937] memfd_create("syzkaller", 0) = 5 [pid 5937] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17b3800000 [pid 5937] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5937] munmap(0x7f17b3800000, 138412032) = 0 [pid 5937] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5937] close(5) = 0 [pid 5937] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5935] <... futex resumed>) = 0 [pid 5937] futex(0x7f17bbe1b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [ 131.025592][ T5936] ERROR: (device loop0): dbAdjCtl: the maximum free buddy is not the old root [ 131.025592][ T5936] [ 131.037398][ T5936] ERROR: (device loop0): remounting filesystem as read-only [pid 5935] futex(0x7f17bbe1b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5937] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5935] <... futex resumed>) = 0 [pid 5935] futex(0x7f17bbe1b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5937] quotactl(QCMD(Q_SETINFO, USRQUOTA), NULL, NULL) = -1 ENODEV (No such device) [pid 5937] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5935] <... futex resumed>) = 0 [pid 5937] <... futex resumed>) = 1 [pid 5937] futex(0x7f17bbe1b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5936] <... write resumed>) = 15335424 [pid 5936] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5936] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5935] exit_group(0 [pid 5937] <... futex resumed>) = ? [pid 5936] <... futex resumed>) = ? [pid 5935] <... exit_group resumed>) = ? [pid 5937] +++ exited with 0 +++ [pid 5936] +++ exited with 0 +++ [pid 5935] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5935, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=47 /* 0.47 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./35", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555589734730 /* 4 entries */, 32768) = 112 umount2("./35/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./35/binderfs") = 0 umount2("./35/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./35/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./35/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558973c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558973c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./35/file0") = 0 getdents64(3, 0x555589734730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./35") = 0 mkdir("./36", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5938 attached , child_tidptr=0x555589733690) = 5938 [pid 5938] set_robust_list(0x5555897336a0, 24) = 0 [pid 5938] chdir("./36") = 0 [pid 5938] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5938] setpgid(0, 0) = 0 [pid 5938] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5938] write(3, "1000", 4) = 4 [pid 5938] close(3) = 0 [pid 5938] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5938] write(1, "executing program\n", 18) = 18 [pid 5938] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5938] rt_sigaction(SIGRT_1, {sa_handler=0x7f17bbd941f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f17bbd853a0}, NULL, 8) = 0 [pid 5938] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5938] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17bbd04000 [pid 5938] mprotect(0x7f17bbd05000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5938] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5938] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17bbd24990, parent_tid=0x7f17bbd24990, exit_signal=0, stack=0x7f17bbd04000, stack_size=0x20300, tls=0x7f17bbd246c0}./strace-static-x86_64: Process 5939 attached [pid 5939] rseq(0x7f17bbd24fe0, 0x20, 0, 0x53053053) = 0 [pid 5938] <... clone3 resumed> => {parent_tid=[5939]}, 88) = 5939 [pid 5939] set_robust_list(0x7f17bbd249a0, 24 [pid 5938] rt_sigprocmask(SIG_SETMASK, [], [pid 5939] <... set_robust_list resumed>) = 0 [pid 5938] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5939] rt_sigprocmask(SIG_SETMASK, [], [pid 5938] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5939] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5938] <... futex resumed>) = 0 [pid 5939] memfd_create("syzkaller", 0 [pid 5938] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5939] <... memfd_create resumed>) = 3 [pid 5939] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17b3800000 [pid 5939] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5939] munmap(0x7f17b3800000, 138412032) = 0 [pid 5939] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5939] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5939] close(3) = 0 [pid 5939] close(4) = 0 [pid 5939] mkdir("./file0", 0777) = 0 [pid 5939] mount("/dev/loop0", "./file0", "jfs", MS_REC, "") = 0 [pid 5939] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5939] chdir("./file0") = 0 [pid 5939] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5939] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5938] <... futex resumed>) = 0 [pid 5939] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5938] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5939] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5938] <... futex resumed>) = 0 [pid 5939] creat("./file1", 004 [pid 5938] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5939] <... creat resumed>) = 4 [pid 5939] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5938] <... futex resumed>) = 0 [pid 5939] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [ 132.294365][ T5939] loop0: detected capacity change from 0 to 32768 [pid 5938] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5939] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5938] <... futex resumed>) = 0 [pid 5939] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 392007683 [pid 5938] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5938] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5938] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17bbce3000 [pid 5938] mprotect(0x7f17bbce4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5938] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5938] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17bbd03990, parent_tid=0x7f17bbd03990, exit_signal=0, stack=0x7f17bbce3000, stack_size=0x20300, tls=0x7f17bbd036c0}./strace-static-x86_64: Process 5940 attached [pid 5940] rseq(0x7f17bbd03fe0, 0x20, 0, 0x53053053) = 0 [pid 5938] <... clone3 resumed> => {parent_tid=[5940]}, 88) = 5940 [pid 5940] set_robust_list(0x7f17bbd039a0, 24 [pid 5938] rt_sigprocmask(SIG_SETMASK, [], [pid 5940] <... set_robust_list resumed>) = 0 [pid 5938] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5940] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5938] futex(0x7f17bbe1b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5940] memfd_create("syzkaller", 0 [pid 5938] <... futex resumed>) = 0 [pid 5940] <... memfd_create resumed>) = 5 [pid 5938] futex(0x7f17bbe1b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5940] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17b3800000 [pid 5940] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [ 132.501293][ T5939] ERROR: (device loop0): dbAdjCtl: the maximum free buddy is not the old root [ 132.501293][ T5939] [ 132.512821][ T5939] ERROR: (device loop0): remounting filesystem as read-only [pid 5940] munmap(0x7f17b3800000, 138412032) = 0 [pid 5940] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5940] close(5) = 0 [pid 5940] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5938] <... futex resumed>) = 0 [pid 5940] <... futex resumed>) = 1 [pid 5938] futex(0x7f17bbe1b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5940] quotactl(QCMD(Q_SETINFO, USRQUOTA), NULL, NULL [pid 5938] <... futex resumed>) = 0 [pid 5940] <... quotactl resumed>) = -1 ENODEV (No such device) [pid 5938] futex(0x7f17bbe1b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5940] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5938] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5940] <... futex resumed>) = 0 [pid 5940] futex(0x7f17bbe1b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5939] <... write resumed>) = 15335424 [pid 5939] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5939] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5938] exit_group(0 [pid 5939] <... futex resumed>) = ? [pid 5938] <... exit_group resumed>) = ? [pid 5939] +++ exited with 0 +++ [pid 5940] <... futex resumed>) = ? [pid 5940] +++ exited with 0 +++ [pid 5938] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5938, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=50 /* 0.50 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./36", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555589734730 /* 4 entries */, 32768) = 112 umount2("./36/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./36/binderfs") = 0 umount2("./36/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./36/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./36/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558973c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558973c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./36/file0") = 0 getdents64(3, 0x555589734730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./36") = 0 mkdir("./37", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5941 attached , child_tidptr=0x555589733690) = 5941 [pid 5941] set_robust_list(0x5555897336a0, 24) = 0 [pid 5941] chdir("./37") = 0 [pid 5941] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5941] setpgid(0, 0) = 0 [pid 5941] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5941] write(3, "1000", 4) = 4 [pid 5941] close(3) = 0 [pid 5941] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5941] write(1, "executing program\n", 18) = 18 [pid 5941] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5941] rt_sigaction(SIGRT_1, {sa_handler=0x7f17bbd941f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f17bbd853a0}, NULL, 8) = 0 [pid 5941] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5941] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17bbd04000 [pid 5941] mprotect(0x7f17bbd05000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5941] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5941] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17bbd24990, parent_tid=0x7f17bbd24990, exit_signal=0, stack=0x7f17bbd04000, stack_size=0x20300, tls=0x7f17bbd246c0}./strace-static-x86_64: Process 5942 attached [pid 5942] rseq(0x7f17bbd24fe0, 0x20, 0, 0x53053053) = 0 [pid 5941] <... clone3 resumed> => {parent_tid=[5942]}, 88) = 5942 [pid 5942] set_robust_list(0x7f17bbd249a0, 24 [pid 5941] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5941] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5941] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5942] <... set_robust_list resumed>) = 0 [pid 5942] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5942] memfd_create("syzkaller", 0) = 3 [pid 5942] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17b3800000 [pid 5942] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5942] munmap(0x7f17b3800000, 