./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor964510442 <...> Warning: Permanently added '10.128.0.29' (ED25519) to the list of known hosts. execve("./syz-executor964510442", ["./syz-executor964510442"], 0x7ffdd8f23960 /* 10 vars */) = 0 brk(NULL) = 0x55557b78d000 brk(0x55557b78dd00) = 0x55557b78dd00 arch_prctl(ARCH_SET_FS, 0x55557b78d380) = 0 set_tid_address(0x55557b78d650) = 5844 set_robust_list(0x55557b78d660, 24) = 0 rseq(0x55557b78dca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor964510442", 4096) = 27 getrandom("\xb9\xcc\x0a\xbc\x76\xff\x6c\x39", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55557b78dd00 brk(0x55557b7aed00) = 0x55557b7aed00 brk(0x55557b7af000) = 0x55557b7af000 mprotect(0x7f9b5a7e4000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5845 attached [pid 5845] set_robust_list(0x55557b78d660, 24 [pid 5844] <... clone resumed>, child_tidptr=0x55557b78d650) = 5845 [pid 5845] <... set_robust_list resumed>) = 0 [pid 5844] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5845] mkdir("./syzkaller.Rpj5Kw", 0700./strace-static-x86_64: Process 5846 attached ) = 0 [pid 5845] chmod("./syzkaller.Rpj5Kw", 0777 [pid 5844] <... clone resumed>, child_tidptr=0x55557b78d650) = 5846 [pid 5846] set_robust_list(0x55557b78d660, 24 [pid 5844] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5846] <... set_robust_list resumed>) = 0 [pid 5845] <... chmod resumed>) = 0 ./strace-static-x86_64: Process 5847 attached [pid 5845] chdir("./syzkaller.Rpj5Kw") = 0 [pid 5845] mkdir("./0", 0777 [pid 5846] mkdir("./syzkaller.TyjndZ", 0700 [pid 5844] <... clone resumed>, child_tidptr=0x55557b78d650) = 5847 [pid 5847] set_robust_list(0x55557b78d660, 24 [pid 5845] <... mkdir resumed>) = 0 [pid 5844] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5847] <... set_robust_list resumed>) = 0 [pid 5846] <... mkdir resumed>) = 0 [pid 5846] chmod("./syzkaller.TyjndZ", 0777 [pid 5847] mkdir("./syzkaller.CO3xd5", 0700 [pid 5846] <... chmod resumed>) = 0 [pid 5845] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5846] chdir("./syzkaller.TyjndZ" [pid 5845] <... openat resumed>) = 3 [pid 5846] <... chdir resumed>) = 0 [pid 5846] mkdir("./0", 0777 [pid 5847] <... mkdir resumed>) = 0 [pid 5847] chmod("./syzkaller.CO3xd5", 0777 [pid 5845] ioctl(3, LOOP_CLR_FD./strace-static-x86_64: Process 5848 attached [pid 5844] <... clone resumed>, child_tidptr=0x55557b78d650) = 5848 [pid 5847] <... chmod resumed>) = 0 [pid 5846] <... mkdir resumed>) = 0 [pid 5845] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5844] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5848] set_robust_list(0x55557b78d660, 24 [pid 5847] chdir("./syzkaller.CO3xd5" [pid 5846] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5845] close(3 [pid 5848] <... set_robust_list resumed>) = 0 ./strace-static-x86_64: Process 5849 attached [pid 5848] mkdir("./syzkaller.22uT5U", 0700 [pid 5847] <... chdir resumed>) = 0 [pid 5844] <... clone resumed>, child_tidptr=0x55557b78d650) = 5849 [pid 5849] set_robust_list(0x55557b78d660, 24 [pid 5846] <... openat resumed>) = 3 [pid 5849] <... set_robust_list resumed>) = 0 [pid 5845] <... close resumed>) = 0 [pid 5847] mkdir("./0", 0777 [pid 5848] <... mkdir resumed>) = 0 [pid 5846] ioctl(3, LOOP_CLR_FD [pid 5849] mkdir("./syzkaller.qE5DSB", 0700 [pid 5848] chmod("./syzkaller.22uT5U", 0777 [pid 5847] <... mkdir resumed>) = 0 [pid 5846] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5845] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5850 attached [pid 5848] <... chmod resumed>) = 0 [pid 5850] set_robust_list(0x55557b78d660, 24 [pid 5849] <... mkdir resumed>) = 0 [pid 5850] <... set_robust_list resumed>) = 0 [pid 5848] chdir("./syzkaller.22uT5U" [pid 5847] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5846] close(3 [pid 5845] <... clone resumed>, child_tidptr=0x55557b78d650) = 5850 [pid 5850] chdir("./0" [pid 5848] <... chdir resumed>) = 0 [pid 5846] <... close resumed>) = 0 [pid 5846] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5852 attached [pid 5850] <... chdir resumed>) = 0 [pid 5849] chmod("./syzkaller.qE5DSB", 0777 [pid 5848] mkdir("./0", 0777 [pid 5847] <... openat resumed>) = 3 [pid 5850] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5849] <... chmod resumed>) = 0 [pid 5848] <... mkdir resumed>) = 0 [pid 5847] ioctl(3, LOOP_CLR_FD [pid 5850] setpgid(0, 0 [pid 5852] set_robust_list(0x55557b78d660, 24 [pid 5847] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5850] <... setpgid resumed>) = 0 [pid 5849] chdir("./syzkaller.qE5DSB" [pid 5847] close(3 [pid 5852] <... set_robust_list resumed>) = 0 [pid 5850] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5849] <... chdir resumed>) = 0 [pid 5848] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5847] <... close resumed>) = 0 [pid 5846] <... clone resumed>, child_tidptr=0x55557b78d650) = 5852 [pid 5852] chdir("./0" [pid 5847] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5852] <... chdir resumed>) = 0 [pid 5852] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 ./strace-static-x86_64: Process 5853 attached [pid 5850] <... openat resumed>) = 3 [pid 5849] mkdir("./0", 0777 [pid 5848] <... openat resumed>) = 3 [pid 5853] set_robust_list(0x55557b78d660, 24) = 0 [pid 5853] chdir("./0") = 0 [pid 5853] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5853] setpgid(0, 0 [pid 5852] setpgid(0, 0 [pid 5853] <... setpgid resumed>) = 0 [pid 5852] <... setpgid resumed>) = 0 [pid 5853] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5852] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5853] <... openat resumed>) = 3 [pid 5852] <... openat resumed>) = 3 [pid 5850] write(3, "1000", 4 [pid 5849] <... mkdir resumed>) = 0 [pid 5853] write(3, "1000", 4) = 4 [pid 5853] close(3) = 0 [pid 5853] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5852] write(3, "1000", 4) = 4 [pid 5852] close(3) = 0 executing program [pid 5850] <... write resumed>) = 4 [pid 5853] write(1, "executing program\n", 18 [pid 5852] symlink("/dev/binderfs", "./binderfs"executing program executing program [pid 5853] <... write resumed>) = 18 [pid 5850] close(3 [pid 5849] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5848] ioctl(3, LOOP_CLR_FD [pid 5847] <... clone resumed>, child_tidptr=0x55557b78d650) = 5853 [pid 5850] <... close resumed>) = 0 [pid 5853] memfd_create("syzkaller", 0 [pid 5852] <... symlink resumed>) = 0 [pid 5850] symlink("/dev/binderfs", "./binderfs" [pid 5849] <... openat resumed>) = 3 [pid 5848] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5853] <... memfd_create resumed>) = 3 [pid 5852] write(1, "executing program\n", 18) = 18 [pid 5850] <... symlink resumed>) = 0 [pid 5848] close(3 [pid 5850] write(1, "executing program\n", 18 [pid 5849] ioctl(3, LOOP_CLR_FD [pid 5850] <... write resumed>) = 18 [pid 5853] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5852] memfd_create("syzkaller", 0 [pid 5850] memfd_create("syzkaller", 0 [pid 5848] <... close resumed>) = 0 [pid 5853] <... mmap resumed>) = 0x7f9b52200000 [pid 5852] <... memfd_create resumed>) = 3 [pid 5849] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5853] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5852] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5850] <... memfd_create resumed>) = 3 [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5852] <... mmap resumed>) = 0x7f9b52200000 [pid 5850] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5849] close(3./strace-static-x86_64: Process 5855 attached [pid 5850] <... mmap resumed>) = 0x7f9b52200000 [pid 5849] <... close resumed>) = 0 [pid 5848] <... clone resumed>, child_tidptr=0x55557b78d650) = 5855 [pid 5849] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5855] set_robust_list(0x55557b78d660, 24) = 0 [pid 5855] chdir("./0") = 0 ./strace-static-x86_64: Process 5856 attached [pid 5855] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5855] setpgid(0, 0) = 0 [pid 5856] set_robust_list(0x55557b78d660, 24 [pid 5855] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5856] <... set_robust_list resumed>) = 0 [pid 5855] <... openat resumed>) = 3 [pid 5856] chdir("./0" [pid 5855] write(3, "1000", 4 [pid 5852] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5856] <... chdir resumed>) = 0 [pid 5855] <... write resumed>) = 4 [pid 5856] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5855] close(3 [pid 5856] <... prctl resumed>) = 0 [pid 5855] <... close resumed>) = 0 [pid 5856] setpgid(0, 0 [pid 5855] symlink("/dev/binderfs", "./binderfs" [pid 5856] <... setpgid resumed>) = 0 [pid 5855] <... symlink resumed>) = 0 [pid 5853] <... write resumed>) = 524288 [pid 5849] <... clone resumed>, child_tidptr=0x55557b78d650) = 5856 [pid 5856] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program ) = 3 [pid 5855] write(1, "executing program\n", 18 [pid 5856] write(3, "1000", 4 [pid 5855] <... write resumed>) = 18 [pid 5856] <... write resumed>) = 4 [pid 5850] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5856] close(3 [pid 5855] memfd_create("syzkaller", 0 [pid 5856] <... close resumed>) = 0 [pid 5856] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5855] <... memfd_create resumed>) = 3 [pid 5855] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5853] munmap(0x7f9b52200000, 138412032 [pid 5855] <... mmap resumed>) = 0x7f9b52200000 [pid 5853] <... munmap resumed>) = 0 [pid 5856] write(1, "executing program\n", 18executing program [pid 5855] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5850] <... write resumed>) = 524288 [pid 5856] <... write resumed>) = 18 [pid 5852] <... write resumed>) = 524288 [pid 5853] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5856] memfd_create("syzkaller", 0 [pid 5853] ioctl(4, LOOP_SET_FD, 3 [pid 5852] munmap(0x7f9b52200000, 138412032) = 0 [pid 5850] munmap(0x7f9b52200000, 138412032 [pid 5852] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5852] ioctl(4, LOOP_SET_FD, 3 [pid 5850] <... munmap resumed>) = 0 [pid 5856] <... memfd_create resumed>) = 3 [pid 5856] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5850] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5856] <... mmap resumed>) = 0x7f9b52200000 [pid 5850] <... openat resumed>) = 4 [pid 5850] ioctl(4, LOOP_SET_FD, 3 [pid 5855] <... write resumed>) = 524288 [pid 5853] <... ioctl resumed>) = 0 [pid 5856] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5855] munmap(0x7f9b52200000, 138412032 [pid 5853] close(3 [pid 5852] <... ioctl resumed>) = 0 [pid 5850] <... ioctl resumed>) = 0 [pid 5855] <... munmap resumed>) = 0 [pid 5853] <... close resumed>) = 0 [pid 5852] close(3 [pid 5855] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5853] close(4 [pid 5850] close(3 [pid 5855] <... openat resumed>) = 4 [pid 5853] <... close resumed>) = 0 [pid 5852] <... close resumed>) = 0 [pid 5850] <... close resumed>) = 0 [pid 5856] <... write resumed>) = 524288 [pid 5855] ioctl(4, LOOP_SET_FD, 3 [pid 5853] mkdir("./file2", 0777 [pid 5850] close(4 [pid 5856] munmap(0x7f9b52200000, 138412032 [pid 5852] close(4) = 0 [pid 5852] mkdir("./file2", 0777 [pid 5850] <... close resumed>) = 0 [pid 5856] <... munmap resumed>) = 0 [pid 5853] <... mkdir resumed>) = 0 [pid 5852] <... mkdir resumed>) = 0 [pid 5850] mkdir("./file2", 0777 [pid 5852] mount("/dev/loop1", "./file2", "hfsplus", MS_NOEXEC|MS_SYNCHRONOUS|MS_REC|MS_POSIXACL, "\x64\x65\x63\x6f\x6d\x70\x6f\x73\x65\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x74\x79\x70\x65\x3d\xa7\x86\x88\x28\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x31\x30\x30\x30\x30\x31\x2c\x6e\x6c\x73\x3d\x63\x70\x38\x36\x36\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30"... [pid 5850] <... mkdir resumed>) = 0 [pid 5856] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [ 59.088465][ T5853] loop2: detected capacity change from 0 to 1024 [ 59.097012][ T5852] loop1: detected capacity change from 0 to 1024 [ 59.099357][ T5850] loop0: detected capacity change from 0 to 1024 [ 59.120827][ T5855] loop3: detected capacity change from 0 to 1024 [pid 5856] ioctl(4, LOOP_SET_FD, 3 [pid 5855] <... ioctl resumed>) = 0 [pid 5853] mount("/dev/loop2", "./file2", "hfsplus", MS_NOEXEC|MS_SYNCHRONOUS|MS_REC|MS_POSIXACL, "\x64\x65\x63\x6f\x6d\x70\x6f\x73\x65\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x74\x79\x70\x65\x3d\xa7\x86\x88\x28\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x31\x30\x30\x30\x30\x31\x2c\x6e\x6c\x73\x3d\x63\x70\x38\x36\x36\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30"... [pid 5850] mount("/dev/loop0", "./file2", "hfsplus", MS_NOEXEC|MS_SYNCHRONOUS|MS_REC|MS_POSIXACL, "\x64\x65\x63\x6f\x6d\x70\x6f\x73\x65\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x74\x79\x70\x65\x3d\xa7\x86\x88\x28\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x31\x30\x30\x30\x30\x31\x2c\x6e\x6c\x73\x3d\x63\x70\x38\x36\x36\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30"... [pid 5855] close(3) = 0 [pid 5855] close(4) = 0 [pid 5855] mkdir("./file2", 0777) = 0 [pid 5855] mount("/dev/loop3", "./file2", "hfsplus", MS_NOEXEC|MS_SYNCHRONOUS|MS_REC|MS_POSIXACL, "\x64\x65\x63\x6f\x6d\x70\x6f\x73\x65\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x74\x79\x70\x65\x3d\xa7\x86\x88\x28\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x31\x30\x30\x30\x30\x31\x2c\x6e\x6c\x73\x3d\x63\x70\x38\x36\x36\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30"... [pid 5856] <... ioctl resumed>) = 0 [pid 5853] <... mount resumed>) = 0 [pid 5852] <... mount resumed>) = 0 [pid 5850] <... mount resumed>) = 0 [pid 5853] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5852] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5853] <... openat resumed>) = 3 [pid 5852] <... openat resumed>) = 3 [pid 5856] close(3) = 0 [pid 5853] chdir("./file2" [pid 5855] <... mount resumed>) = 0 [pid 5853] <... chdir resumed>) = 0 [pid 5852] chdir("./file2" [pid 5850] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5853] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5855] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5852] <... chdir resumed>) = 0 [pid 5856] close(4) = 0 [pid 5856] mkdir("./file2", 0777) = 0 [pid 5855] <... openat resumed>) = 3 [pid 5853] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5852] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5850] <... openat resumed>) = 3 [ 59.135154][ T5856] loop4: detected capacity change from 0 to 1024 [pid 5855] chdir("./file2" [pid 5853] getpid( [pid 5852] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5850] chdir("./file2" [pid 5856] mount("/dev/loop4", "./file2", "hfsplus", MS_NOEXEC|MS_SYNCHRONOUS|MS_REC|MS_POSIXACL, "\x64\x65\x63\x6f\x6d\x70\x6f\x73\x65\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x74\x79\x70\x65\x3d\xa7\x86\x88\x28\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x31\x30\x30\x30\x30\x31\x2c\x6e\x6c\x73\x3d\x63\x70\x38\x36\x36\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30"... [pid 5852] getpid( [pid 5850] <... chdir resumed>) = 0 [pid 5855] <... chdir resumed>) = 0 [pid 5853] <... getpid resumed>) = 5853 [pid 5852] <... getpid resumed>) = 5852 [pid 5852] openat(AT_FDCWD, "/dev/loop0", O_RDONLY [pid 5853] openat(AT_FDCWD, "/dev/loop0", O_RDONLY [pid 5852] <... openat resumed>) = 4 [pid 5853] <... openat resumed>) = 4 [pid 5850] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5852] openat(AT_FDCWD, "cgroup.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5853] openat(AT_FDCWD, "cgroup.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5850] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5850] getpid( [pid 5855] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5850] <... getpid resumed>) = 5850 [pid 5855] getpid() = 5855 [pid 5850] openat(AT_FDCWD, "/dev/loop0", O_RDONLY [pid 5855] openat(AT_FDCWD, "/dev/loop0", O_RDONLY [pid 5850] <... openat resumed>) = 4 [pid 5855] <... openat resumed>) = 4 [pid 5850] openat(AT_FDCWD, "cgroup.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5855] openat(AT_FDCWD, "cgroup.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5853] <... openat resumed>) = 5 [pid 5850] <... openat resumed>) = 5 [pid 5853] ioctl(4, LOOP_CONFIGURE, {fd=5, block_size=0, info={lo_offset=0, lo_number=0, lo_flags=LO_FLAGS_AUTOCLEAR|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xfe\xe8\xa2\xab\x78\xfc\x17\x9f\xd1\xf8\xa0\xe9\x1d\xda\xac\xa7\xbd\x64\xc6\xa4\xb4\xe0\x0d\x96\x83\xdd\xa1\xaf\x1e\xa8\x9d\xe2\xb7\xfb\x0a\x01", ...}} [pid 5852] <... openat resumed>) = 5 [pid 5850] ioctl(4, LOOP_CONFIGURE, {fd=5, block_size=0, info={lo_offset=0, lo_number=0, lo_flags=LO_FLAGS_AUTOCLEAR|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xfe\xe8\xa2\xab\x78\xfc\x17\x9f\xd1\xf8\xa0\xe9\x1d\xda\xac\xa7\xbd\x64\xc6\xa4\xb4\xe0\x0d\x96\x83\xdd\xa1\xaf\x1e\xa8\x9d\xe2\xb7\xfb\x0a\x01", ...}} [pid 5855] <... openat resumed>) = 5 [pid 5853] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5852] ioctl(4, LOOP_CONFIGURE, {fd=5, block_size=0, info={lo_offset=0, lo_number=0, lo_flags=LO_FLAGS_AUTOCLEAR|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xfe\xe8\xa2\xab\x78\xfc\x17\x9f\xd1\xf8\xa0\xe9\x1d\xda\xac\xa7\xbd\x64\xc6\xa4\xb4\xe0\x0d\x96\x83\xdd\xa1\xaf\x1e\xa8\x9d\xe2\xb7\xfb\x0a\x01", ...}} [pid 5855] ioctl(4, LOOP_CONFIGURE, {fd=5, block_size=0, info={lo_offset=0, lo_number=0, lo_flags=LO_FLAGS_AUTOCLEAR|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xfe\xe8\xa2\xab\x78\xfc\x17\x9f\xd1\xf8\xa0\xe9\x1d\xda\xac\xa7\xbd\x64\xc6\xa4\xb4\xe0\x0d\x96\x83\xdd\xa1\xaf\x1e\xa8\x9d\xe2\xb7\xfb\x0a\x01", ...}} [pid 5853] ioctl(4, LOOP_SET_STATUS64, {lo_offset=0x5, lo_number=0, lo_flags=LO_FLAGS_USE_AOPS|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xeb\xbf\x52\x74\x8b\x0b\x2a\xff\x33\x0c\x21\x36\x7b\x06\x62\x4f\xde\x30\x88\x7f\xda\x17\x2e\xe2\x51\xca\x9d\xea\x03\xca\x09\x48\x80\x22\x55\x71\x64\x5c\xc0\x27\xcd\x4c\x7a\x81\x38\x8e\x08\xc0\xa4\xa8\x77\x31\x91\x41\x08\x48\xa8\x94\x10\xf3\x19\xbd\xe2"..., ...} [pid 5850] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5855] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5852] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5850] ioctl(4, LOOP_SET_STATUS64, {lo_offset=0x5, lo_number=0, lo_flags=LO_FLAGS_USE_AOPS|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xeb\xbf\x52\x74\x8b\x0b\x2a\xff\x33\x0c\x21\x36\x7b\x06\x62\x4f\xde\x30\x88\x7f\xda\x17\x2e\xe2\x51\xca\x9d\xea\x03\xca\x09\x48\x80\x22\x55\x71\x64\x5c\xc0\x27\xcd\x4c\x7a\x81\x38\x8e\x08\xc0\xa4\xa8\x77\x31\x91\x41\x08\x48\xa8\x94\x10\xf3\x19\xbd\xe2"..., ...} [pid 5855] ioctl(4, LOOP_SET_STATUS64, {lo_offset=0x5, lo_number=0, lo_flags=LO_FLAGS_USE_AOPS|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xeb\xbf\x52\x74\x8b\x0b\x2a\xff\x33\x0c\x21\x36\x7b\x06\x62\x4f\xde\x30\x88\x7f\xda\x17\x2e\xe2\x51\xca\x9d\xea\x03\xca\x09\x48\x80\x22\x55\x71\x64\x5c\xc0\x27\xcd\x4c\x7a\x81\x38\x8e\x08\xc0\xa4\xa8\x77\x31\x91\x41\x08\x48\xa8\x94\x10\xf3\x19\xbd\xe2"..., ...} [pid 5852] ioctl(4, LOOP_SET_STATUS64, {lo_offset=0x5, lo_number=0, lo_flags=LO_FLAGS_USE_AOPS|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xeb\xbf\x52\x74\x8b\x0b\x2a\xff\x33\x0c\x21\x36\x7b\x06\x62\x4f\xde\x30\x88\x7f\xda\x17\x2e\xe2\x51\xca\x9d\xea\x03\xca\x09\x48\x80\x22\x55\x71\x64\x5c\xc0\x27\xcd\x4c\x7a\x81\x38\x8e\x08\xc0\xa4\xa8\x77\x31\x91\x41\x08\x48\xa8\x94\x10\xf3\x19\xbd\xe2"..., ...} [pid 5856] <... mount resumed>) = 0 [pid 5856] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5856] chdir("./file2") = 0 [pid 5856] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5856] getpid() = 5856 [pid 5856] openat(AT_FDCWD, "/dev/loop0", O_RDONLY [pid 5850] <... ioctl resumed>) = 0 [pid 5850] exit_group(0) = ? [ 59.220215][ T5853] loop0: detected capacity change from 1024 to 3 [pid 5855] <... ioctl resumed>) = 0 [pid 5855] exit_group(0) = ? [pid 5852] <... ioctl resumed>) = 0 [pid 5856] <... openat resumed>) = 4 [pid 5856] openat(AT_FDCWD, "cgroup.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5852] exit_group(0) = ? [pid 5856] <... openat resumed>) = 5 [pid 5856] ioctl(4, LOOP_CONFIGURE, {fd=5, block_size=0, info={lo_offset=0, lo_number=0, lo_flags=LO_FLAGS_AUTOCLEAR|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xfe\xe8\xa2\xab\x78\xfc\x17\x9f\xd1\xf8\xa0\xe9\x1d\xda\xac\xa7\xbd\x64\xc6\xa4\xb4\xe0\x0d\x96\x83\xdd\xa1\xaf\x1e\xa8\x9d\xe2\xb7\xfb\x0a\x01", ...}} [pid 5855] +++ exited with 0 +++ [pid 5852] +++ exited with 0 +++ [pid 5850] +++ exited with 0 +++ [pid 5845] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5850, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5846] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5852, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5855, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5856] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5853] <... ioctl resumed>) = 0 [pid 5856] ioctl(4, LOOP_SET_STATUS64, {lo_offset=0x5, lo_number=0, lo_flags=LO_FLAGS_USE_AOPS|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xeb\xbf\x52\x74\x8b\x0b\x2a\xff\x33\x0c\x21\x36\x7b\x06\x62\x4f\xde\x30\x88\x7f\xda\x17\x2e\xe2\x51\xca\x9d\xea\x03\xca\x09\x48\x80\x22\x55\x71\x64\x5c\xc0\x27\xcd\x4c\x7a\x81\x38\x8e\x08\xc0\xa4\xa8\x77\x31\x91\x41\x08\x48\xa8\x94\x10\xf3\x19\xbd\xe2"..., ...} [pid 5848] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5846] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5845] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5853] exit_group(0 [pid 5848] <... openat resumed>) = 3 [pid 5846] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5853] <... exit_group resumed>) = ? [pid 5848] newfstatat(3, "", [pid 5846] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5845] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5853] +++ exited with 0 +++ [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5846] <... openat resumed>) = 3 [pid 5845] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5847] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5853, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5846] newfstatat(3, "", [pid 5847] restart_syscall(<... resuming interrupted clone ...> [pid 5846] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5845] <... openat resumed>) = 3 [pid 5846] getdents64(3, [pid 5845] newfstatat(3, "", [pid 5848] getdents64(3, [pid 5846] <... getdents64 resumed>0x55557b78e6f0 /* 4 entries */, 32768) = 112 [pid 5845] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] <... getdents64 resumed>0x55557b78e6f0 /* 4 entries */, 32768) = 112 [pid 5846] umount2("./0/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] umount2("./0/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5845] getdents64(3, [pid 5847] <... restart_syscall resumed>) = 0 [pid 5845] <... getdents64 resumed>0x55557b78e6f0 /* 4 entries */, 32768) = 112 [pid 5845] umount2("./0/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5847] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5847] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 59.333942][ T5853] Dev loop0: unable to read RDB block 3 [ 59.340127][ T5853] loop0: unable to read partition table [ 59.345918][ T5853] loop0: partition table beyond EOD, truncated [ 59.353442][ T5853] loop_reread_partitions: partition scan of loop0 (Rt *3 !6{bO0.Qʝ H"Uqd\'Lz8w1AH) failed (rc=-5) [pid 5847] newfstatat(3, "", [pid 5846] <... umount2 resumed>) = 0 [pid 5846] umount2("./0/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] <... umount2 resumed>) = 0 [pid 5847] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5846] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] umount2("./0/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5847] getdents64(3, [pid 5846] newfstatat(AT_FDCWD, "./0/file2", [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./0/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5846] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5847] <... getdents64 resumed>0x55557b78e6f0 /* 4 entries */, 32768) = 112 [pid 5846] umount2("./0/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5847] umount2("./0/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5846] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] umount2("./0/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5846] openat(AT_FDCWD, "./0/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./0/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5848] newfstatat(4, "", [pid 5846] <... openat resumed>) = 4 [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5856] <... ioctl resumed>) = 0 [pid 5847] <... umount2 resumed>) = 0 [pid 5846] newfstatat(4, "", [pid 5845] <... umount2 resumed>) = 0 [pid 5848] getdents64(4, [pid 5846] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5856] exit_group(0 [pid 5848] <... getdents64 resumed>0x55557b796730 /* 2 entries */, 32768) = 48 [pid 5846] getdents64(4, [pid 5845] umount2("./0/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5856] <... exit_group resumed>) = ? [pid 5848] getdents64(4, [pid 5847] umount2("./0/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5846] <... getdents64 resumed>0x55557b796730 /* 2 entries */, 32768) = 48 [pid 5845] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5856] +++ exited with 0 +++ [pid 5848] <... getdents64 resumed>0x55557b796730 /* 0 entries */, 32768) = 0 [pid 5847] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5846] getdents64(4, [pid 5845] newfstatat(AT_FDCWD, "./0/file2", [pid 5849] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5856, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5848] close(4 [pid 5847] newfstatat(AT_FDCWD, "./0/file2", [pid 5846] <... getdents64 resumed>0x55557b796730 /* 0 entries */, 32768) = 0 [pid 5845] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] restart_syscall(<... resuming interrupted clone ...> [pid 5848] <... close resumed>) = 0 [pid 5847] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5846] close(4 [pid 5848] rmdir("./0/file2" [pid 5847] umount2("./0/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5846] <... close resumed>) = 0 [pid 5845] umount2("./0/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] <... rmdir resumed>) = 0 [pid 5847] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5846] rmdir("./0/file2" [pid 5845] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5845] openat(AT_FDCWD, "./0/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5847] openat(AT_FDCWD, "./0/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5845] <... openat resumed>) = 4 [pid 5849] <... restart_syscall resumed>) = 0 [pid 5848] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5847] <... openat resumed>) = 4 [pid 5846] <... rmdir resumed>) = 0 [pid 5845] newfstatat(4, "", [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5847] newfstatat(4, "", [pid 5846] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5845] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] newfstatat(AT_FDCWD, "./0/binderfs", [pid 5847] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5845] getdents64(4, [pid 5849] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5847] getdents64(4, [pid 5846] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] unlink("./0/binderfs" [pid 5847] <... getdents64 resumed>0x55557b796730 /* 2 entries */, 32768) = 48 [pid 5846] newfstatat(AT_FDCWD, "./0/binderfs", [pid 5845] <... getdents64 resumed>0x55557b796730 /* 2 entries */, 32768) = 48 [pid 5849] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5848] <... unlink resumed>) = 0 [pid 5847] getdents64(4, [pid 5849] <... openat resumed>) = 3 [pid 5846] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] newfstatat(3, "", [pid 5847] <... getdents64 resumed>0x55557b796730 /* 0 entries */, 32768) = 0 [pid 5846] unlink("./0/binderfs" [pid 5845] getdents64(4, [pid 5848] getdents64(3, [pid 5847] close(4 [pid 5845] <... getdents64 resumed>0x55557b796730 /* 0 entries */, 32768) = 0 [pid 5849] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] <... getdents64 resumed>0x55557b78e6f0 /* 0 entries */, 32768) = 0 [pid 5847] <... close resumed>) = 0 [pid 5846] <... unlink resumed>) = 0 [pid 5845] close(4 [pid 5849] getdents64(3, [ 59.393297][ T11] kworker/u8:0: attempt to access beyond end of device [ 59.393297][ T11] loop0: rw=1, sector=206, nr_sectors = 8 limit=3 [ 59.410633][ T11] kworker/u8:0: attempt to access beyond end of device [ 59.410633][ T11] loop0: rw=2049, sector=198, nr_sectors = 16 limit=3 [pid 5848] close(3 [pid 5847] rmdir("./0/file2" [pid 5846] getdents64(3, [pid 5845] <... close resumed>) = 0 [pid 5849] <... getdents64 resumed>0x55557b78e6f0 /* 4 entries */, 32768) = 112 [pid 5848] <... close resumed>) = 0 [pid 5847] <... rmdir resumed>) = 0 [pid 5846] <... getdents64 resumed>0x55557b78e6f0 /* 0 entries */, 32768) = 0 [pid 5845] rmdir("./0/file2" [pid 5849] umount2("./0/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5846] close(3 [pid 5845] <... rmdir resumed>) = 0 [pid 5848] rmdir("./0") = 0 [pid 5847] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5846] <... close resumed>) = 0 [pid 5846] rmdir("./0" [pid 5845] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5847] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5845] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5847] newfstatat(AT_FDCWD, "./0/binderfs", [pid 5845] newfstatat(AT_FDCWD, "./0/binderfs", [pid 5848] mkdir("./1", 0777 [pid 5847] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5846] <... rmdir resumed>) = 0 [pid 5845] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] <... mkdir resumed>) = 0 [pid 5847] unlink("./0/binderfs" [pid 5845] unlink("./0/binderfs" [pid 5849] <... umount2 resumed>) = 0 [pid 5847] <... unlink resumed>) = 0 [pid 5845] <... unlink resumed>) = 0 [pid 5848] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5849] umount2("./0/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] <... openat resumed>) = 3 [pid 5847] getdents64(3, [pid 5846] mkdir("./1", 0777 [pid 5845] getdents64(3, [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] ioctl(3, LOOP_CLR_FD [pid 5847] <... getdents64 resumed>0x55557b78e6f0 /* 0 entries */, 32768) = 0 [pid 5846] <... mkdir resumed>) = 0 [pid 5845] <... getdents64 resumed>0x55557b78e6f0 /* 0 entries */, 32768) = 0 [pid 5849] newfstatat(AT_FDCWD, "./0/file2", [pid 5848] <... ioctl resumed>) = 0 [pid 5849] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] umount2("./0/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] close(3 [pid 5847] close(3 [pid 5845] close(3 [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] <... close resumed>) = 0 [pid 5846] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5847] <... close resumed>) = 0 [pid 5846] <... openat resumed>) = 3 [pid 5845] <... close resumed>) = 0 [pid 5847] rmdir("./0" [pid 5846] ioctl(3, LOOP_CLR_FD [pid 5845] rmdir("./0" [pid 5847] <... rmdir resumed>) = 0 [pid 5846] <... ioctl resumed>) = 0 [pid 5845] <... rmdir resumed>) = 0 [pid 5846] close(3 [pid 5845] mkdir("./1", 0777 [pid 5847] mkdir("./1", 0777 [pid 5846] <... close resumed>) = 0 [pid 5845] <... mkdir resumed>) = 0 [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5847] <... mkdir resumed>) = 0 [pid 5849] openat(AT_FDCWD, "./0/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5847] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5846] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5858 attached [pid 5849] <... openat resumed>) = 4 [pid 5847] <... openat resumed>) = 3 [pid 5847] ioctl(3, LOOP_CLR_FD) = 0 [pid 5845] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5847] close(3./strace-static-x86_64: Process 5859 attached [pid 5858] set_robust_list(0x55557b78d660, 24 [pid 5849] newfstatat(4, "", [pid 5847] <... close resumed>) = 0 [pid 5845] <... openat resumed>) = 3 [pid 5858] <... set_robust_list resumed>) = 0 [pid 5849] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5859] set_robust_list(0x55557b78d660, 24 [pid 5849] getdents64(4, [pid 5859] <... set_robust_list resumed>) = 0 [pid 5849] <... getdents64 resumed>0x55557b796730 /* 2 entries */, 32768) = 48 [pid 5848] <... clone resumed>, child_tidptr=0x55557b78d650) = 5858 [pid 5846] <... clone resumed>, child_tidptr=0x55557b78d650) = 5859 [pid 5845] ioctl(3, LOOP_CLR_FD [pid 5859] chdir("./1" [pid 5849] getdents64(4, [pid 5858] chdir("./1" [pid 5859] <... chdir resumed>) = 0 [pid 5845] <... ioctl resumed>) = 0 [pid 5859] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5849] <... getdents64 resumed>0x55557b796730 /* 0 entries */, 32768) = 0 [pid 5859] <... prctl resumed>) = 0 [pid 5858] <... chdir resumed>) = 0 [pid 5849] close(4 [pid 5859] setpgid(0, 0 [pid 5845] close(3 [pid 5859] <... setpgid resumed>) = 0 [pid 5849] <... close resumed>) = 0 [pid 5858] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5849] rmdir("./0/file2" [pid 5859] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5858] <... prctl resumed>) = 0 [pid 5849] <... rmdir resumed>) = 0 [pid 5845] <... close resumed>) = 0 [pid 5847] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5859] <... openat resumed>) = 3 [pid 5849] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5858] setpgid(0, 0 [pid 5859] write(3, "1000", 4 [pid 5858] <... setpgid resumed>) = 0 [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 5860 attached [pid 5859] <... write resumed>) = 4 [pid 5860] set_robust_list(0x55557b78d660, 24 [pid 5859] close(3 [pid 5858] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5849] newfstatat(AT_FDCWD, "./0/binderfs", [pid 5847] <... clone resumed>, child_tidptr=0x55557b78d650) = 5860 [pid 5860] <... set_robust_list resumed>) = 0 [pid 5859] <... close resumed>) = 0 [pid 5849] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5845] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5861 attached executing program [pid 5860] chdir("./1" [pid 5859] symlink("/dev/binderfs", "./binderfs" [pid 5858] <... openat resumed>) = 3 [pid 5849] unlink("./0/binderfs" [pid 5860] <... chdir resumed>) = 0 [pid 5859] <... symlink resumed>) = 0 [pid 5849] <... unlink resumed>) = 0 [pid 5845] <... clone resumed>, child_tidptr=0x55557b78d650) = 5861 [pid 5859] write(1, "executing program\n", 18 [pid 5860] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5859] <... write resumed>) = 18 [pid 5860] <... prctl resumed>) = 0 [pid 5849] getdents64(3, [pid 5858] write(3, "1000", 4 [pid 5861] set_robust_list(0x55557b78d660, 24 [pid 5860] setpgid(0, 0 [pid 5859] memfd_create("syzkaller", 0 [pid 5858] <... write resumed>) = 4 [pid 5849] <... getdents64 resumed>0x55557b78e6f0 /* 0 entries */, 32768) = 0 [pid 5860] <... setpgid resumed>) = 0 [pid 5858] close(3 [pid 5849] close(3 [pid 5861] <... set_robust_list resumed>) = 0 [pid 5859] <... memfd_create resumed>) = 3 [pid 5861] chdir("./1" [pid 5860] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5859] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5858] <... close resumed>) = 0 [pid 5849] <... close resumed>) = 0 [pid 5860] <... openat resumed>) = 3 [pid 5859] <... mmap resumed>) = 0x7f9b52200000 [pid 5858] symlink("/dev/binderfs", "./binderfs" [pid 5849] rmdir("./0" [pid 5861] <... chdir resumed>) = 0 [pid 5860] write(3, "1000", 4 [pid 5858] <... symlink resumed>) = 0 executing program [pid 5861] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5860] <... write resumed>) = 4 [pid 5858] write(1, "executing program\n", 18 [pid 5849] <... rmdir resumed>) = 0 [pid 5861] <... prctl resumed>) = 0 [pid 5860] close(3 [pid 5858] <... write resumed>) = 18 [pid 5849] mkdir("./1", 0777 [pid 5861] setpgid(0, 0 [pid 5860] <... close resumed>) = 0 [pid 5858] memfd_create("syzkaller", 0 [pid 5861] <... setpgid resumed>) = 0 [pid 5860] symlink("/dev/binderfs", "./binderfs" [pid 5858] <... memfd_create resumed>) = 3 [pid 5849] <... mkdir resumed>) = 0 [pid 5861] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5860] <... symlink resumed>) = 0 [pid 5858] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5849] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5861] <... openat resumed>) = 3 executing program [pid 5860] write(1, "executing program\n", 18 [pid 5858] <... mmap resumed>) = 0x7f9b52200000 [pid 5861] write(3, "1000", 4 [pid 5860] <... write resumed>) = 18 [pid 5849] <... openat resumed>) = 3 [pid 5860] memfd_create("syzkaller", 0 [pid 5849] ioctl(3, LOOP_CLR_FD [pid 5861] <... write resumed>) = 4 [pid 5849] <... ioctl resumed>) = 0 [pid 5861] close(3 [pid 5849] close(3 [pid 5861] <... close resumed>) = 0 [pid 5860] <... memfd_create resumed>) = 3 [pid 5859] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5849] <... close resumed>) = 0 [pid 5861] symlink("/dev/binderfs", "./binderfs" [pid 5860] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5861] <... symlink resumed>) = 0 [pid 5860] <... mmap resumed>) = 0x7f9b52200000 [pid 5859] <... write resumed>) = 524288 [pid 5858] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5861] write(1, "executing program\n", 18 [pid 5849] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program [pid 5861] <... write resumed>) = 18 [pid 5861] memfd_create("syzkaller", 0) = 3 [pid 5861] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b52200000 ./strace-static-x86_64: Process 5862 attached [pid 5860] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5849] <... clone resumed>, child_tidptr=0x55557b78d650) = 5862 [pid 5862] set_robust_list(0x55557b78d660, 24 [pid 5860] <... write resumed>) = 524288 [pid 5859] munmap(0x7f9b52200000, 138412032 [pid 5862] <... set_robust_list resumed>) = 0 [pid 5862] chdir("./1" [pid 5859] <... munmap resumed>) = 0 [pid 5858] <... write resumed>) = 524288 [pid 5859] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5859] ioctl(4, LOOP_SET_FD, 3 [pid 5862] <... chdir resumed>) = 0 [pid 5861] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5862] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5862] setpgid(0, 0 [pid 5861] <... write resumed>) = 524288 [pid 5858] munmap(0x7f9b52200000, 138412032 [pid 5862] <... setpgid resumed>) = 0 [pid 5860] munmap(0x7f9b52200000, 138412032 [pid 5859] <... ioctl resumed>) = 0 [pid 5862] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5858] <... munmap resumed>) = 0 [pid 5860] <... munmap resumed>) = 0 [pid 5859] close(3 [pid 5862] <... openat resumed>) = 3 [pid 5859] <... close resumed>) = 0 [pid 5858] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5860] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5862] write(3, "1000", 4 [pid 5859] close(4) = 0 [pid 5858] <... openat resumed>) = 4 [pid 5859] mkdir("./file2", 0777 [pid 5858] ioctl(4, LOOP_SET_FD, 3 [pid 5862] <... write resumed>) = 4 [pid 5860] <... openat resumed>) = 4 [pid 5859] <... mkdir resumed>) = 0 [pid 5862] close(3) = 0 [pid 5862] symlink("/dev/binderfs", "./binderfs" [pid 5861] munmap(0x7f9b52200000, 138412032 [pid 5862] <... symlink resumed>) = 0 [pid 5861] <... munmap resumed>) = 0 [pid 5860] ioctl(4, LOOP_SET_FD, 3 [pid 5862] write(1, "executing program\n", 18 [pid 5861] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5861] ioctl(4, LOOP_SET_FD, 3executing program [pid 5862] <... write resumed>) = 18 [pid 5860] <... ioctl resumed>) = 0 [pid 5859] mount("/dev/loop1", "./file2", "hfsplus", MS_NOEXEC|MS_SYNCHRONOUS|MS_REC|MS_POSIXACL, "\x64\x65\x63\x6f\x6d\x70\x6f\x73\x65\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x74\x79\x70\x65\x3d\xa7\x86\x88\x28\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x31\x30\x30\x30\x30\x31\x2c\x6e\x6c\x73\x3d\x63\x70\x38\x36\x36\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30"... [pid 5858] <... ioctl resumed>) = 0 [pid 5862] memfd_create("syzkaller", 0 [pid 5861] <... ioctl resumed>) = 0 [pid 5860] close(3 [pid 5859] <... mount resumed>) = 0 [pid 5858] close(3 [pid 5862] <... memfd_create resumed>) = 3 [pid 5861] close(3 [pid 5860] <... close resumed>) = 0 [pid 5859] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5858] <... close resumed>) = 0 [pid 5862] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5861] <... close resumed>) = 0 [pid 5860] close(4 [pid 5859] <... openat resumed>) = 3 [pid 5858] close(4 [pid 5862] <... mmap resumed>) = 0x7f9b52200000 [pid 5861] close(4 [pid 5860] <... close resumed>) = 0 [pid 5859] chdir("./file2" [pid 5858] <... close resumed>) = 0 [pid 5862] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5860] mkdir("./file2", 0777 [pid 5859] <... chdir resumed>) = 0 [pid 5858] mkdir("./file2", 0777) = 0 [pid 5859] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5858] mount("/dev/loop3", "./file2", "hfsplus", MS_NOEXEC|MS_SYNCHRONOUS|MS_REC|MS_POSIXACL, "\x64\x65\x63\x6f\x6d\x70\x6f\x73\x65\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x74\x79\x70\x65\x3d\xa7\x86\x88\x28\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x31\x30\x30\x30\x30\x31\x2c\x6e\x6c\x73\x3d\x63\x70\x38\x36\x36\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30"... [pid 5861] <... close resumed>) = 0 [pid 5861] mkdir("./file2", 0777 [pid 5860] <... mkdir resumed>) = 0 [pid 5859] getpid( [pid 5861] <... mkdir resumed>) = 0 [pid 5859] <... getpid resumed>) = 5859 [pid 5859] openat(AT_FDCWD, "/dev/loop0", O_RDONLY) = 4 [pid 5859] openat(AT_FDCWD, "cgroup.