138412032) = 0 [pid 5942] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5942] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5942] close(3) = 0 [pid 5942] close(4) = 0 [pid 5942] mkdir("./file0", 0777) = 0 [pid 5942] mount("/dev/loop0", "./file0", "jfs", MS_REC, "") = 0 [pid 5942] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5942] chdir("./file0") = 0 [pid 5942] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5942] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5941] <... futex resumed>) = 0 [pid 5942] <... futex resumed>) = 1 [pid 5941] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [ 133.784484][ T5942] loop0: detected capacity change from 0 to 32768 [pid 5942] creat("./file1", 004 [pid 5941] <... futex resumed>) = 0 [pid 5942] <... creat resumed>) = 4 [pid 5942] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5941] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5942] <... futex resumed>) = 0 [pid 5941] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5942] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 392007683 [pid 5941] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5941] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5941] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5941] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17bbce3000 [pid 5941] mprotect(0x7f17bbce4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5941] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5941] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17bbd03990, parent_tid=0x7f17bbd03990, exit_signal=0, stack=0x7f17bbce3000, stack_size=0x20300, tls=0x7f17bbd036c0}./strace-static-x86_64: Process 5943 attached [pid 5943] rseq(0x7f17bbd03fe0, 0x20, 0, 0x53053053 [pid 5941] <... clone3 resumed> => {parent_tid=[5943]}, 88) = 5943 [pid 5943] <... rseq resumed>) = 0 [pid 5943] set_robust_list(0x7f17bbd039a0, 24 [pid 5941] rt_sigprocmask(SIG_SETMASK, [], [pid 5943] <... set_robust_list resumed>) = 0 [pid 5941] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5941] futex(0x7f17bbe1b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5943] rt_sigprocmask(SIG_SETMASK, [], [pid 5941] <... futex resumed>) = 0 [pid 5943] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5943] memfd_create("syzkaller", 0 [pid 5941] futex(0x7f17bbe1b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5943] <... memfd_create resumed>) = 5 [pid 5943] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17b3800000 [pid 5943] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5943] munmap(0x7f17b3800000, 138412032) = 0 [ 133.988287][ T5942] ERROR: (device loop0): dbAdjCtl: the maximum free buddy is not the old root [ 133.988287][ T5942] [ 133.999724][ T5942] ERROR: (device loop0): remounting filesystem as read-only [pid 5943] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5943] close(5) = 0 [pid 5943] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5941] <... futex resumed>) = 0 [pid 5943] futex(0x7f17bbe1b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5941] futex(0x7f17bbe1b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5943] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5941] <... futex resumed>) = 0 [pid 5943] quotactl(QCMD(Q_SETINFO, USRQUOTA), NULL, NULL [pid 5941] futex(0x7f17bbe1b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5943] <... quotactl resumed>) = -1 ENODEV (No such device) [pid 5943] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5941] <... futex resumed>) = 0 [pid 5943] <... futex resumed>) = 1 [pid 5943] futex(0x7f17bbe1b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5942] <... write resumed>) = 15335424 [pid 5942] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5941] exit_group(0 [pid 5942] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5943] <... futex resumed>) = ? [pid 5942] <... futex resumed>) = ? [pid 5941] <... exit_group resumed>) = ? [pid 5943] +++ exited with 0 +++ [pid 5942] +++ exited with 0 +++ [pid 5941] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5941, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=48 /* 0.48 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./37", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555589734730 /* 4 entries */, 32768) = 112 umount2("./37/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./37/binderfs") = 0 umount2("./37/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./37/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./37/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558973c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558973c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./37/file0") = 0 getdents64(3, 0x555589734730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./37") = 0 mkdir("./38", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5944 attached , child_tidptr=0x555589733690) = 5944 [pid 5944] set_robust_list(0x5555897336a0, 24) = 0 [pid 5944] chdir("./38") = 0 [pid 5944] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5944] setpgid(0, 0) = 0 [pid 5944] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5944] write(3, "1000", 4) = 4 [pid 5944] close(3) = 0 [pid 5944] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5944] write(1, "executing program\n", 18) = 18 [pid 5944] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5944] rt_sigaction(SIGRT_1, {sa_handler=0x7f17bbd941f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f17bbd853a0}, NULL, 8) = 0 [pid 5944] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5944] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17bbd04000 [pid 5944] mprotect(0x7f17bbd05000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5944] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5944] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17bbd24990, parent_tid=0x7f17bbd24990, exit_signal=0, stack=0x7f17bbd04000, stack_size=0x20300, tls=0x7f17bbd246c0}./strace-static-x86_64: Process 5945 attached [pid 5945] rseq(0x7f17bbd24fe0, 0x20, 0, 0x53053053 [pid 5944] <... clone3 resumed> => {parent_tid=[5945]}, 88) = 5945 [pid 5945] <... rseq resumed>) = 0 [pid 5944] rt_sigprocmask(SIG_SETMASK, [], [pid 5945] set_robust_list(0x7f17bbd249a0, 24 [pid 5944] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5945] <... set_robust_list resumed>) = 0 [pid 5944] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5945] rt_sigprocmask(SIG_SETMASK, [], [pid 5944] <... futex resumed>) = 0 [pid 5945] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5944] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5945] memfd_create("syzkaller", 0) = 3 [pid 5945] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17b3800000 [pid 5945] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5945] munmap(0x7f17b3800000, 138412032) = 0 [pid 5945] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5945] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5945] close(3) = 0 [pid 5945] close(4) = 0 [pid 5945] mkdir("./file0", 0777) = 0 [pid 5945] mount("/dev/loop0", "./file0", "jfs", MS_REC, "") = 0 [pid 5945] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5945] chdir("./file0") = 0 [pid 5945] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 135.202777][ T5945] loop0: detected capacity change from 0 to 32768 [pid 5945] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5944] <... futex resumed>) = 0 [pid 5945] creat("./file1", 004 [pid 5944] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5944] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5945] <... creat resumed>) = 4 [pid 5945] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5944] <... futex resumed>) = 0 [pid 5944] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5945] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 392007683 [pid 5944] <... futex resumed>) = 0 [pid 5944] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5944] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5944] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17bbce3000 [pid 5944] mprotect(0x7f17bbce4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5944] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5944] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17bbd03990, parent_tid=0x7f17bbd03990, exit_signal=0, stack=0x7f17bbce3000, stack_size=0x20300, tls=0x7f17bbd036c0}./strace-static-x86_64: Process 5946 attached [pid 5946] rseq(0x7f17bbd03fe0, 0x20, 0, 0x53053053) = 0 [pid 5944] <... clone3 resumed> => {parent_tid=[5946]}, 88) = 5946 [pid 5946] set_robust_list(0x7f17bbd039a0, 24) = 0 [pid 5944] rt_sigprocmask(SIG_SETMASK, [], [pid 5946] rt_sigprocmask(SIG_SETMASK, [], [pid 5944] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5946] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5944] futex(0x7f17bbe1b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5946] memfd_create("syzkaller", 0 [pid 5944] <... futex resumed>) = 0 [pid 5946] <... memfd_create resumed>) = 5 [pid 5944] futex(0x7f17bbe1b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5946] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17b3800000 [pid 5946] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5946] munmap(0x7f17b3800000, 138412032) = 0 [pid 5946] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5946] close(5) = 0 [pid 5946] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5944] <... futex resumed>) = 0 [pid 5946] <... futex resumed>) = 1 [ 135.432959][ T5945] ERROR: (device loop0): dbAdjCtl: the maximum free buddy is not the old root [ 135.432959][ T5945] [ 135.445138][ T5945] ERROR: (device loop0): remounting filesystem as read-only [pid 5944] futex(0x7f17bbe1b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5946] quotactl(QCMD(Q_SETINFO, USRQUOTA), NULL, NULL [pid 5944] <... futex resumed>) = 0 [pid 5946] <... quotactl resumed>) = -1 ENODEV (No such device) [pid 5944] futex(0x7f17bbe1b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5946] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5944] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5946] <... futex resumed>) = 0 [pid 5946] futex(0x7f17bbe1b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5945] <... write resumed>) = 15335424 [pid 5945] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5945] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5944] exit_group(0 [pid 5945] <... futex resumed>) = ? [pid 5944] <... exit_group resumed>) = ? [pid 5945] +++ exited with 0 +++ [pid 5946] <... futex resumed>) = ? [pid 5946] +++ exited with 0 +++ [pid 5944] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5944, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=46 /* 0.46 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555589734730 /* 4 entries */, 32768) = 112 umount2("./38/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./38/binderfs") = 0 umount2("./38/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./38/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./38/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558973c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558973c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./38/file0") = 