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5861] mount("/dev/loop0", "./file2", "hfsplus", MS_NOEXEC|MS_SYNCHRONOUS|MS_REC|MS_POSIXACL, "\x64\x65\x63\x6f\x6d\x70\x6f\x73\x65\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x74\x79\x70\x65\x3d\xa7\x86\x88\x28\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x31\x30\x30\x30\x30\x31\x2c\x6e\x6c\x73\x3d\x63\x70\x38\x36\x36\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30"... [pid 5860] mount("/dev/loop2", "./file2", "hfsplus", MS_NOEXEC|MS_SYNCHRONOUS|MS_REC|MS_POSIXACL, "\x64\x65\x63\x6f\x6d\x70\x6f\x73\x65\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x74\x79\x70\x65\x3d\xa7\x86\x88\x28\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x31\x30\x30\x30\x30\x31\x2c\x6e\x6c\x73\x3d\x63\x70\x38\x36\x36\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30"... [pid 5859] <... openat resumed>) = 5 [pid 5859] ioctl(4, LOOP_CONFIGURE, {fd=5, block_size=0, info={lo_offset=0, lo_number=0, lo_flags=LO_FLAGS_AUTOCLEAR|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xfe\xe8\xa2\xab\x78\xfc\x17\x9f\xd1\xf8\xa0\xe9\x1d\xda\xac\xa7\xbd\x64\xc6\xa4\xb4\xe0\x0d\x96\x83\xdd\xa1\xaf\x1e\xa8\x9d\xe2\xb7\xfb\x0a\x01", ...}}) = -1 EBUSY (Device or resource busy) [ 59.641005][ T5859] loop1: detected capacity change from 0 to 1024 [ 59.656408][ T5858] loop3: detected capacity change from 0 to 1024 [ 59.665468][ T5860] loop2: detected capacity change from 0 to 1024 [ 59.666536][ T5861] loop0: detected capacity change from 0 to 1024 [pid 5859] ioctl(4, LOOP_SET_STATUS64, {lo_offset=0x5, lo_number=0, lo_flags=LO_FLAGS_USE_AOPS|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xeb\xbf\x52\x74\x8b\x0b\x2a\xff\x33\x0c\x21\x36\x7b\x06\x62\x4f\xde\x30\x88\x7f\xda\x17\x2e\xe2\x51\xca\x9d\xea\x03\xca\x09\x48\x80\x22\x55\x71\x64\x5c\xc0\x27\xcd\x4c\x7a\x81\x38\x8e\x08\xc0\xa4\xa8\x77\x31\x91\x41\x08\x48\xa8\x94\x10\xf3\x19\xbd\xe2"..., ...} [pid 5862] <... write resumed>) = 524288 [pid 5860] <... mount resumed>) = 0 [pid 5858] <... mount resumed>) = 0 [pid 5860] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5862] munmap(0x7f9b52200000, 138412032 [pid 5860] <... openat resumed>) = 3 [pid 5858] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5860] chdir("./file2") = 0 [pid 5858] <... openat resumed>) = 3 [pid 5862] <... munmap resumed>) = 0 [pid 5860] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5858] chdir("./file2") = 0 [pid 5860] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5860] getpid( [pid 5862] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5858] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5862] <... openat resumed>) = 4 [pid 5860] <... getpid resumed>) = 5860 [pid 5858] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5860] openat(AT_FDCWD, "/dev/loop0", O_RDONLY [pid 5858] getpid( [pid 5862] ioctl(4, LOOP_SET_FD, 3 [pid 5858] <... getpid resumed>) = 5858 [pid 5858] openat(AT_FDCWD, "/dev/loop0", O_RDONLY [pid 5862] <... ioctl resumed>) = 0 [pid 5860] <... openat resumed>) = 4 [pid 5858] <... openat resumed>) = 4 [pid 5860] openat(AT_FDCWD, "cgroup.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [ 59.737659][ T5862] loop4: detected capacity change from 0 to 1024 [ 59.745411][ T5859] loop0: detected capacity change from 1024 to 3 [ 59.752351][ T5861] syz-executor964: attempt to access beyond end of device [ 59.752351][ T5861] loop0: rw=0, sector=208, nr_sectors = 2 limit=3 [ 59.770828][ T5859] Dev loop0: unable to read RDB block 3 [ 59.776453][ T5859] loop0: unable to read partition table [pid 5858] openat(AT_FDCWD, "cgroup.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5862] close(3) = 0 [pid 5860] <... openat resumed>) = 5 [pid 5858] <... openat resumed>) = 5 [ 59.781916][ T5861] Buffer I/O error on dev loop0, logical block 104, async page read [ 59.783624][ T5859] loop0: partition table beyond EOD, truncated [ 59.792239][ T5861] syz-executor964: attempt to access beyond end of device [ 59.792239][ T5861] loop0: rw=0, sector=210, nr_sectors = 2 limit=3 [ 59.799863][ T5859] loop_reread_partitions: partition scan of loop0 (Rt *3 !6{bO0.Qʝ H"Uqd\'Lz8w1AH) failed (rc=-5) [ 59.811471][ T5861] Buffer I/O error on dev loop0, logical block 105, async page read [pid 5862] close(4 [pid 5860] ioctl(4, LOOP_CONFIGURE, {fd=5, block_size=0, info={lo_offset=0, lo_number=0, lo_flags=LO_FLAGS_AUTOCLEAR|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xfe\xe8\xa2\xab\x78\xfc\x17\x9f\xd1\xf8\xa0\xe9\x1d\xda\xac\xa7\xbd\x64\xc6\xa4\xb4\xe0\x0d\x96\x83\xdd\xa1\xaf\x1e\xa8\x9d\xe2\xb7\xfb\x0a\x01", ...}} [pid 5859] <... ioctl resumed>) = 0 [pid 5858] ioctl(4, LOOP_CONFIGURE, {fd=5, block_size=0, info={lo_offset=0, lo_number=0, lo_flags=LO_FLAGS_AUTOCLEAR|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xfe\xe8\xa2\xab\x78\xfc\x17\x9f\xd1\xf8\xa0\xe9\x1d\xda\xac\xa7\xbd\x64\xc6\xa4\xb4\xe0\x0d\x96\x83\xdd\xa1\xaf\x1e\xa8\x9d\xe2\xb7\xfb\x0a\x01", ...}} [pid 5862] <... close resumed>) = 0 [pid 5860] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5859] exit_group(0 [pid 5858] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5862] mkdir("./file2", 0777 [pid 5860] ioctl(4, LOOP_SET_STATUS64, {lo_offset=0x5, lo_number=0, lo_flags=LO_FLAGS_USE_AOPS|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xeb\xbf\x52\x74\x8b\x0b\x2a\xff\x33\x0c\x21\x36\x7b\x06\x62\x4f\xde\x30\x88\x7f\xda\x17\x2e\xe2\x51\xca\x9d\xea\x03\xca\x09\x48\x80\x22\x55\x71\x64\x5c\xc0\x27\xcd\x4c\x7a\x81\x38\x8e\x08\xc0\xa4\xa8\x77\x31\x91\x41\x08\x48\xa8\x94\x10\xf3\x19\xbd\xe2"..., ...} [pid 5859] <... exit_group resumed>) = ? [pid 5858] ioctl(4, LOOP_SET_STATUS64, {lo_offset=0x5, lo_number=0, lo_flags=LO_FLAGS_USE_AOPS|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xeb\xbf\x52\x74\x8b\x0b\x2a\xff\x33\x0c\x21\x36\x7b\x06\x62\x4f\xde\x30\x88\x7f\xda\x17\x2e\xe2\x51\xca\x9d\xea\x03\xca\x09\x48\x80\x22\x55\x71\x64\x5c\xc0\x27\xcd\x4c\x7a\x81\x38\x8e\x08\xc0\xa4\xa8\x77\x31\x91\x41\x08\x48\xa8\x94\x10\xf3\x19\xbd\xe2"..., ...} [pid 5862] <... mkdir resumed>) = 0 [pid 5862] mount("/dev/loop4", "./file2", "hfsplus", MS_NOEXEC|MS_SYNCHRONOUS|MS_REC|MS_POSIXACL, "\x64\x65\x63\x6f\x6d\x70\x6f\x73\x65\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x74\x79\x70\x65\x3d\xa7\x86\x88\x28\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x31\x30\x30\x30\x30\x31\x2c\x6e\x6c\x73\x3d\x63\x70\x38\x36\x36\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30"... [pid 5859] +++ exited with 0 +++ [pid 5846] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5859, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5846] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5846] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5846] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5846] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5846] getdents64(3, 0x55557b78e6f0 /* 4 entries */, 32768) = 112 [pid 5862] <... mount resumed>) = 0 [pid 5846] umount2("./1/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5860] <... ioctl resumed>) = 0 [pid 5862] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5860] exit_group(0) = ? [pid 5862] <... openat resumed>) = 3 [pid 5860] +++ exited with 0 +++ [pid 5862] chdir("./file2" [pid 5847] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5860, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5847] restart_syscall(<... resuming interrupted clone ...> [pid 5862] <... chdir resumed>) = 0 [pid 5862] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5862] getpid() = 5862 [pid 5847] <... restart_syscall resumed>) = 0 [pid 5862] openat(AT_FDCWD, "/dev/loop0", O_RDONLY [pid 5847] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5846] <... umount2 resumed>) = 0 [pid 5847] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5846] umount2("./1/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5847] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5846] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5847] <... openat resumed>) = 3 [pid 5846] newfstatat(AT_FDCWD, "./1/file2", [pid 5847] newfstatat(3, "", [pid 5846] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5847] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5846] umount2("./1/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5847] getdents64(3, [pid 5846] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5847] <... getdents64 resumed>0x55557b78e6f0 /* 4 entries */, 32768) = 112 [pid 5846] openat(AT_FDCWD, "./1/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5847] umount2("./1/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5846] <... openat resumed>) = 4 [pid 5846] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5846] getdents64(4, 0x55557b796730 /* 2 entries */, 32768) = 48 [pid 5846] getdents64(4, 0x55557b796730 /* 0 entries */, 32768) = 0 [pid 5846] close(4) = 0 [pid 5846] rmdir("./1/file2" [pid 5847] <... umount2 resumed>) = 0 [pid 5846] <... rmdir resumed>) = 0 [pid 5847] umount2("./1/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5846] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5847] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5846] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5846] newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5847] newfstatat(AT_FDCWD, "./1/file2", [pid 5846] unlink("./1/binderfs" [pid 5847] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5846] <... unlink resumed>) = 0 [pid 5847] umount2("./1/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5846] getdents64(3, [pid 5847] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5846] <... getdents64 resumed>0x55557b78e6f0 /* 0 entries */, 32768) = 0 [pid 5847] openat(AT_FDCWD, "./1/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5846] close(3 [pid 5847] <... openat resumed>) = 4 [pid 5846] <... close resumed>) = 0 [pid 5847] newfstatat(4, "", [pid 5846] rmdir("./1" [pid 5847] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 59.837420][ T5861] syz-executor964: attempt to access beyond end of device [ 59.837420][ T5861] loop0: rw=0, sector=212, nr_sectors = 2 limit=3 [ 59.853380][ T5861] Buffer I/O error on dev loop0, logical block 106, async page read [pid 5846] <... rmdir resumed>) = 0 [pid 5847] getdents64(4, [pid 5846] mkdir("./2", 0777 [pid 5847] <... getdents64 resumed>0x55557b796730 /* 2 entries */, 32768) = 48 [pid 5847] getdents64(4, 0x55557b796730 /* 0 entries */, 32768) = 0 [pid 5847] close(4 [pid 5862] <... openat resumed>) = 4 [pid 5858] <... ioctl resumed>) = 0 [pid 5847] <... close resumed>) = 0 [pid 5847] rmdir("./1/file2" [pid 5862] openat(AT_FDCWD, "cgroup.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5858] exit_group(0 [pid 5847] <... rmdir resumed>) = 0 [pid 5846] <... mkdir resumed>) = 0 [pid 5858] <... exit_group resumed>) = ? [pid 5847] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5862] <... openat resumed>) = 5 [pid 5861] <... mount resumed>) = -1 EIO (Input/output error) [pid 5858] +++ exited with 0 +++ [pid 5847] newfstatat(AT_FDCWD, "./1/binderfs", [pid 5846] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5862] ioctl(4, LOOP_CONFIGURE, {fd=5, block_size=0, info={lo_offset=0, lo_number=0, lo_flags=LO_FLAGS_AUTOCLEAR|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xfe\xe8\xa2\xab\x78\xfc\x17\x9f\xd1\xf8\xa0\xe9\x1d\xda\xac\xa7\xbd\x64\xc6\xa4\xb4\xe0\x0d\x96\x83\xdd\xa1\xaf\x1e\xa8\x9d\xe2\xb7\xfb\x0a\x01", ...}}) = -1 EBUSY (Device or resource busy) [pid 5861] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5858, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5847] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5846] <... openat resumed>) = 3 [pid 5862] ioctl(4, LOOP_SET_STATUS64, {lo_offset=0x5, lo_number=0, lo_flags=LO_FLAGS_USE_AOPS|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xeb\xbf\x52\x74\x8b\x0b\x2a\xff\x33\x0c\x21\x36\x7b\x06\x62\x4f\xde\x30\x88\x7f\xda\x17\x2e\xe2\x51\xca\x9d\xea\x03\xca\x09\x48\x80\x22\x55\x71\x64\x5c\xc0\x27\xcd\x4c\x7a\x81\x38\x8e\x08\xc0\xa4\xa8\x77\x31\x91\x41\x08\x48\xa8\x94\x10\xf3\x19\xbd\xe2"..., ...} [pid 5861] <... openat resumed>) = 3 [pid 5848] restart_syscall(<... resuming interrupted clone ...> [pid 5847] unlink("./1/binderfs" [pid 5846] ioctl(3, LOOP_CLR_FD [pid 5861] ioctl(3, LOOP_CLR_FD [pid 5848] <... restart_syscall resumed>) = 0 [pid 5847] <... unlink resumed>) = 0 [pid 5846] <... ioctl resumed>) = 0 [pid 5846] close(3 [pid 5847] getdents64(3, [pid 5846] <... close resumed>) = 0 [pid 5848] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5847] <... getdents64 resumed>0x55557b78e6f0 /* 0 entries */, 32768) = 0 [pid 5846] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 5863 attached [pid 5848] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5847] close(3 [pid 5846] <... clone resumed>, child_tidptr=0x55557b78d650) = 5863 [pid 5863] set_robust_list(0x55557b78d660, 24 [pid 5848] <... openat resumed>) = 3 [pid 5847] <... close resumed>) = 0 [pid 5863] <... set_robust_list resumed>) = 0 [pid 5848] newfstatat(3, "", [pid 5863] chdir("./2" [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5847] rmdir("./1" [pid 5848] getdents64(3, 0x55557b78e6f0 /* 4 entries */, 32768) = 112 [pid 5863] <... chdir resumed>) = 0 [pid 5848] umount2("./1/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5847] <... rmdir resumed>) = 0 [pid 5863] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5848] <... umount2 resumed>) = 0 [pid 5847] mkdir("./2", 0777 [pid 5848] umount2("./1/file2", MNT_FORCE|UMOUNT_NOFOLLOW [ 59.893932][ T5861] hfsplus: failed to load root directory [pid 5863] setpgid(0, 0executing program [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5847] <... mkdir resumed>) = 0 [pid 5848] newfstatat(AT_FDCWD, "./1/file2", [pid 5863] <... setpgid resumed>) = 0 [pid 5863] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5863] write(3, "1000", 4) = 4 [pid 5863] close(3) = 0 [pid 5863] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5863] write(1, "executing program\n", 18) = 18 [pid 5863] memfd_create("syzkaller", 0 [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] umount2("./1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5863] <... memfd_create resumed>) = 3 [pid 5848] openat(AT_FDCWD, "./1/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5847] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5863] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5862] <... ioctl resumed>) = 0 [pid 5848] <... openat resumed>) = 4 [pid 5847] <... openat resumed>) = 3 [pid 5863] <... mmap resumed>) = 0x7f9b52200000 [pid 5861] <... ioctl resumed>) = 0 [pid 5848] newfstatat(4, "", [pid 5861] close(3) = 0 [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5847] ioctl(3, LOOP_CLR_FD [pid 5848] getdents64(4, [pid 5861] getpid( [pid 5862] exit_group(0 [pid 5861] <... getpid resumed>) = 5861 [pid 5848] <... getdents64 resumed>0x55557b796730 /* 2 entries */, 32768) = 48 [pid 5861] openat(AT_FDCWD, "/dev/loop0", O_RDONLY [pid 5848] getdents64(4, [pid 5862] <... exit_group resumed>) = ? [pid 5848] <... getdents64 resumed>0x55557b796730 /* 0 entries */, 32768) = 0 [pid 5847] <... ioctl resumed>) = 0 [pid 5863] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5847] close(3 [pid 5848] close(4 [pid 5847] <... close resumed>) = 0 [pid 5848] <... close resumed>) = 0 [pid 5848] rmdir("./1/file2" [pid 5847] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5848] <... rmdir resumed>) = 0 [pid 5863] <... write resumed>) = 524288 ./strace-static-x86_64: Process 5864 attached [pid 5862] +++ exited with 0 +++ [pid 5861] <... openat resumed>) = 3 [pid 5848] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5847] <... clone resumed>, child_tidptr=0x55557b78d650) = 5864 [pid 5863] munmap(0x7f9b52200000, 138412032) = 0 [pid 5864] set_robust_list(0x55557b78d660, 24 [pid 5861] openat(AT_FDCWD, "cgroup.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5849] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5862, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5864] <... set_robust_list resumed>) = 0 [pid 5863] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5861] <... openat resumed>) = 4 [pid 5848] newfstatat(AT_FDCWD, "./1/binderfs", [pid 5864] chdir("./2" [pid 5863] <... openat resumed>) = 4 [pid 5848] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 59.967367][ T5220] Dev loop0: unable to read RDB block 3 [ 59.973759][ T5220] loop0: unable to read partition table [ 59.982572][ T5220] loop0: partition table beyond EOD, truncated [pid 5863] ioctl(4, LOOP_SET_FD, 3 [pid 5848] unlink("./1/binderfs" [pid 5864] <... chdir resumed>) = 0 [pid 5848] <... unlink resumed>) = 0 [pid 5861] ioctl(3, LOOP_CONFIGURE, {fd=4, block_size=0, info={lo_offset=0, lo_number=0, lo_flags=LO_FLAGS_AUTOCLEAR|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xfe\xe8\xa2\xab\x78\xfc\x17\x9f\xd1\xf8\xa0\xe9\x1d\xda\xac\xa7\xbd\x64\xc6\xa4\xb4\xe0\x0d\x96\x83\xdd\xa1\xaf\x1e\xa8\x9d\xe2\xb7\xfb\x0a\x01", ...}}) = -1 EBUSY (Device or resource busy) [pid 5861] ioctl(3, LOOP_SET_STATUS64, {lo_offset=0x5, lo_number=0, lo_flags=LO_FLAGS_USE_AOPS|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xeb\xbf\x52\x74\x8b\x0b\x2a\xff\x33\x0c\x21\x36\x7b\x06\x62\x4f\xde\x30\x88\x7f\xda\x17\x2e\xe2\x51\xca\x9d\xea\x03\xca\x09\x48\x80\x22\x55\x71\x64\x5c\xc0\x27\xcd\x4c\x7a\x81\x38\x8e\x08\xc0\xa4\xa8\x77\x31\x91\x41\x08\x48\xa8\x94\x10\xf3\x19\xbd\xe2"..., ...} [pid 5864] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5864] setpgid(0, 0) = 0 [pid 5848] getdents64(3, [pid 5864] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5848] <... getdents64 resumed>0x55557b78e6f0 /* 0 entries */, 32768) = 0 [pid 5864] <... openat resumed>) = 3 [pid 5848] close(3) = 0 [pid 5864] write(3, "1000", 4 [pid 5848] rmdir("./1" [pid 5864] <... write resumed>) = 4 [pid 5849] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] <... rmdir resumed>) = 0 [pid 5864] close(3 [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] mkdir("./2", 0777 [pid 5864] <... close resumed>) = 0 [pid 5849] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5864] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5849] <... openat resumed>) = 3 [pid 5848] <... mkdir resumed>) = 0 [pid 5848] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5848] ioctl(3, LOOP_CLR_FD) = 0 [pid 5848] close(3executing program [pid 5864] write(1, "executing program\n", 18 [pid 5849] newfstatat(3, "", [pid 5864] <... write resumed>) = 18 [pid 5849] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5864] memfd_create("syzkaller", 0 [pid 5849] getdents64(3, [pid 5863] <... ioctl resumed>) = 0 [pid 5864] <... memfd_create resumed>) = 3 [pid 5849] <... getdents64 resumed>0x55557b78e6f0 /* 4 entries */, 32768) = 112 [pid 5863] close(3 [pid 5848] <... close resumed>) = 0 [pid 5864] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5863] <... close resumed>) = 0 [pid 5849] umount2("./1/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5864] <... mmap resumed>) = 0x7f9b52200000 [pid 5863] close(4 [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5863] <... close resumed>) = 0 ./strace-static-x86_64: Process 5865 attached [pid 5864] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5861] <... ioctl resumed>) = 0 [pid 5849] <... umount2 resumed>) = 0 [pid 5865] set_robust_list(0x55557b78d660, 24) = 0 [pid 5849] umount2("./1/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5865] chdir("./2" [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5863] mkdir("./file2", 0777 [pid 5861] exit_group(0 [pid 5848] <... clone resumed>, child_tidptr=0x55557b78d650) = 5865 [pid 5849] newfstatat(AT_FDCWD, "./1/file2", [pid 5865] <... chdir resumed>) = 0 [pid 5849] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5863] <... mkdir resumed>) = 0 [pid 5861] <... exit_group resumed>) = ? [pid 5849] umount2("./1/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5865] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5865] <... prctl resumed>) = 0 [pid 5849] openat(AT_FDCWD, "./1/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5865] setpgid(0, 0 [pid 5849] <... openat resumed>) = 4 [pid 5865] <... setpgid resumed>) = 0 [pid 5861] +++ exited with 0 +++ [pid 5865] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5849] newfstatat(4, "", [pid 5845] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5861, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [ 60.016235][ T5863] loop1: detected capacity change from 0 to 1024 [pid 5865] write(3, "1000", 4 [pid 5849] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5865] <... write resumed>) = 4 [pid 5864] <... write resumed>) = 524288 [pid 5849] getdents64(4, [pid 5845] restart_syscall(<... resuming interrupted clone ...> [pid 5865] close(3 [pid 5863] mount("/dev/loop1", "./file2", "hfsplus", MS_NOEXEC|MS_SYNCHRONOUS|MS_REC|MS_POSIXACL, "\x64\x65\x63\x6f\x6d\x70\x6f\x73\x65\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x74\x79\x70\x65\x3d\xa7\x86\x88\x28\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x31\x30\x30\x30\x30\x31\x2c\x6e\x6c\x73\x3d\x63\x70\x38\x36\x36\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30"... [pid 5865] <... close resumed>) = 0 [pid 5849] <... getdents64 resumed>0x55557b796730 /* 2 entries */, 32768) = 48 [pid 5865] symlink("/dev/binderfs", "./binderfs" [pid 5849] getdents64(4, [pid 5865] <... symlink resumed>) = 0 [pid 5849] <... getdents64 resumed>0x55557b796730 /* 0 entries */, 32768) = 0 [pid 5865] write(1, "executing program\n", 18 [pid 5849] close(4executing program [pid 5865] <... write resumed>) = 18 [pid 5849] <... close resumed>) = 0 [pid 5865] memfd_create("syzkaller", 0 [pid 5849] rmdir("./1/file2" [pid 5864] munmap(0x7f9b52200000, 138412032 [pid 5849] <... rmdir resumed>) = 0 [pid 5865] <... memfd_create resumed>) = 3 [pid 5864] <... munmap resumed>) = 0 [pid 5845] <... restart_syscall resumed>) = 0 [pid 5865] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5849] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5865] <... mmap resumed>) = 0x7f9b52200000 [pid 5864] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5845] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5845] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5845] newfstatat(3, "", [pid 5864] <... openat resumed>) = 4 [pid 5845] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] newfstatat(AT_FDCWD, "./1/binderfs", [pid 5845] getdents64(3, [pid 5864] ioctl(4, LOOP_SET_FD, 3 [pid 5849] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5845] <... getdents64 resumed>0x55557b78e6f0 /* 5 entries */, 32768) = 144 [pid 5864] <... ioctl resumed>) = 0 [pid 5863] <... mount resumed>) = 0 [pid 5849] unlink("./1/binderfs" [pid 5845] umount2("./1/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5849] <... unlink resumed>) = 0 [pid 5865] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5849] getdents64(3, [pid 5845] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5849] <... getdents64 resumed>0x55557b78e6f0 /* 0 entries */, 32768) = 0 [pid 5849] close(3) = 0 [pid 5849] rmdir("./1" [pid 5865] <... write resumed>) = 524288 [pid 5849] <... rmdir resumed>) = 0 [pid 5845] newfstatat(AT_FDCWD, "./1/file2", [pid 5849] mkdir("./2", 0777 [pid 5845] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5863] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5845] umount2("./1/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5863] <... openat resumed>) = 3 [pid 5849] <... mkdir resumed>) = 0 [pid 5845] openat(AT_FDCWD, "./1/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5863] chdir("./file2" [pid 5849] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5845] <... openat resumed>) = 4 [pid 5863] <... chdir resumed>) = 0 [pid 5845] newfstatat(4, "", [pid 5863] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5845] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5863] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5845] getdents64(4, [pid 5863] getpid() = 5863 [pid 5849] <... openat resumed>) = 3 [pid 5845] <... getdents64 resumed>0x55557b796730 /* 2 entries */, 32768) = 48 [pid 5863] openat(AT_FDCWD, "/dev/loop0", O_RDONLY [pid 5845] getdents64(4, [pid 5849] ioctl(3, LOOP_CLR_FD) = 0 [pid 5849] close(3 [pid 5863] <... openat resumed>) = 4 [pid 5845] <... getdents64 resumed>0x55557b796730 /* 0 entries */, 32768) = 0 [pid 5865] munmap(0x7f9b52200000, 138412032 [pid 5864] close(3 [pid 5863] openat(AT_FDCWD, "cgroup.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5849] <... close resumed>) = 0 [pid 5845] close(4 [pid 5865] <... munmap resumed>) = 0 [pid 5864] <... close resumed>) = 0 [pid 5845] <... close resumed>) = 0 [pid 5865] openat(AT_FDCWD, "/dev/loop3", O_RDWR [ 60.092115][ T5864] loop2: detected capacity change from 0 to 1024 [pid 5864] close(4 [pid 5849] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5845] rmdir("./1/file2" [pid 5863] <... openat resumed>) = 5 [pid 5865] <... openat resumed>) = 4 [pid 5864] <... close resumed>) = 0 [pid 5863] ioctl(4, LOOP_CONFIGURE, {fd=5, block_size=0, info={lo_offset=0, lo_number=0, lo_flags=LO_FLAGS_AUTOCLEAR|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xfe\xe8\xa2\xab\x78\xfc\x17\x9f\xd1\xf8\xa0\xe9\x1d\xda\xac\xa7\xbd\x64\xc6\xa4\xb4\xe0\x0d\x96\x83\xdd\xa1\xaf\x1e\xa8\x9d\xe2\xb7\xfb\x0a\x01", ...}}) = -1 EBUSY (Device or resource busy) [pid 5863] ioctl(4, LOOP_SET_STATUS64, {lo_offset=0x5, lo_number=0, lo_flags=LO_FLAGS_USE_AOPS|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xeb\xbf\x52\x74\x8b\x0b\x2a\xff\x33\x0c\x21\x36\x7b\x06\x62\x4f\xde\x30\x88\x7f\xda\x17\x2e\xe2\x51\xca\x9d\xea\x03\xca\x09\x48\x80\x22\x55\x71\x64\x5c\xc0\x27\xcd\x4c\x7a\x81\x38\x8e\x08\xc0\xa4\xa8\x77\x31\x91\x41\x08\x48\xa8\x94\x10\xf3\x19\xbd\xe2"..., ...} [pid 5865] ioctl(4, LOOP_SET_FD, 3 [pid 5845] <... rmdir resumed>) = 0 [pid 5864] mkdir("./file2", 0777) = 0 [pid 5864] mount("/dev/loop2", "./file2", "hfsplus", MS_NOEXEC|MS_SYNCHRONOUS|MS_REC|MS_POSIXACL, "\x64\x65\x63\x6f\x6d\x70\x6f\x73\x65\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x74\x79\x70\x65\x3d\xa7\x86\x88\x28\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x31\x30\x30\x30\x30\x31\x2c\x6e\x6c\x73\x3d\x63\x70\x38\x36\x36\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30"..../strace-static-x86_64: Process 5866 attached [pid 5866] set_robust_list(0x55557b78d660, 24 [pid 5865] <... ioctl resumed>) = 0 [pid 5864] <... mount resumed>) = 0 [pid 5849] <... clone resumed>, child_tidptr=0x55557b78d650) = 5866 [pid 5845] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5866] <... set_robust_list resumed>) = 0 [pid 5864] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5866] chdir("./2" [pid 5864] <... openat resumed>) = 3 [pid 5845] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5866] <... chdir resumed>) = 0 [pid 5864] chdir("./file2" [pid 5866] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5865] close(3 [pid 5845] newfstatat(AT_FDCWD, "./1/binderfs", [pid 5866] <... prctl resumed>) = 0 [pid 5865] <... close resumed>) = 0 [pid 5864] <... chdir resumed>) = 0 [pid 5845] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5866] setpgid(0, 0 [pid 5865] close(4 [pid 5864] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5845] unlink("./1/binderfs" [pid 5864] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5865] <... close resumed>) = 0 [pid 5864] getpid( [pid 5845] <... unlink resumed>) = 0 [pid 5866] <... setpgid resumed>) = 0 [pid 5865] mkdir("./file2", 0777 [pid 5864] <... getpid resumed>) = 5864 [pid 5845] umount2("./1/cgroup.stat", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5866] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5865] <... mkdir resumed>) = 0 [pid 5866] <... openat resumed>) = 3 [pid 5864] openat(AT_FDCWD, "/dev/loop0", O_RDONLY [pid 5865] mount("/dev/loop3", "./file2", "hfsplus", MS_NOEXEC|MS_SYNCHRONOUS|MS_REC|MS_POSIXACL, "\x64\x65\x63\x6f\x6d\x70\x6f\x73\x65\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x74\x79\x70\x65\x3d\xa7\x86\x88\x28\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x31\x30\x30\x30\x30\x31\x2c\x6e\x6c\x73\x3d\x63\x70\x38\x36\x36\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30"... [pid 5845] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5866] write(3, "1000", 4) = 4 [pid 5845] newfstatat(AT_FDCWD, "./1/cgroup.stat", [pid 5866] close(3 [pid 5845] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5845] unlink("./1/cgroup.stat" [pid 5866] <... close resumed>) = 0 [pid 5866] symlink("/dev/binderfs", "./binderfs" [pid 5845] <... unlink resumed>) = 0 [pid 5866] <... symlink resumed>) = 0 [pid 5845] getdents64(3, executing program [pid 5866] write(1, "executing program\n", 18 [pid 5845] <... getdents64 resumed>0x55557b78e6f0 /* 0 entries */, 32768) = 0 [pid 5845] close(3 [pid 5866] <... write resumed>) = 18 [pid 5845] <... close resumed>) = 0 [pid 5866] memfd_create("syzkaller", 0 [pid 5845] rmdir("./1") = 0 [pid 5845] mkdir("./2", 0777 [pid 5866] <... memfd_create resumed>) = 3 [pid 5866] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5845] <... mkdir resumed>) = 0 [pid 5866] <... mmap resumed>) = 0x7f9b52200000 [pid 5863] <... ioctl resumed>) = 0 [pid 5845] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5864] <... openat resumed>) = 4 [pid 5864] openat(AT_FDCWD, "cgroup.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5863] exit_group(0 [pid 5845] <... openat resumed>) = 3 [pid 5863] <... exit_group resumed>) = ? [pid 5845] ioctl(3, LOOP_CLR_FD) = 0 [pid 5845] close(3 [pid 5866] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5845] <... close resumed>) = 0 [pid 5845] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5864] <... openat resumed>) = 5 [ 60.140496][ T5865] loop3: detected capacity change from 0 to 1024 [pid 5864] ioctl(4, LOOP_CONFIGURE, {fd=5, block_size=0, info={lo_offset=0, lo_number=0, lo_flags=LO_FLAGS_AUTOCLEAR|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xfe\xe8\xa2\xab\x78\xfc\x17\x9f\xd1\xf8\xa0\xe9\x1d\xda\xac\xa7\xbd\x64\xc6\xa4\xb4\xe0\x0d\x96\x83\xdd\xa1\xaf\x1e\xa8\x9d\xe2\xb7\xfb\x0a\x01", ...}}./strace-static-x86_64: Process 5867 attached [pid 5866] <... write resumed>) = 524288 [pid 5865] <... mount resumed>) = 0 [pid 5845] <... clone resumed>, child_tidptr=0x55557b78d650) = 5867 [pid 5865] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5865] chdir("./file2") = 0 [pid 5865] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5865] getpid() = 5865 [pid 5865] openat(AT_FDCWD, "/dev/loop0", O_RDONLY [pid 5867] set_robust_list(0x55557b78d660, 24) = 0 [pid 5866] munmap(0x7f9b52200000, 138412032 [pid 5867] chdir("./2" [pid 5866] <... munmap resumed>) = 0 [pid 5867] <... chdir resumed>) = 0 [pid 5866] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 5867] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5866] ioctl(4, LOOP_SET_FD, 3 [pid 5867] <... prctl resumed>) = 0 [pid 5866] <... ioctl resumed>) = 0 [pid 5867] setpgid(0, 0) = 0 [pid 5866] close(3 [pid 5867] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5866] <... close resumed>) = 0 [pid 5867] write(3, "1000", 4 [pid 5866] close(4 [pid 5867] <... write resumed>) = 4 [pid 5866] <... close resumed>) = 0 [pid 5867] close(3 [pid 5866] mkdir("./file2", 0777 [pid 5867] <... close resumed>) = 0 [pid 5867] symlink("/dev/binderfs", "./binderfs"executing program [pid 5866] <... mkdir resumed>) = 0 [pid 5867] <... symlink resumed>) = 0 [pid 5867] write(1, "executing program\n", 18) = 18 [pid 5867] memfd_create("syzkaller", 0) = 3 [pid 5867] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b52200000 [pid 5866] mount("/dev/loop4", "./file2", "hfsplus", MS_NOEXEC|MS_SYNCHRONOUS|MS_REC|MS_POSIXACL, "\x64\x65\x63\x6f\x6d\x70\x6f\x73\x65\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x74\x79\x70\x65\x3d\xa7\x86\x88\x28\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x31\x30\x30\x30\x30\x31\x2c\x6e\x6c\x73\x3d\x63\x70\x38\x36\x36\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30"... [pid 5864] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5864] ioctl(4, LOOP_SET_STATUS64, {lo_offset=0x5, lo_number=0, lo_flags=LO_FLAGS_USE_AOPS|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xeb\xbf\x52\x74\x8b\x0b\x2a\xff\x33\x0c\x21\x36\x7b\x06\x62\x4f\xde\x30\x88\x7f\xda\x17\x2e\xe2\x51\xca\x9d\xea\x03\xca\x09\x48\x80\x22\x55\x71\x64\x5c\xc0\x27\xcd\x4c\x7a\x81\x38\x8e\x08\xc0\xa4\xa8\x77\x31\x91\x41\x08\x48\xa8\x94\x10\xf3\x19\xbd\xe2"..., ...} [pid 5863] +++ exited with 0 +++ [pid 5846] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5863, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5867] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5866] <... mount resumed>) = 0 [pid 5846] umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5866] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5846] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5866] chdir("./file2" [pid 5846] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5866] <... chdir resumed>) = 0 [pid 5846] <... openat resumed>) = 3 [pid 5866] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5846] newfstatat(3, "", [pid 5866] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5846] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5866] getpid( [pid 5846] getdents64(3, [pid 5867] <... write resumed>) = 524288 [pid 5866] <... getpid resumed>) = 5866 [pid 5846] <... getdents64 resumed>0x55557b78e6f0 /* 4 entries */, 32768) = 112 [pid 5866] openat(AT_FDCWD, "/dev/loop0", O_RDONLY [pid 5846] umount2("./2/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5867] munmap(0x7f9b52200000, 138412032 [pid 5846] <... umount2 resumed>) = 0 [pid 5867] <... munmap resumed>) = 0 [pid 5867] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5846] umount2("./2/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5864] <... ioctl resumed>) = 0 [pid 5846] newfstatat(AT_FDCWD, "./2/file2", [pid 5867] <... openat resumed>) = 4 [ 60.197583][ T5220] Dev loop0: unable to read RDB block 3 [ 60.204808][ T5220] loop0: unable to read partition table [ 60.206587][ T5866] loop4: detected capacity change from 0 to 1024 [ 60.218756][ T5220] loop0: partition table beyond EOD, truncated [pid 5866] <... openat resumed>) = 4 [pid 5865] <... openat resumed>) = 4 [pid 5864] exit_group(0 [pid 5846] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5867] ioctl(4, LOOP_SET_FD, 3 [pid 5865] openat(AT_FDCWD, "cgroup.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5866] openat(AT_FDCWD, "cgroup.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5867] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5865] <... openat resumed>) = 5 [pid 5867] ioctl(4, LOOP_CLR_FD) = 0 [pid 5864] <... exit_group resumed>) = ? [pid 5865] ioctl(4, LOOP_CONFIGURE, {fd=5, block_size=0, info={lo_offset=0, lo_number=0, lo_flags=LO_FLAGS_AUTOCLEAR|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xfe\xe8\xa2\xab\x78\xfc\x17\x9f\xd1\xf8\xa0\xe9\x1d\xda\xac\xa7\xbd\x64\xc6\xa4\xb4\xe0\x0d\x96\x83\xdd\xa1\xaf\x1e\xa8\x9d\xe2\xb7\xfb\x0a\x01", ...}}) = -1 EBUSY (Device or resource busy) [pid 5864] +++ exited with 0 +++ [pid 5846] umount2("./2/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5865] ioctl(4, LOOP_SET_STATUS64, {lo_offset=0x5, lo_number=0, lo_flags=LO_FLAGS_USE_AOPS|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xeb\xbf\x52\x74\x8b\x0b\x2a\xff\x33\x0c\x21\x36\x7b\x06\x62\x4f\xde\x30\x88\x7f\xda\x17\x2e\xe2\x51\xca\x9d\xea\x03\xca\x09\x48\x80\x22\x55\x71\x64\x5c\xc0\x27\xcd\x4c\x7a\x81\x38\x8e\x08\xc0\xa4\xa8\x77\x31\x91\x41\x08\x48\xa8\x94\x10\xf3\x19\xbd\xe2"..., ...} [pid 5847] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5864, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5846] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5847] restart_syscall(<... resuming interrupted clone ...> [pid 5846] openat(AT_FDCWD, "./2/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5866] <... openat resumed>) = 5 [pid 5846] newfstatat(4, "", [pid 5867] ioctl(4, LOOP_SET_FD, 3 [pid 5866] ioctl(4, LOOP_CONFIGURE, {fd=5, block_size=0, info={lo_offset=0, lo_number=0, lo_flags=LO_FLAGS_AUTOCLEAR|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xfe\xe8\xa2\xab\x78\xfc\x17\x9f\xd1\xf8\xa0\xe9\x1d\xda\xac\xa7\xbd\x64\xc6\xa4\xb4\xe0\x0d\x96\x83\xdd\xa1\xaf\x1e\xa8\x9d\xe2\xb7\xfb\x0a\x01", ...}} [pid 5846] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5846] getdents64(4, 0x55557b796730 /* 2 entries */, 32768) = 48 [pid 5846] getdents64(4, 0x55557b796730 /* 0 entries */, 32768) = 0 [pid 5846] close(4) = 0 [pid 5846] rmdir("./2/file2") = 0 [pid 5846] umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5846] newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5846] unlink("./2/binderfs") = 0 [pid 5846] getdents64(3, 0x55557b78e6f0 /* 0 entries */, 32768) = 0 [pid 5846] close(3) = 0 [pid 5846] rmdir("./2") = 0 [pid 5847] <... restart_syscall resumed>) = 0 [pid 5846] mkdir("./3", 0777) = 0 [pid 5847] umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5846] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5847] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5846] <... openat resumed>) = 3 [pid 5847] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5846] ioctl(3, LOOP_CLR_FD [pid 5847] <... openat resumed>) = 3 [pid 5846] <... ioctl resumed>) = 0 [pid 5847] newfstatat(3, "", [pid 5846] close(3 [pid 5867] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5866] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5865] <... ioctl resumed>) = 0 [pid 5847] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5867] close(4 [pid 5866] ioctl(4, LOOP_SET_STATUS64, {lo_offset=0x5, lo_number=0, lo_flags=LO_FLAGS_USE_AOPS|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xeb\xbf\x52\x74\x8b\x0b\x2a\xff\x33\x0c\x21\x36\x7b\x06\x62\x4f\xde\x30\x88\x7f\xda\x17\x2e\xe2\x51\xca\x9d\xea\x03\xca\x09\x48\x80\x22\x55\x71\x64\x5c\xc0\x27\xcd\x4c\x7a\x81\x38\x8e\x08\xc0\xa4\xa8\x77\x31\x91\x41\x08\x48\xa8\x94\x10\xf3\x19\xbd\xe2"..., ...} [pid 5867] <... close resumed>) = 0 [pid 5867] close(3) = 0 [pid 5867] getpid( [pid 5865] exit_group(0 [pid 5847] getdents64(3, [pid 5846] <... close resumed>) = 0 [pid 5867] <... getpid resumed>) = 5867 [pid 5865] <... exit_group resumed>) = ? [pid 5847] <... getdents64 resumed>0x55557b78e6f0 /* 4 entries */, 32768) = 112 [pid 5867] openat(AT_FDCWD, "/dev/loop0", O_RDONLY [pid 5846] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5847] umount2("./2/file2", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 5868 attached [pid 5868] set_robust_list(0x55557b78d660, 24 [pid 5846] <... clone resumed>, child_tidptr=0x55557b78d650) = 5868 [pid 5868] <... set_robust_list resumed>) = 0 [pid 5847] <... umount2 resumed>) = 0 [pid 5868] chdir("./3" [pid 5866] <... ioctl resumed>) = 0 [pid 5868] <... chdir resumed>) = 0 [pid 5866] exit_group(0 [pid 5847] umount2("./2/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5866] <... exit_group resumed>) = ? [pid 5847] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] <... prctl resumed>) = 0 [pid 5847] newfstatat(AT_FDCWD, "./2/file2", [pid 5868] setpgid(0, 0) = 0 [pid 5847] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5868] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5847] umount2("./2/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5847] openat(AT_FDCWD, "./2/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5868] <... openat resumed>) = 3 [pid 5868] write(3, "1000", 4 [pid 5847] <... openat resumed>) = 4 [pid 5868] <... write resumed>) = 4 [pid 5868] close(3 [pid 5847] newfstatat(4, "", [pid 5868] <... close resumed>) = 0 [pid 5868] symlink("/dev/binderfs", "./binderfs" [pid 5847] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5847] getdents64(4, [pid 5868] <... symlink resumed>) = 0 [pid 5847] <... getdents64 resumed>0x55557b796730 /* 2 entries */, 32768) = 48 executing program [pid 5868] write(1, "executing program\n", 18) = 18 [pid 5847] getdents64(4, 0x55557b796730 /* 0 entries */, 32768) = 0 [pid 5847] close(4) = 0 [pid 5868] memfd_create("syzkaller", 0 [pid 5847] rmdir("./2/file2" [pid 5868] <... memfd_create resumed>) = 3 [pid 5847] <... rmdir resumed>) = 0 [pid 5868] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b52200000 [pid 5847] umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5847] newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5847] unlink("./2/binderfs") = 0 [pid 5868] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5847] getdents64(3, 0x55557b78e6f0 /* 0 entries */, 32768) = 0 [pid 5867] <... openat resumed>) = 3 [pid 5847] close(3 [pid 5868] <... write resumed>) = 524288 [pid 5866] +++ exited with 0 +++ [pid 5865] +++ exited with 0 +++ [pid 5847] <... close resumed>) = 0 [pid 5867] openat(AT_FDCWD, "cgroup.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5868] munmap(0x7f9b52200000, 138412032) = 0 [pid 5867] <... openat resumed>) = 4 [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5865, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5849] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5866, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5848] restart_syscall(<... resuming interrupted clone ...> [pid 5868] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5867] ioctl(3, LOOP_CONFIGURE, {fd=4, block_size=0, info={lo_offset=0, lo_number=0, lo_flags=LO_FLAGS_AUTOCLEAR|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xfe\xe8\xa2\xab\x78\xfc\x17\x9f\xd1\xf8\xa0\xe9\x1d\xda\xac\xa7\xbd\x64\xc6\xa4\xb4\xe0\x0d\x96\x83\xdd\xa1\xaf\x1e\xa8\x9d\xe2\xb7\xfb\x0a\x01", ...}} [pid 5849] restart_syscall(<... resuming interrupted clone ...> [pid 5847] rmdir("./2" [pid 5868] <... openat resumed>) = 4 [pid 5868] ioctl(4, LOOP_SET_FD, 3 [pid 5867] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5847] <... rmdir resumed>) = 0 [pid 5867] ioctl(3, LOOP_SET_STATUS64, {lo_offset=0x5, lo_number=0, lo_flags=LO_FLAGS_USE_AOPS|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xeb\xbf\x52\x74\x8b\x0b\x2a\xff\x33\x0c\x21\x36\x7b\x06\x62\x4f\xde\x30\x88\x7f\xda\x17\x2e\xe2\x51\xca\x9d\xea\x03\xca\x09\x48\x80\x22\x55\x71\x64\x5c\xc0\x27\xcd\x4c\x7a\x81\x38\x8e\x08\xc0\xa4\xa8\x77\x31\x91\x41\x08\x48\xa8\x94\x10\xf3\x19\xbd\xe2"..., ...} [pid 5847] mkdir("./3", 0777) = 0 [pid 5849] <... restart_syscall resumed>) = 0 [pid 5848] <... restart_syscall resumed>) = 0 [pid 5848] umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5847] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5849] umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5847] <... openat resumed>) = 3 [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5849] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5848] <... openat resumed>) = 3 [pid 5847] ioctl(3, LOOP_CLR_FD [pid 5849] <... openat resumed>) = 3 [pid 5848] newfstatat(3, "", [pid 5847] <... ioctl resumed>) = 0 [pid 5868] <... ioctl resumed>) = 0 [pid 5849] newfstatat(3, "", [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(3, [pid 5849] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] <... getdents64 resumed>0x55557b78e6f0 /* 4 entries */, 32768) = 112 [pid 5847] close(3 [pid 5849] getdents64(3, [pid 5848] umount2("./2/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5849] <... getdents64 resumed>0x55557b78e6f0 /* 4 entries */, 32768) = 112 [pid 5849] umount2("./2/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5847] <... close resumed>) = 0 [pid 5868] close(3 [pid 5848] <... umount2 resumed>) = 0 [pid 5868] <... close resumed>) = 0 [pid 5849] <... umount2 resumed>) = 0 [pid 5848] umount2("./2/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] close(4 [pid 5849] umount2("./2/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./2/file2", [pid 5868] <... close resumed>) = 0 [pid 5868] mkdir("./file2", 0777 [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5847] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5869 attached [pid 5868] <... mkdir resumed>) = 0 [pid 5849] newfstatat(AT_FDCWD, "./2/file2", [pid 5848] umount2("./2/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] mount("/dev/loop1", "./file2", "hfsplus", MS_NOEXEC|MS_SYNCHRONOUS|MS_REC|MS_POSIXACL, "\x64\x65\x63\x6f\x6d\x70\x6f\x73\x65\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x74\x79\x70\x65\x3d\xa7\x86\x88\x28\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x31\x30\x30\x30\x30\x31\x2c\x6e\x6c\x73\x3d\x63\x70\x38\x36\x36\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30"... [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5849] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5847] <... clone resumed>, child_tidptr=0x55557b78d650) = 5869 [pid 5849] umount2("./2/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] openat(AT_FDCWD, "./2/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5849] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] openat(AT_FDCWD, "./2/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5869] set_robust_list(0x55557b78d660, 24 [pid 5848] <... openat resumed>) = 4 [pid 5869] <... set_robust_list resumed>) = 0 [pid 5849] getdents64(4, [pid 5848] newfstatat(4, "", [pid 5869] chdir("./3" [pid 5867] <... ioctl resumed>) = 0 [pid 5869] <... chdir resumed>) = 0 [pid 5867] exit_group(0 [pid 5849] <... getdents64 resumed>0x55557b796730 /* 2 entries */, 32768) = 48 [pid 5869] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5867] <... exit_group resumed>) = ? [ 60.343479][ T5220] Dev loop0: unable to read RDB block 3 [ 60.356049][ T5220] loop0: unable to read partition table [ 60.362395][ T5220] loop0: partition table beyond EOD, truncated [ 60.379392][ T5868] loop1: detected capacity change from 0 to 1024 [pid 5849] getdents64(4, [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5869] <... prctl resumed>) = 0 [pid 5867] +++ exited with 0 +++ [pid 5849] <... getdents64 resumed>0x55557b796730 /* 0 entries */, 32768) = 0 [pid 5848] getdents64(4, [pid 5869] setpgid(0, 0 [pid 5849] close(4 [pid 5845] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5867, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5869] <... setpgid resumed>) = 0 [pid 5849] <... close resumed>) = 0 [pid 5845] restart_syscall(<... resuming interrupted clone ...> [pid 5869] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5849] rmdir("./2/file2" [pid 5848] <... getdents64 resumed>0x55557b796730 /* 2 entries */, 32768) = 48 [pid 5845] <... restart_syscall resumed>) = 0 [pid 5869] <... openat resumed>) = 3 [pid 5849] <... rmdir resumed>) = 0 [pid 5869] write(3, "1000", 4 [pid 5848] getdents64(4, [pid 5869] <... write resumed>) = 4 [pid 5868] <... mount resumed>) = 0 [pid 5849] umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] <... getdents64 resumed>0x55557b796730 /* 0 entries */, 32768) = 0 [pid 5845] umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5845] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5845] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5845] getdents64(3, 0x55557b78e6f0 /* 4 entries */, 32768) = 112 [pid 5845] umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5845] newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5845] unlink("./2/binderfs" [pid 5868] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5848] close(4 [pid 5845] <... unlink resumed>) = 0 [pid 5869] close(3 [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] <... close resumed>) = 0 [pid 5845] umount2("./2/cgroup.stat", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5868] <... openat resumed>) = 3 [pid 5849] newfstatat(AT_FDCWD, "./2/binderfs", [pid 5845] <... umount2 resumed>) = -1 EINVAL (Invalid argument) executing program [pid 5869] <... close resumed>) = 0 [pid 5868] chdir("./file2" [pid 5849] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] rmdir("./2/file2" [pid 5845] newfstatat(AT_FDCWD, "./2/cgroup.stat", [pid 5868] <... chdir resumed>) = 0 [pid 5869] symlink("/dev/binderfs", "./binderfs" [pid 5849] unlink("./2/binderfs" [pid 5845] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5869] <... symlink resumed>) = 0 [pid 5868] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5849] <... unlink resumed>) = 0 [pid 5848] <... rmdir resumed>) = 0 [pid 5845] unlink("./2/cgroup.stat" [pid 5868] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5848] umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5845] <... unlink resumed>) = 0 [pid 5869] write(1, "executing program\n", 18 [pid 5868] getpid( [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5845] getdents64(3, [pid 5869] <... write resumed>) = 18 [pid 5869] memfd_create("syzkaller", 0 [pid 5868] <... getpid resumed>) = 5868 [pid 5849] getdents64(3, [pid 5848] newfstatat(AT_FDCWD, "./2/binderfs", [pid 5845] <... getdents64 resumed>0x55557b78e6f0 /* 0 entries */, 32768) = 0 [pid 5869] <... memfd_create resumed>) = 3 [pid 5868] openat(AT_FDCWD, "/dev/loop0", O_RDONLY [pid 5849] <... getdents64 resumed>0x55557b78e6f0 /* 0 entries */, 32768) = 0 [pid 5848] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5845] close(3 [pid 5869] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5849] close(3 [pid 5868] <... openat resumed>) = 4 [pid 5848] unlink("./2/binderfs" [pid 5845] <... close resumed>) = 0 [pid 5869] <... mmap resumed>) = 0x7f9b52200000 [pid 5868] openat(AT_FDCWD, "cgroup.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5849] <... close resumed>) = 0 [pid 5845] rmdir("./2" [pid 5849] rmdir("./2" [pid 5848] <... unlink resumed>) = 0 [pid 5845] <... rmdir resumed>) = 0 [pid 5849] <... rmdir resumed>) = 0 [pid 5845] mkdir("./3", 0777) = 0 [pid 5849] mkdir("./3", 0777 [pid 5845] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5849] <... mkdir resumed>) = 0 [pid 5845] <... openat resumed>) = 3 [pid 5869] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5868] <... openat resumed>) = 5 [pid 5849] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5848] getdents64(3, [pid 5845] ioctl(3, LOOP_CLR_FD [pid 5868] ioctl(4, LOOP_CONFIGURE, {fd=5, block_size=0, info={lo_offset=0, lo_number=0, lo_flags=LO_FLAGS_AUTOCLEAR|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xfe\xe8\xa2\xab\x78\xfc\x17\x9f\xd1\xf8\xa0\xe9\x1d\xda\xac\xa7\xbd\x64\xc6\xa4\xb4\xe0\x0d\x96\x83\xdd\xa1\xaf\x1e\xa8\x9d\xe2\xb7\xfb\x0a\x01", ...}} [pid 5849] <... openat resumed>) = 3 [pid 5848] <... getdents64 resumed>0x55557b78e6f0 /* 0 entries */, 32768) = 0 [pid 5845] <... ioctl resumed>) = 0 [pid 5868] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5849] ioctl(3, LOOP_CLR_FD [pid 5848] close(3 [pid 5845] close(3 [pid 5868] ioctl(4, LOOP_SET_STATUS64, {lo_offset=0x5, lo_number=0, lo_flags=LO_FLAGS_USE_AOPS|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xeb\xbf\x52\x74\x8b\x0b\x2a\xff\x33\x0c\x21\x36\x7b\x06\x62\x4f\xde\x30\x88\x7f\xda\x17\x2e\xe2\x51\xca\x9d\xea\x03\xca\x09\x48\x80\x22\x55\x71\x64\x5c\xc0\x27\xcd\x4c\x7a\x81\x38\x8e\x08\xc0\xa4\xa8\x77\x31\x91\x41\x08\x48\xa8\x94\x10\xf3\x19\xbd\xe2"..., ...} [pid 5849] <... ioctl resumed>) = 0 [pid 5848] <... close resumed>) = 0 [pid 5845] <... close resumed>) = 0 [pid 5849] close(3 [pid 5848] rmdir("./2" [pid 5849] <... close resumed>) = 0 [pid 5848] <... rmdir resumed>) = 0 [pid 5848] mkdir("./3", 0777 [pid 5845] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5870 attached [pid 5848] <... mkdir resumed>) = 0 [pid 5870] set_robust_list(0x55557b78d660, 24 [pid 5869] <... write resumed>) = 524288 [pid 5848] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5870] <... set_robust_list resumed>) = 0 [pid 5845] <... clone resumed>, child_tidptr=0x55557b78d650) = 5870 [pid 5848] <... openat resumed>) = 3 [pid 5849] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5870] chdir("./3" [pid 5848] ioctl(3, LOOP_CLR_FD [pid 5870] <... chdir resumed>) = 0 [pid 5848] <... ioctl resumed>) = 0 ./strace-static-x86_64: Process 5871 attached [pid 5848] close(3 [pid 5869] munmap(0x7f9b52200000, 138412032) = 0 [pid 5849] <... clone resumed>, child_tidptr=0x55557b78d650) = 5871 [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5869] ioctl(4, LOOP_SET_FD, 3 [pid 5871] set_robust_list(0x55557b78d660, 24 [pid 5870] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5848] <... close resumed>) = 0 [pid 5871] <... set_robust_list resumed>) = 0 [pid 5870] <... prctl resumed>) = 0 [pid 5871] chdir("./3" [pid 5870] setpgid(0, 0 [pid 5871] <... chdir resumed>) = 0 [pid 5871] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5870] <... setpgid resumed>) = 0 [pid 5870] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5871] <... prctl resumed>) = 0 [pid 5871] setpgid(0, 0) = 0 [pid 5869] <... ioctl resumed>) = 0 [pid 5871] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5870] <... openat resumed>) = 3 [pid 5868] <... ioctl resumed>) = 0 [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5870] write(3, "1000", 4 [pid 5868] exit_group(0 [pid 5871] <... openat resumed>) = 3 [pid 5870] <... write resumed>) = 4 [pid 5868] <... exit_group resumed>) = ? [pid 5871] write(3, "1000", 4 [pid 5870] close(3 [pid 5871] <... write resumed>) = 4 [pid 5870] <... close resumed>) = 0 [pid 5869] close(3./strace-static-x86_64: Process 5872 attached [pid 5871] close(3 [pid 5870] symlink("/dev/binderfs", "./binderfs" [pid 5872] set_robust_list(0x55557b78d660, 24 executing program [pid 5871] <... close resumed>) = 0 [pid 5870] <... symlink resumed>) = 0 [pid 5869] <... close resumed>) = 0 [pid 5868] +++ exited with 0 +++ [pid 5872] <... set_robust_list resumed>) = 0 [pid 5848] <... clone resumed>, child_tidptr=0x55557b78d650) = 5872 [pid 5871] symlink("/dev/binderfs", "./binderfs" [pid 5870] write(1, "executing program\n", 18 [pid 5846] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5868, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5871] <... symlink resumed>) = 0 [pid 5870] <... write resumed>) = 18 [pid 5869] close(4 [pid 5870] memfd_create("syzkaller", 0 [pid 5869] <... close resumed>) = 0 [pid 5872] chdir("./3" [pid 5869] mkdir("./file2", 0777 [pid 5846] umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program [pid 5872] <... chdir resumed>) = 0 [pid 5871] write(1, "executing program\n", 18 [pid 5870] <... memfd_create resumed>) = 3 [pid 5869] <... mkdir resumed>) = 0 [pid 5846] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5872] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5871] <... write resumed>) = 18 [pid 5870] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5869] mount("/dev/loop2", "./file2", "hfsplus", MS_NOEXEC|MS_SYNCHRONOUS|MS_REC|MS_POSIXACL, "\x64\x65\x63\x6f\x6d\x70\x6f\x73\x65\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x74\x79\x70\x65\x3d\xa7\x86\x88\x28\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x31\x30\x30\x30\x30\x31\x2c\x6e\x6c\x73\x3d\x63\x70\x38\x36\x36\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30"... [pid 5846] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5872] <... prctl resumed>) = 0 [pid 5871] memfd_create("syzkaller", 0 [pid 5870] <... mmap resumed>) = 0x7f9b52200000 [pid 5872] setpgid(0, 0 [pid 5846] <... openat resumed>) = 3 [pid 5846] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5846] getdents64(3, 0x55557b78e6f0 /* 4 entries */, 32768) = 112 [pid 5846] umount2("./3/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5872] <... setpgid resumed>) = 0 [pid 5871] <... memfd_create resumed>) = 3 [pid 5872] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5871] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5872] <... openat resumed>) = 3 [pid 5871] <... mmap resumed>) = 0x7f9b52200000 [pid 5871] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5872] write(3, "1000", 4 [pid 5870] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5872] <... write resumed>) = 4 [pid 5872] close(3) = 0 [pid 5846] <... umount2 resumed>) = 0 [ 60.489262][ T5869] loop2: detected capacity change from 0 to 1024 [ 60.500565][ T5220] Dev loop0: unable to read RDB block 3 [ 60.506157][ T5220] loop0: unable to read partition table [ 60.516127][ T5220] loop0: partition table beyond EOD, truncated executing program [pid 5846] umount2("./3/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5872] symlink("/dev/binderfs", "./binderfs" [pid 5871] <... write resumed>) = 524288 [pid 5870] <... write resumed>) = 524288 [pid 5869] <... mount resumed>) = 0 [pid 5872] <... symlink resumed>) = 0 [pid 5871] munmap(0x7f9b52200000, 138412032 [pid 5869] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5872] write(1, "executing program\n", 18 [pid 5870] munmap(0x7f9b52200000, 138412032 [pid 5869] <... openat resumed>) = 3 [pid 5872] <... write resumed>) = 18 [pid 5869] chdir("./file2" [pid 5872] memfd_create("syzkaller", 0 [pid 5869] <... chdir resumed>) = 0 [pid 5872] <... memfd_create resumed>) = 3 [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5872] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5869] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5872] <... mmap resumed>) = 0x7f9b52200000 [pid 5869] getpid() = 5869 [pid 5846] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5869] openat(AT_FDCWD, "/dev/loop0", O_RDONLY [pid 5846] newfstatat(AT_FDCWD, "./3/file2", [pid 5871] <... munmap resumed>) = 0 [pid 5869] <... openat resumed>) = 4 [pid 5871] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5869] openat(AT_FDCWD, "cgroup.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5871] <... openat resumed>) = 4 [pid 5846] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5846] umount2("./3/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5872] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5871] ioctl(4, LOOP_SET_FD, 3 [pid 5870] <... munmap resumed>) = 0 [pid 5869] <... openat resumed>) = 5 [pid 5846] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5846] openat(AT_FDCWD, "./3/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5846] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5846] getdents64(4, 0x55557b796730 /* 2 entries */, 32768) = 48 [pid 5846] getdents64(4, 0x55557b796730 /* 0 entries */, 32768) = 0 [pid 5846] close(4) = 0 [pid 5846] rmdir("./3/file2" [pid 5870] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5869] ioctl(4, LOOP_CONFIGURE, {fd=5, block_size=0, info={lo_offset=0, lo_number=0, lo_flags=LO_FLAGS_AUTOCLEAR|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xfe\xe8\xa2\xab\x78\xfc\x17\x9f\xd1\xf8\xa0\xe9\x1d\xda\xac\xa7\xbd\x64\xc6\xa4\xb4\xe0\x0d\x96\x83\xdd\xa1\xaf\x1e\xa8\x9d\xe2\xb7\xfb\x0a\x01", ...}} [pid 5846] <... rmdir resumed>) = 0 [pid 5870] <... openat resumed>) = 4 [pid 5869] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5846] umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5870] ioctl(4, LOOP_SET_FD, 3 [pid 5869] ioctl(4, LOOP_SET_STATUS64, {lo_offset=0x5, lo_number=0, lo_flags=LO_FLAGS_USE_AOPS|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xeb\xbf\x52\x74\x8b\x0b\x2a\xff\x33\x0c\x21\x36\x7b\x06\x62\x4f\xde\x30\x88\x7f\xda\x17\x2e\xe2\x51\xca\x9d\xea\x03\xca\x09\x48\x80\x22\x55\x71\x64\x5c\xc0\x27\xcd\x4c\x7a\x81\x38\x8e\x08\xc0\xa4\xa8\x77\x31\x91\x41\x08\x48\xa8\x94\x10\xf3\x19\xbd\xe2"..., ...} [pid 5870] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5870] ioctl(4, LOOP_CLR_FD [pid 5846] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5872] <... write resumed>) = 524288 [pid 5846] newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5846] unlink("./3/binderfs") = 0 [pid 5872] munmap(0x7f9b52200000, 138412032 [pid 5871] <... ioctl resumed>) = 0 [pid 5871] close(3) = 0 [pid 5872] <... munmap resumed>) = 0 [pid 5871] close(4 [pid 5872] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5871] <... close resumed>) = 0 [pid 5846] getdents64(3, [pid 5871] mkdir("./file2", 0777 [pid 5872] <... openat resumed>) = 4 [pid 5846] <... getdents64 resumed>0x55557b78e6f0 /* 0 entries */, 32768) = 0 [pid 5846] close(3) = 0 [pid 5846] rmdir("./3" [pid 5872] ioctl(4, LOOP_SET_FD, 3 [pid 5871] <... mkdir resumed>) = 0 [pid 5846] <... rmdir resumed>) = 0 [pid 5846] mkdir("./4", 0777) = 0 [pid 5871] mount("/dev/loop4", "./file2", "hfsplus", MS_NOEXEC|MS_SYNCHRONOUS|MS_REC|MS_POSIXACL, "\x64\x65\x63\x6f\x6d\x70\x6f\x73\x65\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x74\x79\x70\x65\x3d\xa7\x86\x88\x28\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x31\x30\x30\x30\x30\x31\x2c\x6e\x6c\x73\x3d\x63\x70\x38\x36\x36\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30"... [pid 5846] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5846] ioctl(3, LOOP_CLR_FD [pid 5872] <... ioctl resumed>) = 0 [pid 5872] close(3 [pid 5871] <... mount resumed>) = 0 [pid 5872] <... close resumed>) = 0 [pid 5871] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5872] close(4 [pid 5871] <... openat resumed>) = 3 [pid 5872] <... close resumed>) = 0 [pid 5871] chdir("./file2" [pid 5872] mkdir("./file2", 0777 [pid 5871] <... chdir resumed>) = 0 [pid 5872] <... mkdir resumed>) = 0 [pid 5871] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5872] mount("/dev/loop3", "./file2", "hfsplus", MS_NOEXEC|MS_SYNCHRONOUS|MS_REC|MS_POSIXACL, "\x64\x65\x63\x6f\x6d\x70\x6f\x73\x65\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x74\x79\x70\x65\x3d\xa7\x86\x88\x28\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x31\x30\x30\x30\x30\x31\x2c\x6e\x6c\x73\x3d\x63\x70\x38\x36\x36\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30"... [pid 5871] getpid() = 5871 [pid 5871] openat(AT_FDCWD, "/dev/loop0", O_RDONLY [pid 5872] <... mount resumed>) = 0 [pid 5871] <... openat resumed>) = 4 [pid 5870] <... ioctl resumed>) = 0 [pid 5869] <... ioctl resumed>) = 0 [pid 5846] <... ioctl resumed>) = 0 [ 60.586169][ T5871] loop4: detected capacity change from 0 to 1024 [ 60.610426][ T5872] loop3: detected capacity change from 0 to 1024 [pid 5871] openat(AT_FDCWD, "cgroup.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5846] close(3 [pid 5872] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5869] exit_group(0) = ? [pid 5872] <... openat resumed>) = 3 [pid 5869] +++ exited with 0 +++ [pid 5872] chdir("./file2" [pid 5870] ioctl(4, LOOP_SET_FD, 3 [pid 5872] <... chdir resumed>) = 0 [pid 5870] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5847] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5869, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5870] close(4 [pid 5872] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5870] <... close resumed>) = 0 [pid 5847] restart_syscall(<... resuming interrupted clone ...> [pid 5870] close(3 [pid 5872] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5846] <... close resumed>) = 0 [pid 5872] getpid( [pid 5870] <... close resumed>) = 0 [pid 5846] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5872] <... getpid resumed>) = 5872 [pid 5872] openat(AT_FDCWD, "/dev/loop0", O_RDONLY) = 4 [pid 5872] openat(AT_FDCWD, "cgroup.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5847] <... restart_syscall resumed>) = 0 [pid 5847] umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 5874 attached [pid 5871] <... openat resumed>) = 5 [pid 5847] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5847] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5874] set_robust_list(0x55557b78d660, 24 [pid 5871] ioctl(4, LOOP_CONFIGURE, {fd=5, block_size=0, info={lo_offset=0, lo_number=0, lo_flags=LO_FLAGS_AUTOCLEAR|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xfe\xe8\xa2\xab\x78\xfc\x17\x9f\xd1\xf8\xa0\xe9\x1d\xda\xac\xa7\xbd\x64\xc6\xa4\xb4\xe0\x0d\x96\x83\xdd\xa1\xaf\x1e\xa8\x9d\xe2\xb7\xfb\x0a\x01", ...}} [pid 5870] getpid( [pid 5847] <... openat resumed>) = 3 [pid 5846] <... clone resumed>, child_tidptr=0x55557b78d650) = 5874 [pid 5874] <... set_robust_list resumed>) = 0 [pid 5870] <... getpid resumed>) = 5870 [pid 5847] newfstatat(3, "", [pid 5874] chdir("./4" [pid 5871] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5870] openat(AT_FDCWD, "/dev/loop0", O_RDONLY [pid 5847] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5874] <... chdir resumed>) = 0 [pid 5872] <... openat resumed>) = 5 [pid 5871] ioctl(4, LOOP_SET_STATUS64, {lo_offset=0x5, lo_number=0, lo_flags=LO_FLAGS_USE_AOPS|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xeb\xbf\x52\x74\x8b\x0b\x2a\xff\x33\x0c\x21\x36\x7b\x06\x62\x4f\xde\x30\x88\x7f\xda\x17\x2e\xe2\x51\xca\x9d\xea\x03\xca\x09\x48\x80\x22\x55\x71\x64\x5c\xc0\x27\xcd\x4c\x7a\x81\x38\x8e\x08\xc0\xa4\xa8\x77\x31\x91\x41\x08\x48\xa8\x94\x10\xf3\x19\xbd\xe2"..., ...} [pid 5870] <... openat resumed>) = 3 [pid 5847] getdents64(3, [pid 5874] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5872] ioctl(4, LOOP_CONFIGURE, {fd=5, block_size=0, info={lo_offset=0, lo_number=0, lo_flags=LO_FLAGS_AUTOCLEAR|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xfe\xe8\xa2\xab\x78\xfc\x17\x9f\xd1\xf8\xa0\xe9\x1d\xda\xac\xa7\xbd\x64\xc6\xa4\xb4\xe0\x0d\x96\x83\xdd\xa1\xaf\x1e\xa8\x9d\xe2\xb7\xfb\x0a\x01", ...}} [pid 5870] openat(AT_FDCWD, "cgroup.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5847] <... getdents64 resumed>0x55557b78e6f0 /* 4 entries */, 32768) = 112 [pid 5874] <... prctl resumed>) = 0 [pid 5847] umount2("./3/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5874] setpgid(0, 0 [pid 5870] <... openat resumed>) = 4 [pid 5874] <... setpgid resumed>) = 0 [pid 5870] ioctl(3, LOOP_CONFIGURE, {fd=4, block_size=0, info={lo_offset=0, lo_number=0, lo_flags=LO_FLAGS_AUTOCLEAR|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xfe\xe8\xa2\xab\x78\xfc\x17\x9f\xd1\xf8\xa0\xe9\x1d\xda\xac\xa7\xbd\x64\xc6\xa4\xb4\xe0\x0d\x96\x83\xdd\xa1\xaf\x1e\xa8\x9d\xe2\xb7\xfb\x0a\x01", ...}} [pid 5874] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5847] <... umount2 resumed>) = 0 [pid 5847] umount2("./3/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5874] <... openat resumed>) = 3 [pid 5874] write(3, "1000", 4 [pid 5847] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5874] <... write resumed>) = 4 [pid 5874] close(3 [pid 5847] newfstatat(AT_FDCWD, "./3/file2", [pid 5874] <... close resumed>) = 0 [pid 5847] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5874] symlink("/dev/binderfs", "./binderfs" [pid 5847] umount2("./3/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5874] <... symlink resumed>) = 0 [pid 5847] <... umount2 resumed>) = -1 EINVAL (Invalid argument) executing program [pid 5874] write(1, "executing program\n", 18 [pid 5847] openat(AT_FDCWD, "./3/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5874] <... write resumed>) = 18 [pid 5847] <... openat resumed>) = 4 [pid 5874] memfd_create("syzkaller", 0 [pid 5847] newfstatat(4, "", [pid 5874] <... memfd_create resumed>) = 3 [pid 5874] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5847] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5874] <... mmap resumed>) = 0x7f9b52200000 [pid 5847] getdents64(4, 0x55557b796730 /* 2 entries */, 32768) = 48 [pid 5847] getdents64(4, 0x55557b796730 /* 0 entries */, 32768) = 0 [pid 5874] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5872] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5871] <... ioctl resumed>) = 0 [pid 5870] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5874] <... write resumed>) = 524288 [pid 5871] exit_group(0 [pid 5870] ioctl(3, LOOP_SET_STATUS64, {lo_offset=0x5, lo_number=0, lo_flags=LO_FLAGS_USE_AOPS|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xeb\xbf\x52\x74\x8b\x0b\x2a\xff\x33\x0c\x21\x36\x7b\x06\x62\x4f\xde\x30\x88\x7f\xda\x17\x2e\xe2\x51\xca\x9d\xea\x03\xca\x09\x48\x80\x22\x55\x71\x64\x5c\xc0\x27\xcd\x4c\x7a\x81\x38\x8e\x08\xc0\xa4\xa8\x77\x31\x91\x41\x08\x48\xa8\x94\x10\xf3\x19\xbd\xe2"..., ...} [pid 5874] munmap(0x7f9b52200000, 138412032 [pid 5871] <... exit_group resumed>) = ? [pid 5872] ioctl(4, LOOP_SET_STATUS64, {lo_offset=0x5, lo_number=0, lo_flags=LO_FLAGS_USE_AOPS|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xeb\xbf\x52\x74\x8b\x0b\x2a\xff\x33\x0c\x21\x36\x7b\x06\x62\x4f\xde\x30\x88\x7f\xda\x17\x2e\xe2\x51\xca\x9d\xea\x03\xca\x09\x48\x80\x22\x55\x71\x64\x5c\xc0\x27\xcd\x4c\x7a\x81\x38\x8e\x08\xc0\xa4\xa8\x77\x31\x91\x41\x08\x48\xa8\x94\x10\xf3\x19\xbd\xe2"..., ...} [pid 5847] close(4) = 0 [pid 5847] rmdir("./3/file2" [pid 5874] <... munmap resumed>) = 0 [pid 5847] <... rmdir resumed>) = 0 [pid 5874] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5847] umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5874] ioctl(4, LOOP_SET_FD, 3 [pid 5847] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5847] newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5847] unlink("./3/binderfs") = 0 [pid 5847] getdents64(3, 0x55557b78e6f0 /* 0 entries */, 32768) = 0 [pid 5847] close(3) = 0 [pid 5847] rmdir("./3") = 0 [pid 5847] mkdir("./4", 0777) = 0 [pid 5847] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5874] <... ioctl resumed>) = 0 [pid 5847] <... openat resumed>) = 3 [pid 5874] close(3) = 0 [pid 5874] close(4) = 0 [pid 5874] mkdir("./file2", 0777 [pid 5847] ioctl(3, LOOP_CLR_FD [pid 5874] <... mkdir resumed>) = 0 [pid 5874] mount("/dev/loop1", "./file2", "hfsplus", MS_NOEXEC|MS_SYNCHRONOUS|MS_REC|MS_POSIXACL, "\x64\x65\x63\x6f\x6d\x70\x6f\x73\x65\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x74\x79\x70\x65\x3d\xa7\x86\x88\x28\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x31\x30\x30\x30\x30\x31\x2c\x6e\x6c\x73\x3d\x63\x70\x38\x36\x36\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30"... [pid 5847] <... ioctl resumed>) = 0 [pid 5847] close(3) = 0 [pid 5874] <... mount resumed>) = 0 [pid 5871] +++ exited with 0 +++ [pid 5849] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5871, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5847] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5875 attached [pid 5874] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5875] set_robust_list(0x55557b78d660, 24 [pid 5874] <... openat resumed>) = 3 [pid 5875] <... set_robust_list resumed>) = 0 [pid 5874] chdir("./file2" [pid 5849] umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5875] chdir("./4" [pid 5874] <... chdir resumed>) = 0 [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5847] <... clone resumed>, child_tidptr=0x55557b78d650) = 5875 [pid 5875] <... chdir resumed>) = 0 [pid 5874] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5849] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5875] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5874] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5849] <... openat resumed>) = 3 [pid 5875] <... prctl resumed>) = 0 [pid 5874] getpid( [pid 5849] newfstatat(3, "", [pid 5874] <... getpid resumed>) = 5874 [pid 5849] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] getdents64(3, 0x55557b78e6f0 /* 4 entries */, 32768) = 112 [pid 5849] umount2("./3/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5875] setpgid(0, 0 [pid 5874] openat(AT_FDCWD, "/dev/loop0", O_RDONLY [pid 5870] <... ioctl resumed>) = 0 [pid 5870] exit_group(0) = ? [pid 5849] <... umount2 resumed>) = 0 [pid 5875] <... setpgid resumed>) = 0 [pid 5875] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5849] umount2("./3/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5875] write(3, "1000", 4 [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5875] <... write resumed>) = 4 [pid 5849] newfstatat(AT_FDCWD, "./3/file2", [pid 5875] close(3 [pid 5849] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5875] <... close resumed>) = 0 [pid 5875] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5874] <... openat resumed>) = 4 [pid 5872] <... ioctl resumed>) = 0 [pid 5870] +++ exited with 0 +++ [pid 5849] umount2("./3/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5875] write(1, "executing program\n", 18executing program [ 60.720912][ T5220] Dev loop0: unable to read RDB block 3 [ 60.726951][ T5220] loop0: unable to read partition table [ 60.736581][ T5874] loop1: detected capacity change from 0 to 1024 [ 60.743605][ T5220] loop0: partition table beyond EOD, truncated [pid 5874] openat(AT_FDCWD, "cgroup.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5872] exit_group(0 [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5875] <... write resumed>) = 18 [pid 5845] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5870, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5875] memfd_create("syzkaller", 0 [pid 5874] <... openat resumed>) = 5 [pid 5849] openat(AT_FDCWD, "./3/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5875] <... memfd_create resumed>) = 3 [pid 5874] ioctl(4, LOOP_CONFIGURE, {fd=5, block_size=0, info={lo_offset=0, lo_number=0, lo_flags=LO_FLAGS_AUTOCLEAR|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xfe\xe8\xa2\xab\x78\xfc\x17\x9f\xd1\xf8\xa0\xe9\x1d\xda\xac\xa7\xbd\x64\xc6\xa4\xb4\xe0\x0d\x96\x83\xdd\xa1\xaf\x1e\xa8\x9d\xe2\xb7\xfb\x0a\x01", ...}} [pid 5849] <... openat resumed>) = 4 [pid 5875] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5874] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5849] newfstatat(4, "", [pid 5875] <... mmap resumed>) = 0x7f9b52200000 [pid 5874] ioctl(4, LOOP_SET_STATUS64, {lo_offset=0x5, lo_number=0, lo_flags=LO_FLAGS_USE_AOPS|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xeb\xbf\x52\x74\x8b\x0b\x2a\xff\x33\x0c\x21\x36\x7b\x06\x62\x4f\xde\x30\x88\x7f\xda\x17\x2e\xe2\x51\xca\x9d\xea\x03\xca\x09\x48\x80\x22\x55\x71\x64\x5c\xc0\x27\xcd\x4c\x7a\x81\x38\x8e\x08\xc0\xa4\xa8\x77\x31\x91\x41\x08\x48\xa8\x94\x10\xf3\x19\xbd\xe2"..., ...} [pid 5849] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] getdents64(4, [pid 5875] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5849] <... getdents64 resumed>0x55557b796730 /* 2 entries */, 32768) = 48 [pid 5849] getdents64(4, 0x55557b796730 /* 0 entries */, 32768) = 0 [pid 5849] close(4) = 0 [pid 5849] rmdir("./3/file2") = 0 [pid 5849] umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] unlink("./3/binderfs") = 0 [pid 5849] getdents64(3, 0x55557b78e6f0 /* 0 entries */, 32768) = 0 [pid 5849] close(3 [pid 5845] restart_syscall(<... resuming interrupted clone ...> [pid 5849] <... close resumed>) = 0 [pid 5849] rmdir("./3" [pid 5845] <... restart_syscall resumed>) = 0 [pid 5872] <... exit_group resumed>) = ? [pid 5849] <... rmdir resumed>) = 0 [pid 5875] <... write resumed>) = 524288 [pid 5872] +++ exited with 0 +++ [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5872, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5848] restart_syscall(<... resuming interrupted clone ...