0 getdents64(3, 0x555589734730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./38") = 0 mkdir("./39", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5947 attached , child_tidptr=0x555589733690) = 5947 [pid 5947] set_robust_list(0x5555897336a0, 24) = 0 [pid 5947] chdir("./39") = 0 [pid 5947] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5947] setpgid(0, 0) = 0 [pid 5947] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5947] write(3, "1000", 4) = 4 [pid 5947] close(3) = 0 [pid 5947] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5947] write(1, "executing program\n", 18executing program ) = 18 [pid 5947] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5947] rt_sigaction(SIGRT_1, {sa_handler=0x7f17bbd941f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f17bbd853a0}, NULL, 8) = 0 [pid 5947] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5947] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17bbd04000 [pid 5947] mprotect(0x7f17bbd05000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5947] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5947] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17bbd24990, parent_tid=0x7f17bbd24990, exit_signal=0, stack=0x7f17bbd04000, stack_size=0x20300, tls=0x7f17bbd246c0}./strace-static-x86_64: Process 5948 attached [pid 5948] rseq(0x7f17bbd24fe0, 0x20, 0, 0x53053053) = 0 [pid 5948] set_robust_list(0x7f17bbd249a0, 24 [pid 5947] <... clone3 resumed> => {parent_tid=[5948]}, 88) = 5948 [pid 5948] <... set_robust_list resumed>) = 0 [pid 5947] rt_sigprocmask(SIG_SETMASK, [], [pid 5948] rt_sigprocmask(SIG_SETMASK, [], [pid 5947] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5948] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5947] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5948] memfd_create("syzkaller", 0 [pid 5947] <... futex resumed>) = 0 [pid 5947] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5948] <... memfd_create resumed>) = 3 [pid 5948] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17b3800000 [pid 5948] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5948] munmap(0x7f17b3800000, 138412032) = 0 [pid 5948] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5948] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5948] close(3) = 0 [pid 5948] close(4) = 0 [pid 5948] mkdir("./file0", 0777) = 0 [pid 5948] mount("/dev/loop0", "./file0", "jfs", MS_REC, "") = 0 [pid 5948] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5948] chdir("./file0") = 0 [pid 5948] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5948] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5947] <... futex resumed>) = 0 [pid 5948] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5947] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5948] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5947] <... futex resumed>) = 0 [pid 5948] creat("./file1", 004 [pid 5947] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5948] <... creat resumed>) = 4 [ 136.632209][ T5948] loop0: detected capacity change from 0 to 32768 [pid 5948] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5947] <... futex resumed>) = 0 [pid 5948] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 392007683 [pid 5947] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5947] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5947] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5947] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17bbce3000 [pid 5947] mprotect(0x7f17bbce4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5947] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5947] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17bbd03990, parent_tid=0x7f17bbd03990, exit_signal=0, stack=0x7f17bbce3000, stack_size=0x20300, tls=0x7f17bbd036c0}./strace-static-x86_64: Process 5949 attached [pid 5949] rseq(0x7f17bbd03fe0, 0x20, 0, 0x53053053 [pid 5947] <... clone3 resumed> => {parent_tid=[5949]}, 88) = 5949 [pid 5949] <... rseq resumed>) = 0 [pid 5947] rt_sigprocmask(SIG_SETMASK, [], [pid 5949] set_robust_list(0x7f17bbd039a0, 24 [pid 5947] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5949] <... set_robust_list resumed>) = 0 [pid 5949] rt_sigprocmask(SIG_SETMASK, [], [pid 5947] futex(0x7f17bbe1b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5949] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5947] <... futex resumed>) = 0 [pid 5949] memfd_create("syzkaller", 0 [pid 5947] futex(0x7f17bbe1b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5949] <... memfd_create resumed>) = 5 [pid 5949] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17b3800000 [pid 5949] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5949] munmap(0x7f17b3800000, 138412032) = 0 [ 136.837619][ T5948] ERROR: (device loop0): dbAdjCtl: the maximum free buddy is not the old root [ 136.837619][ T5948] [ 136.849445][ T5948] ERROR: (device loop0): remounting filesystem as read-only [pid 5949] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5949] close(5) = 0 [pid 5949] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5947] <... futex resumed>) = 0 [pid 5949] futex(0x7f17bbe1b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5947] futex(0x7f17bbe1b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5949] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5947] <... futex resumed>) = 0 [pid 5947] futex(0x7f17bbe1b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5949] quotactl(QCMD(Q_SETINFO, USRQUOTA), NULL, NULL) = -1 ENODEV (No such device) [pid 5949] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5947] <... futex resumed>) = 0 [pid 5949] futex(0x7f17bbe1b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5948] <... write resumed>) = 15335424 [pid 5948] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5947] exit_group(0 [pid 5948] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5947] <... exit_group resumed>) = ? [pid 5949] <... futex resumed>) = ? [pid 5948] <... futex resumed>) = ? [pid 5949] +++ exited with 0 +++ [pid 5948] +++ exited with 0 +++ [pid 5947] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5947, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=50 /* 0.50 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./39", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555589734730 /* 4 entries */, 32768) = 112 umount2("./39/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./39/binderfs") = 0 umount2("./39/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./39/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./39/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558973c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558973c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./39/file0") = 0 getdents64(3, 0x555589734730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./39") = 0 mkdir("./40", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5950 attached , child_tidptr=0x555589733690) = 5950 [pid 5950] set_robust_list(0x5555897336a0, 24) = 0 [pid 5950] chdir("./40") = 0 [pid 5950] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5950] setpgid(0, 0) = 0 [pid 5950] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5950] write(3, "1000", 4) = 4 [pid 5950] close(3) = 0 [pid 5950] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5950] write(1, "executing program\n", 18) = 18 [pid 5950] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5950] rt_sigaction(SIGRT_1, {sa_handler=0x7f17bbd941f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f17bbd853a0}, NULL, 8) = 0 [pid 5950] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5950] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17bbd04000 [pid 5950] mprotect(0x7f17bbd05000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5950] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5950] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17bbd24990, parent_tid=0x7f17bbd24990, exit_signal=0, stack=0x7f17bbd04000, stack_size=0x20300, tls=0x7f17bbd246c0}./strace-static-x86_64: Process 5951 attached [pid 5951] rseq(0x7f17bbd24fe0, 0x20, 0, 0x53053053) = 0 [pid 5950] <... clone3 resumed> => {parent_tid=[5951]}, 88) = 5951 [pid 5951] set_robust_list(0x7f17bbd249a0, 24 [pid 5950] rt_sigprocmask(SIG_SETMASK, [], [pid 5951] <... set_robust_list resumed>) = 0 [pid 5950] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5951] rt_sigprocmask(SIG_SETMASK, [], [pid 5950] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5951] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5950] <... futex resumed>) = 0 [pid 5951] memfd_create("syzkaller", 0 [pid 5950] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5951] <... memfd_create resumed>) = 3 [pid 5951] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17b3800000 [pid 5951] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5951] munmap(0x7f17b3800000, 138412032) = 0 [pid 5951] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5951] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5951] close(3) = 0 [pid 5951] close(4) = 0 [pid 5951] mkdir("./file0", 0777) = 0 [pid 5951] mount("/dev/loop0", "./file0", "jfs", MS_REC, "") = 0 [pid 5951] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5951] chdir("./file0") = 0 [ 138.132758][ T5951] loop0: detected capacity change from 0 to 32768 [pid 5951] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5951] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5950] <... futex resumed>) = 0 [pid 5950] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5951] creat("./file1", 004 [pid 5950] <... futex resumed>) = 0 [pid 5950] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5951] <... creat resumed>) = 4 [pid 5951] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5950] <... futex resumed>) = 0 [pid 5951] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5950] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5951] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5950] <... futex resumed>) = 0 [pid 5951] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 392007683 [pid 5950] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5950] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5950] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17bbce3000 [pid 5950] mprotect(0x7f17bbce4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5950] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5950] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17bbd03990, parent_tid=0x7f17bbd03990, exit_signal=0, stack=0x7f17bbce3000, stack_size=0x20300, tls=0x7f17bbd036c0}./strace-static-x86_64: Process 5952 attached => {parent_tid=[5952]}, 88) = 5952 [pid 5952] rseq(0x7f17bbd03fe0, 0x20, 0, 0x53053053) = 0 [pid 5950] rt_sigprocmask(SIG_SETMASK, [], [pid 5952] set_robust_list(0x7f17bbd039a0, 24 [pid 5950] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5952] <... set_robust_list