> [pid 5845] umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5875] munmap(0x7f9b52200000, 138412032 [pid 5849] mkdir("./4", 0777 [pid 5848] <... restart_syscall resumed>) = 0 [pid 5845] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5875] <... munmap resumed>) = 0 [pid 5849] <... mkdir resumed>) = 0 [pid 5845] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5875] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5845] <... openat resumed>) = 3 [pid 5848] umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5875] <... openat resumed>) = 4 [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5845] newfstatat(3, "", [pid 5875] ioctl(4, LOOP_SET_FD, 3 [pid 5845] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5845] getdents64(3, [pid 5849] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5848] newfstatat(3, "", [pid 5845] <... getdents64 resumed>0x55557b78e6f0 /* 4 entries */, 32768) = 112 [pid 5849] ioctl(3, LOOP_CLR_FD [pid 5845] umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5845] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] getdents64(3, [pid 5845] newfstatat(AT_FDCWD, "./3/binderfs", [pid 5849] <... ioctl resumed>) = 0 [pid 5845] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5849] close(3 [pid 5848] <... getdents64 resumed>0x55557b78e6f0 /* 4 entries */, 32768) = 112 [pid 5845] unlink("./3/binderfs" [pid 5849] <... close resumed>) = 0 [pid 5849] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5848] umount2("./3/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5845] <... unlink resumed>) = 0 [pid 5845] umount2("./3/cgroup.stat", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5845] newfstatat(AT_FDCWD, "./3/cgroup.stat", [pid 5874] <... ioctl resumed>) = 0 [pid 5845] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5845] unlink("./3/cgroup.stat" [pid 5874] exit_group(0) = ? [pid 5874] +++ exited with 0 +++ [pid 5848] <... umount2 resumed>) = 0 [pid 5845] <... unlink resumed>) = 0 [pid 5846] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5874, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5845] getdents64(3, [pid 5846] restart_syscall(<... resuming interrupted clone ...>./strace-static-x86_64: Process 5876 attached [pid 5845] <... getdents64 resumed>0x55557b78e6f0 /* 0 entries */, 32768) = 0 [pid 5849] <... clone resumed>, child_tidptr=0x55557b78d650) = 5876 [pid 5876] set_robust_list(0x55557b78d660, 24 [pid 5845] close(3 [pid 5876] <... set_robust_list resumed>) = 0 [pid 5876] chdir("./4") = 0 [pid 5876] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5848] umount2("./3/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5845] <... close resumed>) = 0 [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5845] rmdir("./3" [pid 5848] newfstatat(AT_FDCWD, "./3/file2", [pid 5876] setpgid(0, 0 [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5845] <... rmdir resumed>) = 0 [pid 5876] <... setpgid resumed>) = 0 [pid 5875] <... ioctl resumed>) = 0 [pid 5846] <... restart_syscall resumed>) = 0 [pid 5876] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5848] umount2("./3/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5845] mkdir("./4", 0777 [pid 5876] <... openat resumed>) = 3 [pid 5875] close(3 [pid 5876] write(3, "1000", 4 [pid 5875] <... close resumed>) = 0 [pid 5876] <... write resumed>) = 4 [pid 5875] close(4 [pid 5876] close(3 [pid 5875] <... close resumed>) = 0 [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5876] <... close resumed>) = 0 [pid 5875] mkdir("./file2", 0777 [pid 5876] symlink("/dev/binderfs", "./binderfs" [pid 5875] <... mkdir resumed>) = 0 [pid 5845] <... mkdir resumed>) = 0 [pid 5846] umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5876] <... symlink resumed>) = 0 [pid 5846] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5845] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5846] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5876] write(1, "executing program\n", 18 [pid 5875] mount("/dev/loop2", "./file2", "hfsplus", MS_NOEXEC|MS_SYNCHRONOUS|MS_REC|MS_POSIXACL, "\x64\x65\x63\x6f\x6d\x70\x6f\x73\x65\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x74\x79\x70\x65\x3d\xa7\x86\x88\x28\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x31\x30\x30\x30\x30\x31\x2c\x6e\x6c\x73\x3d\x63\x70\x38\x36\x36\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30"... [pid 5845] <... openat resumed>) = 3 executing program [pid 5876] <... write resumed>) = 18 [pid 5846] <... openat resumed>) = 3 [pid 5876] memfd_create("syzkaller", 0 [pid 5848] openat(AT_FDCWD, "./3/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5846] newfstatat(3, "", [pid 5845] ioctl(3, LOOP_CLR_FD [pid 5848] <... openat resumed>) = 4 [pid 5846] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] newfstatat(4, "", [pid 5846] getdents64(3, [pid 5845] <... ioctl resumed>) = 0 [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5846] <... getdents64 resumed>0x55557b78e6f0 /* 4 entries */, 32768) = 112 [pid 5845] close(3 [pid 5876] <... memfd_create resumed>) = 3 [pid 5848] getdents64(4, [pid 5846] umount2("./4/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5876] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b52200000 [pid 5875] <... mount resumed>) = 0 [pid 5845] <... close resumed>) = 0 [ 60.839337][ T5875] loop2: detected capacity change from 0 to 1024 [pid 5876] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5875] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5848] <... getdents64 resumed>0x55557b796730 /* 2 entries */, 32768) = 48 [pid 5845] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5875] <... openat resumed>) = 3 [pid 5875] chdir("./file2") = 0 [pid 5875] openat(AT_FDCWD, "/dev/loop2", O_RDWR./strace-static-x86_64: Process 5877 attached ) = -1 EBUSY (Device or resource busy) [pid 5848] getdents64(4, [pid 5875] getpid( [pid 5848] <... getdents64 resumed>0x55557b796730 /* 0 entries */, 32768) = 0 [pid 5875] <... getpid resumed>) = 5875 [pid 5848] close(4 [pid 5845] <... clone resumed>, child_tidptr=0x55557b78d650) = 5877 [pid 5876] <... write resumed>) = 524288 [pid 5875] openat(AT_FDCWD, "/dev/loop0", O_RDONLY [pid 5877] set_robust_list(0x55557b78d660, 24 [pid 5875] <... openat resumed>) = 4 [pid 5846] <... umount2 resumed>) = 0 [pid 5848] <... close resumed>) = 0 [pid 5875] openat(AT_FDCWD, "cgroup.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5846] umount2("./4/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] rmdir("./3/file2" [pid 5877] <... set_robust_list resumed>) = 0 [pid 5848] <... rmdir resumed>) = 0 [pid 5846] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5876] munmap(0x7f9b52200000, 138412032 [pid 5877] chdir("./4" [pid 5876] <... munmap resumed>) = 0 [pid 5848] umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5846] newfstatat(AT_FDCWD, "./4/file2", [pid 5876] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5877] <... chdir resumed>) = 0 [pid 5876] <... openat resumed>) = 4 [pid 5848] newfstatat(AT_FDCWD, "./3/binderfs", [pid 5846] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5876] ioctl(4, LOOP_SET_FD, 3 [pid 5848] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5877] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5846] umount2("./4/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5877] <... prctl resumed>) = 0 [pid 5875] <... openat resumed>) = 5 [pid 5846] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5877] setpgid(0, 0 [pid 5875] ioctl(4, LOOP_CONFIGURE, {fd=5, block_size=0, info={lo_offset=0, lo_number=0, lo_flags=LO_FLAGS_AUTOCLEAR|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xfe\xe8\xa2\xab\x78\xfc\x17\x9f\xd1\xf8\xa0\xe9\x1d\xda\xac\xa7\xbd\x64\xc6\xa4\xb4\xe0\x0d\x96\x83\xdd\xa1\xaf\x1e\xa8\x9d\xe2\xb7\xfb\x0a\x01", ...}} [pid 5846] openat(AT_FDCWD, "./4/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5877] <... setpgid resumed>) = 0 [pid 5875] <... ioctl resumed>) = 0 [pid 5846] <... openat resumed>) = 4 [pid 5877] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5875] ioctl(4, LOOP_SET_STATUS64, {lo_offset=0x5, lo_number=0, lo_flags=LO_FLAGS_USE_AOPS|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xeb\xbf\x52\x74\x8b\x0b\x2a\xff\x33\x0c\x21\x36\x7b\x06\x62\x4f\xde\x30\x88\x7f\xda\x17\x2e\xe2\x51\xca\x9d\xea\x03\xca\x09\x48\x80\x22\x55\x71\x64\x5c\xc0\x27\xcd\x4c\x7a\x81\x38\x8e\x08\xc0\xa4\xa8\x77\x31\x91\x41\x08\x48\xa8\x94\x10\xf3\x19\xbd\xe2"..., ...} [pid 5846] newfstatat(4, "", [pid 5877] <... openat resumed>) = 3 [pid 5846] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5877] write(3, "1000", 4 [pid 5846] getdents64(4, [pid 5877] <... write resumed>) = 4 [pid 5846] <... getdents64 resumed>0x55557b796730 /* 2 entries */, 32768) = 48 [pid 5877] close(3 [pid 5846] getdents64(4, [pid 5877] <... close resumed>) = 0 [pid 5846] <... getdents64 resumed>0x55557b796730 /* 0 entries */, 32768) = 0 [pid 5848] unlink("./3/binderfs" [pid 5877] symlink("/dev/binderfs", "./binderfs" [pid 5846] close(4executing program [pid 5877] <... symlink resumed>) = 0 [pid 5846] <... close resumed>) = 0 [pid 5846] rmdir("./4/file2" [pid 5848] <... unlink resumed>) = 0 [pid 5846] <... rmdir resumed>) = 0 [pid 5877] write(1, "executing program\n", 18 [pid 5846] umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5877] <... write resumed>) = 18 [pid 5846] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5877] memfd_create("syzkaller", 0 [pid 5846] newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5877] <... memfd_create resumed>) = 3 [pid 5846] unlink("./4/binderfs" [pid 5877] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5848] getdents64(3, [pid 5846] <... unlink resumed>) = 0 [pid 5877] <... mmap resumed>) = 0x7f9b52200000 [pid 5846] getdents64(3, [pid 5876] <... ioctl resumed>) = 0 [pid 5848] <... getdents64 resumed>0x55557b78e6f0 /* 0 entries */, 32768) = 0 [pid 5876] close(3 [pid 5848] close(3 [pid 5846] <... getdents64 resumed>0x55557b78e6f0 /* 0 entries */, 32768) = 0 [pid 5877] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5876] <... close resumed>) = 0 [pid 5848] <... close resumed>) = 0 [pid 5876] close(4 [pid 5848] rmdir("./3" [pid 5846] close(3 [pid 5877] <... write resumed>) = 524288 [pid 5848] <... rmdir resumed>) = 0 [pid 5877] munmap(0x7f9b52200000, 138412032 [pid 5876] <... close resumed>) = 0 [pid 5848] mkdir("./4", 0777 [pid 5846] <... close resumed>) = 0 [pid 5877] <... munmap resumed>) = 0 [pid 5876] mkdir("./file2", 0777 [pid 5848] <... mkdir resumed>) = 0 [pid 5846] rmdir("./4" [pid 5877] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5876] <... mkdir resumed>) = 0 [pid 5848] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5876] mount("/dev/loop4", "./file2", "hfsplus", MS_NOEXEC|MS_SYNCHRONOUS|MS_REC|MS_POSIXACL, "\x64\x65\x63\x6f\x6d\x70\x6f\x73\x65\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x74\x79\x70\x65\x3d\xa7\x86\x88\x28\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x31\x30\x30\x30\x30\x31\x2c\x6e\x6c\x73\x3d\x63\x70\x38\x36\x36\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30"... [pid 5848] <... openat resumed>) = 3 [pid 5848] ioctl(3, LOOP_CLR_FD [pid 5846] <... rmdir resumed>) = 0 [pid 5848] <... ioctl resumed>) = 0 [pid 5848] close(3) = 0 [ 60.927292][ T5876] loop4: detected capacity change from 0 to 1024 [ 60.963661][ T5875] [ 60.966045][ T5875] ====================================================== [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557b78d650) = 5878 [ 60.973070][ T5875] WARNING: possible circular locking dependency detected [ 60.980122][ T5875] 6.12.0-rc5-next-20241101-syzkaller #0 Not tainted [ 60.986726][ T5875] ------------------------------------------------------ [ 60.993759][ T5875] syz-executor964/5875 is trying to acquire lock: [ 61.000164][ T5875] ffff8880271080b0 (&tree->tree_lock){+.+.}-{4:4}, at: hfsplus_find_init+0x14a/0x1c0 [ 61.009674][ T5875] [ 61.009674][ T5875] but task is already holding lock: [ 61.017021][ T5875] ffff88807b5638f8 (&sb->s_type->i_mutex_key#15){+.+.}-{4:4}, at: hfsplus_file_fsync+0xe8/0x4d0 [ 61.027457][ T5875] [ 61.027457][ T5875] which lock already depends on the new lock. [ 61.027457][ T5875] [ 61.037850][ T5875] [ 61.037850][ T5875] the existing dependency chain (in reverse order) is: [ 61.046851][ T5875] [ 61.046851][ T5875] -> #2 (&sb->s_type->i_mutex_key#15){+.+.}-{4:4}: [ 61.055547][ T5875] lock_acquire+0x1ed/0x550 [ 61.060564][ T5875] down_write+0x99/0x220 [ 61.065326][ T5875] hfsplus_file_fsync+0xe8/0x4d0 [ 61.070783][ T5875] __loop_update_dio+0x1a4/0x500 [ 61.076233][ T5875] loop_set_status+0x62b/0x8f0 [ 61.081511][ T5875] lo_ioctl+0xcbc/0x1f50 [ 61.086265][ T5875] blkdev_ioctl+0x57d/0x6a0 [ 61.091279][ T5875] __se_sys_ioctl+0xf9/0x170 [ 61.096388][ T5875] do_syscall_64+0xf3/0x230 [ 61.101401][ T5875] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 61.107809][ T5875] [ 61.107809][ T5875] -> #1 (&q->q_usage_counter(io)#17){++++}-{0:0}: [ 61.116409][ T5875] lock_acquire+0x1ed/0x550 [ 61.121421][ T5875] blk_mq_submit_bio+0x1510/0x2490 [ 61.127045][ T5875] __submit_bio+0x2c2/0x560 [ 61.132062][ T5875] submit_bio_noacct_nocheck+0x4d3/0xe30 [ 61.138207][ T5875] block_read_full_folio+0x93b/0xcd0 [ 61.144004][ T5875] filemap_read_folio+0x14b/0x630 [ 61.149542][ T5875] do_read_cache_folio+0x3f5/0x850 [ 61.155166][ T5875] do_read_cache_page+0x30/0x200 [ 61.160612][ T5875] __hfs_bnode_create+0x487/0x770 [ 61.166148][ T5875] hfsplus_bnode_find+0x237/0x10c0 [ 61.171768][ T5875] hfsplus_brec_find+0x183/0x570 [ 61.177214][ T5875] hfsplus_brec_read+0x2b/0x110 [ 61.182573][ T5875] hfsplus_find_cat+0x17f/0x5d0 [ 61.187935][ T5875] hfsplus_iget+0x483/0x680 [ 61.192948][ T5875] hfsplus_fill_super+0xc4d/0x1be0 [ 61.198571][ T5875] get_tree_bdev_flags+0x48c/0x5c0 [ 61.204195][ T5875] vfs_get_tree+0x90/0x2b0 [ 61.209120][ T5875] do_new_mount+0x2be/0xb40 [ 61.214130][ T5875] __se_sys_mount+0x2d6/0x3c0 [ 61.219317][ T5875] do_syscall_64+0xf3/0x230 [ 61.224328][ T5875] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 61.230736][ T5875] [ 61.230736][ T5875] -> #0 (&tree->tree_lock){+.+.}-{4:4}: [ 61.238461][ T5875] validate_chain+0x18ef/0x5920 [ 61.243825][ T5875] __lock_acquire+0x1397/0x2100 [ 61.249187][ T5875] lock_acquire+0x1ed/0x550 [ 61.254197][ T5875] __mutex_lock+0x1ac/0xee0 [ 61.259210][ T5875] hfsplus_find_init+0x14a/0x1c0 [ 61.264655][ T5875] hfsplus_cat_write_inode+0x1df/0x1070 [ 61.270712][ T5875] __writeback_single_inode+0x711/0x10d0 [ 61.276874][ T5875] writeback_single_inode+0x1f3/0x660 [ 61.282775][ T5875] sync_inode_metadata+0xc4/0x120 [ 61.288328][ T5875] hfsplus_file_fsync+0xf5/0x4d0 [ 61.293791][ T5875] __loop_update_dio+0x1a4/0x500 [ 61.299248][ T5875] loop_set_status+0x62b/0x8f0 [ 61.304530][ T5875] lo_ioctl+0xcbc/0x1f50 [ 61.309289][ T5875] blkdev_ioctl+0x57d/0x6a0 [ 61.314306][ T5875] __se_sys_ioctl+0xf9/0x170 [ 61.319410][ T5875] do_syscall_64+0xf3/0x230 [ 61.324421][ T5875] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 61.330837][ T5875] [ 61.330837][ T5875] other info that might help us debug this: [ 61.330837][ T5875] [ 61.341075][ T5875] Chain exists of: [ 61.341075][ T5875] &tree->tree_lock --> &q->q_usage_counter(io)#17 --> &sb->s_type->i_mutex_key#15 [ 61.341075][ T5875] [ 61.356214][ T5875] Possible unsafe locking scenario: [ 61.356214][ T5875] [ 61.363668][ T5875] CPU0 CPU1 [ 61.369025][ T5875] ---- ---- [ 61.374378][ T5875] lock(&sb->s_type->i_mutex_key#15); [ 61.379835][ T5875] lock(&q->q_usage_counter(io)#17); [ 61.387725][ T5875] lock(&sb->s_type->i_mutex_key#15); [ 61.395701][ T5875] lock(&tree->tree_lock); [ 61.400196][ T5875] [ 61.400196][ T5875] *** DEADLOCK *** [ 61.400196][ T5875] [ 61.408337][ T5875] 4 locks held by syz-executor964/5875: [ 61.413869][ T5875] #0: ffff8881427f3360 (&lo->lo_mutex){+.+.}-{4:4}, at: loop_set_status+0x2a/0x8f0 [ 61.423270][ T5875] #1: ffff888143381db8 (&q->q_usage_counter(io)#17){++++}-{0:0}, at: blk_mq_freeze_queue+0x15/0x20 [ 61.434068][ T5875] #2: ffff888143381df0 (&q->q_usage_counter(queue)){+.+.}-{0:0}, at: blk_mq_freeze_queue+0x15/0x20 [ 61.444848][ T5875] #3: ffff88807b5638f8 (&sb->s_type->i_mutex_key#15){+.+.}-{4:4}, at: hfsplus_file_fsync+0xe8/0x4d0 [ 61.455725][ T5875] [ 61.455725][ T5875] stack backtrace: [ 61.461613][ T5875] CPU: 1 UID: 0 PID: 5875 Comm: syz-executor964 Not tainted 6.12.0-rc5-next-20241101-syzkaller #0 [ 61.472205][ T5875] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 61.482275][ T5875] Call Trace: [ 61.485560][ T5875] [ 61.488481][ T5875] dump_stack_lvl+0x241/0x360 [ 61.493172][ T5875] ? __pfx_dump_stack_lvl+0x10/0x10 [ 61.498377][ T5875] ? __pfx__printk+0x10/0x10 [ 61.502985][ T5875] print_circular_bug+0x13a/0x1b0 [ 61.508018][ T5875] check_noncircular+0x36a/0x4a0 [ 61.512954][ T5875] ? __pfx_check_noncircular+0x10/0x10 [ 61.518404][ T5875] ? lockdep_lock+0x123/0x2b0 [ 61.523078][ T5875] validate_chain+0x18ef/0x5920 [ 61.527928][ T5875] ? __pfx_validate_chain+0x10/0x10 [ 61.533123][ T5875] ? mark_lock+0x9a/0x360 [ 61.537443][ T5875] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 61.543418][ T5875] ? mark_lock+0x9a/0x360 [ 61.547741][ T5875] __lock_acquire+0x1397/0x2100 [ 61.552586][ T5875] lock_acquire+0x1ed/0x550 [ 61.557078][ T5875] ? hfsplus_find_init+0x14a/0x1c0 [ 61.562184][ T5875] ? __pfx_lock_acquire+0x10/0x10 [ 61.567194][ T5875] ? hfsplus_find_init+0x85/0x1c0 [ 61.572209][ T5875] ? hfsplus_cat_write_inode+0x1df/0x1070 [ 61.577921][ T5875] ? __pfx___might_resched+0x10/0x10 [ 61.583201][ T5875] ? __loop_update_dio+0x1a4/0x500 [ 61.588303][ T5875] ? loop_set_status+0x62b/0x8f0 [ 61.593231][ T5875] ? lo_ioctl+0xcbc/0x1f50 [ 61.597639][ T5875] ? blkdev_ioctl+0x57d/0x6a0 [ 61.602303][ T5875] ? __se_sys_ioctl+0xf9/0x170 [ 61.607060][ T5875] ? do_syscall_64+0xf3/0x230 [ 61.611724][ T5875] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 61.617791][ T5875] __mutex_lock+0x1ac/0xee0 [ 61.622284][ T5875] ? hfsplus_find_init+0x14a/0x1c0 [ 61.627387][ T5875] ? hfsplus_find_init+0x14a/0x1c0 [ 61.632491][ T5875] ? __pfx___mutex_lock+0x10/0x10 [ 61.637506][ T5875] ? rcu_is_watching+0x15/0xb0 [ 61.642263][ T5875] ? __kmalloc_noprof+0x2a5/0x4c0 [ 61.647276][ T5875] ? hfsplus_find_init+0x85/0x1c0 [ 61.652292][ T5875] hfsplus_find_init+0x14a/0x1c0 [ 61.657220][ T5875] hfsplus_cat_write_inode+0x1df/0x1070 [ 61.662762][ T5875] ? __pfx_hfsplus_cat_write_inode+0x10/0x10 [ 61.668739][ T5875] ? trace_contention_end+0x3c/0x120 [ 61.674017][ T5875] ? __mutex_lock+0x37f/0xee0 [ 61.678702][ T5875] ? __writeback_single_inode+0x48f/0x10d0 [ 61.684504][ T5875] ? do_raw_spin_lock+0x14f/0x370 [ 61.689521][ T5875] ? __pfx_lock_release+0x10/0x10 [ 61.694536][ T5875] ? hfsplus_write_inode+0x19c/0x5e0 [ 61.699815][ T5875] __writeback_single_inode+0x711/0x10d0 [ 61.705447][ T5875] writeback_single_inode+0x1f3/0x660 [ 61.710818][ T5875] sync_inode_metadata+0xc4/0x120 [ 61.715834][ T5875] ? __pfx_sync_inode_metadata+0x10/0x10 [ 61.721475][ T5875] ? __pfx_down_write+0x10/0x10 [ 61.726318][ T5875] ? kobject_uevent_env+0x54d/0x8e0 [ 61.731507][ T5875] ? kfree+0x196/0x420 [ 61.735568][ T5875] hfsplus_file_fsync+0xf5/0x4d0 [ 61.740503][ T5875] __loop_update_dio+0x1a4/0x500 [ 61.745435][ T5875] loop_set_status+0x62b/0x8f0 [ 61.750198][ T5875] lo_ioctl+0xcbc/0x1f50 [ 61.754432][ T5875] ? mark_lock+0x9a/0x360 [ 61.758750][ T5875] ? validate_chain+0x11e/0x5920 [ 61.763680][ T5875] ? __pfx_lo_ioctl+0x10/0x10 [ 61.768350][ T5875] ? mark_lock+0x9a/0x360 [ 61.772672][ T5875] ? __lock_acquire+0x1397/0x2100 [ 61.777698][ T5875] ? unwind_next_frame+0x18e6/0x22d0 [ 61.782976][ T5875] ? preempt_count_add+0x93/0x190 [ 61.787999][ T5875] ? is_bpf_text_address+0x285/0x2a0 [ 61.793277][ T5875] ? is_bpf_text_address+0x26/0x2a0 [ 61.798463][ T5875] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 61.804610][ T5875] ? kernel_text_address+0xa7/0xe0 [ 61.809712][ T5875] ? __kernel_text_address+0xd/0x40 [ 61.814901][ T5875] ? unwind_get_return_address+0x4d/0x90 [ 61.820524][ T5875] ? arch_stack_walk+0xfd/0x150 [ 61.825366][ T5875] ? stack_trace_save+0x118/0x1d0 [ 61.830383][ T5875] ? __pfx_stack_trace_save+0x10/0x10 [ 61.835746][ T5875] ? stack_depot_save_flags+0x29/0x830 [ 61.841206][ T5875] ? kasan_save_track+0x51/0x80 [ 61.846050][ T5875] ? kasan_save_track+0x3f/0x80 [ 61.850897][ T5875] ? kasan_save_free_info+0x40/0x50 [ 61.856086][ T5875] ? __kasan_slab_free+0x59/0x70 [ 61.861022][ T5875] ? kfree+0x196/0x420 [ 61.865086][ T5875] ? tomoyo_path_number_perm+0x679/0x860 [ 61.870715][ T5875] ? security_file_ioctl+0xc6/0x2a0 [ 61.875906][ T5875] ? __se_sys_ioctl+0x47/0x170 [ 61.880663][ T5875] ? do_syscall_64+0xf3/0x230 [ 61.885420][ T5875] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 61.891484][ T5875] ? do_vfs_ioctl+0xf08/0x2e40 [ 61.896284][ T5875] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 61.901306][ T5875] ? mark_lock+0x9a/0x360 [ 61.905629][ T5875] ? tomoyo_path_number_perm+0x206/0x860 [ 61.911256][ T5875] ? __pfx_lock_release+0x10/0x10 [ 61.916270][ T5875] ? tomoyo_path_number_perm+0x679/0x860 [ 61.921899][ T5875] ? tomoyo_path_number_perm+0x679/0x860 [ 61.927528][ T5875] ? blkdev_common_ioctl+0xfca/0x2480 [ 61.932894][ T5875] ? __pfx_blkdev_common_ioctl+0x10/0x10 [ 61.938515][ T5875] ? tomoyo_path_number_perm+0x206/0x860 [ 61.944143][ T5875] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 61.950124][ T5875] ? file_to_blk_mode+0xcc/0x140 [ 61.955052][ T5875] ? __pfx_lo_ioctl+0x10/0x10 [ 61.959721][ T5875] blkdev_ioctl+0x57d/0x6a0 [ 61.964214][ T5875] ? __pfx_blkdev_ioctl+0x10/0x10 [ 61.969228][ T5875] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 61.975552][ T5875] ? __pfx_blkdev_ioctl+0x10/0x10 [ 61.980566][ T5875] __se_sys_ioctl+0xf9/0x170 [ 61.985153][ T5875] do_syscall_64+0xf3/0x230 [ 61.989649][ T5875] ? clear_bhb_loop+0x35/0x90 [ 61.994315][ T5875] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 62.000210][ T5875] RIP: 0033:0x7f9b5a770659 [ 62.004621][ T5875] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 ./strace-static-x86_64: Process 5878 attached [pid 5846] mkdir("./5", 0777 [pid 5878] set_robust_list(0x55557b78d660, 24 [pid 5846] <... mkdir resumed>) = 0 [pid 5878] <... set_robust_list resumed>) = 0 [pid 5846] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5878] chdir("./4" [pid 5846] ioctl(3, LOOP_CLR_FD [pid 5878] <... chdir resumed>) = 0 [pid 5846] <... ioctl resumed>) = 0 [pid 5878] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5846] close(3 [pid 5878] <... prctl resumed>) = 0 [pid 5878] setpgid(0, 0 [pid 5846] <... close resumed>) = 0 [pid 5878] <... setpgid resumed>) = 0 [pid 5877] <... openat resumed>) = 4 [pid 5875] <... ioctl resumed>) = 0 [pid 5846] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5877] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 5879 attached [pid 5878] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5877] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5875] exit_group(0 [pid 5879] set_robust_list(0x55557b78d660, 24 [pid 5878] <... openat resumed>) = 3 [pid 5877] ioctl(4, LOOP_CLR_FD [pid 5875] <... exit_group resumed>) = ? [pid 5846] <... clone resumed>, child_tidptr=0x55557b78d650) = 5879 [pid 5879] <... set_robust_list resumed>) = 0 [pid 5878] write(3, "1000", 4 [pid 5877] <... ioctl resumed>) = 0 [pid 5879] chdir("./5" [pid 5878] <... write resumed>) = 4 [pid 5875] +++ exited with 0 +++ [pid 5879] <... chdir resumed>) = 0 [pid 5878] close(3 [pid 5847] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5875, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5879] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5878] <... close resumed>) = 0 [pid 5847] restart_syscall(<... resuming interrupted clone ...> [pid 5879] <... prctl resumed>) = 0 [pid 5878] symlink("/dev/binderfs", "./binderfs" [pid 5879] setpgid(0, 0 [pid 5878] <... symlink resumed>) = 0 [pid 5879] <... setpgid resumed>) = 0 [pid 5878] write(1, "executing program\n", 18executing program [pid 5879] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5878] <... write resumed>) = 18 [pid 5877] ioctl(4, LOOP_SET_FD, 3 [pid 5879] <... openat resumed>) = 3 [pid 5877] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [ 62.024219][ T5875] RSP: 002b:00007ffcf71a2de8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 62.032625][ T5875] RAX: ffffffffffffffda RBX: 00007f9b5a7b90a0 RCX: 00007f9b5a770659 [ 62.040587][ T5875] RDX: 0000000020001300 RSI: 0000000000004c04 RDI: 0000000000000004 [ 62.048550][ T5875] RBP: 0000000000000000 R08: 0000000000000000 R09: 00007ffcf71a2e20 [ 62.056510][ T5875] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcf71a2e0c [ 62.064472][ T5875] R13: 0000000000000004 R14: 431bde82d7b634db R15: 00007ffcf71a2e40 [ 62.072440][ T5875] [pid 5879] write(3, "1000", 4 [pid 5878] memfd_create("syzkaller", 0 [pid 5877] close(4 [pid 5879] <... write resumed>) = 4 [pid 5878] <... memfd_create resumed>) = 3 [pid 5877] <... close resumed>) = 0 [pid 5876] <... mount resumed>) = 0 [pid 5847] <... restart_syscall resumed>) = 0 [pid 5879] close(3 [pid 5878] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5877] close(3 [pid 5876] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5879] <... close resumed>) = 0 [pid 5878] <... mmap resumed>) = 0x7f9b52200000 [pid 5877] <... close resumed>) = 0 [pid 5876] <... openat resumed>) = 3 [pid 5876] chdir("./file2" [pid 5847] umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5879] symlink("/dev/binderfs", "./binderfs" [pid 5876] <... chdir resumed>) = 0 [pid 5847] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5876] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5847] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5876] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5847] <... openat resumed>) = 3 [pid 5876] getpid( [pid 5847] newfstatat(3, "", [pid 5876] <... getpid resumed>) = 5876 [pid 5847] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5879] <... symlink resumed>) = 0 [pid 5876] openat(AT_FDCWD, "/dev/loop0", O_RDONLY [pid 5847] getdents64(3, [pid 5876] <... openat resumed>) = 4 [pid 5847] <... getdents64 resumed>0x55557b78e6f0 /* 4 entries */, 32768) = 112 [pid 5876] openat(AT_FDCWD, "cgroup.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5847] umount2("./4/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5879] write(1, "executing program\n", 18 [pid 5876] <... openat resumed>) = 5 [pid 5876] ioctl(4, LOOP_CONFIGURE, {fd=5, block_size=0, info={lo_offset=0, lo_number=0, lo_flags=LO_FLAGS_AUTOCLEAR|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xfe\xe8\xa2\xab\x78\xfc\x17\x9f\xd1\xf8\xa0\xe9\x1d\xda\xac\xa7\xbd\x64\xc6\xa4\xb4\xe0\x0d\x96\x83\xdd\xa1\xaf\x1e\xa8\x9d\xe2\xb7\xfb\x0a\x01", ...}}) = 0 executing program [pid 5876] ioctl(4, LOOP_SET_STATUS64, {lo_offset=0x5, lo_number=0, lo_flags=LO_FLAGS_USE_AOPS|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xeb\xbf\x52\x74\x8b\x0b\x2a\xff\x33\x0c\x21\x36\x7b\x06\x62\x4f\xde\x30\x88\x7f\xda\x17\x2e\xe2\x51\xca\x9d\xea\x03\xca\x09\x48\x80\x22\x55\x71\x64\x5c\xc0\x27\xcd\x4c\x7a\x81\x38\x8e\x08\xc0\xa4\xa8\x77\x31\x91\x41\x08\x48\xa8\x94\x10\xf3\x19\xbd\xe2"..., ...} [pid 5879] <... write resumed>) = 18 [pid 5877] getpid() = 5877 [pid 5877] openat(AT_FDCWD, "/dev/loop0", O_RDONLY [pid 5879] memfd_create("syzkaller", 0) = 3 [pid 5847] <... umount2 resumed>) = 0 [pid 5879] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5847] umount2("./4/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5847] newfstatat(AT_FDCWD, "./4/file2", [pid 5879] <... mmap resumed>) = 0x7f9b52200000 [pid 5878] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5847] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5847] umount2("./4/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5847] openat(AT_FDCWD, "./4/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5847] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5847] getdents64(4, 0x55557b796730 /* 2 entries */, 32768) = 48 [pid 5847] getdents64(4, 0x55557b796730 /* 0 entries */, 32768) = 0 [pid 5847] close(4) = 0 [pid 5847] rmdir("./4/file2") = 0 [pid 5847] umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5847] newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5847] unlink("./4/binderfs") = 0 [pid 5847] getdents64(3, 0x55557b78e6f0 /* 0 entries */, 32768) = 0 [pid 5847] close(3) = 0 [pid 5847] rmdir("./4" [pid 5879] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5847] <... rmdir resumed>) = 0 [pid 5847] mkdir("./5", 0777) = 0 [pid 5847] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5847] ioctl(3, LOOP_CLR_FD) = 0 [pid 5847] close(3 [pid 5879] <... write resumed>) = 524288 [pid 5878] <... write resumed>) = 524288 [pid 5847] <... close resumed>) = 0 [pid 5878] munmap(0x7f9b52200000, 138412032 [pid 5847] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5880 attached [pid 5879] munmap(0x7f9b52200000, 138412032 [pid 5878] <... munmap resumed>) = 0 [pid 5880] set_robust_list(0x55557b78d660, 24 [pid 5879] <... munmap resumed>) = 0 [pid 5878] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5877] <... openat resumed>) = 3 [pid 5876] <... ioctl resumed>) = 0 [pid 5847] <... clone resumed>, child_tidptr=0x55557b78d650) = 5880 [pid 5880] <... set_robust_list resumed>) = 0 [pid 5879] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5878] <... openat resumed>) = 4 [pid 5877] openat(AT_FDCWD, "cgroup.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5876] exit_group(0 [pid 5880] chdir("./5" [pid 5879] <... openat resumed>) = 4 [pid 5878] ioctl(4, LOOP_SET_FD, 3 [pid 5876] <... exit_group resumed>) = ? [pid 5880] <... chdir resumed>) = 0 [pid 5879] ioctl(4, LOOP_SET_FD, 3 [pid 5877] <... openat resumed>) = 4 [pid 5876] +++ exited with 0 +++ [pid 5880] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5877] ioctl(3, LOOP_CONFIGURE, {fd=4, block_size=0, info={lo_offset=0, lo_number=0, lo_flags=LO_FLAGS_AUTOCLEAR|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xfe\xe8\xa2\xab\x78\xfc\x17\x9f\xd1\xf8\xa0\xe9\x1d\xda\xac\xa7\xbd\x64\xc6\xa4\xb4\xe0\x0d\x96\x83\xdd\xa1\xaf\x1e\xa8\x9d\xe2\xb7\xfb\x0a\x01", ...}} [pid 5880] <... prctl resumed>) = 0 [pid 5877] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5880] setpgid(0, 0 [pid 5877] ioctl(3, LOOP_SET_STATUS64, {lo_offset=0x5, lo_number=0, lo_flags=LO_FLAGS_USE_AOPS|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xeb\xbf\x52\x74\x8b\x0b\x2a\xff\x33\x0c\x21\x36\x7b\x06\x62\x4f\xde\x30\x88\x7f\xda\x17\x2e\xe2\x51\xca\x9d\xea\x03\xca\x09\x48\x80\x22\x55\x71\x64\x5c\xc0\x27\xcd\x4c\x7a\x81\x38\x8e\x08\xc0\xa4\xa8\x77\x31\x91\x41\x08\x48\xa8\x94\x10\xf3\x19\xbd\xe2"..., ...} [pid 5880] <... setpgid resumed>) = 0 [pid 5880] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5880] write(3, "1000", 4) = 4 [pid 5880] close(3) = 0 [pid 5880] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5880] write(1, "executing program\n", 18) = 18 [pid 5880] memfd_create("syzkaller", 0) = 3 [pid 5880] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b52200000 [pid 5849] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5876, si_uid=0, si_status=0, si_utime=0, si_stime=110 /* 1.10 s */} --- [pid 5879] <... ioctl resumed>) = 0 [pid 5878] <... ioctl resumed>) = 0 [pid 5879] close(3 [pid 5878] close(3 [pid 5849] restart_syscall(<... resuming interrupted clone ...> [pid 5879] <... close resumed>) = 0 [pid 5878] <... close resumed>) = 0 [pid 5879] close(4 [pid 5878] close(4 [pid 5879] <... close resumed>) = 0 [pid 5878] <... close resumed>) = 0 [pid 5849] <... restart_syscall resumed>) = 0 [pid 5878] mkdir("./file2", 0777 [pid 5879] mkdir("./file2", 0777) = 0 [pid 5879] mount("/dev/loop1", "./file2", "hfsplus", MS_NOEXEC|MS_SYNCHRONOUS|MS_REC|MS_POSIXACL, "\x64\x65\x63\x6f\x6d\x70\x6f\x73\x65\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x74\x79\x70\x65\x3d\xa7\x86\x88\x28\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x31\x30\x30\x30\x30\x31\x2c\x6e\x6c\x73\x3d\x63\x70\x38\x36\x36\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30"... [pid 5878] <... mkdir resumed>) = 0 [pid 5878] mount("/dev/loop3", "./file2", "hfsplus", MS_NOEXEC|MS_SYNCHRONOUS|MS_REC|MS_POSIXACL, "\x64\x65\x63\x6f\x6d\x70\x6f\x73\x65\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x74\x79\x70\x65\x3d\xa7\x86\x88\x28\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x31\x30\x30\x30\x30\x31\x2c\x6e\x6c\x73\x3d\x63\x70\x38\x36\x36\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30"... [pid 5849] umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5849] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5849] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5849] getdents64(3, 0x55557b78e6f0 /* 4 entries */, 32768) = 112 [pid 5849] umount2("./4/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5878] <... mount resumed>) = 0 [pid 5849] <... umount2 resumed>) = -1 EBUSY (Device or resource busy) [pid 5878] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5878] chdir("./file2" [pid 5879] <... mount resumed>) = 0 [pid 5878] <... chdir resumed>) = 0 [pid 5879] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5878] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5849] newfstatat(AT_FDCWD, "./4/file2", [pid 5878] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5878] getpid( [pid 5849] <... newfstatat resumed>{st_mode=S_IFDIR|0766, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5879] <... openat resumed>) = 3 [pid 5878] <... getpid resumed>) = 5878 [pid 5849] umount2("./4/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5878] openat(AT_FDCWD, "/dev/loop0", O_RDONLY [pid 5849] <... umount2 resumed>) = -1 EBUSY (Device or resource busy) [pid 5849] openat(AT_FDCWD, "./4/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5879] chdir("./file2" [pid 5849] <... openat resumed>) = 4 [pid 5879] <... chdir resumed>) = 0 [pid 5849] newfstatat(4, "", [pid 5879] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5849] <... newfstatat resumed>{st_mode=S_IFDIR|0766, st_size=10, ...}, AT_EMPTY_PATH) = 0 [pid 5879] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5849] getdents64(4, [pid 5879] getpid() = 5879 [pid 5879] openat(AT_FDCWD, "/dev/loop0", O_RDONLY [pid 5880] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5849] <... getdents64 resumed>0x55557b796730 /* 4 entries */, 32768) = 112 [pid 5880] <... write resumed>) = 524288 [pid 5879] <... openat resumed>) = 4 [pid 5878] <... openat resumed>) = 4 [pid 5877] <... ioctl resumed>) = 0 [pid 5849] umount2("./4/file2/cgroup.stat", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5880] munmap(0x7f9b52200000, 138412032 [pid 5879] openat(AT_FDCWD, "cgroup.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5878] openat(AT_FDCWD, "cgroup.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5849] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5877] exit_group(0 [pid 5849] newfstatat(AT_FDCWD, "./4/file2/cgroup.stat", [pid 5877] <... exit_group resumed>) = ? [pid 5879] <... openat resumed>) = 5 [pid 5877] +++ exited with 0 +++ [pid 5849] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5879] ioctl(4, LOOP_CONFIGURE, {fd=5, block_size=0, info={lo_offset=0, lo_number=0, lo_flags=LO_FLAGS_AUTOCLEAR|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xfe\xe8\xa2\xab\x78\xfc\x17\x9f\xd1\xf8\xa0\xe9\x1d\xda\xac\xa7\xbd\x64\xc6\xa4\xb4\xe0\x0d\x96\x83\xdd\xa1\xaf\x1e\xa8\x9d\xe2\xb7\xfb\x0a\x01", ...}} [pid 5849] unlink("./4/file2/cgroup.stat" [pid 5845] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5877, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5879] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5845] restart_syscall(<... resuming interrupted clone ...> [pid 5879] ioctl(4, LOOP_SET_STATUS64, {lo_offset=0x5, lo_number=0, lo_flags=LO_FLAGS_USE_AOPS|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xeb\xbf\x52\x74\x8b\x0b\x2a\xff\x33\x0c\x21\x36\x7b\x06\x62\x4f\xde\x30\x88\x7f\xda\x17\x2e\xe2\x51\xca\x9d\xea\x03\xca\x09\x48\x80\x22\x55\x71\x64\x5c\xc0\x27\xcd\x4c\x7a\x81\x38\x8e\x08\xc0\xa4\xa8\x77\x31\x91\x41\x08\x48\xa8\x94\x10\xf3\x19\xbd\xe2"..., ...} [pid 5849] <... unlink resumed>) = 0 [pid 5849] umount2("./4/file2/file.c??d", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 ENOENT (No such file or directory) [pid 5849] newfstatat(AT_FDCWD, "./4/file2/file.c??d", [pid 5878] <... openat resumed>) = 5 [pid 5849] <... newfstatat resumed>0x7ffcf71a0c30, AT_SYMLINK_NOFOLLOW) = -1 ENOENT (No such file or directory) [pid 5878] ioctl(4, LOOP_CONFIGURE, {fd=5, block_size=0, info={lo_offset=0, lo_number=0, lo_flags=LO_FLAGS_AUTOCLEAR|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xfe\xe8\xa2\xab\x78\xfc\x17\x9f\xd1\xf8\xa0\xe9\x1d\xda\xac\xa7\xbd\x64\xc6\xa4\xb4\xe0\x0d\x96\x83\xdd\xa1\xaf\x1e\xa8\x9d\xe2\xb7\xfb\x0a\x01", ...}} [pid 5849] exit_group(1) = ? [pid 5849] +++ exited with 1 +++ [pid 5844] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5849, si_uid=0, si_status=1, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5844] restart_syscall(<... resuming interrupted clone ...> [pid 5880] <... munmap resumed>) = 0 [pid 5880] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [ 62.171953][ T5878] loop3: detected capacity change from 0 to 1024 [ 62.178517][ T5879] loop1: detected capacity change from 0 to 1024 [ 62.197756][ T5849] hfsplus: walked past end of dir [pid 5880] ioctl(4, LOOP_SET_FD, 3 [pid 5845] <... restart_syscall resumed>) = 0 [pid 5880] <... ioctl resumed>) = 0 [pid 5880] close(3) = 0 [pid 5880] close(4) = 0 [pid 5845] umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5845] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5880] mkdir("./file2", 0777 [pid 5845] <... openat resumed>) = 3 [pid 5845] newfstatat(3, "", [pid 5880] <... mkdir resumed>) = 0 [pid 5845] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5880] mount("/dev/loop2", "./file2", "hfsplus", MS_NOEXEC|MS_SYNCHRONOUS|MS_REC|MS_POSIXACL, "\x64\x65\x63\x6f\x6d\x70\x6f\x73\x65\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x74\x79\x70\x65\x3d\xa7\x86\x88\x28\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x31\x30\x30\x30\x30\x31\x2c\x6e\x6c\x73\x3d\x63\x70\x38\x36\x36\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30"... [pid 5845] getdents64(3, [pid 5880] <... mount resumed>) = 0 [pid 5879] <... ioctl resumed>) = 0 [pid 5878] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5880] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5879] exit_group(0 [pid 5878] ioctl(4, LOOP_SET_STATUS64, {lo_offset=0x5, lo_number=0, lo_flags=LO_FLAGS_USE_AOPS|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xeb\xbf\x52\x74\x8b\x0b\x2a\xff\x33\x0c\x21\x36\x7b\x06\x62\x4f\xde\x30\x88\x7f\xda\x17\x2e\xe2\x51\xca\x9d\xea\x03\xca\x09\x48\x80\x22\x55\x71\x64\x5c\xc0\x27\xcd\x4c\x7a\x81\x38\x8e\x08\xc0\xa4\xa8\x77\x31\x91\x41\x08\x48\xa8\x94\x10\xf3\x19\xbd\xe2"..., ...} [pid 5845] <... getdents64 resumed>0x55557b78e6f0 /* 4 entries */, 32768) = 112 [pid 5880] <... openat resumed>) = 3 [pid 5879] <... exit_group resumed>) = ? [pid 5845] umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5880] chdir("./file2" [pid 5879] +++ exited with 0 +++ [pid 5845] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5880] <... chdir resumed>) = 0 [pid 5846] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5879, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5846] restart_syscall(<... resuming interrupted clone ...> [pid 5880] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5845] newfstatat(AT_FDCWD, "./4/binderfs", [pid 5880] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5845] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5880] getpid( [pid 5845] unlink("./4/binderfs" [pid 5880] <... getpid resumed>) = 5880 [pid 5845] <... unlink resumed>) = 0 [pid 5880] openat(AT_FDCWD, "/dev/loop0", O_RDONLY [pid 5845] umount2("./4/cgroup.stat", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5845] newfstatat(AT_FDCWD, "./4/cgroup.stat", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5845] unlink("./4/cgroup.stat") = 0 [pid 5845] getdents64(3, 0x55557b78e6f0 /* 0 entries */, 32768) = 0 [pid 5845] close(3) = 0 [pid 5845] rmdir("./4") = 0 [pid 5845] mkdir("./5", 0777) = 0 [pid 5845] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5846] <... restart_syscall resumed>) = 0 [pid 5846] umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5880] <... openat resumed>) = 4 [pid 5878] <... ioctl resumed>) = 0 [pid 5846] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5845] <... openat resumed>) = 3 [pid 5880] openat(AT_FDCWD, "cgroup.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5878] exit_group(0 [pid 5846] <... openat resumed>) = 3 [pid 5845] ioctl(3, LOOP_CLR_FD [pid 5846] newfstatat(3, "", [pid 5845] <... ioctl resumed>) = 0 [pid 5878] <... exit_group resumed>) = ? [ 62.222902][ T5880] loop2: detected capacity change from 0 to 1024 [pid 5846] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5845] close(3 [pid 5880] <... openat resumed>) = 5 [pid 5878] +++ exited with 0 +++ [pid 5880] ioctl(4, LOOP_CONFIGURE, {fd=5, block_size=0, info={lo_offset=0, lo_number=0, lo_flags=LO_FLAGS_AUTOCLEAR|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xfe\xe8\xa2\xab\x78\xfc\x17\x9f\xd1\xf8\xa0\xe9\x1d\xda\xac\xa7\xbd\x64\xc6\xa4\xb4\xe0\x0d\x96\x83\xdd\xa1\xaf\x1e\xa8\x9d\xe2\xb7\xfb\x0a\x01", ...}} [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5878, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5846] getdents64(3, [pid 5845] <... close resumed>) = 0 [pid 5848] restart_syscall(<... resuming interrupted clone ...> [pid 5880] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5845] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5846] <... getdents64 resumed>0x55557b78e6f0 /* 4 entries */, 32768) = 112 ./strace-static-x86_64: Process 5881 attached [pid 5880] ioctl(4, LOOP_SET_STATUS64, {lo_offset=0x5, lo_number=0, lo_flags=LO_FLAGS_USE_AOPS|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xeb\xbf\x52\x74\x8b\x0b\x2a\xff\x33\x0c\x21\x36\x7b\x06\x62\x4f\xde\x30\x88\x7f\xda\x17\x2e\xe2\x51\xca\x9d\xea\x03\xca\x09\x48\x80\x22\x55\x71\x64\x5c\xc0\x27\xcd\x4c\x7a\x81\x38\x8e\x08\xc0\xa4\xa8\x77\x31\x91\x41\x08\x48\xa8\x94\x10\xf3\x19\xbd\xe2"..., ...} [pid 5848] <... restart_syscall resumed>) = 0 [pid 5846] umount2("./5/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5881] set_robust_list(0x55557b78d660, 24 [pid 5845] <... clone resumed>, child_tidptr=0x55557b78d650) = 5881 [pid 5881] <... set_robust_list resumed>) = 0 [pid 5881] chdir("./5") = 0 [pid 5881] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5881] setpgid(0, 0) = 0 [pid 5881] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5881] write(3, "1000", 4 [pid 5846] <... umount2 resumed>) = 0 [pid 5846] umount2("./5/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5881] <... write resumed>) = 4 [pid 5848] umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5846] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5881] close(3 [pid 5846] newfstatat(AT_FDCWD, "./5/file2", [pid 5881] <... close resumed>) = 0 [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5846] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5881] symlink("/dev/binderfs", "./binderfs" [pid 5848] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5846] umount2("./5/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5881] <... symlink resumed>) = 0 [pid 5846] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5881] write(1, "executing program\n", 18 [pid 5846] openat(AT_FDCWD, "./5/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORYexecuting program [pid 5848] <... openat resumed>) = 3 [pid 5881] <... write resumed>) = 18 [pid 5881] memfd_create("syzkaller", 0 [pid 5848] newfstatat(3, "", [pid 5846] <... openat resumed>) = 4 [pid 5881] <... memfd_create resumed>) = 3 [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5846] newfstatat(4, "", [pid 5881] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5846] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5881] <... mmap resumed>) = 0x7f9b52200000 [pid 5848] getdents64(3, [pid 5846] getdents64(4, 0x55557b796730 /* 2 entries */, 32768) = 48 [pid 5881] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5848] <... getdents64 resumed>0x55557b78e6f0 /* 4 entries */, 32768) = 112 [pid 5846] getdents64(4, 0x55557b796730 /* 0 entries */, 32768) = 0 [pid 5848] umount2("./4/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5846] close(4) = 0 [pid 5846] rmdir("./5/file2") = 0 [pid 5846] umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5846] newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5846] unlink("./5/binderfs" [pid 5881] <... write resumed>) = 524288 [pid 5880] <... ioctl resumed>) = 0 [pid 5848] <... umount2 resumed>) = 0 [pid 5846] <... unlink resumed>) = 0 [pid 5881] munmap(0x7f9b52200000, 138412032 [pid 5880] exit_group(0 [pid 5881] <... munmap resumed>) = 0 [pid 5848] umount2("./4/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5846] getdents64(3, [pid 5880] <... exit_group resumed>) = ? [pid 5846] <... getdents64 resumed>0x55557b78e6f0 /* 0 entries */, 32768) = 0 [pid 5881] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5880] +++ exited with 0 +++ [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5846] close(3 [pid 5881] <... openat resumed>) = 4 [pid 5847] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5880, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5846] <... close resumed>) = 0 [pid 5848] newfstatat(AT_FDCWD, "./4/file2", [pid 5847] restart_syscall(<... resuming interrupted clone ...> [pid 5846] rmdir("./5" [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5881] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5881] ioctl(4, LOOP_CLR_FD) = 0 [pid 5848] umount2("./4/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5846] <... rmdir resumed>) = 0 [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./4/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5846] mkdir("./6", 0777 [pid 5848] <... openat resumed>) = 4 [pid 5848] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5881] ioctl(4, LOOP_SET_FD, 3 [pid 5846] <... mkdir resumed>) = 0 [pid 5881] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5848] getdents64(4, [pid 5846] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5881] close(4 [pid 5848] <... getdents64 resumed>0x55557b796730 /* 2 entries */, 32768) = 48 [pid 5846] <... openat resumed>) = 3 [pid 5881] <... close resumed>) = 0 [pid 5846] ioctl(3, LOOP_CLR_FD) = 0 [pid 5846] close(3 [pid 5881] close(3 [pid 5846] <... close resumed>) = 0 [pid 5881] <... close resumed>) = 0 [pid 5848] getdents64(4, [pid 5847] <... restart_syscall resumed>) = 0 [pid 5881] getpid() = 5881 [pid 5881] openat(AT_FDCWD, "/dev/loop0", O_RDONLY [pid 5848] <... getdents64 resumed>0x55557b796730 /* 0 entries */, 32768) = 0 [pid 5881] <... openat resumed>) = 3 [pid 5846] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5881] openat(AT_FDCWD, "cgroup.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000./strace-static-x86_64: Process 5882 attached ) = 4 [pid 5848] close(4 [pid 5882] set_robust_list(0x55557b78d660, 24 [pid 5848] <... close resumed>) = 0 [pid 5847] umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5882] <... set_robust_list resumed>) = 0 [pid 5848] rmdir("./4/file2" [pid 5847] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5881] ioctl(3, LOOP_CONFIGURE, {fd=4, block_size=0, info={lo_offset=0, lo_number=0, lo_flags=LO_FLAGS_AUTOCLEAR|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xfe\xe8\xa2\xab\x78\xfc\x17\x9f\xd1\xf8\xa0\xe9\x1d\xda\xac\xa7\xbd\x64\xc6\xa4\xb4\xe0\x0d\x96\x83\xdd\xa1\xaf\x1e\xa8\x9d\xe2\xb7\xfb\x0a\x01", ...}}) = 0 [pid 5846] <... clone resumed>, child_tidptr=0x55557b78d650) = 5882 [pid 5848] <... rmdir resumed>) = 0 [pid 5847] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5882] chdir("./6") = 0 [pid 5881] ioctl(3, LOOP_SET_STATUS64, {lo_offset=0x5, lo_number=0, lo_flags=LO_FLAGS_USE_AOPS|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xeb\xbf\x52\x74\x8b\x0b\x2a\xff\x33\x0c\x21\x36\x7b\x06\x62\x4f\xde\x30\x88\x7f\xda\x17\x2e\xe2\x51\xca\x9d\xea\x03\xca\x09\x48\x80\x22\x55\x71\x64\x5c\xc0\x27\xcd\x4c\x7a\x81\x38\x8e\x08\xc0\xa4\xa8\x77\x31\x91\x41\x08\x48\xa8\x94\x10\xf3\x19\xbd\xe2"..., ...} [pid 5848] umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5847] <... openat resumed>) = 3 [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5847] newfstatat(3, "", [pid 5882] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5848] newfstatat(AT_FDCWD, "./4/binderfs", [pid 5882] <... prctl resumed>) = 0 [pid 5847] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5882] setpgid(0, 0 [pid 5847] getdents64(3, [pid 5848] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5882] <... setpgid resumed>) = 0 [pid 5847] <... getdents64 resumed>0x55557b78e6f0 /* 4 entries */, 32768) = 112 [pid 5848] unlink("./4/binderfs" [pid 5847] umount2("./5/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] <... unlink resumed>) = 0 [pid 5848] getdents64(3, [pid 5882] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5848] <... getdents64 resumed>0x55557b78e6f0 /* 0 entries */, 32768) = 0 [pid 5847] <... umount2 resumed>) = 0 [pid 5882] <... openat resumed>) = 3 [pid 5848] close(3 [pid 5847] umount2("./5/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] <... close resumed>) = 0 [pid 5848] rmdir("./4" [pid 5882] write(3, "1000", 4 [pid 5847] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5882] <... write resumed>) = 4 [pid 5847] newfstatat(AT_FDCWD, "./5/file2", [pid 5882] close(3 [pid 5848] <... rmdir resumed>) = 0 [pid 5847] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5882] <... close resumed>) = 0 [pid 5847] umount2("./5/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5882] symlink("/dev/binderfs", "./binderfs" [pid 5848] mkdir("./5", 0777 [pid 5847] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5882] <... symlink resumed>) = 0 [pid 5881] <... ioctl resumed>) = 0 [pid 5848] <... mkdir resumed>) = 0 [pid 5847] openat(AT_FDCWD, "./5/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5848] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5847] <... openat resumed>) = 4 [pid 5848] <... openat resumed>) = 3 [pid 5847] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5847] getdents64(4, 0x55557b796730 /* 2 entries */, 32768) = 48 [pid 5848] ioctl(3, LOOP_CLR_FD) = 0 [pid 5847] getdents64(4, [pid 5848] close(3 [pid 5847] <... getdents64 resumed>0x55557b796730 /* 0 entries */, 32768) = 0 [pid 5848] <... close resumed>) = 0 [pid 5847] close(4) = 0 [pid 5847] rmdir("./5/file2") = 0 [pid 5847] umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5847] newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5847] unlink("./5/binderfs") = 0 [pid 5847] getdents64(3, 0x55557b78e6f0 /* 0 entries */, 32768) = 0 [pid 5847] close(3 executing program [pid 5882] write(1, "executing program\n", 18 [pid 5881] exit_group(0 [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5882] <... write resumed>) = 18 [pid 5881] <... exit_group resumed>) = ? [pid 5882] memfd_create("syzkaller", 0 [pid 5881] +++ exited with 0 +++ [pid 5847] <... close resumed>) = 0 [pid 5847] rmdir("./5" [pid 5882] <... memfd_create resumed>) = 3 ./strace-static-x86_64: Process 5883 attached [pid 5882] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5883] set_robust_list(0x55557b78d660, 24 [pid 5882] <... mmap resumed>) = 0x7f9b52200000 [pid 5847] <... rmdir resumed>) = 0 [pid 5845] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5881, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5883] <... set_robust_list resumed>) = 0 [pid 5845] umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5847] mkdir("./6", 0777 [pid 5845] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] <... clone resumed>, child_tidptr=0x55557b78d650) = 5883 [pid 5847] <... mkdir resumed>) = 0 [pid 5845] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5845] newfstatat(3, "", [pid 5847] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5847] ioctl(3, LOOP_CLR_FD [pid 5845] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5882] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5847] <... ioctl resumed>) = 0 [pid 5845] getdents64(3, [pid 5883] chdir("./5" [pid 5847] close(3 [pid 5845] <... getdents64 resumed>0x55557b78e6f0 /* 4 entries */, 32768) = 112 [pid 5883] <... chdir resumed>) = 0 [pid 5882] <... write resumed>) = 524288 [pid 5845] umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5883] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5882] munmap(0x7f9b52200000, 138412032 [pid 5883] <... prctl resumed>) = 0 [pid 5883] setpgid(0, 0 [pid 5882] <... munmap resumed>) = 0 [pid 5883] <... setpgid resumed>) = 0 [pid 5882] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5883] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5882] <... openat resumed>) = 4 [pid 5847] <... close resumed>) = 0 [pid 5845] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5883] <... openat resumed>) = 3 [pid 5845] newfstatat(AT_FDCWD, "./5/binderfs", [pid 5882] ioctl(4, LOOP_SET_FD, 3 [pid 5847] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5845] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5845] unlink("./5/binderfs"./strace-static-x86_64: Process 5884 attached [pid 5883] write(3, "1000", 4 [pid 5882] <... ioctl resumed>) = 0 [pid 5847] <... clone resumed>, child_tidptr=0x55557b78d650) = 5884 [pid 5845] <... unlink resumed>) = 0 [pid 5884] set_robust_list(0x55557b78d660, 24 [pid 5845] umount2("./5/cgroup.stat", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5883] <... write resumed>) = 4 [pid 5845] newfstatat(AT_FDCWD, "./5/cgroup.stat", [pid 5883] close(3 [pid 5884] <... set_robust_list resumed>) = 0 [pid 5884] chdir("./6" [pid 5883] <... close resumed>) = 0 [pid 5882] close(3 [pid 5845] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5884] <... chdir resumed>) = 0 [pid 5883] symlink("/dev/binderfs", "./binderfs" [pid 5882] <... close resumed>) = 0 [pid 5845] unlink("./5/cgroup.stat" [pid 5884] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5883] <... symlink resumed>) = 0 [pid 5884] setpgid(0, 0 [pid 5883] write(1, "executing program\n", 18executing program [pid 5882] close(4 [pid 5845] <... unlink resumed>) = 0 [pid 5883] <... write resumed>) = 18 [pid 5882] <... close resumed>) = 0 [pid 5845] getdents64(3, [pid 5884] <... setpgid resumed>) = 0 [pid 5883] memfd_create("syzkaller", 0 [pid 5882] mkdir("./file2", 0777 [pid 5845] <... getdents64 resumed>0x55557b78e6f0 /* 0 entries */, 32768) = 0 [pid 5883] <... memfd_create resumed>) = 3 [pid 5884] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5883] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5882] <... mkdir resumed>) = 0 [pid 5845] close(3 [pid 5884] <... openat resumed>) = 3 [pid 5883] <... mmap resumed>) = 0x7f9b52200000 [pid 5882] mount("/dev/loop1", "./file2", "hfsplus", MS_NOEXEC|MS_SYNCHRONOUS|MS_REC|MS_POSIXACL, "\x64\x65\x63\x6f\x6d\x70\x6f\x73\x65\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x74\x79\x70\x65\x3d\xa7\x86\x88\x28\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x31\x30\x30\x30\x30\x31\x2c\x6e\x6c\x73\x3d\x63\x70\x38\x36\x36\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30"... [pid 5884] write(3, "1000", 4 [pid 5845] <... close resumed>) = 0 [pid 5884] <... write resumed>) = 4 [pid 5845] rmdir("./5" [pid 5884] close(3) = 0 [pid 5845] <... rmdir resumed>) = 0 [pid 5884] symlink("/dev/binderfs", "./binderfs" [pid 5845] mkdir("./6", 0777 [pid 5884] <... symlink resumed>) = 0 [pid 5845] <... mkdir resumed>) = 0 [pid 5845] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5884] write(1, "executing program\n", 18executing program ) = 18 [pid 5884] memfd_create("syzkaller", 0 [pid 5845] <... openat resumed>) = 3 [pid 5845] ioctl(3, LOOP_CLR_FD) = 0 [pid 5884] <... memfd_create resumed>) = 3 [pid 5845] close(3 [pid 5884] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b52200000 [pid 5845] <... close resumed>) = 0 [ 62.451201][ T5882] loop1: detected capacity change from 0 to 1024 [pid 5884] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5845] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5883] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5882] <... mount resumed>) = 0 ./strace-static-x86_64: Process 5885 attached [pid 5882] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5845] <... clone resumed>, child_tidptr=0x55557b78d650) = 5885 [pid 5882] chdir("./file2" [pid 5885] set_robust_list(0x55557b78d660, 24) = 0 [pid 5882] <... chdir resumed>) = 0 [pid 5885] chdir("./6" [pid 5882] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5885] <... chdir resumed>) = 0 [pid 5885] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5882] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5885] <... prctl resumed>) = 0 [pid 5882] getpid( [pid 5885] setpgid(0, 0 [pid 5882] <... getpid resumed>) = 5882 [pid 5885] <... setpgid resumed>) = 0 [pid 5882] openat(AT_FDCWD, "/dev/loop0", O_RDONLY) = 4 [pid 5885] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5883] <... write resumed>) = 524288 [pid 5882] openat(AT_FDCWD, "cgroup.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5885] <... openat resumed>) = 3 [pid 5883] munmap(0x7f9b52200000, 138412032 [pid 5885] write(3, "1000", 4) = 4 [pid 5883] <... munmap resumed>) = 0 [pid 5885] close(3 [pid 5883] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5885] <... close resumed>) = 0 [pid 5885] symlink("/dev/binderfs", "./binderfs" [pid 5884] <... write resumed>) = 524288 [pid 5883] <... openat resumed>) = 4 [pid 5882] <... openat resumed>) = 5 [pid 5885] <... symlink resumed>) = 0 [pid 5883] ioctl(4, LOOP_SET_FD, 3 [pid 5882] ioctl(4, LOOP_CONFIGURE, {fd=5, block_size=0, info={lo_offset=0, lo_number=0, lo_flags=LO_FLAGS_AUTOCLEAR|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xfe\xe8\xa2\xab\x78\xfc\x17\x9f\xd1\xf8\xa0\xe9\x1d\xda\xac\xa7\xbd\x64\xc6\xa4\xb4\xe0\x0d\x96\x83\xdd\xa1\xaf\x1e\xa8\x9d\xe2\xb7\xfb\x0a\x01", ...}} [pid 5884] munmap(0x7f9b52200000, 138412032) = 0 [pid 5884] openat(AT_FDCWD, "/dev/loop2", O_RDWRexecuting program [pid 5885] write(1, "executing program\n", 18 [pid 5883] <... ioctl resumed>) = 0 [pid 5882] <... ioctl resumed>) = 0 [pid 5885] <... write resumed>) = 18 [pid 5885] memfd_create("syzkaller", 0 [pid 5884] <... openat resumed>) = 4 [pid 5883] close(3 [pid 5882] ioctl(4, LOOP_SET_STATUS64, {lo_offset=0x5, lo_number=0, lo_flags=LO_FLAGS_USE_AOPS|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xeb\xbf\x52\x74\x8b\x0b\x2a\xff\x33\x0c\x21\x36\x7b\x06\x62\x4f\xde\x30\x88\x7f\xda\x17\x2e\xe2\x51\xca\x9d\xea\x03\xca\x09\x48\x80\x22\x55\x71\x64\x5c\xc0\x27\xcd\x4c\x7a\x81\x38\x8e\x08\xc0\xa4\xa8\x77\x31\x91\x41\x08\x48\xa8\x94\x10\xf3\x19\xbd\xe2"..., ...} [pid 5885] <... memfd_create resumed>) = 3 [pid 5885] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b52200000 [pid 5884] ioctl(4, LOOP_SET_FD, 3 [pid 5883] <... close resumed>) = 0 [pid 5885] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5883] close(4) = 0 [pid 5883] mkdir("./file2", 0777 [pid 5885] <... write resumed>) = 524288 [pid 5883] <... mkdir resumed>) = 0 [pid 5885] munmap(0x7f9b52200000, 138412032 [pid 5883] mount("/dev/loop3", "./file2", "hfsplus", MS_NOEXEC|MS_SYNCHRONOUS|MS_REC|MS_POSIXACL, "\x64\x65\x63\x6f\x6d\x70\x6f\x73\x65\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x74\x79\x70\x65\x3d\xa7\x86\x88\x28\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x31\x30\x30\x30\x30\x31\x2c\x6e\x6c\x73\x3d\x63\x70\x38\x36\x36\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30"... [pid 5885] <... munmap resumed>) = 0 [pid 5885] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5884] <... ioctl resumed>) = 0 [pid 5883] <... mount resumed>) = 0 [pid 5884] close(3 [pid 5883] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5885] <... openat resumed>) = 4 [pid 5884] <... close resumed>) = 0 [pid 5883] <... openat resumed>) = 3 [pid 5882] <... ioctl resumed>) = 0 [pid 5885] ioctl(4, LOOP_SET_FD, 3 [pid 5884] close(4 [pid 5883] chdir("./file2" [pid 5882] exit_group(0 [pid 5885] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5884] <... close resumed>) = 0 [pid 5883] <... chdir resumed>) = 0 [pid 5882] <... exit_group resumed>) = ? [pid 5885] ioctl(4, LOOP_CLR_FD [pid 5884] mkdir("./file2", 0777 [pid 5883] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5882] +++ exited with 0 +++ [pid 5885] <... ioctl resumed>) = 0 [pid 5884] <... mkdir resumed>) = 0 [pid 5883] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5884] mount("/dev/loop2", "./file2", "hfsplus", MS_NOEXEC|MS_SYNCHRONOUS|MS_REC|MS_POSIXACL, "\x64\x65\x63\x6f\x6d\x70\x6f\x73\x65\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x74\x79\x70\x65\x3d\xa7\x86\x88\x28\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x31\x30\x30\x30\x30\x31\x2c\x6e\x6c\x73\x3d\x63\x70\x38\x36\x36\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30"... [pid 5883] getpid( [pid 5846] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5882, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5883] <... getpid resumed>) = 5883 [pid 5846] restart_syscall(<... resuming interrupted clone ...> [pid 5883] openat(AT_FDCWD, "/dev/loop0", O_RDONLY [pid 5846] <... restart_syscall resumed>) = 0 [pid 5885] ioctl(4, LOOP_SET_FD, 3 [pid 5883] <... openat resumed>) = 4 [pid 5885] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5846] umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5885] close(4 [pid 5883] openat(AT_FDCWD, "cgroup.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5846] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5885] <... close resumed>) = 0 [pid 5885] close(3 [pid 5883] <... openat resumed>) = 5 [pid 5846] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5885] <... close resumed>) = 0 [pid 5883] ioctl(4, LOOP_CONFIGURE, {fd=5, block_size=0, info={lo_offset=0, lo_number=0, lo_flags=LO_FLAGS_AUTOCLEAR|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xfe\xe8\xa2\xab\x78\xfc\x17\x9f\xd1\xf8\xa0\xe9\x1d\xda\xac\xa7\xbd\x64\xc6\xa4\xb4\xe0\x0d\x96\x83\xdd\xa1\xaf\x1e\xa8\x9d\xe2\xb7\xfb\x0a\x01", ...}} [pid 5846] <... openat resumed>) = 3 [pid 5885] getpid( [pid 5846] newfstatat(3, "", [pid 5885] <... getpid resumed>) = 5885 [pid 5883] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5846] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5885] openat(AT_FDCWD, "/dev/loop0", O_RDONLY [pid 5883] ioctl(4, LOOP_SET_STATUS64, {lo_offset=0x5, lo_number=0, lo_flags=LO_FLAGS_USE_AOPS|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xeb\xbf\x52\x74\x8b\x0b\x2a\xff\x33\x0c\x21\x36\x7b\x06\x62\x4f\xde\x30\x88\x7f\xda\x17\x2e\xe2\x51\xca\x9d\xea\x03\xca\x09\x48\x80\x22\x55\x71\x64\x5c\xc0\x27\xcd\x4c\x7a\x81\x38\x8e\x08\xc0\xa4\xa8\x77\x31\x91\x41\x08\x48\xa8\x94\x10\xf3\x19\xbd\xe2"..., ...} [pid 5846] getdents64(3, 0x55557b78e6f0 /* 4 entries */, 32768) = 112 [pid 5846] umount2("./6/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EBUSY (Device or resource busy) [pid 5846] newfstatat(AT_FDCWD, "./6/file2", [pid 5884] <... mount resumed>) = 0 [pid 5846] <... newfstatat resumed>{st_mode=S_IFDIR|0766, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 62.524963][ T5883] loop3: detected capacity change from 0 to 1024 [ 62.538084][ T5884] loop2: detected capacity change from 0 to 1024 [pid 5884] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5846] umount2("./6/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5884] chdir("./file2") = 0 [pid 5846] <... umount2 resumed>) = -1 EBUSY (Device or resource busy) [pid 5884] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5846] openat(AT_FDCWD, "./6/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5884] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5846] <... openat resumed>) = 4 [pid 5884] getpid( [pid 5846] newfstatat(4, "", [pid 5884] <... getpid resumed>) = 5884 [pid 5884] openat(AT_FDCWD, "/dev/loop0", O_RDONLY [pid 5846] <... newfstatat resumed>{st_mode=S_IFDIR|0766, st_size=10, ...}, AT_EMPTY_PATH) = 0 [pid 5846] getdents64(4, 0x55557b796730 /* 4 entries */, 32768) = 112 [pid 5846] umount2("./6/file2/cgroup.stat", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5846] newfstatat(AT_FDCWD, "./6/file2/cgroup.stat", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5846] unlink("./6/file2/cgroup.stat") = 0 [pid 5846] umount2("./6/file2/file.c??d", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 ENOENT (No such file or directory) [pid 5846] newfstatat(AT_FDCWD, "./6/file2/file.c??d", 0x7ffcf71a0c30, AT_SYMLINK_NOFOLLOW) = -1 ENOENT (No such file or directory) [pid 5846] exit_group(1) = ? [pid 5885] <... openat resumed>) = 3 [pid 5884] <... openat resumed>) = 4 [pid 5883] <... ioctl resumed>) = 0 [pid 5846] +++ exited with 1 +++ [pid 5844] <... restart_syscall resumed>) = ? ERESTART_RESTARTBLOCK (Interrupted by signal) [pid 5844] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5846, si_uid=0, si_status=1, si_utime=0, si_stime=11 /* 0.11 s */} --- [pid 5883] exit_group(0 [pid 5844] restart_syscall(<... resuming interrupted restart_syscall ...> [pid 5885] openat(AT_FDCWD, "cgroup.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5884] openat(AT_FDCWD, "cgroup.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5883] <... exit_group resumed>) = ? [pid 5885] <... openat resumed>) = 4 [pid 5885] ioctl(3, LOOP_CONFIGURE, {fd=4, block_size=0, info={lo_offset=0, lo_number=0, lo_flags=LO_FLAGS_AUTOCLEAR|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xfe\xe8\xa2\xab\x78\xfc\x17\x9f\xd1\xf8\xa0\xe9\x1d\xda\xac\xa7\xbd\x64\xc6\xa4\xb4\xe0\x0d\x96\x83\xdd\xa1\xaf\x1e\xa8\x9d\xe2\xb7\xfb\x0a\x01", ...}} [pid 5883] +++ exited with 0 +++ [pid 5885] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5883, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5848] restart_syscall(<... resuming interrupted clone ...> [ 62.587317][ T5846] hfsplus: walked past end of dir [pid 5885] ioctl(3, LOOP_SET_STATUS64, {lo_offset=0x5, lo_number=0, lo_flags=LO_FLAGS_USE_AOPS|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xeb\xbf\x52\x74\x8b\x0b\x2a\xff\x33\x0c\x21\x36\x7b\x06\x62\x4f\xde\x30\x88\x7f\xda\x17\x2e\xe2\x51\xca\x9d\xea\x03\xca\x09\x48\x80\x22\x55\x71\x64\x5c\xc0\x27\xcd\x4c\x7a\x81\x38\x8e\x08\xc0\xa4\xa8\x77\x31\x91\x41\x08\x48\xa8\x94\x10\xf3\x19\xbd\xe2"..., ...} [pid 5884] <... openat resumed>) = 5 [pid 5848] <... restart_syscall resumed>) = 0 [pid 5884] ioctl(4, LOOP_CONFIGURE, {fd=5, block_size=0, info={lo_offset=0, lo_number=0, lo_flags=LO_FLAGS_AUTOCLEAR|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xfe\xe8\xa2\xab\x78\xfc\x17\x9f\xd1\xf8\xa0\xe9\x1d\xda\xac\xa7\xbd\x64\xc6\xa4\xb4\xe0\x0d\x96\x83\xdd\xa1\xaf\x1e\xa8\x9d\xe2\xb7\xfb\x0a\x01", ...}} [pid 5848] umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5848] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(3, 0x55557b78e6f0 /* 4 entries */, 32768) = 112 [pid 5848] umount2("./5/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5885] <... ioctl resumed>) = 0 [pid 5884] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5885] exit_group(0 [pid 5884] ioctl(4, LOOP_SET_STATUS64, {lo_offset=0x5, lo_number=0, lo_flags=LO_FLAGS_USE_AOPS|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xeb\xbf\x52\x74\x8b\x0b\x2a\xff\x33\x0c\x21\x36\x7b\x06\x62\x4f\xde\x30\x88\x7f\xda\x17\x2e\xe2\x51\xca\x9d\xea\x03\xca\x09\x48\x80\x22\x55\x71\x64\x5c\xc0\x27\xcd\x4c\x7a\x81\x38\x8e\x08\xc0\xa4\xa8\x77\x31\x91\x41\x08\x48\xa8\x94\x10\xf3\x19\xbd\xe2"..., ...} [pid 5848] <... umount2 resumed>) = 0 [pid 5885] <... exit_group resumed>) = ? [pid 5848] umount2("./5/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./5/file2", [pid 5885] +++ exited with 0 +++ [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5845] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5885, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5848] umount2("./5/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5845] restart_syscall(<... resuming interrupted clone ...> [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./5/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5848] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(4, 0x55557b796730 /* 2 entries */, 32768) = 48 [pid 5848] getdents64(4, 0x55557b796730 /* 0 entries */, 32768) = 0 [pid 5848] close(4) = 0 [pid 5848] rmdir("./5/file2") = 0 [pid 5848] umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] unlink("./5/binderfs") = 0 [pid 5848] getdents64(3, 0x55557b78e6f0 /* 0 entries */, 32768) = 0 [pid 5848] close(3) = 0 [pid 5848] rmdir("./5") = 0 [pid 5848] mkdir("./6", 0777) = 0 [pid 5848] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5845] <... restart_syscall resumed>) = 0 [pid 5848] ioctl(3, LOOP_CLR_FD) = 0 [pid 5848] close(3) = 0 [pid 5845] umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5845] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 5886 attached [pid 5848] <... clone resumed>, child_tidptr=0x55557b78d650) = 5886 [pid 5845] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5886] set_robust_list(0x55557b78d660, 24 [pid 5845] newfstatat(3, "", [pid 5886] <... set_robust_list resumed>) = 0 [pid 5845] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5886] chdir("./6" [pid 5845] getdents64(3, [pid 5886] <... chdir resumed>) = 0 [pid 5845] <... getdents64 resumed>0x55557b78e6f0 /* 4 entries */, 32768) = 112 [pid 5886] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5845] umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5886] <... prctl resumed>) = 0 [pid 5845] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5845] newfstatat(AT_FDCWD, "./6/binderfs", [pid 5886] setpgid(0, 0 [pid 5845] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5886] <... setpgid resumed>) = 0 [pid 5886] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5886] write(3, "1000", 4) = 4 [pid 5884] <... ioctl resumed>) = 0 [pid 5845] unlink("./6/binderfs" [pid 5886] close(3) = 0 [pid 5884] exit_group(0 [pid 5845] <... unlink resumed>) = 0 [pid 5886] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5884] <... exit_group resumed>) = ? [pid 5884] +++ exited with 0 +++ [pid 5886] write(1, "executing program\n", 18 [pid 5845] umount2("./6/cgroup.stat", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5847] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5884, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5845] <... umount2 resumed>) = -1 EINVAL (Invalid argument) executing program [pid 5847] restart_syscall(<... resuming interrupted clone ...> [pid 5845] newfstatat(AT_FDCWD, "./6/cgroup.stat", [pid 5886] <... write resumed>) = 18 [pid 5845] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5886] memfd_create("syzkaller", 0 [pid 5845] unlink("./6/cgroup.stat") = 0 [pid 5886] <... memfd_create resumed>) = 3 [pid 5845] getdents64(3, 0x55557b78e6f0 /* 0 entries */, 32768) = 0 [pid 5886] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5847] <... restart_syscall resumed>) = 0 [pid 5845] close(3 [pid 5886] <... mmap resumed>) = 0x7f9b52200000 [pid 5845] <... close resumed>) = 0 [pid 5845] rmdir("./6" [pid 5886] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5845] <... rmdir resumed>) = 0 [pid 5847] umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5845] mkdir("./7", 0777 [pid 5847] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5847] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5845] <... mkdir resumed>) = 0 [pid 5847] <... openat resumed>) = 3 [pid 5845] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5847] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5847] getdents64(3, [pid 5845] <... openat resumed>) = 3 [pid 5847] <... getdents64 resumed>0x55557b78e6f0 /* 4 entries */, 32768) = 112 [pid 5845] ioctl(3, LOOP_CLR_FD) = 0 [pid 5847] umount2("./6/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5845] close(3) = 0 [pid 5845] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5847] <... umount2 resumed>) = 0 [pid 5886] <... write resumed>) = 524288 ./strace-static-x86_64: Process 5887 attached [pid 5847] umount2("./6/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5847] newfstatat(AT_FDCWD, "./6/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5887] set_robust_list(0x55557b78d660, 24 [pid 5847] umount2("./6/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5887] <... set_robust_list resumed>) = 0 [pid 5847] openat(AT_FDCWD, "./6/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5887] chdir("./7" [pid 5847] <... openat resumed>) = 4 [pid 5845] <... clone resumed>, child_tidptr=0x55557b78d650) = 5887 [pid 5886] munmap(0x7f9b52200000, 138412032 [pid 5887] <... chdir resumed>) = 0 [pid 5847] newfstatat(4, "", [pid 5887] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5847] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5887] <... prctl resumed>) = 0 [pid 5886] <... munmap resumed>) = 0 [pid 5847] getdents64(4, [pid 5886] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5847] <... getdents64 resumed>0x55557b796730 /* 2 entries */, 32768) = 48 [pid 5887] setpgid(0, 0 [pid 5847] getdents64(4, [pid 5887] <... setpgid resumed>) = 0 [pid 5847] <... getdents64 resumed>0x55557b796730 /* 0 entries */, 32768) = 0 [pid 5887] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5886] <... openat resumed>) = 4 [pid 5847] close(4 [pid 5886] ioctl(4, LOOP_SET_FD, 3 [pid 5887] <... openat resumed>) = 3 [pid 5847] <... close resumed>) = 0 [pid 5887] write(3, "1000", 4 [pid 5847] rmdir("./6/file2" [pid 5887] <... write resumed>) = 4 [pid 5886] <... ioctl resumed>) = 0 [pid 5887] close(3 [pid 5847] <... rmdir resumed>) = 0 [pid 5887] <... close resumed>) = 0 [pid 5886] close(3) = 0 [pid 5886] close(4 [pid 5887] symlink("/dev/binderfs", "./binderfs" [pid 5886] <... close resumed>) = 0 [pid 5886] mkdir("./file2", 0777 [pid 5887] <... symlink resumed>) = 0 [pid 5847] umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) executing program [pid 5847] newfstatat(AT_FDCWD, "./6/binderfs", [pid 5887] write(1, "executing program\n", 18 [pid 5847] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5887] <... write resumed>) = 18 [pid 5887] memfd_create("syzkaller", 0 [pid 5847] unlink("./6/binderfs") = 0 [pid 5887] <... memfd_create resumed>) = 3 [pid 5886] <... mkdir resumed>) = 0 [pid 5886] mount("/dev/loop3", "./file2", "hfsplus", MS_NOEXEC|MS_SYNCHRONOUS|MS_REC|MS_POSIXACL, "\x64\x65\x63\x6f\x6d\x70\x6f\x73\x65\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x74\x79\x70\x65\x3d\xa7\x86\x88\x28\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x31\x30\x30\x30\x30\x31\x2c\x6e\x6c\x73\x3d\x63\x70\x38\x36\x36\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30"... [pid 5887] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5847] getdents64(3, [pid 5887] <... mmap resumed>) = 0x7f9b52200000 [pid 5847] <... getdents64 resumed>0x55557b78e6f0 /* 0 entries */, 32768) = 0 [pid 5886] <... mount resumed>) = 0 [pid 5886] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5847] close(3 [pid 5886] chdir("./file2") = 0 [pid 5847] <... close resumed>) = 0 [pid 5886] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5887] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5886] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5847] rmdir("./6" [pid 5886] getpid() = 5886 [pid 5886] openat(AT_FDCWD, "/dev/loop0", O_RDONLY) = 4 [pid 5886] openat(AT_FDCWD, "cgroup.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5847] <... rmdir resumed>) = 0 [pid 5847] mkdir("./7", 0777) = 0 [pid 5847] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5847] ioctl(3, LOOP_CLR_FD) = 0 [pid 5847] close(3 [pid 5886] <... openat resumed>) = 5 [pid 5886] ioctl(4, LOOP_CONFIGURE, {fd=5, block_size=0, info={lo_offset=0, lo_number=0, lo_flags=LO_FLAGS_AUTOCLEAR|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xfe\xe8\xa2\xab\x78\xfc\x17\x9f\xd1\xf8\xa0\xe9\x1d\xda\xac\xa7\xbd\x64\xc6\xa4\xb4\xe0\x0d\x96\x83\xdd\xa1\xaf\x1e\xa8\x9d\xe2\xb7\xfb\x0a\x01", ...}}) = 0 [pid 5886] ioctl(4, LOOP_SET_STATUS64, {lo_offset=0x5, lo_number=0, lo_flags=LO_FLAGS_USE_AOPS|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xeb\xbf\x52\x74\x8b\x0b\x2a\xff\x33\x0c\x21\x36\x7b\x06\x62\x4f\xde\x30\x88\x7f\xda\x17\x2e\xe2\x51\xca\x9d\xea\x03\xca\x09\x48\x80\x22\x55\x71\x64\x5c\xc0\x27\xcd\x4c\x7a\x81\x38\x8e\x08\xc0\xa4\xa8\x77\x31\x91\x41\x08\x48\xa8\x94\x10\xf3\x19\xbd\xe2"..., ...} [pid 5847] <... close resumed>) = 0 [pid 5887] <... write resumed>) = 524288 [ 62.765332][ T5886] loop3: detected capacity change from 0 to 1024 [pid 5887] munmap(0x7f9b52200000, 138412032 [pid 5847] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5887] <... munmap resumed>) = 0 ./strace-static-x86_64: Process 5888 attached [pid 5847] <... clone resumed>, child_tidptr=0x55557b78d650) = 5888 [pid 5887] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5888] set_robust_list(0x55557b78d660, 24) = 0 [pid 5888] chdir("./7") = 0 [pid 5888] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5888] setpgid(0, 0) = 0 [pid 5888] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5888] write(3, "1000", 4) = 4 [pid 5888] close(3) = 0 [pid 5888] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5888] write(1, "executing program\n", 18executing program ) = 18 [pid 5887] <... openat resumed>) = 4 [pid 5886] <... ioctl resumed>) = 0 [pid 5888] memfd_create("syzkaller", 0 [pid 5887] ioctl(4, LOOP_SET_FD, 3 [pid 5886] exit_group(0 [pid 5887] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5887] ioctl(4, LOOP_CLR_FD [pid 5886] <... exit_group resumed>) = ? [pid 5888] <... memfd_create resumed>) = 3 [pid 5887] <... ioctl resumed>) = 0 [pid 5888] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b52200000 [pid 5887] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5886] +++ exited with 0 +++ [pid 5887] close(4) = 0 [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5886, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5848] restart_syscall(<... resuming interrupted clone ...