resumed>) = 0 [pid 5950] futex(0x7f17bbe1b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5952] rt_sigprocmask(SIG_SETMASK, [], [pid 5950] <... futex resumed>) = 0 [pid 5952] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5952] memfd_create("syzkaller", 0 [pid 5950] futex(0x7f17bbe1b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5952] <... memfd_create resumed>) = 5 [pid 5952] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17b3800000 [pid 5952] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5952] munmap(0x7f17b3800000, 138412032) = 0 [pid 5952] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5952] close(5) = 0 [pid 5952] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5950] <... futex resumed>) = 0 [pid 5952] <... futex resumed>) = 1 [ 138.373285][ T5951] ERROR: (device loop0): dbAdjCtl: the maximum free buddy is not the old root [ 138.373285][ T5951] [ 138.385347][ T5951] ERROR: (device loop0): remounting filesystem as read-only [pid 5950] futex(0x7f17bbe1b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5952] quotactl(QCMD(Q_SETINFO, USRQUOTA), NULL, NULL [pid 5950] <... futex resumed>) = 0 [pid 5952] <... quotactl resumed>) = -1 ENODEV (No such device) [pid 5950] futex(0x7f17bbe1b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5952] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5950] <... futex resumed>) = 0 [pid 5952] futex(0x7f17bbe1b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5951] <... write resumed>) = 15335424 [pid 5951] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5951] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5950] exit_group(0 [pid 5951] <... futex resumed>) = ? [pid 5952] <... futex resumed>) = ? [pid 5950] <... exit_group resumed>) = ? [pid 5952] +++ exited with 0 +++ [pid 5951] +++ exited with 0 +++ [pid 5950] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5950, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=48 /* 0.48 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./40", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555589734730 /* 4 entries */, 32768) = 112 umount2("./40/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./40/binderfs") = 0 umount2("./40/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./40/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./40/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558973c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558973c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./40/file0") = 0 getdents64(3, 0x555589734730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./40") = 0 mkdir("./41", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5953 attached , child_tidptr=0x555589733690) = 5953 [pid 5953] set_robust_list(0x5555897336a0, 24) = 0 [pid 5953] chdir("./41") = 0 [pid 5953] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5953] setpgid(0, 0) = 0 [pid 5953] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5953] write(3, "1000", 4) = 4 [pid 5953] close(3) = 0 [pid 5953] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5953] write(1, "executing program\n", 18executing program ) = 18 [pid 5953] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5953] rt_sigaction(SIGRT_1, {sa_handler=0x7f17bbd941f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f17bbd853a0}, NULL, 8) = 0 [pid 5953] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5953] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17bbd04000 [pid 5953] mprotect(0x7f17bbd05000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5953] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5953] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17bbd24990, parent_tid=0x7f17bbd24990, exit_signal=0, stack=0x7f17bbd04000, stack_size=0x20300, tls=0x7f17bbd246c0}./strace-static-x86_64: Process 5954 attached [pid 5954] rseq(0x7f17bbd24fe0, 0x20, 0, 0x53053053) = 0 [pid 5954] set_robust_list(0x7f17bbd249a0, 24) = 0 [pid 5953] <... clone3 resumed> => {parent_tid=[5954]}, 88) = 5954 [pid 5954] rt_sigprocmask(SIG_SETMASK, [], [pid 5953] rt_sigprocmask(SIG_SETMASK, [], [pid 5954] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5953] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5954] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5953] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5954] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5954] memfd_create("syzkaller", 0 [pid 5953] <... futex resumed>) = 0 [pid 5954] <... memfd_create resumed>) = 3 [pid 5953] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5954] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17b3800000 [pid 5954] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5954] munmap(0x7f17b3800000, 138412032) = 0 [pid 5954] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5954] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5954] close(3) = 0 [pid 5954] close(4) = 0 [pid 5954] mkdir("./file0", 0777) = 0 [pid 5954] mount("/dev/loop0", "./file0", "jfs", MS_REC, "") = 0 [ 139.561841][ T5954] loop0: detected capacity change from 0 to 32768 [pid 5954] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5954] chdir("./file0") = 0 [pid 5954] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5954] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5953] <... futex resumed>) = 0 [pid 5954] creat("./file1", 004 [pid 5953] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5953] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5954] <... creat resumed>) = 4 [pid 5954] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5953] <... futex resumed>) = 0 [pid 5954] <... futex resumed>) = 1 [pid 5953] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5954] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 392007683 [pid 5953] <... futex resumed>) = 0 [pid 5953] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5953] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5953] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17bbce3000 [pid 5953] mprotect(0x7f17bbce4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5953] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5953] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17bbd03990, parent_tid=0x7f17bbd03990, exit_signal=0, stack=0x7f17bbce3000, stack_size=0x20300, tls=0x7f17bbd036c0}./strace-static-x86_64: Process 5955 attached [pid 5955] rseq(0x7f17bbd03fe0, 0x20, 0, 0x53053053 [pid 5953] <... clone3 resumed> => {parent_tid=[5955]}, 88) = 5955 [pid 5955] <... rseq resumed>) = 0 [pid 5953] rt_sigprocmask(SIG_SETMASK, [], [pid 5955] set_robust_list(0x7f17bbd039a0, 24 [pid 5953] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5955] <... set_robust_list resumed>) = 0 [pid 5955] rt_sigprocmask(SIG_SETMASK, [], [pid 5953] futex(0x7f17bbe1b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5955] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5955] memfd_create("syzkaller", 0 [pid 5953] <... futex resumed>) = 0 [pid 5953] futex(0x7f17bbe1b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5955] <... memfd_create resumed>) = 5 [pid 5955] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17b3800000 [ 139.776813][ T5954] ERROR: (device loop0): dbAdjCtl: the maximum free buddy is not the old root [ 139.776813][ T5954] [ 139.788891][ T5954] ERROR: (device loop0): remounting filesystem as read-only [pid 5955] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5955] munmap(0x7f17b3800000, 138412032) = 0 [pid 5955] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5955] close(5) = 0 [pid 5955] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5953] <... futex resumed>) = 0 [pid 5953] futex(0x7f17bbe1b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5955] quotactl(QCMD(Q_SETINFO, USRQUOTA), NULL, NULL [pid 5953] <... futex resumed>) = 0 [pid 5955] <... quotactl resumed>) = -1 ENODEV (No such device) [pid 5953] futex(0x7f17bbe1b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5955] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5953] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5955] <... futex resumed>) = 0 [pid 5955] futex(0x7f17bbe1b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5954] <... write resumed>) = 15335424 [pid 5954] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5954] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5953] exit_group(0 [pid 5955] <... futex resumed>) = ? [pid 5954] <... futex resumed>) = ? [pid 5953] <... exit_group resumed>) = ? [pid 5954] +++ exited with 0 +++ [pid 5955] +++ exited with 0 +++ [pid 5953] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5953, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=47 /* 0.47 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./41", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555589734730 /* 4 entries */, 32768) = 112 umount2("./41/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./41/binderfs") = 0 umount2("./41/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./41/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./41/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558973c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558973c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./41/file0") = 0 getdents64(3, 0x555589734730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./41") = 0 mkdir("./42", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5956 attached , child_tidptr=0x555589733690) = 5956 [pid 5956] set_robust_list(0x5555897336a0, 24) = 0 [pid 5956] chdir("./42") = 0 [pid 5956] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5956] setpgid(0, 0) = 0 [pid 5956] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5956] write(3, "1000", 4) = 4 [pid 5956] close(3) = 0 [pid 5956] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5956] write(1, "executing program\n", 18) = 18 [pid 5956] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5956] rt_sigaction(SIGRT_1, {sa_handler=0x7f17bbd941f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f17bbd853a0}, NULL, 8) = 0 [pid 5956] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5956] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17bbd04000 [pid 5956] mprotect(0x7f17bbd05000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5956] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5956] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17bbd24990, parent_tid=0x7f17bbd24990, exit_signal=0, stack=0x7f17bbd04000, stack_size=0x20300, tls=0x7f17bbd246c0}./strace-static-x86_64: Process 5957 attached [pid 5957] rseq(0x7f17bbd24fe0, 0x20, 0, 0x53053053 [pid 5956] <... clone3 resumed> => {parent_tid=[5957]}, 88) = 5957 [pid 5957] <... rseq resumed>) = 0 [pid 5956] rt_sigprocmask(SIG_SETMASK, [], [pid 5957] set_robust_list(0x7f17bbd249a0, 24 [pid 5956] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5957] <... set_robust_list resumed>) = 0 [pid 5956] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5957] rt_sigprocmask(SIG_SETMASK, [], [pid 5956] <... futex resumed>) = 0 [pid 