> [pid 5887] close(3 [pid 5888] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5848] <... restart_syscall resumed>) = 0 [pid 5887] <... close resumed>) = 0 [pid 5848] umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5888] <... write resumed>) = 524288 [pid 5887] getpid( [pid 5888] munmap(0x7f9b52200000, 138412032 [pid 5887] <... getpid resumed>) = 5887 [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5888] <... munmap resumed>) = 0 [pid 5887] openat(AT_FDCWD, "/dev/loop0", O_RDONLY [pid 5888] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5887] <... openat resumed>) = 3 [pid 5888] <... openat resumed>) = 4 [pid 5887] openat(AT_FDCWD, "cgroup.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5888] ioctl(4, LOOP_SET_FD, 3 [pid 5887] <... openat resumed>) = 4 [pid 5848] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5888] <... ioctl resumed>) = 0 [pid 5887] ioctl(3, LOOP_CONFIGURE, {fd=4, block_size=0, info={lo_offset=0, lo_number=0, lo_flags=LO_FLAGS_AUTOCLEAR|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xfe\xe8\xa2\xab\x78\xfc\x17\x9f\xd1\xf8\xa0\xe9\x1d\xda\xac\xa7\xbd\x64\xc6\xa4\xb4\xe0\x0d\x96\x83\xdd\xa1\xaf\x1e\xa8\x9d\xe2\xb7\xfb\x0a\x01", ...}} [pid 5848] <... openat resumed>) = 3 [pid 5848] newfstatat(3, "", [pid 5887] <... ioctl resumed>) = 0 [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5887] ioctl(3, LOOP_SET_STATUS64, {lo_offset=0x5, lo_number=0, lo_flags=LO_FLAGS_USE_AOPS|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xeb\xbf\x52\x74\x8b\x0b\x2a\xff\x33\x0c\x21\x36\x7b\x06\x62\x4f\xde\x30\x88\x7f\xda\x17\x2e\xe2\x51\xca\x9d\xea\x03\xca\x09\x48\x80\x22\x55\x71\x64\x5c\xc0\x27\xcd\x4c\x7a\x81\x38\x8e\x08\xc0\xa4\xa8\x77\x31\x91\x41\x08\x48\xa8\x94\x10\xf3\x19\xbd\xe2"..., ...} [pid 5888] close(3 [pid 5848] getdents64(3, [pid 5888] <... close resumed>) = 0 [pid 5888] close(4) = 0 [pid 5848] <... getdents64 resumed>0x55557b78e6f0 /* 4 entries */, 32768) = 112 [pid 5848] umount2("./6/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5888] mkdir("./file2", 0777) = 0 [pid 5887] <... ioctl resumed>) = 0 [pid 5887] exit_group(0 [pid 5888] mount("/dev/loop2", "./file2", "hfsplus", MS_NOEXEC|MS_SYNCHRONOUS|MS_REC|MS_POSIXACL, "\x64\x65\x63\x6f\x6d\x70\x6f\x73\x65\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x74\x79\x70\x65\x3d\xa7\x86\x88\x28\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x31\x30\x30\x30\x30\x31\x2c\x6e\x6c\x73\x3d\x63\x70\x38\x36\x36\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30"... [pid 5887] <... exit_group resumed>) = ? [pid 5887] +++ exited with 0 +++ [pid 5845] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5887, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5845] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5845] umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5888] <... mount resumed>) = 0 [pid 5848] <... umount2 resumed>) = 0 [pid 5845] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5888] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5888] chdir("./file2" [pid 5848] umount2("./6/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5845] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5888] <... chdir resumed>) = 0 [pid 5845] <... openat resumed>) = 3 [pid 5888] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5845] newfstatat(3, "", [pid 5888] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5845] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5845] getdents64(3, [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5845] <... getdents64 resumed>0x55557b78e6f0 /* 4 entries */, 32768) = 112 [pid 5888] getpid( [pid 5848] newfstatat(AT_FDCWD, "./6/file2", [pid 5888] <... getpid resumed>) = 5888 [pid 5845] umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5888] openat(AT_FDCWD, "/dev/loop0", O_RDONLY [pid 5845] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] umount2("./6/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5888] <... openat resumed>) = 4 [pid 5845] newfstatat(AT_FDCWD, "./7/binderfs", [pid 5888] openat(AT_FDCWD, "cgroup.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5845] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] openat(AT_FDCWD, "./6/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5845] unlink("./7/binderfs" [pid 5848] <... openat resumed>) = 4 [pid 5845] <... unlink resumed>) = 0 [pid 5848] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5888] <... openat resumed>) = 5 [pid 5848] getdents64(4, [pid 5845] umount2("./7/cgroup.stat", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] <... getdents64 resumed>0x55557b796730 /* 2 entries */, 32768) = 48 [pid 5845] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5888] ioctl(4, LOOP_CONFIGURE, {fd=5, block_size=0, info={lo_offset=0, lo_number=0, lo_flags=LO_FLAGS_AUTOCLEAR|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xfe\xe8\xa2\xab\x78\xfc\x17\x9f\xd1\xf8\xa0\xe9\x1d\xda\xac\xa7\xbd\x64\xc6\xa4\xb4\xe0\x0d\x96\x83\xdd\xa1\xaf\x1e\xa8\x9d\xe2\xb7\xfb\x0a\x01", ...}} [pid 5848] getdents64(4, [pid 5845] newfstatat(AT_FDCWD, "./7/cgroup.stat", [pid 5888] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5848] <... getdents64 resumed>0x55557b796730 /* 0 entries */, 32768) = 0 [pid 5888] ioctl(4, LOOP_SET_STATUS64, {lo_offset=0x5, lo_number=0, lo_flags=LO_FLAGS_USE_AOPS|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xeb\xbf\x52\x74\x8b\x0b\x2a\xff\x33\x0c\x21\x36\x7b\x06\x62\x4f\xde\x30\x88\x7f\xda\x17\x2e\xe2\x51\xca\x9d\xea\x03\xca\x09\x48\x80\x22\x55\x71\x64\x5c\xc0\x27\xcd\x4c\x7a\x81\x38\x8e\x08\xc0\xa4\xa8\x77\x31\x91\x41\x08\x48\xa8\x94\x10\xf3\x19\xbd\xe2"..., ...} [pid 5848] close(4 [pid 5845] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] <... close resumed>) = 0 [pid 5848] rmdir("./6/file2" [pid 5845] unlink("./7/cgroup.stat" [pid 5848] <... rmdir resumed>) = 0 [pid 5845] <... unlink resumed>) = 0 [pid 5845] getdents64(3, [pid 5848] umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5845] <... getdents64 resumed>0x55557b78e6f0 /* 0 entries */, 32768) = 0 [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5845] close(3 [pid 5848] newfstatat(AT_FDCWD, "./6/binderfs", [pid 5845] <... close resumed>) = 0 [pid 5848] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 62.871170][ T5888] loop2: detected capacity change from 0 to 1024 [pid 5845] rmdir("./7" [pid 5848] unlink("./6/binderfs" [pid 5845] <... rmdir resumed>) = 0 [pid 5848] <... unlink resumed>) = 0 [pid 5845] mkdir("./8", 0777 [pid 5848] getdents64(3, [pid 5845] <... mkdir resumed>) = 0 [pid 5848] <... getdents64 resumed>0x55557b78e6f0 /* 0 entries */, 32768) = 0 [pid 5848] close(3) = 0 [pid 5848] rmdir("./6" [pid 5845] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5848] <... rmdir resumed>) = 0 [pid 5848] mkdir("./7", 0777) = 0 [pid 5848] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5848] ioctl(3, LOOP_CLR_FD) = 0 [pid 5848] close(3) = 0 [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5888] <... ioctl resumed>) = 0 [pid 5845] <... openat resumed>) = 3 [pid 5888] exit_group(0 [pid 5845] ioctl(3, LOOP_CLR_FD) = 0 [pid 5888] <... exit_group resumed>) = ? [pid 5845] close(3 [pid 5888] +++ exited with 0 +++ ./strace-static-x86_64: Process 5889 attached [pid 5847] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5888, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5845] <... close resumed>) = 0 [pid 5847] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5848] <... clone resumed>, child_tidptr=0x55557b78d650) = 5889 [pid 5847] umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5847] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5847] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5847] getdents64(3, 0x55557b78e6f0 /* 4 entries */, 32768) = 112 [pid 5847] umount2("./7/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5845] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5889] set_robust_list(0x55557b78d660, 24./strace-static-x86_64: Process 5890 attached ) = 0 [pid 5847] <... umount2 resumed>) = 0 [pid 5890] set_robust_list(0x55557b78d660, 24 [pid 5889] chdir("./7" [pid 5845] <... clone resumed>, child_tidptr=0x55557b78d650) = 5890 [pid 5890] <... set_robust_list resumed>) = 0 [pid 5890] chdir("./8") = 0 [pid 5847] umount2("./7/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5890] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5847] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5890] <... prctl resumed>) = 0 [pid 5889] <... chdir resumed>) = 0 [pid 5847] newfstatat(AT_FDCWD, "./7/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5890] setpgid(0, 0 [pid 5889] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5847] umount2("./7/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5890] <... setpgid resumed>) = 0 [pid 5889] <... prctl resumed>) = 0 [pid 5847] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5890] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5847] openat(AT_FDCWD, "./7/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5890] <... openat resumed>) = 3 [pid 5889] setpgid(0, 0 [pid 5847] <... openat resumed>) = 4 [pid 5890] write(3, "1000", 4 [pid 5847] newfstatat(4, "", [pid 5890] <... write resumed>) = 4 [pid 5889] <... setpgid resumed>) = 0 [pid 5847] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5890] close(3 [pid 5847] getdents64(4, [pid 5890] <... close resumed>) = 0 [pid 5889] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5847] <... getdents64 resumed>0x55557b796730 /* 2 entries */, 32768) = 48 [pid 5890] symlink("/dev/binderfs", "./binderfs" [pid 5847] getdents64(4, [pid 5890] <... symlink resumed>) = 0 [pid 5889] <... openat resumed>) = 3 [pid 5847] <... getdents64 resumed>0x55557b796730 /* 0 entries */, 32768) = 0 [pid 5890] write(1, "executing program\n", 18executing program [pid 5889] write(3, "1000", 4 [pid 5847] close(4 [pid 5890] <... write resumed>) = 18 [pid 5889] <... write resumed>) = 4 [pid 5847] <... close resumed>) = 0 [pid 5890] memfd_create("syzkaller", 0 [pid 5847] rmdir("./7/file2" [pid 5890] <... memfd_create resumed>) = 3 [pid 5889] close(3 [pid 5890] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5889] <... close resumed>) = 0 [pid 5847] <... rmdir resumed>) = 0 [pid 5889] symlink("/dev/binderfs", "./binderfs"executing program [pid 5890] <... mmap resumed>) = 0x7f9b52200000 [pid 5889] <... symlink resumed>) = 0 [pid 5847] umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5889] write(1, "executing program\n", 18) = 18 [pid 5889] memfd_create("syzkaller", 0) = 3 [pid 5890] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5847] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5889] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5847] newfstatat(AT_FDCWD, "./7/binderfs", [pid 5889] <... mmap resumed>) = 0x7f9b52200000 [pid 5847] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5889] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5847] unlink("./7/binderfs") = 0 [pid 5847] getdents64(3, 0x55557b78e6f0 /* 0 entries */, 32768) = 0 [pid 5847] close(3) = 0 [pid 5847] rmdir("./7") = 0 [pid 5847] mkdir("./8", 0777) = 0 [pid 5847] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5847] ioctl(3, LOOP_CLR_FD) = 0 [pid 5847] close(3 [pid 5890] <... write resumed>) = 524288 [pid 5889] <... write resumed>) = 524288 [pid 5890] munmap(0x7f9b52200000, 138412032 [pid 5889] munmap(0x7f9b52200000, 138412032 [pid 5890] <... munmap resumed>) = 0 [pid 5889] <... munmap resumed>) = 0 [pid 5890] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5890] ioctl(4, LOOP_SET_FD, 3 [pid 5889] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5847] <... close resumed>) = 0 [pid 5889] ioctl(4, LOOP_SET_FD, 3 [pid 5847] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557b78d650) = 5891 ./strace-static-x86_64: Process 5891 attached [pid 5891] set_robust_list(0x55557b78d660, 24) = 0 [pid 5891] chdir("./8") = 0 [pid 5891] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5891] setpgid(0, 0) = 0 [pid 5891] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5891] write(3, "1000", 4) = 4 [pid 5891] close(3) = 0 [pid 5891] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5891] write(1, "executing program\n", 18) = 18 [pid 5891] memfd_create("syzkaller", 0) = 3 [pid 5891] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b52200000 [pid 5890] <... ioctl resumed>) = 0 [pid 5889] <... ioctl resumed>) = 0 [pid 5890] close(3 [pid 5889] close(3) = 0 [pid 5889] close(4) = 0 [pid 5889] mkdir("./file2", 0777) = 0 [pid 5889] mount("/dev/loop3", "./file2", "hfsplus", MS_NOEXEC|MS_SYNCHRONOUS|MS_REC|MS_POSIXACL, "\x64\x65\x63\x6f\x6d\x70\x6f\x73\x65\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x74\x79\x70\x65\x3d\xa7\x86\x88\x28\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x31\x30\x30\x30\x30\x31\x2c\x6e\x6c\x73\x3d\x63\x70\x38\x36\x36\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30"... [pid 5890] <... close resumed>) = 0 [pid 5890] close(4 [pid 5891] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5890] <... close resumed>) = 0 [pid 5890] mkdir("./file2", 0777 [pid 5891] <... write resumed>) = 524288 [pid 5890] <... mkdir resumed>) = 0 [pid 5889] <... mount resumed>) = 0 [pid 5889] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5890] mount("/dev/loop0", "./file2", "hfsplus", MS_NOEXEC|MS_SYNCHRONOUS|MS_REC|MS_POSIXACL, "\x64\x65\x63\x6f\x6d\x70\x6f\x73\x65\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x74\x79\x70\x65\x3d\xa7\x86\x88\x28\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x31\x30\x30\x30\x30\x31\x2c\x6e\x6c\x73\x3d\x63\x70\x38\x36\x36\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30"... [pid 5889] <... openat resumed>) = 3 [pid 5889] chdir("./file2") = 0 [pid 5889] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5889] getpid() = 5889 [pid 5889] openat(AT_FDCWD, "/dev/loop0", O_RDONLY [pid 5891] munmap(0x7f9b52200000, 138412032 [pid 5889] <... openat resumed>) = 4 [pid 5891] <... munmap resumed>) = 0 [pid 5889] openat(AT_FDCWD, "cgroup.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5891] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5890] <... mount resumed>) = 0 [pid 5891] <... openat resumed>) = 4 [pid 5890] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5891] ioctl(4, LOOP_SET_FD, 3 [pid 5890] chdir("./file2") = 0 [pid 5889] <... openat resumed>) = 5 [ 63.025850][ T5890] loop0: detected capacity change from 0 to 1024 [ 63.029951][ T5889] loop3: detected capacity change from 0 to 1024 [pid 5890] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5889] ioctl(4, LOOP_CONFIGURE, {fd=5, block_size=0, info={lo_offset=0, lo_number=0, lo_flags=LO_FLAGS_AUTOCLEAR|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xfe\xe8\xa2\xab\x78\xfc\x17\x9f\xd1\xf8\xa0\xe9\x1d\xda\xac\xa7\xbd\x64\xc6\xa4\xb4\xe0\x0d\x96\x83\xdd\xa1\xaf\x1e\xa8\x9d\xe2\xb7\xfb\x0a\x01", ...}} [pid 5890] getpid( [pid 5889] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5890] <... getpid resumed>) = 5890 [pid 5890] openat(AT_FDCWD, "/dev/loop0", O_RDONLY) = 4 [pid 5890] openat(AT_FDCWD, "cgroup.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5889] ioctl(4, LOOP_SET_STATUS64, {lo_offset=0x5, lo_number=0, lo_flags=LO_FLAGS_USE_AOPS|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xeb\xbf\x52\x74\x8b\x0b\x2a\xff\x33\x0c\x21\x36\x7b\x06\x62\x4f\xde\x30\x88\x7f\xda\x17\x2e\xe2\x51\xca\x9d\xea\x03\xca\x09\x48\x80\x22\x55\x71\x64\x5c\xc0\x27\xcd\x4c\x7a\x81\x38\x8e\x08\xc0\xa4\xa8\x77\x31\x91\x41\x08\x48\xa8\x94\x10\xf3\x19\xbd\xe2"..., ...} [pid 5890] <... openat resumed>) = 5 [pid 5890] ioctl(4, LOOP_CONFIGURE, {fd=5, block_size=0, info={lo_offset=0, lo_number=0, lo_flags=LO_FLAGS_AUTOCLEAR|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xfe\xe8\xa2\xab\x78\xfc\x17\x9f\xd1\xf8\xa0\xe9\x1d\xda\xac\xa7\xbd\x64\xc6\xa4\xb4\xe0\x0d\x96\x83\xdd\xa1\xaf\x1e\xa8\x9d\xe2\xb7\xfb\x0a\x01", ...}} [pid 5891] <... ioctl resumed>) = 0 [pid 5890] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5890] ioctl(4, LOOP_SET_STATUS64, {lo_offset=0x5, lo_number=0, lo_flags=LO_FLAGS_USE_AOPS|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xeb\xbf\x52\x74\x8b\x0b\x2a\xff\x33\x0c\x21\x36\x7b\x06\x62\x4f\xde\x30\x88\x7f\xda\x17\x2e\xe2\x51\xca\x9d\xea\x03\xca\x09\x48\x80\x22\x55\x71\x64\x5c\xc0\x27\xcd\x4c\x7a\x81\x38\x8e\x08\xc0\xa4\xa8\x77\x31\x91\x41\x08\x48\xa8\x94\x10\xf3\x19\xbd\xe2"..., ...} [pid 5891] close(3) = 0 [pid 5891] close(4) = 0 [pid 5891] mkdir("./file2", 0777) = 0 [pid 5891] mount("/dev/loop2", "./file2", "hfsplus", MS_NOEXEC|MS_SYNCHRONOUS|MS_REC|MS_POSIXACL, "\x64\x65\x63\x6f\x6d\x70\x6f\x73\x65\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x74\x79\x70\x65\x3d\xa7\x86\x88\x28\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x31\x30\x30\x30\x30\x31\x2c\x6e\x6c\x73\x3d\x63\x70\x38\x36\x36\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30"...) = 0 [pid 5891] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5891] chdir("./file2") = 0 [pid 5891] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5891] getpid() = 5891 [ 63.071778][ T5891] loop2: detected capacity change from 0 to 1024 [ 63.099905][ T5889] loop0: detected capacity change from 1024 to 3 [pid 5891] openat(AT_FDCWD, "/dev/loop0", O_RDONLY [pid 5890] <... ioctl resumed>) = 0 [pid 5890] exit_group(0 [pid 5891] <... openat resumed>) = 4 [pid 5891] openat(AT_FDCWD, "cgroup.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5890] <... exit_group resumed>) = ? [pid 5891] <... openat resumed>) = 5 [pid 5890] +++ exited with 0 +++ [pid 5891] ioctl(4, LOOP_CONFIGURE, {fd=5, block_size=0, info={lo_offset=0, lo_number=0, lo_flags=LO_FLAGS_AUTOCLEAR|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xfe\xe8\xa2\xab\x78\xfc\x17\x9f\xd1\xf8\xa0\xe9\x1d\xda\xac\xa7\xbd\x64\xc6\xa4\xb4\xe0\x0d\x96\x83\xdd\xa1\xaf\x1e\xa8\x9d\xe2\xb7\xfb\x0a\x01", ...}}) = -1 EBUSY (Device or resource busy) [pid 5891] ioctl(4, LOOP_SET_STATUS64, {lo_offset=0x5, lo_number=0, lo_flags=LO_FLAGS_USE_AOPS|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xeb\xbf\x52\x74\x8b\x0b\x2a\xff\x33\x0c\x21\x36\x7b\x06\x62\x4f\xde\x30\x88\x7f\xda\x17\x2e\xe2\x51\xca\x9d\xea\x03\xca\x09\x48\x80\x22\x55\x71\x64\x5c\xc0\x27\xcd\x4c\x7a\x81\x38\x8e\x08\xc0\xa4\xa8\x77\x31\x91\x41\x08\x48\xa8\x94\x10\xf3\x19\xbd\xe2"..., ...} [pid 5889] <... ioctl resumed>) = 0 [pid 5845] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5890, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5845] umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5889] exit_group(0) = ? [pid 5845] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5845] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5845] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5845] getdents64(3, 0x55557b78e6f0 /* 4 entries */, 32768) = 112 [ 63.149421][ T5889] Dev loop0: unable to read RDB block 3 [ 63.155179][ T5889] loop0: unable to read partition table [ 63.160986][ T5889] loop0: partition table beyond EOD, truncated [ 63.167223][ T5889] loop_reread_partitions: partition scan of loop0 (Rt *3 !6{bO0.Qʝ H"Uqd\'Lz8w1AH) failed (rc=-5) [pid 5845] umount2("./8/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5891] <... ioctl resumed>) = 0 [pid 5889] +++ exited with 0 +++ [pid 5891] exit_group(0) = ? [pid 5891] +++ exited with 0 +++ [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5889, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5847] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5891, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5848] restart_syscall(<... resuming interrupted clone ...> [pid 5847] restart_syscall(<... resuming interrupted clone ...> [pid 5845] <... umount2 resumed>) = 0 [pid 5848] <... restart_syscall resumed>) = 0 [pid 5847] <... restart_syscall resumed>) = 0 [pid 5845] umount2("./8/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5845] newfstatat(AT_FDCWD, "./8/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5845] umount2("./8/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5845] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5845] openat(AT_FDCWD, "./8/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5848] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5847] umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5845] <... openat resumed>) = 4 [pid 5848] <... openat resumed>) = 3 [pid 5847] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5847] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5845] newfstatat(4, "", [pid 5848] newfstatat(3, "", [pid 5847] <... openat resumed>) = 3 [pid 5845] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5847] newfstatat(3, "", [pid 5848] getdents64(3, [pid 5847] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5845] getdents64(4, [pid 5848] <... getdents64 resumed>0x55557b78e6f0 /* 4 entries */, 32768) = 112 [pid 5847] getdents64(3, [pid 5845] <... getdents64 resumed>0x55557b796730 /* 2 entries */, 32768) = 48 [pid 5848] umount2("./7/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5847] <... getdents64 resumed>0x55557b78e6f0 /* 4 entries */, 32768) = 112 [pid 5847] umount2("./8/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5845] getdents64(4, 0x55557b796730 /* 0 entries */, 32768) = 0 [pid 5845] close(4) = 0 [pid 5845] rmdir("./8/file2") = 0 [pid 5848] <... umount2 resumed>) = 0 [pid 5848] umount2("./7/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5847] <... umount2 resumed>) = 0 [pid 5845] umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5847] umount2("./8/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] newfstatat(AT_FDCWD, "./7/file2", [pid 5847] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5845] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5847] newfstatat(AT_FDCWD, "./8/file2", [pid 5848] umount2("./7/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5845] newfstatat(AT_FDCWD, "./8/binderfs", [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5847] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] openat(AT_FDCWD, "./7/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5845] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5847] umount2("./8/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5845] unlink("./8/binderfs" [pid 5847] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] <... openat resumed>) = 4 [pid 5847] openat(AT_FDCWD, "./8/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5845] <... unlink resumed>) = 0 [pid 5848] newfstatat(4, "", [pid 5847] <... openat resumed>) = 4 [pid 5845] getdents64(3, [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5847] newfstatat(4, "", [pid 5848] getdents64(4, [pid 5845] <... getdents64 resumed>0x55557b78e6f0 /* 0 entries */, 32768) = 0 [pid 5847] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] <... getdents64 resumed>0x55557b796730 /* 2 entries */, 32768) = 48 [pid 5847] getdents64(4, [pid 5845] close(3 [pid 5848] getdents64(4, [pid 5847] <... getdents64 resumed>0x55557b796730 /* 2 entries */, 32768) = 48 [pid 5847] getdents64(4, [pid 5848] <... getdents64 resumed>0x55557b796730 /* 0 entries */, 32768) = 0 [pid 5845] <... close resumed>) = 0 [pid 5845] rmdir("./8" [pid 5848] close(4 [pid 5847] <... getdents64 resumed>0x55557b796730 /* 0 entries */, 32768) = 0 [ 63.206624][ T11] kworker/u8:0: attempt to access beyond end of device [ 63.206624][ T11] loop0: rw=1, sector=206, nr_sectors = 8 limit=3 [ 63.220125][ T11] kworker/u8:0: attempt to access beyond end of device [ 63.220125][ T11] loop0: rw=2049, sector=198, nr_sectors = 16 limit=3 [pid 5847] close(4 [pid 5845] <... rmdir resumed>) = 0 [pid 5848] <... close resumed>) = 0 [pid 5847] <... close resumed>) = 0 [pid 5848] rmdir("./7/file2" [pid 5847] rmdir("./8/file2" [pid 5845] mkdir("./9", 0777 [pid 5848] <... rmdir resumed>) = 0 [pid 5845] <... mkdir resumed>) = 0 [pid 5847] <... rmdir resumed>) = 0 [pid 5848] umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5845] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5847] umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5845] <... openat resumed>) = 3 [pid 5848] newfstatat(AT_FDCWD, "./7/binderfs", [pid 5847] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5845] ioctl(3, LOOP_CLR_FD [pid 5848] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5847] newfstatat(AT_FDCWD, "./8/binderfs", [pid 5845] <... ioctl resumed>) = 0 [pid 5848] unlink("./7/binderfs" [pid 5847] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] <... unlink resumed>) = 0 [pid 5847] unlink("./8/binderfs" [pid 5845] close(3 [pid 5848] getdents64(3, [pid 5847] <... unlink resumed>) = 0 [pid 5845] <... close resumed>) = 0 [pid 5848] <... getdents64 resumed>0x55557b78e6f0 /* 0 entries */, 32768) = 0 [pid 5848] close(3) = 0 [pid 5847] getdents64(3, [pid 5845] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5848] rmdir("./7" [pid 5847] <... getdents64 resumed>0x55557b78e6f0 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 5892 attached [pid 5892] set_robust_list(0x55557b78d660, 24) = 0 [pid 5848] <... rmdir resumed>) = 0 [pid 5847] close(3 [pid 5845] <... clone resumed>, child_tidptr=0x55557b78d650) = 5892 [pid 5892] chdir("./9" [pid 5848] mkdir("./8", 0777 [pid 5892] <... chdir resumed>) = 0 [pid 5847] <... close resumed>) = 0 [pid 5892] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5892] setpgid(0, 0) = 0 [pid 5892] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5848] <... mkdir resumed>) = 0 [pid 5847] rmdir("./8" [pid 5892] <... openat resumed>) = 3 [pid 5847] <... rmdir resumed>) = 0 [pid 5847] mkdir("./9", 0777 [pid 5892] write(3, "1000", 4 [pid 5847] <... mkdir resumed>) = 0 [pid 5892] <... write resumed>) = 4 [pid 5847] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5892] close(3 [pid 5848] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5847] <... openat resumed>) = 3 [pid 5892] <... close resumed>) = 0 [pid 5848] <... openat resumed>) = 3 [pid 5847] ioctl(3, LOOP_CLR_FD [pid 5892] symlink("/dev/binderfs", "./binderfs" [pid 5847] <... ioctl resumed>) = 0 [pid 5848] ioctl(3, LOOP_CLR_FD [pid 5847] close(3 [pid 5892] <... symlink resumed>) = 0 [pid 5848] <... ioctl resumed>) = 0 [pid 5847] <... close resumed>) = 0 [pid 5847] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD executing program [pid 5892] write(1, "executing program\n", 18) = 18 [pid 5892] memfd_create("syzkaller", 0 [pid 5848] close(3./strace-static-x86_64: Process 5893 attached [pid 5892] <... memfd_create resumed>) = 3 [pid 5848] <... close resumed>) = 0 [pid 5893] set_robust_list(0x55557b78d660, 24 [pid 5847] <... clone resumed>, child_tidptr=0x55557b78d650) = 5893 [pid 5893] <... set_robust_list resumed>) = 0 [pid 5893] chdir("./9") = 0 [pid 5893] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5893] setpgid(0, 0) = 0 [pid 5893] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5892] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5892] <... mmap resumed>) = 0x7f9b52200000 ./strace-static-x86_64: Process 5894 attached executing program [pid 5893] <... openat resumed>) = 3 [pid 5893] write(3, "1000", 4) = 4 [pid 5893] close(3) = 0 [pid 5893] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5893] write(1, "executing program\n", 18 [pid 5848] <... clone resumed>, child_tidptr=0x55557b78d650) = 5894 [pid 5893] <... write resumed>) = 18 [pid 5893] memfd_create("syzkaller", 0) = 3 [pid 5893] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b52200000 [pid 5892] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5894] set_robust_list(0x55557b78d660, 24) = 0 [pid 5894] chdir("./8") = 0 [pid 5893] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5894] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5893] <... write resumed>) = 524288 [pid 5892] <... write resumed>) = 524288 [pid 5894] <... prctl resumed>) = 0 [pid 5892] munmap(0x7f9b52200000, 138412032 [pid 5894] setpgid(0, 0 [pid 5893] munmap(0x7f9b52200000, 138412032 [pid 5892] <... munmap resumed>) = 0 [pid 5894] <... setpgid resumed>) = 0 [pid 5893] <... munmap resumed>) = 0 [pid 5892] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5894] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5892] <... openat resumed>) = 4 [pid 5894] write(3, "1000", 4) = 4 [pid 5893] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5892] ioctl(4, LOOP_SET_FD, 3 [pid 5894] close(3 [pid 5893] <... openat resumed>) = 4 [pid 5894] <... close resumed>) = 0 [pid 5894] symlink("/dev/binderfs", "./binderfs" [pid 5893] ioctl(4, LOOP_SET_FD, 3 [pid 5894] <... symlink resumed>) = 0 [pid 5892] <... ioctl resumed>) = 0 executing program [pid 5894] write(1, "executing program\n", 18) = 18 [pid 5894] memfd_create("syzkaller", 0) = 3 [pid 5893] <... ioctl resumed>) = 0 [pid 5892] close(3 [pid 5894] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5893] close(3 [pid 5892] <... close resumed>) = 0 [pid 5894] <... mmap resumed>) = 0x7f9b52200000 [pid 5893] <... close resumed>) = 0 [pid 5892] close(4 [pid 5893] close(4 [pid 5894] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5893] <... close resumed>) = 0 [pid 5892] <... close resumed>) = 0 [pid 5894] <... write resumed>) = 524288 [pid 5894] munmap(0x7f9b52200000, 138412032 [pid 5893] mkdir("./file2", 0777 [pid 5892] mkdir("./file2", 0777 [pid 5894] <... munmap resumed>) = 0 [pid 5893] <... mkdir resumed>) = 0 [pid 5894] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5893] mount("/dev/loop2", "./file2", "hfsplus", MS_NOEXEC|MS_SYNCHRONOUS|MS_REC|MS_POSIXACL, "\x64\x65\x63\x6f\x6d\x70\x6f\x73\x65\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x74\x79\x70\x65\x3d\xa7\x86\x88\x28\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x31\x30\x30\x30\x30\x31\x2c\x6e\x6c\x73\x3d\x63\x70\x38\x36\x36\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30"... [pid 5894] <... openat resumed>) = 4 [ 63.371255][ T5892] loop0: detected capacity change from 0 to 1024 [ 63.388311][ T5893] loop2: detected capacity change from 0 to 1024 [pid 5894] ioctl(4, LOOP_SET_FD, 3 [pid 5892] <... mkdir resumed>) = 0 [pid 5894] <... ioctl resumed>) = 0 [pid 5893] <... mount resumed>) = 0 [pid 5892] mount("/dev/loop0", "./file2", "hfsplus", MS_NOEXEC|MS_SYNCHRONOUS|MS_REC|MS_POSIXACL, "\x64\x65\x63\x6f\x6d\x70\x6f\x73\x65\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x74\x79\x70\x65\x3d\xa7\x86\x88\x28\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x31\x30\x30\x30\x30\x31\x2c\x6e\x6c\x73\x3d\x63\x70\x38\x36\x36\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30"... [pid 5894] close(3 [pid 5893] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5894] <... close resumed>) = 0 [pid 5894] close(4) = 0 [pid 5893] <... openat resumed>) = 3 [pid 5892] <... mount resumed>) = 0 [pid 5894] mkdir("./file2", 0777 [pid 5893] chdir("./file2" [pid 5892] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5894] <... mkdir resumed>) = 0 [pid 5893] <... chdir resumed>) = 0 [pid 5892] <... openat resumed>) = 3 [pid 5894] mount("/dev/loop3", "./file2", "hfsplus", MS_NOEXEC|MS_SYNCHRONOUS|MS_REC|MS_POSIXACL, "\x64\x65\x63\x6f\x6d\x70\x6f\x73\x65\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x74\x79\x70\x65\x3d\xa7\x86\x88\x28\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x31\x30\x30\x30\x30\x31\x2c\x6e\x6c\x73\x3d\x63\x70\x38\x36\x36\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30"... [pid 5893] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5892] chdir("./file2") = 0 [pid 5892] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5893] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5892] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5892] getpid( [pid 5893] getpid( [pid 5892] <... getpid resumed>) = 5892 [pid 5892] openat(AT_FDCWD, "/dev/loop0", O_RDONLY) = 4 [pid 5892] openat(AT_FDCWD, "cgroup.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5893] <... getpid resumed>) = 5893 [pid 5892] <... openat resumed>) = 5 [pid 5893] openat(AT_FDCWD, "/dev/loop0", O_RDONLY [pid 5892] ioctl(4, LOOP_CONFIGURE, {fd=5, block_size=0, info={lo_offset=0, lo_number=0, lo_flags=LO_FLAGS_AUTOCLEAR|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xfe\xe8\xa2\xab\x78\xfc\x17\x9f\xd1\xf8\xa0\xe9\x1d\xda\xac\xa7\xbd\x64\xc6\xa4\xb4\xe0\x0d\x96\x83\xdd\xa1\xaf\x1e\xa8\x9d\xe2\xb7\xfb\x0a\x01", ...}} [pid 5893] <... openat resumed>) = 4 [pid 5892] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5893] openat(AT_FDCWD, "cgroup.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5892] ioctl(4, LOOP_SET_STATUS64, {lo_offset=0x5, lo_number=0, lo_flags=LO_FLAGS_USE_AOPS|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xeb\xbf\x52\x74\x8b\x0b\x2a\xff\x33\x0c\x21\x36\x7b\x06\x62\x4f\xde\x30\x88\x7f\xda\x17\x2e\xe2\x51\xca\x9d\xea\x03\xca\x09\x48\x80\x22\x55\x71\x64\x5c\xc0\x27\xcd\x4c\x7a\x81\x38\x8e\x08\xc0\xa4\xa8\x77\x31\x91\x41\x08\x48\xa8\x94\x10\xf3\x19\xbd\xe2"..., ...} [pid 5894] <... mount resumed>) = 0 [pid 5894] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5893] <... openat resumed>) = 5 [pid 5894] <... openat resumed>) = 3 [pid 5893] ioctl(4, LOOP_CONFIGURE, {fd=5, block_size=0, info={lo_offset=0, lo_number=0, lo_flags=LO_FLAGS_AUTOCLEAR|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xfe\xe8\xa2\xab\x78\xfc\x17\x9f\xd1\xf8\xa0\xe9\x1d\xda\xac\xa7\xbd\x64\xc6\xa4\xb4\xe0\x0d\x96\x83\xdd\xa1\xaf\x1e\xa8\x9d\xe2\xb7\xfb\x0a\x01", ...}} [pid 5894] chdir("./file2" [pid 5893] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5894] <... chdir resumed>) = 0 [pid 5893] ioctl(4, LOOP_SET_STATUS64, {lo_offset=0x5, lo_number=0, lo_flags=LO_FLAGS_USE_AOPS|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xeb\xbf\x52\x74\x8b\x0b\x2a\xff\x33\x0c\x21\x36\x7b\x06\x62\x4f\xde\x30\x88\x7f\xda\x17\x2e\xe2\x51\xca\x9d\xea\x03\xca\x09\x48\x80\x22\x55\x71\x64\x5c\xc0\x27\xcd\x4c\x7a\x81\x38\x8e\x08\xc0\xa4\xa8\x77\x31\x91\x41\x08\x48\xa8\x94\x10\xf3\x19\xbd\xe2"..., ...} [pid 5894] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5894] getpid() = 5894 [ 63.430867][ T5894] loop3: detected capacity change from 0 to 1024 [ 63.469412][ T5892] loop0: detected capacity change from 1024 to 3 [pid 5894] openat(AT_FDCWD, "/dev/loop0", O_RDONLY [pid 5893] <... ioctl resumed>) = 0 [pid 5894] <... openat resumed>) = 4 [pid 5894] openat(AT_FDCWD, "cgroup.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5893] exit_group(0 [pid 5894] <... openat resumed>) = 5 [pid 5893] <... exit_group resumed>) = ? [pid 5894] ioctl(4, LOOP_CONFIGURE, {fd=5, block_size=0, info={lo_offset=0, lo_number=0, lo_flags=LO_FLAGS_AUTOCLEAR|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xfe\xe8\xa2\xab\x78\xfc\x17\x9f\xd1\xf8\xa0\xe9\x1d\xda\xac\xa7\xbd\x64\xc6\xa4\xb4\xe0\x0d\x96\x83\xdd\xa1\xaf\x1e\xa8\x9d\xe2\xb7\xfb\x0a\x01", ...}}) = -1 EBUSY (Device or resource busy) [pid 5894] ioctl(4, LOOP_SET_STATUS64, {lo_offset=0x5, lo_number=0, lo_flags=LO_FLAGS_USE_AOPS|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xeb\xbf\x52\x74\x8b\x0b\x2a\xff\x33\x0c\x21\x36\x7b\x06\x62\x4f\xde\x30\x88\x7f\xda\x17\x2e\xe2\x51\xca\x9d\xea\x03\xca\x09\x48\x80\x22\x55\x71\x64\x5c\xc0\x27\xcd\x4c\x7a\x81\x38\x8e\x08\xc0\xa4\xa8\x77\x31\x91\x41\x08\x48\xa8\x94\x10\xf3\x19\xbd\xe2"..., ...} [pid 5893] +++ exited with 0 +++ [pid 5892] <... ioctl resumed>) = 0 [pid 5847] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5893, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5847] umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5847] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5847] newfstatat(3, "", [pid 5892] exit_group(0 [pid 5847] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5892] <... exit_group resumed>) = ? [pid 5847] getdents64(3, 0x55557b78e6f0 /* 4 entries */, 32768) = 112 [pid 5847] umount2("./9/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 5847] umount2("./9/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5847] newfstatat(AT_FDCWD, "./9/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5847] umount2("./9/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5847] openat(AT_FDCWD, "./9/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5892] +++ exited with 0 +++ [pid 5847] <... openat resumed>) = 4 [pid 5847] newfstatat(4, "", [pid 5845] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5892, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5845] restart_syscall(<... resuming interrupted clone ...> [pid 5847] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5847] getdents64(4, 0x55557b796730 /* 2 entries */, 32768) = 48 [pid 5847] getdents64(4, 0x55557b796730 /* 0 entries */, 32768) = 0 [pid 5847] close(4) = 0 [pid 5847] rmdir("./9/file2") = 0 [pid 5845] <... restart_syscall resumed>) = 0 [pid 5847] umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5847] newfstatat(AT_FDCWD, "./9/binderfs", [pid 5845] umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5845] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5847] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5847] unlink("./9/binderfs" [pid 5845] <... openat resumed>) = 3 [pid 5847] <... unlink resumed>) = 0 [pid 5845] newfstatat(3, "", [pid 5847] getdents64(3, [pid 5845] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5847] <... getdents64 resumed>0x55557b78e6f0 /* 0 entries */, 32768) = 0 [pid 5845] getdents64(3, [pid 5847] close(3 [pid 5845] <... getdents64 resumed>0x55557b78e6f0 /* 4 entries */, 32768) = 112 [pid 5847] <... close resumed>) = 0 [pid 5845] umount2("./9/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5847] rmdir("./9") = 0 [ 63.530292][ T5892] Dev loop0: unable to read RDB block 3 [ 63.535866][ T5892] loop0: unable to read partition table [ 63.542651][ T5892] loop0: partition table beyond EOD, truncated [ 63.548823][ T5892] loop_reread_partitions: partition scan of loop0 (Rt *3 !6{bO0.Qʝ H"Uqd\'Lz8w1AH) failed (rc=-5) [pid 5847] mkdir("./10", 0777) = 0 [pid 5847] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5847] ioctl(3, LOOP_CLR_FD) = 0 [pid 5847] close(3) = 0 [pid 5847] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5894] <... ioctl resumed>) = 0 [pid 5845] <... umount2 resumed>) = 0 [pid 5845] umount2("./9/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5894] exit_group(0 [pid 5845] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5894] <... exit_group resumed>) = ? [pid 5845] newfstatat(AT_FDCWD, "./9/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5845] umount2("./9/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5845] openat(AT_FDCWD, "./9/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5845] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5845] getdents64(4, 0x55557b796730 /* 2 entries */, 32768) = 48 [pid 5845] getdents64(4, 0x55557b796730 /* 0 entries */, 32768) = 0 [pid 5845] close(4) = 0 [pid 5894] +++ exited with 0 +++ [pid 5845] rmdir("./9/file2" [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5894, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5845] <... rmdir resumed>) = 0 [pid 5845] umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5845] newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 ./strace-static-x86_64: Process 5895 attached [pid 5845] unlink("./9/binderfs" [pid 5895] set_robust_list(0x55557b78d660, 24 [pid 5845] <... unlink resumed>) = 0 [pid 5895] <... set_robust_list resumed>) = 0 [pid 5847] <... clone resumed>, child_tidptr=0x55557b78d650) = 5895 [pid 5845] getdents64(3, [pid 5895] chdir("./10" [pid 5845] <... getdents64 resumed>0x55557b78e6f0 /* 0 entries */, 32768) = 0 [pid 5895] <... chdir resumed>) = 0 [pid 5895] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5845] close(3 [pid 5895] <... prctl resumed>) = 0 [pid 5895] setpgid(0, 0 [pid 5845] <... close resumed>) = 0 [pid 5895] <... setpgid resumed>) = 0 [pid 5845] rmdir("./9" [pid 5895] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5845] <... rmdir resumed>) = 0 [pid 5845] mkdir("./10", 0777 [pid 5895] <... openat resumed>) = 3 [pid 5845] <... mkdir resumed>) = 0 [pid 5895] write(3, "1000", 4 [pid 5845] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5895] <... write resumed>) = 4 [pid 5845] ioctl(3, LOOP_CLR_FD [pid 5895] close(3) = 0 [pid 5845] <... ioctl resumed>) = 0 [ 63.577912][ T1103] kworker/u8:5: attempt to access beyond end of device [ 63.577912][ T1103] loop0: rw=1, sector=206, nr_sectors = 8 limit=3 [ 63.591389][ T1103] kworker/u8:5: attempt to access beyond end of device [ 63.591389][ T1103] loop0: rw=2049, sector=198, nr_sectors = 16 limit=3 [pid 5845] close(3 [pid 5895] symlink("/dev/binderfs", "./binderfs" [pid 5845] <... close resumed>) = 0 [pid 5895] <... symlink resumed>) = 0 [pid 5895] write(1, "executing program\n", 18executing program ) = 18 [pid 5845] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5895] memfd_create("syzkaller", 0 [pid 5848] umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 5896 attached [pid 5895] <... memfd_create resumed>) = 3 [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5895] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5848] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5845] <... clone resumed>, child_tidptr=0x55557b78d650) = 5896 [pid 5895] <... mmap resumed>) = 0x7f9b52200000 [pid 5848] <... openat resumed>) = 3 [pid 5848] newfstatat(3, "", [pid 5896] set_robust_list(0x55557b78d660, 24 [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5896] <... set_robust_list resumed>) = 0 [pid 5848] getdents64(3, [pid 5896] chdir("./10" [pid 5848] <... getdents64 resumed>0x55557b78e6f0 /* 4 entries */, 32768) = 112 [pid 5896] <... chdir resumed>) = 0 [pid 5848] umount2("./8/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5896] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5896] setpgid(0, 0) = 0 [pid 5896] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5896] write(3, "1000", 4 [pid 5848] <... umount2 resumed>) = 0 [pid 5895] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5896] <... write resumed>) = 4 [pid 5848] umount2("./8/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5896] close(3 [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5896] <... close resumed>) = 0 [pid 5895] <... write resumed>) = 524288 [pid 5848] newfstatat(AT_FDCWD, "./8/file2", [pid 5896] symlink("/dev/binderfs", "./binderfs" [pid 5895] munmap(0x7f9b52200000, 138412032 [pid 5896] <... symlink resumed>) = 0 [pid 5895] <... munmap resumed>) = 0 [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 executing program [pid 5896] write(1, "executing program\n", 18 [pid 5848] umount2("./8/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5896] <... write resumed>) = 18 [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5895] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5896] memfd_create("syzkaller", 0 [pid 5848] openat(AT_FDCWD, "./8/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5896] <... memfd_create resumed>) = 3 [pid 5895] <... openat resumed>) = 4 [pid 5848] <... openat resumed>) = 4 [pid 5895] ioctl(4, LOOP_SET_FD, 3 [pid 5896] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5848] newfstatat(4, "", [pid 5896] <... mmap resumed>) = 0x7f9b52200000 [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5895] <... ioctl resumed>) = 0 [pid 5896] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5848] getdents64(4, [pid 5896] <... write resumed>) = 524288 [pid 5895] close(3 [pid 5848] <... getdents64 resumed>0x55557b796730 /* 2 entries */, 32768) = 48 [pid 5895] <... close resumed>) = 0 [pid 5895] close(4 [pid 5848] getdents64(4, 0x55557b796730 /* 0 entries */, 32768) = 0 [pid 5848] close(4 [pid 5895] <... close resumed>) = 0 [pid 5848] <... close resumed>) = 0 [pid 5895] mkdir("./file2", 0777) = 0 [pid 5896] munmap(0x7f9b52200000, 138412032 [pid 5895] mount("/dev/loop2", "./file2", "hfsplus", MS_NOEXEC|MS_SYNCHRONOUS|MS_REC|MS_POSIXACL, "\x64\x65\x63\x6f\x6d\x70\x6f\x73\x65\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x74\x79\x70\x65\x3d\xa7\x86\x88\x28\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x31\x30\x30\x30\x30\x31\x2c\x6e\x6c\x73\x3d\x63\x70\x38\x36\x36\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30"... [pid 5848] rmdir("./8/file2" [pid 5896] <... munmap resumed>) = 0 [pid 5896] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5848] <... rmdir resumed>) = 0 [pid 5896] <... openat resumed>) = 4 [pid 5896] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5895] <... mount resumed>) = 0 [pid 5848] umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5895] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5895] <... openat resumed>) = 3 [pid 5848] newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] unlink("./8/binderfs" [pid 5895] chdir("./file2" [pid 5848] <... unlink resumed>) = 0 [pid 5895] <... chdir resumed>) = 0 [pid 5895] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5848] getdents64(3, 0x55557b78e6f0 /* 0 entries */, 32768) = 0 [pid 5895] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5848] close(3 [pid 5895] getpid() = 5895 [pid 5848] <... close resumed>) = 0 [pid 5848] rmdir("./8" [pid 5895] openat(AT_FDCWD, "/dev/loop0", O_RDONLY) = 4 [pid 5896] close(3 [pid 5895] openat(AT_FDCWD, "cgroup.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5848] <... rmdir resumed>) = 0 [pid 5896] <... close resumed>) = 0 [pid 5848] mkdir("./9", 0777 [pid 5896] close(4) = 0 [pid 5896] mkdir("./file2", 0777) = 0 [pid 5848] <... mkdir resumed>) = 0 [pid 5896] mount("/dev/loop0", "./file2", "hfsplus", MS_NOEXEC|MS_SYNCHRONOUS|MS_REC|MS_POSIXACL, "\x64\x65\x63\x6f\x6d\x70\x6f\x73\x65\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x74\x79\x70\x65\x3d\xa7\x86\x88\x28\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x31\x30\x30\x30\x30\x31\x2c\x6e\x6c\x73\x3d\x63\x70\x38\x36\x36\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30"... [pid 5848] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5896] <... mount resumed>) = 0 [pid 5895] <... openat resumed>) = 5 [pid 5895] ioctl(4, LOOP_CONFIGURE, {fd=5, block_size=0, info={lo_offset=0, lo_number=0, lo_flags=LO_FLAGS_AUTOCLEAR|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xfe\xe8\xa2\xab\x78\xfc\x17\x9f\xd1\xf8\xa0\xe9\x1d\xda\xac\xa7\xbd\x64\xc6\xa4\xb4\xe0\x0d\x96\x83\xdd\xa1\xaf\x1e\xa8\x9d\xe2\xb7\xfb\x0a\x01", ...}} [pid 5896] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5895] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5896] <... openat resumed>) = 3 [pid 5895] ioctl(4, LOOP_SET_STATUS64, {lo_offset=0x5, lo_number=0, lo_flags=LO_FLAGS_USE_AOPS|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xeb\xbf\x52\x74\x8b\x0b\x2a\xff\x33\x0c\x21\x36\x7b\x06\x62\x4f\xde\x30\x88\x7f\xda\x17\x2e\xe2\x51\xca\x9d\xea\x03\xca\x09\x48\x80\x22\x55\x71\x64\x5c\xc0\x27\xcd\x4c\x7a\x81\x38\x8e\x08\xc0\xa4\xa8\x77\x31\x91\x41\x08\x48\xa8\x94\x10\xf3\x19\xbd\xe2"..., ...} [pid 5848] <... openat resumed>) = 3 [pid 5896] chdir("./file2" [pid 5848] ioctl(3, LOOP_CLR_FD) = 0 [pid 5848] close(3 [pid 5896] <... chdir resumed>) = 0 [ 63.684213][ T5895] loop2: detected capacity change from 0 to 1024 [ 63.721734][ T5896] loop0: detected capacity change from 0 to 1024 [pid 5896] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5848] <... close resumed>) = 0 [pid 5896] getpid() = 5896 [pid 5896] openat(AT_FDCWD, "/dev/loop0", O_RDONLY [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557b78d650) = 5897 ./strace-static-x86_64: Process 5897 attached [pid 5897] set_robust_list(0x55557b78d660, 24) = 0 [pid 5896] <... openat resumed>) = 4 [pid 5897] chdir("./9" [pid 5896] openat(AT_FDCWD, "cgroup.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5897] <... chdir resumed>) = 0 [pid 5897] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5897] setpgid(0, 0) = 0 [pid 5897] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5897] write(3, "1000", 4) = 4 [pid 5897] close(3) = 0 [pid 5897] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5897] write(1, "executing program\n", 18executing program ) = 18 [pid 5897] memfd_create("syzkaller", 0) = 3 [ 63.779160][ T5895] loop0: detected capacity change from 1024 to 3 [ 63.787438][ T5896] syz-executor964: attempt to access beyond end of device [ 63.787438][ T5896] loop0: rw=0, sector=86, nr_sectors = 2 limit=3 [ 63.790427][ T5895] Dev loop0: unable to read RDB block 3 [ 63.801451][ T5896] Buffer I/O error on dev loop0, logical block 43, async page read [ 63.811768][ T5895] loop0: unable to read partition table [ 63.814874][ T5896] Buffer I/O error on dev loop0, logical block 44, async page read [pid 5897] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b52200000 [pid 5897] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5897] munmap(0x7f9b52200000, 138412032 [pid 5896] <... openat resumed>) = 5 [pid 5895] <... ioctl resumed>) = 0 [pid 5897] <... munmap resumed>) = 0 [pid 5896] ioctl(4, LOOP_CONFIGURE, {fd=5, block_size=0, info={lo_offset=0, lo_number=0, lo_flags=LO_FLAGS_AUTOCLEAR|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xfe\xe8\xa2\xab\x78\xfc\x17\x9f\xd1\xf8\xa0\xe9\x1d\xda\xac\xa7\xbd\x64\xc6\xa4\xb4\xe0\x0d\x96\x83\xdd\xa1\xaf\x1e\xa8\x9d\xe2\xb7\xfb\x0a\x01", ...}} [pid 5897] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5895] exit_group(0 [pid 5897] <... openat resumed>) = 4 [pid 5896] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5895] <... exit_group resumed>) = ? [pid 5897] ioctl(4, LOOP_SET_FD, 3 [pid 5896] ioctl(4, LOOP_SET_STATUS64, {lo_offset=0x5, lo_number=0, lo_flags=LO_FLAGS_USE_AOPS|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xeb\xbf\x52\x74\x8b\x0b\x2a\xff\x33\x0c\x21\x36\x7b\x06\x62\x4f\xde\x30\x88\x7f\xda\x17\x2e\xe2\x51\xca\x9d\xea\x03\xca\x09\x48\x80\x22\x55\x71\x64\x5c\xc0\x27\xcd\x4c\x7a\x81\x38\x8e\x08\xc0\xa4\xa8\x77\x31\x91\x41\x08\x48\xa8\x94\x10\xf3\x19\xbd\xe2"..., ...} [pid 5895] +++ exited with 0 +++ [ 63.820167][ T5895] loop0: partition table beyond EOD, [ 63.828007][ T5896] Buffer I/O error on dev loop0, logical block 45, async page read [ 63.830342][ T5895] truncated [ 63.833909][ T5896] Buffer I/O error on dev loop0, logical block 46, async page read [ 63.848581][ T5895] loop_reread_partitions: partition scan of loop0 (Rt *3 !6{bO0.Qʝ H"Uqd\'Lz8w1AH) failed (rc=-5) [ 63.852648][ T5896] hfsplus: xattr searching failed [pid 5847] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5895, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5897] <... ioctl resumed>) = 0 [pid 5897] close(3) = 0 [pid 5897] close(4) = 0 [pid 5897] mkdir("./file2", 0777) = 0 [pid 5897] mount("/dev/loop3", "./file2", "hfsplus", MS_NOEXEC|MS_SYNCHRONOUS|MS_REC|MS_POSIXACL, "\x64\x65\x63\x6f\x6d\x70\x6f\x73\x65\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x74\x79\x70\x65\x3d\xa7\x86\x88\x28\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x31\x30\x30\x30\x30\x31\x2c\x6e\x6c\x73\x3d\x63\x70\x38\x36\x36\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30"... [pid 5847] umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5847] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5847] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5847] getdents64(3, 0x55557b78e6f0 /* 4 entries */, 32768) = 112 [pid 5847] umount2("./10/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5897] <... mount resumed>) = 0 [pid 5897] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5847] <... umount2 resumed>) = 0 [pid 5847] umount2("./10/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5897] chdir("./file2" [pid 5847] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5897] <... chdir resumed>) = 0 [pid 5896] <... ioctl resumed>) = 0 [pid 5847] newfstatat(AT_FDCWD, "./10/file2", [pid 5897] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5847] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5897] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5847] umount2("./10/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5847] openat(AT_FDCWD, "./10/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5897] getpid( [pid 5847] <... openat resumed>) = 4 [pid 5897] <... getpid resumed>) = 5897 [pid 5847] newfstatat(4, "", [pid 5897] openat(AT_FDCWD, "/dev/loop0", O_RDONLY [pid 5847] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5897] <... openat resumed>) = 4 [pid 5847] getdents64(4, [pid 5897] openat(AT_FDCWD, "cgroup.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5847] <... getdents64 resumed>0x55557b796730 /* 2 entries */, 32768) = 48 [pid 5847] getdents64(4, [pid 5896] exit_group(0 [pid 5897] <... openat resumed>) = 5 [pid 5896] <... exit_group resumed>) = ? [pid 5847] <... getdents64 resumed>0x55557b796730 /* 0 entries */, 32768) = 0 [pid 5847] close(4 [pid 5897] ioctl(4, LOOP_CONFIGURE, {fd=5, block_size=0, info={lo_offset=0, lo_number=0, lo_flags=LO_FLAGS_AUTOCLEAR|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xfe\xe8\xa2\xab\x78\xfc\x17\x9f\xd1\xf8\xa0\xe9\x1d\xda\xac\xa7\xbd\x64\xc6\xa4\xb4\xe0\x0d\x96\x83\xdd\xa1\xaf\x1e\xa8\x9d\xe2\xb7\xfb\x0a\x01", ...}} [pid 5847] <... close resumed>) = 0 [pid 5847] rmdir("./10/file2") = 0 [pid 5897] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5847] umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5897] ioctl(4, LOOP_SET_STATUS64, {lo_offset=0x5, lo_number=0, lo_flags=LO_FLAGS_USE_AOPS|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xeb\xbf\x52\x74\x8b\x0b\x2a\xff\x33\x0c\x21\x36\x7b\x06\x62\x4f\xde\x30\x88\x7f\xda\x17\x2e\xe2\x51\xca\x9d\xea\x03\xca\x09\x48\x80\x22\x55\x71\x64\x5c\xc0\x27\xcd\x4c\x7a\x81\x38\x8e\x08\xc0\xa4\xa8\x77\x31\x91\x41\x08\x48\xa8\x94\x10\xf3\x19\xbd\xe2"..., ...} [pid 5847] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5896] +++ exited with 0 +++ [pid 5847] newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5845] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5896, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5847] unlink("./10/binderfs" [pid 5845] restart_syscall(<... resuming interrupted clone ...> [pid 5847] <... unlink resumed>) = 0 [pid 5847] getdents64(3, 0x55557b78e6f0 /* 0 entries */, 32768) = 0 [pid 5847] close(3) = 0 [pid 5847] rmdir("./10") = 0 [ 63.887124][ T5897] loop3: detected capacity change from 0 to 1024 [pid 5847] mkdir("./11", 0777) = 0 [pid 5845] <... restart_syscall resumed>) = 0 [pid 5847] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5847] ioctl(3, LOOP_CLR_FD) = 0 [pid 5847] close(3) = 0 [pid 5845] umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5845] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5845] newfstatat(3, "", [pid 5847] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5845] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5845] getdents64(3, 0x55557b78e6f0 /* 4 entries */, 32768) = 112 [pid 5845] umount2("./10/file2", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 5898 attached [pid 5847] <... clone resumed>, child_tidptr=0x55557b78d650) = 5898 [pid 5898] set_robust_list(0x55557b78d660, 24) = 0 [pid 5898] chdir("./11") = 0 [pid 5898] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5898] setpgid(0, 0) = 0 [pid 5898] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5898] write(3, "1000", 4) = 4 [pid 5898] close(3) = 0 executing program [pid 5898] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5898] write(1, "executing program\n", 18) = 18 [pid 5898] memfd_create("syzkaller", 0) = 3 [pid 5898] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b52200000 [pid 5897] <... ioctl resumed>) = 0 [pid 5897] exit_group(0 [pid 5898] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5845] <... umount2 resumed>) = 0 [pid 5897] <... exit_group resumed>) = ? [pid 5897] +++ exited with 0 +++ [pid 5845] umount2("./10/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5898] <... write resumed>) = 524288 [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5897, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5845] newfstatat(AT_FDCWD, "./10/file2", [pid 5898] munmap(0x7f9b52200000, 138412032 [pid 5845] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5845] umount2("./10/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5898] <... munmap resumed>) = 0 [pid 5845] openat(AT_FDCWD, "./10/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5845] newfstatat(4, "", [pid 5898] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5845] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5845] getdents64(4, [pid 5898] <... openat resumed>) = 4 [pid 5848] umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5845] <... getdents64 resumed>0x55557b796730 /* 2 entries */, 32768) = 48 [pid 5845] getdents64(4, 0x55557b796730 /* 0 entries */, 32768) = 0 [pid 5898] ioctl(4, LOOP_SET_FD, 3 [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5845] close(4 [pid 5848] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5848] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(3, [pid 5898] <... ioctl resumed>) = 0 [pid 5845] <... close resumed>) = 0 [pid 5848] <... getdents64 resumed>0x55557b78e6f0 /* 4 entries */, 32768) = 112 [pid 5845] rmdir("./10/file2" [pid 5898] close(3 [pid 5848] umount2("./9/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5898] <... close resumed>) = 0 [pid 5845] <... rmdir resumed>) = 0 [pid 5898] close(4) = 0 [pid 5845] umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5898] mkdir("./file2", 0777 [pid 5848] <... umount2 resumed>) = 0 [pid 5845] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] umount2("./9/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5898] <... mkdir resumed>) = 0 [pid 5845] newfstatat(AT_FDCWD, "./10/binderfs", [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./9/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] umount2("./9/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./9/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5848] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(4, 0x55557b796730 /* 2 entries */, 32768) = 48 [pid 5848] getdents64(4, 0x55557b796730 /* 0 entries */, 32768) = 0 [pid 5848] close(4) = 0 [pid 5848] rmdir("./9/file2" [pid 5898] mount("/dev/loop2", "./file2", "hfsplus", MS_NOEXEC|MS_SYNCHRONOUS|MS_REC|MS_POSIXACL, "\x64\x65\x63\x6f\x6d\x70\x6f\x73\x65\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x74\x79\x70\x65\x3d\xa7\x86\x88\x28\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x31\x30\x30\x30\x30\x31\x2c\x6e\x6c\x73\x3d\x63\x70\x38\x36\x36\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30"... [pid 5848] <... rmdir resumed>) = 0 [pid 5845] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5845] unlink("./10/binderfs") = 0 [pid 5845] getdents64(3, [pid 5848] umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5845] <... getdents64 resumed>0x55557b78e6f0 /* 0 entries */, 32768) = 0 [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5845] close(3 [pid 5848] newfstatat(AT_FDCWD, "./9/binderfs", [pid 5845] <... close resumed>) = 0 [pid 5848] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5845] rmdir("./10" [pid 5848] unlink("./9/binderfs" [pid 5845] <... rmdir resumed>) = 0 [pid 5848] <... unlink resumed>) = 0 [pid 5845] mkdir("./11", 0777) = 0 [pid 5848] getdents64(3, [pid 5845] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5848] <... getdents64 resumed>0x55557b78e6f0 /* 0 entries */, 32768) = 0 [pid 5898] <... mount resumed>) = 0 [pid 5848] close(3 [pid 5845] <... openat resumed>) = 3 [pid 5845] ioctl(3, LOOP_CLR_FD) = 0 [pid 5848] <... close resumed>) = 0 [pid 5898] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5845] close(3 [pid 5848] rmdir("./9" [pid 5898] <... openat resumed>) = 3 [pid 5848] <... rmdir resumed>) = 0 [pid 5898] chdir("./file2" [pid 5845] <... close resumed>) = 0 [pid 5898] <... chdir resumed>) = 0 [pid 5845] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5899 attached [pid 5898] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5899] set_robust_list(0x55557b78d660, 24 [pid 5898] getpid( [pid 5845] <... clone resumed>, child_tidptr=0x55557b78d650) = 5899 [pid 5898] <... getpid resumed>) = 5898 [pid 5899] <... set_robust_list resumed>) = 0 [pid 5898] openat(AT_FDCWD, "/dev/loop0", O_RDONLY [pid 5899] chdir("./11" [pid 5898] <... openat resumed>) = 4 [pid 5898] openat(AT_FDCWD, "cgroup.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5899] <... chdir resumed>) = 0 [pid 5898] <... openat resumed>) = 5 [pid 5848] mkdir("./10", 0777 [pid 5898] ioctl(4, LOOP_CONFIGURE, {fd=5, block_size=0, info={lo_offset=0, lo_number=0, lo_flags=LO_FLAGS_AUTOCLEAR|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xfe\xe8\xa2\xab\x78\xfc\x17\x9f\xd1\xf8\xa0\xe9\x1d\xda\xac\xa7\xbd\x64\xc6\xa4\xb4\xe0\x0d\x96\x83\xdd\xa1\xaf\x1e\xa8\x9d\xe2\xb7\xfb\x0a\x01", ...}} [pid 5899] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5898] <... ioctl resumed>) = 0 [pid 5899] <... prctl resumed>) = 0 [pid 5898] ioctl(4, LOOP_SET_STATUS64, {lo_offset=0x5, lo_number=0, lo_flags=LO_FLAGS_USE_AOPS|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xeb\xbf\x52\x74\x8b\x0b\x2a\xff\x33\x0c\x21\x36\x7b\x06\x62\x4f\xde\x30\x88\x7f\xda\x17\x2e\xe2\x51\xca\x9d\xea\x03\xca\x09\x48\x80\x22\x55\x71\x64\x5c\xc0\x27\xcd\x4c\x7a\x81\x38\x8e\x08\xc0\xa4\xa8\x77\x31\x91\x41\x08\x48\xa8\x94\x10\xf3\x19\xbd\xe2"..., ...} [pid 5848] <... mkdir resumed>) = 0 [pid 5899] setpgid(0, 0) = 0 [pid 5899] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5848] openat(AT_FDCWD, "/dev/loop3", O_RDWR [ 64.054932][ T5898] loop2: detected capacity change from 0 to 1024 [pid 5899] write(3, "1000", 4) = 4 [pid 5848] <... openat resumed>) = 3 [pid 5899] close(3 [pid 5848] ioctl(3, LOOP_CLR_FD [pid 5899] <... close resumed>) = 0 [pid 5848] <... ioctl resumed>) = 0 [pid 5848] close(3 [pid 5899] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5899] write(1, "executing program\n", 18 [pid 5848] <... close resumed>) = 0 executing program [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5899] <... write resumed>) = 18 [pid 5848] <... clone resumed>, child_tidptr=0x55557b78d650) = 5900 ./strace-static-x86_64: Process 5900 attached [pid 5899] memfd_create("syzkaller", 0 [pid 5898] <... ioctl resumed>) = 0 [pid 5898] exit_group(0 [pid 5900] set_robust_list(0x55557b78d660, 24 [pid 5899] <... memfd_create resumed>) = 3 [pid 5898] <... exit_group resumed>) = ? [pid 5900] <... set_robust_list resumed>) = 0 [pid 5899] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5898] +++ exited with 0 +++ [pid 5900] chdir("./10" [pid 5899] <... mmap resumed>) = 0x7f9b52200000 [pid 5847] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5898, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5847] restart_syscall(<... resuming interrupted clone ...> [pid 5900] <... chdir resumed>) = 0 [pid 5900] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5900] setpgid(0, 0) = 0 [pid 5900] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5899] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5900] <... openat resumed>) = 3 [pid 5847] <... restart_syscall resumed>) = 0 [pid 5900] write(3, "1000", 4) = 4 [pid 5900] close(3 [pid 5847] umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5900] <... close resumed>) = 0 [pid 5847] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5900] symlink("/dev/binderfs", "./binderfs" [pid 5847] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5900] <... symlink resumed>) = 0 [pid 5847] <... openat resumed>) = 3 [pid 5847] newfstatat(3, "", [pid 5899] <... write resumed>) = 524288 executing program [pid 5900] write(1, "executing program\n", 18 [pid 5899] munmap(0x7f9b52200000, 138412032 [pid 5847] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5900] <... write resumed>) = 18 [pid 5900] memfd_create("syzkaller", 0 [pid 5847] getdents64(3, [pid 5899] <... munmap resumed>) = 0 [pid 5900] <... memfd_create resumed>) = 3 [pid 5899] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5847] <... getdents64 resumed>0x55557b78e6f0 /* 4 entries */, 32768) = 112 [pid 5847] umount2("./11/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5900] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5847] <... umount2 resumed>) = -1 EBUSY (Device or resource busy) [pid 5900] <... mmap resumed>) = 0x7f9b52200000 [pid 5899] <... openat resumed>) = 4 [pid 5847] newfstatat(AT_FDCWD, "./11/file2", [pid 5899] ioctl(4, LOOP_SET_FD, 3 [pid 5847] <... newfstatat resumed>{st_mode=S_IFDIR|0766, st_size=10, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5899] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5899] ioctl(4, LOOP_CLR_FD [pid 5847] umount2("./11/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5899] <... ioctl resumed>) = 0 [pid 5847] <... umount2 resumed>) = -1 EBUSY (Device or resource busy) [pid 5900] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5847] openat(AT_FDCWD, "./11/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5847] newfstatat(4, "", [pid 5900] <... write resumed>) = 524288 [pid 5899] ioctl(4, LOOP_SET_FD, 3 [pid 5900] munmap(0x7f9b52200000, 138412032 [pid 5899] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5847] <... newfstatat resumed>{st_mode=S_IFDIR|0766, st_size=10, ...}, AT_EMPTY_PATH) = 0 [pid 5900] <... munmap resumed>) = 0 [pid 5847] getdents64(4, [pid 5900] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5899] close(4 [pid 5900] <... openat resumed>) = 4 [pid 5900] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5899] <... close resumed>) = 0 [pid 5899] close(3) = 0 [pid 5847] <... getdents64 resumed>0x55557b796730 /* 4 entries */, 32768) = 112 [pid 5847] umount2("./11/file2/cgroup.stat", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5847] newfstatat(AT_FDCWD, "./11/file2/cgroup.stat", [pid 5899] getpid( [pid 5847] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5899] <... getpid resumed>) = 5899 [pid 5847] unlink("./11/file2/cgroup.stat" [pid 5899] openat(AT_FDCWD, "/dev/loop0", O_RDONLY [pid 5847] <... unlink resumed>) = 0 [pid 5847] umount2("./11/file2/file.c??d", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 ENOENT (No such file or directory) [pid 5900] close(3 [pid 5899] <... openat resumed>) = 3 [pid 5847] newfstatat(AT_FDCWD, "./11/file2/file.c??d", [pid 5900] <... close resumed>) = 0 [pid 5899] openat(AT_FDCWD, "cgroup.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5900] close(4 [pid 5847] <... newfstatat resumed>0x7ffcf71a0c30, AT_SYMLINK_NOFOLLOW) = -1 ENOENT (No such file or directory) [pid 5899] <... openat resumed>) = 4 [pid 5899] ioctl(3, LOOP_CONFIGURE, {fd=4, block_size=0, info={lo_offset=0, lo_number=0, lo_flags=LO_FLAGS_AUTOCLEAR|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xfe\xe8\xa2\xab\x78\xfc\x17\x9f\xd1\xf8\xa0\xe9\x1d\xda\xac\xa7\xbd\x64\xc6\xa4\xb4\xe0\x0d\x96\x83\xdd\xa1\xaf\x1e\xa8\x9d\xe2\xb7\xfb\x0a\x01", ...}} [pid 5900] <... close resumed>) = 0 [pid 5847] exit_group(1 [pid 5900] mkdir("./file2", 0777 [pid 5899] <... ioctl resumed>) = 0 [pid 5847] <... exit_group resumed>) = ? [pid 5900] <... mkdir resumed>) = 0 [pid 5899] ioctl(3, LOOP_SET_STATUS64, {lo_offset=0x5, lo_number=0, lo_flags=LO_FLAGS_USE_AOPS|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xeb\xbf\x52\x74\x8b\x0b\x2a\xff\x33\x0c\x21\x36\x7b\x06\x62\x4f\xde\x30\x88\x7f\xda\x17\x2e\xe2\x51\xca\x9d\xea\x03\xca\x09\x48\x80\x22\x55\x71\x64\x5c\xc0\x27\xcd\x4c\x7a\x81\x38\x8e\x08\xc0\xa4\xa8\x77\x31\x91\x41\x08\x48\xa8\x94\x10\xf3\x19\xbd\xe2"..., ...} [pid 5847] +++ exited with 1 +++ [pid 5844] <... restart_syscall resumed>) = ? ERESTART_RESTARTBLOCK (Interrupted by signal) [pid 5844] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5847, si_uid=0, si_status=1, si_utime=0, si_stime=12 /* 0.12 s */} --- [pid 5900] mount("/dev/loop3", "./file2", "hfsplus", MS_NOEXEC|MS_SYNCHRONOUS|MS_REC|MS_POSIXACL, "\x64\x65\x63\x6f\x6d\x70\x6f\x73\x65\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x74\x79\x70\x65\x3d\xa7\x86\x88\x28\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x31\x30\x30\x30\x30\x31\x2c\x6e\x6c\x73\x3d\x63\x70\x38\x36\x36\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30"... [pid 5844] restart_syscall(<... resuming interrupted restart_syscall ...> [pid 5900] <... mount resumed>) = 0 [pid 5900] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5900] chdir("./file2") = 0 [pid 5900] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5900] getpid() = 5900 [ 64.196441][ T5847] hfsplus: walked past end of dir [ 64.202107][ T5900] loop3: detected capacity change from 0 to 1024 [pid 5900] openat(AT_FDCWD, "/dev/loop0", O_RDONLY) = 4 [pid 5899] <... ioctl resumed>) = 0 [pid 5900] openat(AT_FDCWD, "cgroup.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5899] exit_group(0) = ? [pid 5900] <... openat resumed>) = 5 [pid 5900] ioctl(4, LOOP_CONFIGURE, {fd=5, block_size=0, info={lo_offset=0, lo_number=0, lo_flags=LO_FLAGS_AUTOCLEAR|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xfe\xe8\xa2\xab\x78\xfc\x17\x9f\xd1\xf8\xa0\xe9\x1d\xda\xac\xa7\xbd\x64\xc6\xa4\xb4\xe0\x0d\x96\x83\xdd\xa1\xaf\x1e\xa8\x9d\xe2\xb7\xfb\x0a\x01", ...}}) = -1 EBUSY (Device or resource busy) [pid 5900] ioctl(4, LOOP_SET_STATUS64, {lo_offset=0x5, lo_number=0, lo_flags=LO_FLAGS_USE_AOPS|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xeb\xbf\x52\x74\x8b\x0b\x2a\xff\x33\x0c\x21\x36\x7b\x06\x62\x4f\xde\x30\x88\x7f\xda\x17\x2e\xe2\x51\xca\x9d\xea\x03\xca\x09\x48\x80\x22\x55\x71\x64\x5c\xc0\x27\xcd\x4c\x7a\x81\x38\x8e\x08\xc0\xa4\xa8\x77\x31\x91\x41\x08\x48\xa8\x94\x10\xf3\x19\xbd\xe2"..., ...} [pid 5899] +++ exited with 0 +++ [pid 5845] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5899, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5845] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5845] umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5845] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5845] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5845] getdents64(3, 0x55557b78e6f0 /* 4 entries */, 32768) = 112 [pid 5845] umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5845] newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5845] unlink("./11/binderfs") = 0 [pid 5845] umount2("./11/cgroup.stat", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5845] newfstatat(AT_FDCWD, "./11/cgroup.stat", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5845] unlink("./11/cgroup.stat") = 0 [pid 5845] getdents64(3, 0x55557b78e6f0 /* 0 entries */, 32768) = 0 [pid 5845] close(3) = 0 [pid 5845] rmdir("./11") = 0 [pid 5845] mkdir("./12", 0777) = 0 [pid 5845] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5900] <... ioctl resumed>) = 0 [pid 5845] <... openat resumed>) = 3 [pid 5900] exit_group(0) = ? [pid 5845] ioctl(3, LOOP_CLR_FD) = 0 [pid 5900] +++ exited with 0 +++ [pid 5845] close(3 [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5900, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5848] umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5845] <... close resumed>) = 0 [pid 5845] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5848] <... openat resumed>) = 3 [pid 5848] newfstatat(3, "", [pid 5845] <... clone resumed>, child_tidptr=0x55557b78d650) = 5901 ./strace-static-x86_64: Process 5901 attached [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(3, [pid 5901] set_robust_list(0x55557b78d660, 24) = 0 [pid 5848] <... getdents64 resumed>0x55557b78e6f0 /* 4 entries */, 32768) = 112 [pid 5848] umount2("./10/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5901] chdir("./12") = 0 [pid 5901] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5901] setpgid(0, 0) = 0 [pid 5901] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5848] <... umount2 resumed>) = 0 [pid 5901] <... openat resumed>) = 3 [pid 5848] umount2("./10/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5901] write(3, "1000", 4 [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5901] <... write resumed>) = 4 [pid 5848] newfstatat(AT_FDCWD, "./10/file2", [pid 5901] close(3) = 0 [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5901] symlink("/dev/binderfs", "./binderfs" [pid 5848] umount2("./10/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5901] <... symlink resumed>) = 0 [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5901] write(1, "executing program\n", 18executing program [pid 5848] openat(AT_FDCWD, "./10/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5901] <... write resumed>) = 18 [pid 5901] memfd_create("syzkaller", 0 [pid 5848] <... openat resumed>) = 4 [pid 5848] newfstatat(4, "", [pid 5901] <... memfd_create resumed>) = 3 [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5901] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b52200000 [pid 5848] getdents64(4, 0x55557b796730 /* 2 entries */, 32768) = 48 [pid 5848] getdents64(4, 0x55557b796730 /* 0 entries */, 32768) = 0 [pid 5848] close(4) = 0 [pid 5848] rmdir("./10/file2") = 0 [pid 5848] umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5901] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] unlink("./10/binderfs" [pid 5901] <... write resumed>) = 524288 [pid 5901] munmap(0x7f9b52200000, 138412032 [pid 5848] <... unlink resumed>) = 0 [pid 5901] <... munmap resumed>) = 0 [pid 5848] getdents64(3, [pid 5901] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5848] <... getdents64 resumed>0x55557b78e6f0 /* 0 entries */, 32768) = 0 [pid 5848] close(3 [pid 5901] <... openat resumed>) = 4 [pid 5848] <... close resumed>) = 0 [pid 5848] rmdir("./10" [pid 5901] ioctl(4, LOOP_SET_FD, 3 [pid 5848] <... rmdir resumed>) = 0 [pid 5901] <... ioctl resumed>) = 0 [pid 5901] close(3 [pid 5848] mkdir("./11", 0777 [pid 5901] <... close resumed>) = 0 [pid 5901] close(4 [pid 5848] <... mkdir resumed>) = 0 [pid 5848] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5901] <... close resumed>) = 0 [pid 5848] <... openat resumed>) = 3 [pid 5848] ioctl(3, LOOP_CLR_FD) = 0 [pid 5848] close(3 [pid 5901] mkdir("./file2", 0777) = 0 [pid 5901] mount("/dev/loop0", "./file2", "hfsplus", MS_NOEXEC|MS_SYNCHRONOUS|MS_REC|MS_POSIXACL, "\x64\x65\x63\x6f\x6d\x70\x6f\x73\x65\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x74\x79\x70\x65\x3d\xa7\x86\x88\x28\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x31\x30\x30\x30\x30\x31\x2c\x6e\x6c\x73\x3d\x63\x70\x38\x36\x36\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30"... [pid 5848] <... close resumed>) = 0 [pid 5901] <... mount resumed>) = 0 [pid 5901] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5901] <... openat resumed>) = 3 ./strace-static-x86_64: Process 5902 attached [pid 5901] chdir("./file2" [pid 5902] set_robust_list(0x55557b78d660, 24 [pid 5901] <... chdir resumed>) = 0 [pid 5848] <... clone resumed>, child_tidptr=0x55557b78d650) = 5902 [pid 5902] <... set_robust_list resumed>) = 0 [pid 5901] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5902] chdir("./11" [pid 5901] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5901] getpid() = 5901 [pid 5901] openat(AT_FDCWD, "/dev/loop0", O_RDONLY [pid 5902] <... chdir resumed>) = 0 [pid 5901] <... openat resumed>) = 4 [pid 5901] openat(AT_FDCWD, "cgroup.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5902] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5902] setpgid(0, 0) = 0 [pid 5902] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5901] <... openat resumed>) = 5 [pid 5902] <... openat resumed>) = 3 [pid 5902] write(3, "1000", 4) = 4 [pid 5902] close(3 [pid 5901] ioctl(4, LOOP_CONFIGURE, {fd=5, block_size=0, info={lo_offset=0, lo_number=0, lo_flags=LO_FLAGS_AUTOCLEAR|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xfe\xe8\xa2\xab\x78\xfc\x17\x9f\xd1\xf8\xa0\xe9\x1d\xda\xac\xa7\xbd\x64\xc6\xa4\xb4\xe0\x0d\x96\x83\xdd\xa1\xaf\x1e\xa8\x9d\xe2\xb7\xfb\x0a\x01", ...}} [pid 5902] <... close resumed>) = 0 [pid 5901] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5902] symlink("/dev/binderfs", "./binderfs" [pid 5901] ioctl(4, LOOP_SET_STATUS64, {lo_offset=0x5, lo_number=0, lo_flags=LO_FLAGS_USE_AOPS|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xeb\xbf\x52\x74\x8b\x0b\x2a\xff\x33\x0c\x21\x36\x7b\x06\x62\x4f\xde\x30\x88\x7f\xda\x17\x2e\xe2\x51\xca\x9d\xea\x03\xca\x09\x48\x80\x22\x55\x71\x64\x5c\xc0\x27\xcd\x4c\x7a\x81\x38\x8e\x08\xc0\xa4\xa8\x77\x31\x91\x41\x08\x48\xa8\x94\x10\xf3\x19\xbd\xe2"..., ...} [pid 5902] <... symlink resumed>) = 0 [pid 5902] write(1, "executing program\n", 18executing program ) = 18 [pid 5902] memfd_create("syzkaller", 0) = 3 [pid 5902] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b52200000 [pid 5902] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5902] munmap(0x7f9b52200000, 138412032) = 0 [ 64.565056][ T5901] loop0: detected capacity change from 0 to 1024 [pid 5902] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5902] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5902] close(3) = 0 [pid 5902] close(4) = 0 [pid 5902] mkdir("./file2", 0777) = 0 [ 64.619794][ T5902] loop3: detected capacity change from 0 to 1024 [pid 5902] mount("/dev/loop3", "./file2", "hfsplus", MS_NOEXEC|MS_SYNCHRONOUS|MS_REC|MS_POSIXACL, "\x64\x65\x63\x6f\x6d\x70\x6f\x73\x65\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x74\x79\x70\x65\x3d\xa7\x86\x88\x28\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x31\x30\x30\x30\x30\x31\x2c\x6e\x6c\x73\x3d\x63\x70\x38\x36\x36\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30"...) = 0 [pid 5902] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5902] chdir("./file2") = 0 [pid 5902] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5902] getpid() = 5902 [pid 5902] openat(AT_FDCWD, "/dev/loop0", O_RDONLY) = 4 [pid 5902] openat(AT_FDCWD, "cgroup.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5902] ioctl(4, LOOP_CONFIGURE, {fd=5, block_size=0, info={lo_offset=0, lo_number=0, lo_flags=LO_FLAGS_AUTOCLEAR|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xfe\xe8\xa2\xab\x78\xfc\x17\x9f\xd1\xf8\xa0\xe9\x1d\xda\xac\xa7\xbd\x64\xc6\xa4\xb4\xe0\x0d\x96\x83\xdd\xa1\xaf\x1e\xa8\x9d\xe2\xb7\xfb\x0a\x01", ...