5957] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5957] memfd_create("syzkaller", 0 [pid 5956] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5957] <... memfd_create resumed>) = 3 [pid 5957] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17b3800000 [pid 5957] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5957] munmap(0x7f17b3800000, 138412032) = 0 [pid 5957] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5957] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5957] close(3) = 0 [pid 5957] close(4) = 0 [pid 5957] mkdir("./file0", 0777) = 0 [pid 5957] mount("/dev/loop0", "./file0", "jfs", MS_REC, "") = 0 [pid 5957] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5957] chdir("./file0") = 0 [ 140.972131][ T5957] loop0: detected capacity change from 0 to 32768 [pid 5957] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5957] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5956] <... futex resumed>) = 0 [pid 5957] creat("./file1", 004 [pid 5956] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5957] <... creat resumed>) = 4 [pid 5956] <... futex resumed>) = 0 [pid 5957] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5956] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5957] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5956] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5956] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5957] <... futex resumed>) = 0 [pid 5956] <... futex resumed>) = 1 [pid 5957] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 392007683 [pid 5956] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5956] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5956] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17bbce3000 [pid 5956] mprotect(0x7f17bbce4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5956] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5956] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17bbd03990, parent_tid=0x7f17bbd03990, exit_signal=0, stack=0x7f17bbce3000, stack_size=0x20300, tls=0x7f17bbd036c0}./strace-static-x86_64: Process 5958 attached [pid 5958] rseq(0x7f17bbd03fe0, 0x20, 0, 0x53053053 [pid 5956] <... clone3 resumed> => {parent_tid=[5958]}, 88) = 5958 [pid 5958] <... rseq resumed>) = 0 [pid 5958] set_robust_list(0x7f17bbd039a0, 24 [pid 5956] rt_sigprocmask(SIG_SETMASK, [], [pid 5958] <... set_robust_list resumed>) = 0 [pid 5956] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5958] rt_sigprocmask(SIG_SETMASK, [], [pid 5956] futex(0x7f17bbe1b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5958] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5956] <... futex resumed>) = 0 [pid 5958] memfd_create("syzkaller", 0 [pid 5956] futex(0x7f17bbe1b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5958] <... memfd_create resumed>) = 5 [pid 5958] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17b3800000 [pid 5958] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5958] munmap(0x7f17b3800000, 138412032) = 0 [pid 5958] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5958] close(5) = 0 [pid 5958] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5956] <... futex resumed>) = 0 [pid 5958] futex(0x7f17bbe1b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5956] futex(0x7f17bbe1b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5958] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5956] <... futex resumed>) = 0 [ 141.194378][ T5957] ERROR: (device loop0): dbAdjCtl: the maximum free buddy is not the old root [ 141.194378][ T5957] [ 141.205875][ T5957] ERROR: (device loop0): remounting filesystem as read-only [pid 5958] quotactl(QCMD(Q_SETINFO, USRQUOTA), NULL, NULL [pid 5956] futex(0x7f17bbe1b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5958] <... quotactl resumed>) = -1 ENODEV (No such device) [pid 5958] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5956] <... futex resumed>) = 0 [pid 5958] futex(0x7f17bbe1b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5957] <... write resumed>) = 15335424 [pid 5957] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5957] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5956] exit_group(0 [pid 5958] <... futex resumed>) = ? [pid 5956] <... exit_group resumed>) = ? [pid 5957] <... futex resumed>) = ? [pid 5957] +++ exited with 0 +++ [pid 5958] +++ exited with 0 +++ [pid 5956] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5956, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=48 /* 0.48 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./42", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555589734730 /* 4 entries */, 32768) = 112 umount2("./42/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./42/binderfs") = 0 umount2("./42/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./42/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./42/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558973c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558973c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./42/file0") = 0 getdents64(3, 0x555589734730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./42") = 0 mkdir("./43", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5959 attached , child_tidptr=0x555589733690) = 5959 [pid 5959] set_robust_list(0x5555897336a0, 24) = 0 [pid 5959] chdir("./43") = 0 [pid 5959] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5959] setpgid(0, 0) = 0 [pid 5959] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5959] write(3, "1000", 4) = 4 [pid 5959] close(3) = 0 [pid 5959] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5959] write(1, "executing program\n", 18executing program ) = 18 [pid 5959] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5959] rt_sigaction(SIGRT_1, {sa_handler=0x7f17bbd941f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f17bbd853a0}, NULL, 8) = 0 [pid 5959] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5959] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17bbd04000 [pid 5959] mprotect(0x7f17bbd05000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5959] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5959] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17bbd24990, parent_tid=0x7f17bbd24990, exit_signal=0, stack=0x7f17bbd04000, stack_size=0x20300, tls=0x7f17bbd246c0}./strace-static-x86_64: Process 5960 attached [pid 5960] rseq(0x7f17bbd24fe0, 0x20, 0, 0x53053053 [pid 5959] <... clone3 resumed> => {parent_tid=[5960]}, 88) = 5960 [pid 5960] <... rseq resumed>) = 0 [pid 5959] rt_sigprocmask(SIG_SETMASK, [], [pid 5960] set_robust_list(0x7f17bbd249a0, 24 [pid 5959] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5960] <... set_robust_list resumed>) = 0 [pid 5960] rt_sigprocmask(SIG_SETMASK, [], [pid 5959] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5960] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5959] <... futex resumed>) = 0 [pid 5960] memfd_create("syzkaller", 0 [pid 5959] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5960] <... memfd_create resumed>) = 3 [pid 5960] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17b3800000 [pid 5960] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5960] munmap(0x7f17b3800000, 138412032) = 0 [pid 5960] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5960] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5960] close(3) = 0 [pid 5960] close(4) = 0 [pid 5960] mkdir("./file0", 0777) = 0 [pid 5960] mount("/dev/loop0", "./file0", "jfs", MS_REC, "") = 0 [pid 5960] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5960] chdir("./file0") = 0 [pid 5960] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5960] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5959] <... futex resumed>) = 0 [pid 5960] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5959] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5960] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5959] <... futex resumed>) = 0 [pid 5959] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5960] creat("./file1", 004) = 4 [ 142.400350][ T5960] loop0: detected capacity change from 0 to 32768 [pid 5960] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5959] <... futex resumed>) = 0 [pid 5960] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5959] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5960] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 392007683 [pid 5959] <... futex resumed>) = 0 [pid 5959] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5959] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5959] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17bbce3000 [pid 5959] mprotect(0x7f17bbce4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5959] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5959] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17bbd03990, parent_tid=0x7f17bbd03990, exit_signal=0, stack=0x7f17bbce3000, stack_size=0x20300, tls=0x7f17bbd036c0}./strace-static-x86_64: Process 5961 attached [pid 5961] rseq(0x7f17bbd03fe0, 0x20, 0, 0x53053053 [pid 5959] <... clone3 resumed> => {parent_tid=[5961]}, 88) = 5961 [pid 5961] <... rseq resumed>) = 0 [pid 5959] rt_sigprocmask(SIG_SETMASK, [], [pid 5961] set_robust_list(0x7f17bbd039a0, 24 [pid 5959] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5961] <... set_robust_list resumed>) = 0 [pid 5961] rt_sigprocmask(SIG_SETMASK, [], [pid 5959] futex(0x7f17bbe1b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5961] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5961] memfd_create("syzkaller", 0 [pid 5959] <... futex resumed>) = 0 [pid 5959] futex(0x7f17bbe1b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5961] <... memfd_create resumed>) = 5 [pid 5961] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17b3800000 [pid 5961] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5961] munmap(0x7f17b3800000, 138412032) = 0 [pid 5961] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5961] close(5) = 0 [ 142.627986][ T5960] ERROR: (device loop0): dbAdjCtl: the maximum free buddy is not the old root [ 142.627986][ T5960] [ 142.639682][ T5960] ERROR: (device loop0): remounting filesystem as read-only [pid 5961] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5959] <... futex resumed>) = 0 [pid 5961] futex(0x7f17bbe1b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5959] futex(0x7f17bbe1b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5961] <... futex resumed>) = 0 [pid 5959] <... futex resumed>) = 1 [pid 5961] quotactl(QCMD(Q_SETINFO, USRQUOTA), NULL, NULL) = -1 ENODEV (No such device) [pid 5961] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5961] futex(0x7f17bbe1b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5959] futex(0x7f17bbe1b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5960] <... write resumed>) = 15335424 [pid 5960] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5959] exit_group(0 [pid 5960] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5961] <... futex resumed>) = ? [pid 5960] <... futex resumed>) = ? [pid 5959] <... exit_group resumed>) = ? [pid 5961] +++ exited with 0 +++ [pid 5960] +++ exited with 0 +++ [pid 5959] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5959, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=48 /* 0.48 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./43", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555589734730 /* 4 entries */, 32768) = 112 umount2("./43/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./43/binderfs") = 0 umount2("./43/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./43/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./43/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558973c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558973c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./43/file0") = 0 getdents64(3, 0x555589734730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./43") = 0 mkdir("./44", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5962 attached , child_tidptr=0x555589733690) = 5962 [pid 5962] set_robust_list(0x5555897336a0, 24) = 0 [pid 5962] chdir("./44") = 0 [pid 5962] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5962] setpgid(0, 0) = 0 [pid 5962] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5962] write(3, "1000", 4) = 4 [pid 5962] close(3) = 0 [pid 5962] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5962] write(1, "executing program\n", 18) = 18 [pid 5962] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5962] rt_sigaction(SIGRT_1, {sa_handler=0x7f17bbd941f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f17bbd853a0}, NULL, 8) = 0 [pid 5962] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5962] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17bbd04000 [pid 5962] mprotect(0x7f17bbd05000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5962] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5962] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17bbd24990, parent_tid=0x7f17bbd24990, exit_signal=0, stack=0x7f17bbd04000, stack_size=0x20300, tls=0x7f17bbd246c0}./strace-static-x86_64: Process 5963 attached [pid 5963] rseq(0x7f17bbd24fe0, 0x20, 0, 0x53053053 [pid 5962] <... clone3 resumed> => {parent_tid=[5963]}, 88) = 5963 [pid 5963] <... rseq resumed>) = 0 [pid 5963] set_robust_list(0x7f17bbd249a0, 24) = 0 [pid 5963] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5963] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5962] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5962] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5963] <... futex resumed>) = 0 [pid 5962] <... futex resumed>) = 1 [pid 5963] memfd_create("syzkaller", 0 [pid 5962] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5963] <... memfd_create resumed>) = 3 [pid 5963] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17b3800000 [pid 5963] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5963] munmap(0x7f17b3800000, 138412032) = 0 [pid 5963] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5963] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5963] close(3) = 0 [pid 5963] close(4) = 0 [pid 5963] mkdir("./file0", 0777) = 0 [pid 5963] mount("/dev/loop0", "./file0", "jfs", MS_REC, "") = 0 [pid 5963] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [ 143.935841][ T5963] loop0: detected capacity change from 0 to 32768 [pid 5963] chdir("./file0") = 0 [pid 5963] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5963] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5962] <... futex resumed>) = 0 [pid 5963] <... futex resumed>) = 1 [pid 5962] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5963] creat("./file1", 004 [pid 5962] <... futex resumed>) = 0 [pid 5963] <... creat resumed>) = 4 [pid 5962] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5963] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5962] <... futex resumed>) = 0 [pid 5963] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 392007683 [pid 5962] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5962] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5962] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5962] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17bbce3000 [pid 5962] mprotect(0x7f17bbce4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5962] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5962] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17bbd03990, parent_tid=0x7f17bbd03990, exit_signal=0, stack=0x7f17bbce3000, stack_size=0x20300, tls=0x7f17bbd036c0}./strace-static-x86_64: Process 5964 attached [pid 5964] rseq(0x7f17bbd03fe0, 0x20, 0, 0x53053053) = 0 [pid 5964] set_robust_list(0x7f17bbd039a0, 24 [pid 5962] <... clone3 resumed> => {parent_tid=[5964]}, 88) = 5964 [pid 5964] <... set_robust_list resumed>) = 0 [pid 5962] rt_sigprocmask(SIG_SETMASK, [], [pid 5964] rt_sigprocmask(SIG_SETMASK, [], [pid 5962] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5964] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5962] futex(0x7f17bbe1b6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5964] memfd_create("syzkaller", 0 [pid 5962] futex(0x7f17bbe1b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5964] <... memfd_create resumed>) = 5 [pid 5964] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17b3800000 [pid 5964] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5964] munmap(0x7f17b3800000, 138412032) = 0 [pid 5964] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 144.150277][ T5963] ERROR: (device loop0): dbAdjCtl: the maximum free buddy is not the old root [ 144.150277][ T5963] [ 144.162044][ T5963] ERROR: (device loop0): remounting filesystem as read-only [pid 5964] close(5) = 0 [pid 5964] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5962] <... futex resumed>) = 0 [pid 5964] futex(0x7f17bbe1b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5962] futex(0x7f17bbe1b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5964] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5962] <... futex resumed>) = 0 [pid 5962] futex(0x7f17bbe1b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5964] quotactl(QCMD(Q_SETINFO, USRQUOTA), NULL, NULL) = -1 ENODEV (No such device) [pid 5964] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5962] <... futex resumed>) = 0 [pid 5964] <... futex resumed>) = 1 [pid 5964] futex(0x7f17bbe1b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5963] <... write resumed>) = 15335424 [pid 5963] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5962] exit_group(0 [pid 5964] <... futex resumed>) = ? [pid 5962] <... exit_group resumed>) = ? [pid 5964] +++ exited with 0 +++ [pid 5963] <... futex resumed>) = ? [pid 5963] +++ exited with 0 +++ [pid 5962] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5962, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=48 /* 0.48 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./44", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555589734730 /* 4 entries */, 32768) = 112 umount2("./44/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./44/binderfs") = 0 umount2("./44/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./44/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./44/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558973c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558973c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./44/file0") = 0 getdents64(3, 0x555589734730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./44") = 0 mkdir("./45", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5965 attached , child_tidptr=0x555589733690) = 5965 [pid 5965] set_robust_list(0x5555897336a0, 24) = 0 [pid 5965] chdir("./45") = 0 [pid 5965] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5965] setpgid(0, 0) = 0 [pid 5965] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5965] write(3, "1000", 4) = 4 [pid 5965] close(3) = 0 [pid 5965] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5965] write(1, "executing program\n", 18) = 18 [pid 5965] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5965] rt_sigaction(SIGRT_1, {sa_handler=0x7f17bbd941f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f17bbd853a0}, NULL, 8) = 0 [pid 5965] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5965] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17bbd04000 [pid 5965] mprotect(0x7f17bbd05000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5965] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5965] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17bbd24990, parent_tid=0x7f17bbd24990, exit_signal=0, stack=0x7f17bbd04000, stack_size=0x20300, tls=0x7f17bbd246c0}./strace-static-x86_64: Process 5966 attached [pid 5966] rseq(0x7f17bbd24fe0, 0x20, 0, 0x53053053) = 0 [pid 5965] <... clone3 resumed> => {parent_tid=[5966]}, 88) = 5966 [pid 5966] set_robust_list(0x7f17bbd249a0, 24 [pid 5965] rt_sigprocmask(SIG_SETMASK, [], [pid 5966] <... set_robust_list resumed>) = 0 [pid 5965] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5966] rt_sigprocmask(SIG_SETMASK, [], [pid 5965] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5966] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5966] memfd_create("syzkaller", 0 [pid 5965] <... futex resumed>) = 0 [pid 5965] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5966] <... memfd_create resumed>) = 3 [pid 5966] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17b3800000 [pid 5966] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5966] munmap(0x7f17b3800000, 138412032) = 0 [pid 5966] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5966] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5966] close(3) = 0 [pid 5966] close(4) = 0 [pid 5966] mkdir("./file0", 0777) = 0 [pid 5966] mount("/dev/loop0", "./file0", "jfs", MS_REC, "") = 0 [pid 5966] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5966] chdir("./file0") = 0 [pid 5966] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 145.365216][ T5966] loop0: detected capacity change from 0 to 32768 [pid 5966] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5965] <... futex resumed>) = 0 [pid 5966] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5965] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5966] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5966] creat("./file1", 004 [pid 5965] <... futex resumed>) = 0 [pid 5965] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5966] <... creat resumed>) = 4 [pid 5966] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5965] <... futex resumed>) = 0 [pid 5966] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 392007683 [pid 5965] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5965] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5965] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5965] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17bbce3000 [pid 5965] mprotect(0x7f17bbce4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5965] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5965] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17bbd03990, parent_tid=0x7f17bbd03990, exit_signal=0, stack=0x7f17bbce3000, stack_size=0x20300, tls=0x7f17bbd036c0}./strace-static-x86_64: Process 5967 attached [pid 5967] rseq(0x7f17bbd03fe0, 0x20, 0, 0x53053053 [pid 5965] <... clone3 resumed> => {parent_tid=[5967]}, 88) = 5967 [pid 5967] <... rseq resumed>) = 0 [pid 5967] set_robust_list(0x7f17bbd039a0, 24 [pid 5965] rt_sigprocmask(SIG_SETMASK, [], [pid 5967] <... set_robust_list resumed>) = 0 [pid 5965] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5967] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5965] futex(0x7f17bbe1b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5967] memfd_create("syzkaller", 0 [pid 5965] <... futex resumed>) = 0 [pid 5965] futex(0x7f17bbe1b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5967] <... memfd_create resumed>) = 5 [pid 5967] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17b3800000 [pid 5967] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5967] munmap(0x7f17b3800000, 138412032) = 0 [pid 5967] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 145.591275][ T5966] ERROR: (device loop0): dbAdjCtl: the maximum free buddy is not the old root [ 145.591275][ T5966] [ 145.603704][ T5966] ERROR: (device loop0): remounting filesystem as read-only [pid 5967] close(5) = 0 [pid 5967] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5965] <... futex resumed>) = 0 [pid 5967] futex(0x7f17bbe1b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5965] futex(0x7f17bbe1b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5967] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5965] <... futex resumed>) = 0 [pid 5965] futex(0x7f17bbe1b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5967] quotactl(QCMD(Q_SETINFO, USRQUOTA), NULL, NULL) = -1 ENODEV (No such device) [pid 5967] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5965] <... futex resumed>) = 0 [pid 5967] <... futex resumed>) = 1 [pid 5967] futex(0x7f17bbe1b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5966] <... write resumed>) = 15335424 [pid 5966] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5965] exit_group(0 [pid 5966] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5965] <... exit_group resumed>) = ? [pid 5967] <... futex resumed>) = ? [pid 5966] <... futex resumed>) = ? [pid 5967] +++ exited with 0 +++ [pid 5966] +++ exited with 0 +++ [pid 5965] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5965, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=46 /* 0.46 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./45", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555589734730 /* 4 entries */, 32768) = 112 umount2("./45/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./45/binderfs") = 0 umount2("./45/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./45/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./45/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558973c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558973c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./45/file0") = 0 getdents64(3, 0x555589734730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./45") = 0 mkdir("./46", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5968 attached , child_tidptr=0x555589733690) = 5968 [pid 5968] set_robust_list(0x5555897336a0, 24) = 0 [pid 5968] chdir("./46") = 0 [pid 5968] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5968] setpgid(0, 0) = 0 [pid 5968] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5968] write(3, "1000", 4) = 4 [pid 5968] close(3) = 0 [pid 5968] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5968] write(1, "executing program\n", 18) = 18 [pid 5968] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5968] rt_sigaction(SIGRT_1, {sa_handler=0x7f17bbd941f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f17bbd853a0}, NULL, 8) = 0 [pid 5968] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5968] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17bbd04000 [pid 5968] mprotect(0x7f17bbd05000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5968] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5968] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17bbd24990, parent_tid=0x7f17bbd24990, exit_signal=0, stack=0x7f17bbd04000, stack_size=0x20300, tls=0x7f17bbd246c0}./strace-static-x86_64: Process 5969 attached [pid 5969] rseq(0x7f17bbd24fe0, 0x20, 0, 0x53053053) = 0 [pid 5969] set_robust_list(0x7f17bbd249a0, 24) = 0 [pid 5968] <... clone3 resumed> => {parent_tid=[5969]}, 88) = 5969 [pid 5969] rt_sigprocmask(SIG_SETMASK, [], [pid 5968] rt_sigprocmask(SIG_SETMASK, [], [pid 5969] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5968] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5969] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5968] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5969] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5968] <... futex resumed>) = 0 [pid 5969] memfd_create("syzkaller", 0 [pid 5968] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5969] <... memfd_create resumed>) = 3 [pid 5969] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17b3800000 [pid 5969] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5969] munmap(0x7f17b3800000, 138412032) = 0 [pid 5969] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5969] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5969] close(3) = 0 [pid 5969] close(4) = 0 [pid 5969] mkdir("./file0", 0777) = 0 [pid 5969] mount("/dev/loop0", "./file0", "jfs", MS_REC, "") = 0 [pid 5969] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5969] chdir("./file0") = 0 [pid 5969] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5969] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5968] <... futex resumed>) = 0 [pid 5969] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5968] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5968] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5969] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5969] creat("./file1", 004) = 4 [pid 5969] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5968] <... futex resumed>) = 0 [pid 5969] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 392007683 [pid 5968] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 146.877842][ T5969] loop0: detected capacity change from 0 to 32768 [pid 5968] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5968] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5968] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17bbce3000 [pid 5968] mprotect(0x7f17bbce4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5968] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5968] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17bbd03990, parent_tid=0x7f17bbd03990, exit_signal=0, stack=0x7f17bbce3000, stack_size=0x20300, tls=0x7f17bbd036c0}./strace-static-x86_64: Process 5970 attached [pid 5970] rseq(0x7f17bbd03fe0, 0x20, 0, 0x53053053) = 0 [pid 5968] <... clone3 resumed> => {parent_tid=[5970]}, 88) = 5970 [pid 5970] set_robust_list(0x7f17bbd039a0, 24 [pid 5968] rt_sigprocmask(SIG_SETMASK, [], [pid 5970] <... set_robust_list resumed>) = 0 [pid 5968] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5970] rt_sigprocmask(SIG_SETMASK, [], [pid 5968] futex(0x7f17bbe1b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5970] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5968] <... futex resumed>) = 0 [pid 5968] futex(0x7f17bbe1b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5970] memfd_create("syzkaller", 0) = 5 [pid 5970] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17b3800000 [ 147.068602][ T5969] ERROR: (device loop0): dbAdjCtl: the maximum free buddy is not the old root [ 147.068602][ T5969] [ 147.080194][ T5969] ERROR: (device loop0): remounting filesystem as read-only [pid 5970] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5970] munmap(0x7f17b3800000, 138412032) = 0 [pid 5970] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5970] close(5) = 0 [pid 5970] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5968] <... futex resumed>) = 0 [pid 5970] <... futex resumed>) = 1 [pid 5968] futex(0x7f17bbe1b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5970] quotactl(QCMD(Q_SETINFO, USRQUOTA), NULL, NULL [pid 5968] <... futex resumed>) = 0 [pid 5970] <... quotactl resumed>) = -1 ENODEV (No such device) [pid 5968] futex(0x7f17bbe1b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5970] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5968] <... futex resumed>) = 0 [pid 5970] <... futex resumed>) = 1 [pid 5970] futex(0x7f17bbe1b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5969] <... write resumed>) = 15335424 [pid 5969] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5969] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5968] exit_group(0) = ? [pid 5970] <... futex resumed>) = ? [pid 5969] <... futex resumed>) = ? [pid 5970] +++ exited with 0 +++ [pid 5969] +++ exited with 0 +++ [pid 5968] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5968, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=50 /* 0.50 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./46", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555589734730 /* 4 entries */, 32768) = 112 umount2("./46/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./46/binderfs") = 0 umount2("./46/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./46/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./46/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558973c770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558973c770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./46/file0") = 0 getdents64(3, 0x555589734730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./46") = 0 mkdir("./47", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5971 attached , child_tidptr=0x555589733690) = 5971 [pid 5971] set_robust_list(0x5555897336a0, 24) = 0 [pid 5971] chdir("./47") = 0 [pid 5971] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5971] setpgid(0, 0) = 0 [pid 5971] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5971] write(3, "1000", 4) = 4 [pid 5971] close(3) = 0 [pid 5971] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5971] write(1, "executing program\n", 18executing program ) = 18 [pid 5971] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5971] rt_sigaction(SIGRT_1, {sa_handler=0x7f17bbd941f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f17bbd853a0}, NULL, 8) = 0 [pid 5971] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5971] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17bbd04000 [pid 5971] mprotect(0x7f17bbd05000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5971] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5971] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17bbd24990, parent_tid=0x7f17bbd24990, exit_signal=0, stack=0x7f17bbd04000, stack_size=0x20300, tls=0x7f17bbd246c0}./strace-static-x86_64: Process 5972 attached [pid 5972] rseq(0x7f17bbd24fe0, 0x20, 0, 0x53053053 [pid 5971] <... clone3 resumed> => {parent_tid=[5972]}, 88) = 5972 [pid 5972] <... rseq resumed>) = 0 [pid 5972] set_robust_list(0x7f17bbd249a0, 24) = 0 [pid 5972] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5972] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5971] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5971] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5972] <... futex resumed>) = 0 [pid 5971] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5972] memfd_create("syzkaller", 0) = 3 [pid 5972] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17b3800000 [pid 5972] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5972] munmap(0x7f17b3800000, 138412032) = 0 [pid 5972] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5972] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5972] close(3) = 0 [pid 5972] close(4) = 0 [pid 5972] mkdir("./file0", 0777) = 0 [pid 5972] mount("/dev/loop0", "./file0", "jfs", MS_REC, "") = 0 [pid 5972] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5972] chdir("./file0") = 0 [pid 5972] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5972] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5972] futex(0x7f17bbe1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5971] <... futex resumed>) = 0 [pid 5971] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5971] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5972] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5972] creat("./file1", 004) = 4 [pid 5972] futex(0x7f17bbe1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5971] <... futex resumed>) = 0 [pid 5972] <... futex resumed>) = 1 [pid 5971] futex(0x7f17bbe1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5972] write(4, "\x74\x68\x72\x65\x61\x64\x65\x64\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 392007683 [pid 5971] <... futex resumed>) = 0 [ 148.338183][ T5972] loop0: detected capacity change from 0 to 32768 [pid 5971] futex(0x7f17bbe1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5971] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5971] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f17bbce3000 [pid 5971] mprotect(0x7f17bbce4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5971] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5971] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f17bbd03990, parent_tid=0x7f17bbd03990, exit_signal=0, stack=0x7f17bbce3000, stack_size=0x20300, tls=0x7f17bbd036c0}./strace-static-x86_64: Process 5973 attached [pid 5973] rseq(0x7f17bbd03fe0, 0x20, 0, 0x53053053 [pid 5971] <... clone3 resumed> => {parent_tid=[5973]}, 88) = 5973 [pid 5973] <... rseq resumed>) = 0 [pid 5973] set_robust_list(0x7f17bbd039a0, 24 [pid 5971] rt_sigprocmask(SIG_SETMASK, [], [pid 5973] <... set_robust_list resumed>) = 0 [pid 5971] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5973] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5971] futex(0x7f17bbe1b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5973] memfd_create("syzkaller", 0 [pid 5971] <... futex resumed>) = 0 [pid 5971] futex(0x7f17bbe1b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5973] <... memfd_create resumed>) = 5 [pid 5973] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f17b3800000 [pid 5973] write(5, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5973] munmap(0x7f17b3800000, 138412032) = 0 [pid 5973] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5973] close(5) = 0 [pid 5973] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5973] futex(0x7f17bbe1b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5971] <... futex resumed>) = 0 [pid 5971] futex(0x7f17bbe1b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5973] <... futex resumed>) = 0 [pid 5971] <... futex resumed>) = 1 [pid 5973] quotactl(QCMD(Q_SETINFO, USRQUOTA), NULL, NULL [pid 5971] futex(0x7f17bbe1b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5973] <... quotactl resumed>) = -1 ENODEV (No such device) [pid 5973] futex(0x7f17bbe1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5971] <... futex resumed>) = 0 [ 148.554911][ T5972] ERROR: (device loop0): dbAdjCtl: the maximum free buddy is not the old root [ 148.554911][ T5972] [ 148.571696][ T5972] ERROR: (device loop0): remounting filesystem as read-only [pid 5973] futex(0x7f17bbe1b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5971] exit_group(0 [pid 5973] <... futex resumed>) = ? [pid 5971] <... exit_group resumed>) = ? [pid 5973] +++ exited with 0 +++ [pid 5972] <... write resumed>) = ? [pid 5972] +++ exited with 0 +++ [pid 5971] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5971, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=50 /* 0.50 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./47", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555589734730 /* 4 entries */, 32768) = 112 umount2("./47/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./47/binderfs") = 0 [ 148.928849][ T5821] ------------[ cut here ]------------ [ 148.934543][ T5821] kernel BUG at fs/jfs/inode.c:169! [ 148.940437][ T5821] Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI [ 148.947427][ T5821] CPU: 0 UID: 0 PID: 5821 Comm: syz-executor248 Not tainted 6.14.0-rc6-syzkaller-00022-gb7f94fcf5546 #0 [ 148.958558][ T5821] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 148.968900][ T5821] RIP: 0010:jfs_evict_inode+0x434/0x440 [ 148.974576][ T5821] Code: df e8 10 fa d4 fe e9 1d fe ff ff e8 86 3b 70 fe 48 c7 c7 a0 29 f5 8e 4c 89 ee e8 b7 c2 d4 01 e9 92 fd ff ff e8 6d 3b 70 fe 90 <0f> 0b 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 [ 148.994207][ T5821] RSP: 0018:ffffc90003eff958 EFLAGS: 00010293 [ 149.000286][ T5821] RAX: ffffffff8351a343 RBX: ffff88807335aed0 RCX: ffff88807b340000 [ 149.008260][ T5821] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff88807335b248 [ 149.016227][ T5821] RBP: ffffc90003effad0 R08: ffffffff825c64b3 R09: 1ffffffff28a2f23 [ 149.024211][ T5821] R10: dffffc0000000000 R11: ffffffff83518070 R12: ffff88807335b248 [ 149.032206][ T5821] R13: ffff88807335b2c8 R14: dffffc0000000000 R15: ffff8880793af490 [ 149.040256][ T5821] FS: 00005555897333c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 [ 149.049201][ T5821] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 149.055783][ T5821] CR2: 000055558973c738 CR3: 00000000780ae000 CR4: 00000000003526f0 [ 149.063776][ T5821] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 149.071748][ T5821] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 149.079729][ T5821] Call Trace: [ 149.083092][ T5821] [ 149.086021][ T5821] ? __die_body+0x5f/0xb0 [ 149.090375][ T5821] ? die+0x9e/0xc0 [ 149.094121][ T5821] ? do_trap+0x15a/0x3a0 [ 149.098398][ T5821] ? jfs_evict_inode+0x434/0x440 [ 149.103357][ T5821] ? do_error_trap+0x1dc/0x2c0 [ 149.108141][ T5821] ? jfs_evict_inode+0x434/0x440 [ 149.113102][ T5821] ? __pfx_do_error_trap+0x10/0x10 [ 149.118234][ T5821] ? handle_invalid_op+0x34/0x40 [ 149.123185][ T5821] ? jfs_evict_inode+0x434/0x440 [ 149.128141][ T5821] ? exc_invalid_op+0x38/0x50 [ 149.132845][ T5821] ? asm_exc_invalid_op+0x1a/0x20 [ 149.137987][ T5821] ? __pfx_jfs_get_dquots+0x10/0x10 [ 149.143194][ T5821] ? dquot_drop+0x43/0x160 [ 149.147613][ T5821] ? jfs_evict_inode+0x433/0x440 [ 149.152567][ T5821] ? jfs_evict_inode+0x434/0x440 [ 149.157509][ T5821] ? jfs_evict_inode+0x433/0x440 [ 149.162536][ T5821] ? __pfx_jfs_evict_inode+0x10/0x10 [ 149.167823][ T5821] evict+0x4e8/0x9a0 [ 149.171735][ T5821] ? __pfx_evict+0x10/0x10 [ 149.176151][ T5821] ? do_raw_spin_unlock+0x13c/0x8b0 [ 149.181380][ T5821] ? list_lru_del_obj+0xa8/0x250 [ 149.186331][ T5821] evict_inodes+0x6f6/0x790 [ 149.190865][ T5821] ? __pfx_evict_inodes+0x10/0x10 [ 149.195921][ T5821] ? dput+0x37/0x2b0 [ 149.199822][ T5821] generic_shutdown_super+0xa0/0x2d0 [ 149.205122][ T5821] kill_block_super+0x44/0x90 [ 149.209810][ T5821] deactivate_locked_super+0xc4/0x130 [ 149.215188][ T5821] cleanup_mnt+0x41f/0x4b0 [ 149.219705][ T5821] ? lockdep_hardirqs_on+0x99/0x150 [ 149.224917][ T5821] task_work_run+0x24f/0x310 [ 149.229509][ T5821] ? __pfx_task_work_run+0x10/0x10 [ 149.234619][ T5821] ? path_umount+0x211/0xf80 [ 149.239218][ T5821] ptrace_notify+0x2d9/0x380 [ 149.243810][ T5821] ? __x64_sys_umount+0x123/0x170 [ 149.248866][ T5821] ? user_path_at+0x44/0x60 [ 149.253386][ T5821] ? __pfx_ptrace_notify+0x10/0x10 [ 149.258601][ T5821] ? kmem_cache_free+0x195/0x410 [ 149.263553][ T5821] ? __x64_sys_umount+0x123/0x170 [ 149.268592][ T5821] syscall_exit_work+0xc7/0x1d0 [ 149.273480][ T5821] syscall_exit_to_user_mode+0x24a/0x340 [ 149.279214][ T5821] do_syscall_64+0x100/0x230 [ 149.283819][ T5821] ? clear_bhb_loop+0x35/0x90 [ 149.288521][ T5821] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 149.294461][ T5821] RIP: 0033:0x7f17bbd6f037 [ 149.298924][ T5821] Code: 0a 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 b8 [ 149.318536][ T5821] RSP: 002b:00007ffe6b20a0b8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6 [ 149.326954][ T5821] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f17bbd6f037 [ 149.334981][ T5821] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe6b20a170 [ 149.342961][ T5821] RBP: 00007ffe6b20a170 R08: 0000000000000000 R09: 0000000000000000 [ 149.350965][ T5821] R10: 00000000ffffffff R11: 0000000000000206 R12: 00007ffe6b20b220 [ 149.359122][ T5821] R13: 0000555589734700 R14: 431bde82d7b634db R15: 00007ffe6b20b1c4 [ 149.367115][ T5821] [ 149.370154][ T5821] Modules linked in: [ 149.374268][ T5821] ---[ end trace 0000000000000000 ]--- [ 149.379874][ T5821] RIP: 0010:jfs_evict_inode+0x434/0x440 [ 149.385485][ T5821] Code: df e8 10 fa d4 fe e9 1d fe ff ff e8 86 3b 70 fe 48 c7 c7 a0 29 f5 8e 4c 89 ee e8 b7 c2 d4 01 e9 92 fd ff ff e8 6d 3b 70 fe 90 <0f> 0b 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 [ 149.405712][ T5821] RSP: 0018:ffffc90003eff958 EFLAGS: 00010293 [ 149.411878][ T5821] RAX: ffffffff8351a343 RBX: ffff88807335aed0 RCX: ffff88807b340000 [ 149.420021][ T5821] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff88807335b248 [ 149.428151][ T5821] RBP: ffffc90003effad0 R08: ffffffff825c64b3 R09: 1ffffffff28a2f23 [ 149.436137][ T5821] R10: dffffc0000000000 R11: ffffffff83518070 R12: ffff88807335b248 [ 149.444198][ T5821] R13: ffff88807335b2c8 R14: dffffc0000000000 R15: ffff8880793af490 [ 149.452342][ T5821] FS: 00005555897333c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 [ 149.461338][ T5821] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 149.468074][ T5821] CR2: 000055558973c738 CR3: 00000000780ae000 CR4: 00000000003526f0 [ 149.476234][ T5821] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 149.484338][ T5821] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 149.492532][ T5821] Kernel panic - not syncing: Fatal exception [ 149.498776][ T5821] Kernel Offset: disabled [ 149.503209][ T5821] Rebooting in 86400 seconds.. umount2("./47/file0", MNT_FORCE|UMOUNT_NOFOLLOW