}}) = -1 EBUSY (Device or resource busy) [pid 5902] ioctl(4, LOOP_SET_STATUS64, {lo_offset=0x5, lo_number=0, lo_flags=LO_FLAGS_USE_AOPS|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xeb\xbf\x52\x74\x8b\x0b\x2a\xff\x33\x0c\x21\x36\x7b\x06\x62\x4f\xde\x30\x88\x7f\xda\x17\x2e\xe2\x51\xca\x9d\xea\x03\xca\x09\x48\x80\x22\x55\x71\x64\x5c\xc0\x27\xcd\x4c\x7a\x81\x38\x8e\x08\xc0\xa4\xa8\x77\x31\x91\x41\x08\x48\xa8\x94\x10\xf3\x19\xbd\xe2"..., ...} [pid 5901] <... ioctl resumed>) = 0 [pid 5901] exit_group(0) = ? [pid 5902] <... ioctl resumed>) = 0 [pid 5902] exit_group(0) = ? [pid 5902] +++ exited with 0 +++ [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5902, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [ 64.660485][ T5901] loop0: detected capacity change from 1024 to 3 [ 64.667669][ T5901] Dev loop0: unable to read RDB block 3 [ 64.673938][ T5901] loop0: unable to read partition table [ 64.680418][ T5901] loop0: partition table beyond EOD, truncated [ 64.686606][ T5901] loop_reread_partitions: partition scan of loop0 (Rt *3 !6{bO0.Qʝ H"Uqd\'Lz8w1AH) failed (rc=-5) [pid 5848] restart_syscall(<... resuming interrupted clone ...> [pid 5901] +++ exited with 0 +++ [pid 5848] <... restart_syscall resumed>) = 0 [pid 5845] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5901, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5848] umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5845] umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] <... openat resumed>) = 3 [pid 5845] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(3, "", [pid 5845] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5845] <... openat resumed>) = 3 [pid 5848] getdents64(3, [pid 5845] newfstatat(3, "", [pid 5848] <... getdents64 resumed>0x55557b78e6f0 /* 4 entries */, 32768) = 112 [pid 5845] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] umount2("./11/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5845] getdents64(3, 0x55557b78e6f0 /* 4 entries */, 32768) = 112 [pid 5845] umount2("./12/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] <... umount2 resumed>) = 0 [pid 5848] umount2("./11/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./11/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] umount2("./11/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./11/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5848] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(4, 0x55557b796730 /* 2 entries */, 32768) = 48 [pid 5848] getdents64(4, 0x55557b796730 /* 0 entries */, 32768) = 0 [pid 5848] close(4) = 0 [pid 5848] rmdir("./11/file2") = 0 [pid 5848] umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] unlink("./11/binderfs") = 0 [pid 5848] getdents64(3, 0x55557b78e6f0 /* 0 entries */, 32768) = 0 [pid 5848] close(3) = 0 [pid 5848] rmdir("./11") = 0 [pid 5848] mkdir("./12", 0777) = 0 [pid 5848] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5848] ioctl(3, LOOP_CLR_FD) = 0 [pid 5848] close(3) = 0 [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557b78d650) = 5903 ./strace-static-x86_64: Process 5903 attached [pid 5845] <... umount2 resumed>) = 0 [pid 5903] set_robust_list(0x55557b78d660, 24 [pid 5845] umount2("./12/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5903] <... set_robust_list resumed>) = 0 [pid 5845] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5903] chdir("./12" [pid 5845] newfstatat(AT_FDCWD, "./12/file2", [pid 5903] <... chdir resumed>) = 0 [pid 5845] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5903] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5845] umount2("./12/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5903] <... prctl resumed>) = 0 [pid 5845] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5845] openat(AT_FDCWD, "./12/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5903] setpgid(0, 0 [pid 5845] <... openat resumed>) = 4 [pid 5903] <... setpgid resumed>) = 0 [pid 5845] newfstatat(4, "", [pid 5903] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5845] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5903] <... openat resumed>) = 3 [pid 5845] getdents64(4, [pid 5903] write(3, "1000", 4 [pid 5845] <... getdents64 resumed>0x55557b796730 /* 2 entries */, 32768) = 48 [pid 5903] <... write resumed>) = 4 [pid 5845] getdents64(4, [pid 5903] close(3 [pid 5845] <... getdents64 resumed>0x55557b796730 /* 0 entries */, 32768) = 0 [pid 5903] <... close resumed>) = 0 [pid 5845] close(4 [pid 5903] symlink("/dev/binderfs", "./binderfs" [pid 5845] <... close resumed>) = 0 [pid 5845] rmdir("./12/file2" [pid 5903] <... symlink resumed>) = 0 [pid 5845] <... rmdir resumed>) = 0 executing program [pid 5903] write(1, "executing program\n", 18 [pid 5845] umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5903] <... write resumed>) = 18 [pid 5845] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5903] memfd_create("syzkaller", 0 [pid 5845] newfstatat(AT_FDCWD, "./12/binderfs", [pid 5903] <... memfd_create resumed>) = 3 [pid 5845] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5903] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5845] unlink("./12/binderfs" [pid 5903] <... mmap resumed>) = 0x7f9b52200000 [pid 5845] <... unlink resumed>) = 0 [pid 5845] getdents64(3, [pid 5903] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5845] <... getdents64 resumed>0x55557b78e6f0 /* 0 entries */, 32768) = 0 [pid 5903] munmap(0x7f9b52200000, 138412032) = 0 [pid 5845] close(3 [pid 5903] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5845] <... close resumed>) = 0 [pid 5903] <... openat resumed>) = 4 [pid 5845] rmdir("./12" [ 64.766629][ T2108] bio_check_eod: 5 callbacks suppressed [ 64.766724][ T2108] kworker/u8:6: attempt to access beyond end of device [ 64.766724][ T2108] loop0: rw=1, sector=206, nr_sectors = 8 limit=3 [ 64.787351][ T2108] kworker/u8:6: attempt to access beyond end of device [ 64.787351][ T2108] loop0: rw=2049, sector=198, nr_sectors = 16 limit=3 [pid 5903] ioctl(4, LOOP_SET_FD, 3 [pid 5845] <... rmdir resumed>) = 0 [pid 5845] mkdir("./13", 0777) = 0 [pid 5845] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5903] <... ioctl resumed>) = 0 [pid 5845] <... openat resumed>) = 3 [pid 5903] close(3) = 0 [pid 5845] ioctl(3, LOOP_CLR_FD [pid 5903] close(4 [pid 5845] <... ioctl resumed>) = 0 [pid 5903] <... close resumed>) = 0 [pid 5845] close(3 [pid 5903] mkdir("./file2", 0777 [pid 5845] <... close resumed>) = 0 [pid 5845] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5903] <... mkdir resumed>) = 0 [pid 5903] mount("/dev/loop3", "./file2", "hfsplus", MS_NOEXEC|MS_SYNCHRONOUS|MS_REC|MS_POSIXACL, "\x64\x65\x63\x6f\x6d\x70\x6f\x73\x65\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x74\x79\x70\x65\x3d\xa7\x86\x88\x28\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x31\x30\x30\x30\x30\x31\x2c\x6e\x6c\x73\x3d\x63\x70\x38\x36\x36\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30"..../strace-static-x86_64: Process 5904 attached [pid 5845] <... clone resumed>, child_tidptr=0x55557b78d650) = 5904 [pid 5904] set_robust_list(0x55557b78d660, 24) = 0 [pid 5904] chdir("./13") = 0 [pid 5904] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5904] setpgid(0, 0) = 0 executing program [pid 5904] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5904] write(3, "1000", 4) = 4 [pid 5904] close(3) = 0 [pid 5904] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5904] write(1, "executing program\n", 18) = 18 [pid 5904] memfd_create("syzkaller", 0) = 3 [pid 5904] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b52200000 [pid 5904] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5903] <... mount resumed>) = 0 [ 64.846409][ T5903] loop3: detected capacity change from 0 to 1024 [pid 5903] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5904] <... write resumed>) = 524288 [pid 5903] <... openat resumed>) = 3 [pid 5903] chdir("./file2" [pid 5904] munmap(0x7f9b52200000, 138412032 [pid 5903] <... chdir resumed>) = 0 [pid 5904] <... munmap resumed>) = 0 [pid 5903] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5903] getpid() = 5903 [pid 5904] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5903] openat(AT_FDCWD, "/dev/loop0", O_RDONLY [pid 5904] ioctl(4, LOOP_SET_FD, 3 [pid 5903] <... openat resumed>) = 4 [pid 5903] openat(AT_FDCWD, "cgroup.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5903] ioctl(4, LOOP_CONFIGURE, {fd=5, block_size=0, info={lo_offset=0, lo_number=0, lo_flags=LO_FLAGS_AUTOCLEAR|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xfe\xe8\xa2\xab\x78\xfc\x17\x9f\xd1\xf8\xa0\xe9\x1d\xda\xac\xa7\xbd\x64\xc6\xa4\xb4\xe0\x0d\x96\x83\xdd\xa1\xaf\x1e\xa8\x9d\xe2\xb7\xfb\x0a\x01", ...}} [pid 5904] <... ioctl resumed>) = 0 [pid 5903] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5904] close(3) = 0 [pid 5903] ioctl(4, LOOP_SET_STATUS64, {lo_offset=0x5, lo_number=0, lo_flags=LO_FLAGS_USE_AOPS|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xeb\xbf\x52\x74\x8b\x0b\x2a\xff\x33\x0c\x21\x36\x7b\x06\x62\x4f\xde\x30\x88\x7f\xda\x17\x2e\xe2\x51\xca\x9d\xea\x03\xca\x09\x48\x80\x22\x55\x71\x64\x5c\xc0\x27\xcd\x4c\x7a\x81\x38\x8e\x08\xc0\xa4\xa8\x77\x31\x91\x41\x08\x48\xa8\x94\x10\xf3\x19\xbd\xe2"..., ...} [pid 5904] close(4) = 0 [pid 5904] mkdir("./file2", 0777) = 0 [ 64.921763][ T5904] loop0: detected capacity change from 0 to 1024 [ 64.979187][ T5903] loop0: detected capacity change from 1024 to 3 [ 64.986069][ T5220] Dev loop0: unable to read RDB block 3 [ 64.991716][ T5220] loop0: unable to read partition table [ 64.997436][ T5220] loop0: partition table beyond EOD, truncated [ 65.004687][ T5904] hfsplus: unable to find HFS+ superblock [ 65.010671][ T5903] Dev loop0: unable to read RDB block 3 [ 65.016245][ T5903] loop0: unable to read partition table [ 65.022122][ T5903] loop0: partition table beyond EOD, truncated [pid 5904] mount("/dev/loop0", "./file2", "hfsplus", MS_NOEXEC|MS_SYNCHRONOUS|MS_REC|MS_POSIXACL, "\x64\x65\x63\x6f\x6d\x70\x6f\x73\x65\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x74\x79\x70\x65\x3d\xa7\x86\x88\x28\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x31\x30\x30\x30\x30\x31\x2c\x6e\x6c\x73\x3d\x63\x70\x38\x36\x36\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30"...) = -1 EINVAL (Invalid argument) [pid 5903] <... ioctl resumed>) = 0 [pid 5904] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5904] ioctl(3, LOOP_CLR_FD [pid 5903] exit_group(0 [pid 5904] <... ioctl resumed>) = 0 [pid 5903] <... exit_group resumed>) = ? [pid 5904] close(3) = 0 [pid 5904] getpid() = 5904 [ 65.028347][ T5903] loop_reread_partitions: partition scan of loop0 (Rt *3 !6{bO0.Qʝ H"Uqd\'Lz8w1AH) failed (rc=-5) [ 65.065372][ T5220] Dev loop0: unable to read RDB block 3 [ 65.071063][ T5220] loop0: unable to read partition table [pid 5904] openat(AT_FDCWD, "/dev/loop0", O_RDONLY) = 3 [pid 5903] +++ exited with 0 +++ [pid 5904] openat(AT_FDCWD, "cgroup.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5904] ioctl(3, LOOP_CONFIGURE, {fd=4, block_size=0, info={lo_offset=0, lo_number=0, lo_flags=LO_FLAGS_AUTOCLEAR|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xfe\xe8\xa2\xab\x78\xfc\x17\x9f\xd1\xf8\xa0\xe9\x1d\xda\xac\xa7\xbd\x64\xc6\xa4\xb4\xe0\x0d\x96\x83\xdd\xa1\xaf\x1e\xa8\x9d\xe2\xb7\xfb\x0a\x01", ...}}) = 0 [pid 5904] ioctl(3, LOOP_SET_STATUS64, {lo_offset=0x5, lo_number=0, lo_flags=LO_FLAGS_USE_AOPS|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xeb\xbf\x52\x74\x8b\x0b\x2a\xff\x33\x0c\x21\x36\x7b\x06\x62\x4f\xde\x30\x88\x7f\xda\x17\x2e\xe2\x51\xca\x9d\xea\x03\xca\x09\x48\x80\x22\x55\x71\x64\x5c\xc0\x27\xcd\x4c\x7a\x81\x38\x8e\x08\xc0\xa4\xa8\x77\x31\x91\x41\x08\x48\xa8\x94\x10\xf3\x19\xbd\xe2"..., ...} [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5903, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5848] umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5848] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(3, 0x55557b78e6f0 /* 4 entries */, 32768) = 112 [pid 5848] umount2("./12/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 5848] umount2("./12/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./12/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] umount2("./12/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./12/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5848] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(4, 0x55557b796730 /* 2 entries */, 32768) = 48 [pid 5848] getdents64(4, 0x55557b796730 /* 0 entries */, 32768) = 0 [pid 5848] close(4) = 0 [pid 5848] rmdir("./12/file2") = 0 [pid 5848] umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] unlink("./12/binderfs") = 0 [pid 5848] getdents64(3, 0x55557b78e6f0 /* 0 entries */, 32768) = 0 [pid 5848] close(3) = 0 [pid 5848] rmdir("./12") = 0 [pid 5848] mkdir("./13", 0777) = 0 [pid 5848] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5848] ioctl(3, LOOP_CLR_FD) = 0 [pid 5848] close(3) = 0 [ 65.076828][ T5220] loop0: partition table beyond EOD, truncated [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5905 attached , child_tidptr=0x55557b78d650) = 5905 [pid 5905] set_robust_list(0x55557b78d660, 24) = 0 [pid 5905] chdir("./13") = 0 [pid 5905] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5905] setpgid(0, 0) = 0 [pid 5905] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5905] write(3, "1000", 4) = 4 [pid 5905] close(3) = 0 [pid 5905] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5905] write(1, "executing program\n", 18 [pid 5904] <... ioctl resumed>) = 0 [pid 5905] <... write resumed>) = 18 [pid 5904] exit_group(0) = ? [pid 5904] +++ exited with 0 +++ [pid 5905] memfd_create("syzkaller", 0 [pid 5845] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5904, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5905] <... memfd_create resumed>) = 3 [pid 5845] restart_syscall(<... resuming interrupted clone ...> [pid 5905] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b52200000 [pid 5845] <... restart_syscall resumed>) = 0 [pid 5845] umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5845] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5845] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5845] getdents64(3, 0x55557b78e6f0 /* 5 entries */, 32768) = 144 [pid 5845] umount2("./13/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5845] newfstatat(AT_FDCWD, "./13/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5845] umount2("./13/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5845] openat(AT_FDCWD, "./13/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5845] newfstatat(4, "", [pid 5905] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5845] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5845] getdents64(4, 0x55557b796730 /* 2 entries */, 32768) = 48 [pid 5845] getdents64(4, 0x55557b796730 /* 0 entries */, 32768) = 0 [pid 5845] close(4) = 0 [pid 5845] rmdir("./13/file2") = 0 [pid 5845] umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5905] <... write resumed>) = 524288 [pid 5845] newfstatat(AT_FDCWD, "./13/binderfs", [pid 5905] munmap(0x7f9b52200000, 138412032 [pid 5845] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5905] <... munmap resumed>) = 0 [pid 5845] unlink("./13/binderfs") = 0 [pid 5905] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5845] umount2("./13/cgroup.stat", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5905] ioctl(4, LOOP_SET_FD, 3 [pid 5845] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5845] newfstatat(AT_FDCWD, "./13/cgroup.stat", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5905] <... ioctl resumed>) = 0 [pid 5845] unlink("./13/cgroup.stat" [pid 5905] close(3 [pid 5845] <... unlink resumed>) = 0 [pid 5905] <... close resumed>) = 0 [pid 5845] getdents64(3, [pid 5905] close(4 [pid 5845] <... getdents64 resumed>0x55557b78e6f0 /* 0 entries */, 32768) = 0 [pid 5845] close(3) = 0 [pid 5845] rmdir("./13") = 0 [pid 5845] mkdir("./14", 0777) = 0 [pid 5845] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5845] ioctl(3, LOOP_CLR_FD) = 0 [pid 5845] close(3) = 0 [pid 5845] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5906 attached [pid 5905] <... close resumed>) = 0 [pid 5845] <... clone resumed>, child_tidptr=0x55557b78d650) = 5906 [pid 5906] set_robust_list(0x55557b78d660, 24) = 0 [pid 5906] chdir("./14") = 0 [pid 5905] mkdir("./file2", 0777 [pid 5906] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5905] <... mkdir resumed>) = 0 [pid 5906] <... prctl resumed>) = 0 [pid 5906] setpgid(0, 0) = 0 [pid 5905] mount("/dev/loop3", "./file2", "hfsplus", MS_NOEXEC|MS_SYNCHRONOUS|MS_REC|MS_POSIXACL, "\x64\x65\x63\x6f\x6d\x70\x6f\x73\x65\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x74\x79\x70\x65\x3d\xa7\x86\x88\x28\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x31\x30\x30\x30\x30\x31\x2c\x6e\x6c\x73\x3d\x63\x70\x38\x36\x36\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30"... [pid 5906] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5906] write(3, "1000", 4) = 4 [pid 5906] close(3) = 0 [pid 5905] <... mount resumed>) = 0 [pid 5906] symlink("/dev/binderfs", "./binderfs" [pid 5905] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5906] <... symlink resumed>) = 0 [pid 5905] <... openat resumed>) = 3 executing program [pid 5906] write(1, "executing program\n", 18) = 18 [pid 5905] chdir("./file2" [pid 5906] memfd_create("syzkaller", 0 [pid 5905] <... chdir resumed>) = 0 [pid 5905] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5906] <... memfd_create resumed>) = 3 [pid 5906] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5905] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5905] getpid( [pid 5906] <... mmap resumed>) = 0x7f9b52200000 [pid 5905] <... getpid resumed>) = 5905 [pid 5905] openat(AT_FDCWD, "/dev/loop0", O_RDONLY) = 4 [pid 5905] openat(AT_FDCWD, "cgroup.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [ 65.162877][ T5905] loop3: detected capacity change from 0 to 1024 [pid 5905] ioctl(4, LOOP_CONFIGURE, {fd=5, block_size=0, info={lo_offset=0, lo_number=0, lo_flags=LO_FLAGS_AUTOCLEAR|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xfe\xe8\xa2\xab\x78\xfc\x17\x9f\xd1\xf8\xa0\xe9\x1d\xda\xac\xa7\xbd\x64\xc6\xa4\xb4\xe0\x0d\x96\x83\xdd\xa1\xaf\x1e\xa8\x9d\xe2\xb7\xfb\x0a\x01", ...}} [pid 5906] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5905] <... ioctl resumed>) = 0 [pid 5906] <... write resumed>) = 524288 [pid 5905] ioctl(4, LOOP_SET_STATUS64, {lo_offset=0x5, lo_number=0, lo_flags=LO_FLAGS_USE_AOPS|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xeb\xbf\x52\x74\x8b\x0b\x2a\xff\x33\x0c\x21\x36\x7b\x06\x62\x4f\xde\x30\x88\x7f\xda\x17\x2e\xe2\x51\xca\x9d\xea\x03\xca\x09\x48\x80\x22\x55\x71\x64\x5c\xc0\x27\xcd\x4c\x7a\x81\x38\x8e\x08\xc0\xa4\xa8\x77\x31\x91\x41\x08\x48\xa8\x94\x10\xf3\x19\xbd\xe2"..., ...} [pid 5906] munmap(0x7f9b52200000, 138412032) = 0 [pid 5906] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5905] <... ioctl resumed>) = 0 [pid 5906] <... openat resumed>) = 4 [pid 5906] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5905] exit_group(0 [pid 5906] ioctl(4, LOOP_CLR_FD [pid 5905] <... exit_group resumed>) = ? [pid 5906] <... ioctl resumed>) = 0 [pid 5905] +++ exited with 0 +++ [pid 5906] ioctl(4, LOOP_SET_FD, 3 [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5905, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5906] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5848] restart_syscall(<... resuming interrupted clone ...> [pid 5906] close(4 [pid 5848] <... restart_syscall resumed>) = 0 [pid 5906] <... close resumed>) = 0 [pid 5906] close(3) = 0 [pid 5848] umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5906] getpid() = 5906 [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5906] openat(AT_FDCWD, "/dev/loop0", O_RDONLY [pid 5848] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5906] <... openat resumed>) = 3 [pid 5848] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5906] openat(AT_FDCWD, "cgroup.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5848] getdents64(3, [pid 5906] <... openat resumed>) = 4 [pid 5848] <... getdents64 resumed>0x55557b78e6f0 /* 4 entries */, 32768) = 112 [pid 5906] ioctl(3, LOOP_CONFIGURE, {fd=4, block_size=0, info={lo_offset=0, lo_number=0, lo_flags=LO_FLAGS_AUTOCLEAR|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xfe\xe8\xa2\xab\x78\xfc\x17\x9f\xd1\xf8\xa0\xe9\x1d\xda\xac\xa7\xbd\x64\xc6\xa4\xb4\xe0\x0d\x96\x83\xdd\xa1\xaf\x1e\xa8\x9d\xe2\xb7\xfb\x0a\x01", ...}} [pid 5848] umount2("./13/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5906] <... ioctl resumed>) = 0 [pid 5906] ioctl(3, LOOP_SET_STATUS64, {lo_offset=0x5, lo_number=0, lo_flags=LO_FLAGS_USE_AOPS|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xeb\xbf\x52\x74\x8b\x0b\x2a\xff\x33\x0c\x21\x36\x7b\x06\x62\x4f\xde\x30\x88\x7f\xda\x17\x2e\xe2\x51\xca\x9d\xea\x03\xca\x09\x48\x80\x22\x55\x71\x64\x5c\xc0\x27\xcd\x4c\x7a\x81\x38\x8e\x08\xc0\xa4\xa8\x77\x31\x91\x41\x08\x48\xa8\x94\x10\xf3\x19\xbd\xe2"..., ...} [pid 5848] <... umount2 resumed>) = 0 [pid 5848] umount2("./13/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./13/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] umount2("./13/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./13/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5848] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(4, [pid 5906] <... ioctl resumed>) = 0 [pid 5848] <... getdents64 resumed>0x55557b796730 /* 2 entries */, 32768) = 48 [pid 5906] exit_group(0 [pid 5848] getdents64(4, [pid 5906] <... exit_group resumed>) = ? [pid 5848] <... getdents64 resumed>0x55557b796730 /* 0 entries */, 32768) = 0 [pid 5848] close(4) = 0 [pid 5848] rmdir("./13/file2" [pid 5906] +++ exited with 0 +++ [pid 5848] <... rmdir resumed>) = 0 [pid 5845] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5906, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5848] umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5845] restart_syscall(<... resuming interrupted clone ...> [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5845] <... restart_syscall resumed>) = 0 [pid 5848] newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] unlink("./13/binderfs") = 0 [pid 5848] getdents64(3, 0x55557b78e6f0 /* 0 entries */, 32768) = 0 [pid 5848] close(3) = 0 [pid 5848] rmdir("./13") = 0 [pid 5845] umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] mkdir("./14", 0777) = 0 [pid 5845] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5845] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5848] ioctl(3, LOOP_CLR_FD) = 0 [pid 5845] <... openat resumed>) = 3 [pid 5848] close(3 [pid 5845] newfstatat(3, "", [pid 5848] <... close resumed>) = 0 [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5845] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5845] getdents64(3, ./strace-static-x86_64: Process 5907 attached [pid 5907] set_robust_list(0x55557b78d660, 24 [pid 5848] <... clone resumed>, child_tidptr=0x55557b78d650) = 5907 [pid 5845] <... getdents64 resumed>0x55557b78e6f0 /* 4 entries */, 32768) = 112 [pid 5907] <... set_robust_list resumed>) = 0 [pid 5907] chdir("./14" [pid 5845] umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5907] <... chdir resumed>) = 0 [pid 5907] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5845] newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5907] <... prctl resumed>) = 0 [pid 5907] setpgid(0, 0) = 0 [pid 5845] unlink("./14/binderfs" [pid 5907] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5845] <... unlink resumed>) = 0 [pid 5907] <... openat resumed>) = 3 [pid 5845] umount2("./14/cgroup.stat", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5907] write(3, "1000", 4) = 4 [pid 5907] close(3) = 0 [pid 5907] symlink("/dev/binderfs", "./binderfs" [pid 5845] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5845] newfstatat(AT_FDCWD, "./14/cgroup.stat", [pid 5907] <... symlink resumed>) = 0 [pid 5845] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 executing program [pid 5907] write(1, "executing program\n", 18) = 18 [pid 5845] unlink("./14/cgroup.stat" [pid 5907] memfd_create("syzkaller", 0 [pid 5845] <... unlink resumed>) = 0 [pid 5907] <... memfd_create resumed>) = 3 [pid 5845] getdents64(3, [pid 5907] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5845] <... getdents64 resumed>0x55557b78e6f0 /* 0 entries */, 32768) = 0 [pid 5907] <... mmap resumed>) = 0x7f9b52200000 [pid 5845] close(3) = 0 [pid 5845] rmdir("./14" [pid 5907] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5845] <... rmdir resumed>) = 0 [pid 5845] mkdir("./15", 0777) = 0 [pid 5845] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5907] <... write resumed>) = 524288 [pid 5845] <... openat resumed>) = 3 [pid 5907] munmap(0x7f9b52200000, 138412032 [pid 5845] ioctl(3, LOOP_CLR_FD) = 0 [pid 5845] close(3 [pid 5907] <... munmap resumed>) = 0 [pid 5845] <... close resumed>) = 0 [pid 5907] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5907] ioctl(4, LOOP_SET_FD, 3 [pid 5845] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5907] <... ioctl resumed>) = 0 ./strace-static-x86_64: Process 5908 attached [pid 5907] close(3) = 0 [pid 5907] close(4) = 0 [pid 5907] mkdir("./file2", 0777 [pid 5908] set_robust_list(0x55557b78d660, 24 [pid 5845] <... clone resumed>, child_tidptr=0x55557b78d650) = 5908 [pid 5907] <... mkdir resumed>) = 0 [pid 5908] <... set_robust_list resumed>) = 0 [pid 5908] chdir("./15" [pid 5907] mount("/dev/loop3", "./file2", "hfsplus", MS_NOEXEC|MS_SYNCHRONOUS|MS_REC|MS_POSIXACL, "\x64\x65\x63\x6f\x6d\x70\x6f\x73\x65\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x74\x79\x70\x65\x3d\xa7\x86\x88\x28\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x31\x30\x30\x30\x30\x31\x2c\x6e\x6c\x73\x3d\x63\x70\x38\x36\x36\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30"... [pid 5908] <... chdir resumed>) = 0 [pid 5908] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5908] setpgid(0, 0) = 0 [pid 5908] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5908] write(3, "1000", 4) = 4 [pid 5908] close(3) = 0 executing program [pid 5908] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5908] write(1, "executing program\n", 18) = 18 [pid 5908] memfd_create("syzkaller", 0 [pid 5907] <... mount resumed>) = 0 [pid 5907] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5908] <... memfd_create resumed>) = 3 [pid 5908] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5907] chdir("./file2" [pid 5908] <... mmap resumed>) = 0x7f9b52200000 [pid 5907] <... chdir resumed>) = 0 [pid 5907] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5908] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5907] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5907] getpid() = 5907 [pid 5907] openat(AT_FDCWD, "/dev/loop0", O_RDONLY) = 4 [pid 5907] openat(AT_FDCWD, "cgroup.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5907] ioctl(4, LOOP_CONFIGURE, {fd=5, block_size=0, info={lo_offset=0, lo_number=0, lo_flags=LO_FLAGS_AUTOCLEAR|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xfe\xe8\xa2\xab\x78\xfc\x17\x9f\xd1\xf8\xa0\xe9\x1d\xda\xac\xa7\xbd\x64\xc6\xa4\xb4\xe0\x0d\x96\x83\xdd\xa1\xaf\x1e\xa8\x9d\xe2\xb7\xfb\x0a\x01", ...}} [pid 5908] <... write resumed>) = 524288 [ 65.536107][ T5907] loop3: detected capacity change from 0 to 1024 [pid 5907] <... ioctl resumed>) = 0 [pid 5908] munmap(0x7f9b52200000, 138412032 [pid 5907] ioctl(4, LOOP_SET_STATUS64, {lo_offset=0x5, lo_number=0, lo_flags=LO_FLAGS_USE_AOPS|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xeb\xbf\x52\x74\x8b\x0b\x2a\xff\x33\x0c\x21\x36\x7b\x06\x62\x4f\xde\x30\x88\x7f\xda\x17\x2e\xe2\x51\xca\x9d\xea\x03\xca\x09\x48\x80\x22\x55\x71\x64\x5c\xc0\x27\xcd\x4c\x7a\x81\x38\x8e\x08\xc0\xa4\xa8\x77\x31\x91\x41\x08\x48\xa8\x94\x10\xf3\x19\xbd\xe2"..., ...} [pid 5908] <... munmap resumed>) = 0 [pid 5908] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5907] <... ioctl resumed>) = 0 [pid 5908] <... openat resumed>) = 4 [pid 5907] exit_group(0 [pid 5908] ioctl(4, LOOP_SET_FD, 3 [pid 5907] <... exit_group resumed>) = ? [pid 5908] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5908] ioctl(4, LOOP_CLR_FD) = 0 [pid 5907] +++ exited with 0 +++ [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5907, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5848] restart_syscall(<... resuming interrupted clone ...> [pid 5908] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5908] close(4) = 0 [pid 5908] close(3) = 0 [pid 5848] <... restart_syscall resumed>) = 0 [pid 5908] getpid() = 5908 [pid 5908] openat(AT_FDCWD, "/dev/loop0", O_RDONLY) = 3 [pid 5908] openat(AT_FDCWD, "cgroup.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5848] umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5908] <... openat resumed>) = 4 [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5908] ioctl(3, LOOP_CONFIGURE, {fd=4, block_size=0, info={lo_offset=0, lo_number=0, lo_flags=LO_FLAGS_AUTOCLEAR|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xfe\xe8\xa2\xab\x78\xfc\x17\x9f\xd1\xf8\xa0\xe9\x1d\xda\xac\xa7\xbd\x64\xc6\xa4\xb4\xe0\x0d\x96\x83\xdd\xa1\xaf\x1e\xa8\x9d\xe2\xb7\xfb\x0a\x01", ...}} [pid 5848] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5908] <... ioctl resumed>) = 0 [pid 5848] <... openat resumed>) = 3 [pid 5908] ioctl(3, LOOP_SET_STATUS64, {lo_offset=0x5, lo_number=0, lo_flags=LO_FLAGS_USE_AOPS|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xeb\xbf\x52\x74\x8b\x0b\x2a\xff\x33\x0c\x21\x36\x7b\x06\x62\x4f\xde\x30\x88\x7f\xda\x17\x2e\xe2\x51\xca\x9d\xea\x03\xca\x09\x48\x80\x22\x55\x71\x64\x5c\xc0\x27\xcd\x4c\x7a\x81\x38\x8e\x08\xc0\xa4\xa8\x77\x31\x91\x41\x08\x48\xa8\x94\x10\xf3\x19\xbd\xe2"..., ...} [pid 5848] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(3, 0x55557b78e6f0 /* 4 entries */, 32768) = 112 [pid 5848] umount2("./14/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 5848] umount2("./14/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./14/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] umount2("./14/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5908] <... ioctl resumed>) = 0 [pid 5908] exit_group(0) = ? [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./14/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5848] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(4, [pid 5908] +++ exited with 0 +++ [pid 5848] <... getdents64 resumed>0x55557b796730 /* 2 entries */, 32768) = 48 [pid 5845] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5908, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5845] restart_syscall(<... resuming interrupted clone ...> [pid 5848] getdents64(4, 0x55557b796730 /* 0 entries */, 32768) = 0 [pid 5848] close(4) = 0 [pid 5848] rmdir("./14/file2") = 0 [pid 5848] umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] unlink("./14/binderfs") = 0 [pid 5848] getdents64(3, 0x55557b78e6f0 /* 0 entries */, 32768) = 0 [pid 5848] close(3) = 0 [pid 5848] rmdir("./14") = 0 [pid 5848] mkdir("./15", 0777) = 0 [pid 5848] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5848] ioctl(3, LOOP_CLR_FD) = 0 [pid 5848] close(3) = 0 [pid 5845] <... restart_syscall resumed>) = 0 [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5909 attached [pid 5909] set_robust_list(0x55557b78d660, 24) = 0 [pid 5845] umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5909] chdir("./15" [pid 5845] openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5848] <... clone resumed>, child_tidptr=0x55557b78d650) = 5909 [pid 5845] <... openat resumed>) = 3 [pid 5909] <... chdir resumed>) = 0 [pid 5845] newfstatat(3, "", [pid 5909] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5845] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5909] <... prctl resumed>) = 0 [pid 5845] getdents64(3, [pid 5909] setpgid(0, 0) = 0 [pid 5845] <... getdents64 resumed>0x55557b78e6f0 /* 4 entries */, 32768) = 112 [pid 5845] umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5909] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5845] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5845] newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5909] <... openat resumed>) = 3 [pid 5845] unlink("./15/binderfs" [pid 5909] write(3, "1000", 4 [pid 5845] <... unlink resumed>) = 0 [pid 5909] <... write resumed>) = 4 [pid 5909] close(3) = 0 [pid 5845] umount2("./15/cgroup.stat", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5909] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5845] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5909] write(1, "executing program\n", 18 [pid 5845] newfstatat(AT_FDCWD, "./15/cgroup.stat", executing program [pid 5909] <... write resumed>) = 18 [pid 5845] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5909] memfd_create("syzkaller", 0 [pid 5845] unlink("./15/cgroup.stat" [pid 5909] <... memfd_create resumed>) = 3 [pid 5909] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5845] <... unlink resumed>) = 0 [pid 5909] <... mmap resumed>) = 0x7f9b52200000 [pid 5845] getdents64(3, 0x55557b78e6f0 /* 0 entries */, 32768) = 0 [pid 5845] close(3) = 0 [pid 5845] rmdir("./15") = 0 [pid 5845] mkdir("./16", 0777) = 0 [pid 5909] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5845] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5909] <... write resumed>) = 524288 [pid 5845] <... openat resumed>) = 3 [pid 5909] munmap(0x7f9b52200000, 138412032 [pid 5845] ioctl(3, LOOP_CLR_FD [pid 5909] <... munmap resumed>) = 0 [pid 5845] <... ioctl resumed>) = 0 [pid 5909] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5845] close(3 [pid 5909] <... openat resumed>) = 4 [pid 5845] <... close resumed>) = 0 [pid 5909] ioctl(4, LOOP_SET_FD, 3 [pid 5845] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5909] <... ioctl resumed>) = 0 [pid 5845] <... clone resumed>, child_tidptr=0x55557b78d650) = 5910 ./strace-static-x86_64: Process 5910 attached [pid 5909] close(3) = 0 [pid 5909] close(4 [pid 5910] set_robust_list(0x55557b78d660, 24 [pid 5909] <... close resumed>) = 0 [pid 5909] mkdir("./file2", 0777 [pid 5910] <... set_robust_list resumed>) = 0 [pid 5909] <... mkdir resumed>) = 0 [pid 5910] chdir("./16" [pid 5909] mount("/dev/loop3", "./file2", "hfsplus", MS_NOEXEC|MS_SYNCHRONOUS|MS_REC|MS_POSIXACL, "\x64\x65\x63\x6f\x6d\x70\x6f\x73\x65\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x74\x79\x70\x65\x3d\xa7\x86\x88\x28\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x31\x30\x30\x30\x30\x31\x2c\x6e\x6c\x73\x3d\x63\x70\x38\x36\x36\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30"... [pid 5910] <... chdir resumed>) = 0 [pid 5910] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5910] setpgid(0, 0) = 0 [pid 5910] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5909] <... mount resumed>) = 0 [pid 5909] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5909] chdir("./file2") = 0 [pid 5910] write(3, "1000", 4 [pid 5909] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5910] <... write resumed>) = 4 [pid 5909] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5910] close(3 [pid 5909] getpid( [pid 5910] <... close resumed>) = 0 [pid 5909] <... getpid resumed>) = 5909 [pid 5910] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 5909] openat(AT_FDCWD, "/dev/loop0", O_RDONLY [pid 5910] write(1, "executing program\n", 18) = 18 [pid 5909] <... openat resumed>) = 4 [pid 5910] memfd_create("syzkaller", 0 [pid 5909] openat(AT_FDCWD, "cgroup.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5910] <... memfd_create resumed>) = 3 [pid 5910] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b52200000 [pid 5910] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5909] <... openat resumed>) = 5 [pid 5909] ioctl(4, LOOP_CONFIGURE, {fd=5, block_size=0, info={lo_offset=0, lo_number=0, lo_flags=LO_FLAGS_AUTOCLEAR|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xfe\xe8\xa2\xab\x78\xfc\x17\x9f\xd1\xf8\xa0\xe9\x1d\xda\xac\xa7\xbd\x64\xc6\xa4\xb4\xe0\x0d\x96\x83\xdd\xa1\xaf\x1e\xa8\x9d\xe2\xb7\xfb\x0a\x01", ...}}) = 0 [pid 5909] ioctl(4, LOOP_SET_STATUS64, {lo_offset=0x5, lo_number=0, lo_flags=LO_FLAGS_USE_AOPS|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xeb\xbf\x52\x74\x8b\x0b\x2a\xff\x33\x0c\x21\x36\x7b\x06\x62\x4f\xde\x30\x88\x7f\xda\x17\x2e\xe2\x51\xca\x9d\xea\x03\xca\x09\x48\x80\x22\x55\x71\x64\x5c\xc0\x27\xcd\x4c\x7a\x81\x38\x8e\x08\xc0\xa4\xa8\x77\x31\x91\x41\x08\x48\xa8\x94\x10\xf3\x19\xbd\xe2"..., ...} [pid 5910] <... write resumed>) = 524288 [pid 5910] munmap(0x7f9b52200000, 138412032) = 0 [ 65.782560][ T5909] loop3: detected capacity change from 0 to 1024 [pid 5910] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5909] <... ioctl resumed>) = 0 [pid 5910] ioctl(4, LOOP_SET_FD, 3 [pid 5909] exit_group(0 [pid 5910] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5909] <... exit_group resumed>) = ? [pid 5910] ioctl(4, LOOP_CLR_FD [pid 5909] +++ exited with 0 +++ [pid 5910] <... ioctl resumed>) = 0 [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5909, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5848] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5910] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5910] close(4) = 0 [pid 5848] umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5848] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(3, 0x55557b78e6f0 /* 4 entries */, 32768) = 112 [pid 5848] umount2("./15/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5910] close(3) = 0 [pid 5848] <... umount2 resumed>) = 0 [pid 5910] getpid( [pid 5848] umount2("./15/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5910] <... getpid resumed>) = 5910 [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5910] openat(AT_FDCWD, "/dev/loop0", O_RDONLY [pid 5848] newfstatat(AT_FDCWD, "./15/file2", [pid 5910] <... openat resumed>) = 3 [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5910] openat(AT_FDCWD, "cgroup.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5848] umount2("./15/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5910] <... openat resumed>) = 4 [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5910] ioctl(3, LOOP_CONFIGURE, {fd=4, block_size=0, info={lo_offset=0, lo_number=0, lo_flags=LO_FLAGS_AUTOCLEAR|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xfe\xe8\xa2\xab\x78\xfc\x17\x9f\xd1\xf8\xa0\xe9\x1d\xda\xac\xa7\xbd\x64\xc6\xa4\xb4\xe0\x0d\x96\x83\xdd\xa1\xaf\x1e\xa8\x9d\xe2\xb7\xfb\x0a\x01", ...}} [pid 5848] openat(AT_FDCWD, "./15/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5910] <... ioctl resumed>) = 0 [pid 5848] <... openat resumed>) = 4 [pid 5910] ioctl(3, LOOP_SET_STATUS64, {lo_offset=0x5, lo_number=0, lo_flags=LO_FLAGS_USE_AOPS|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xeb\xbf\x52\x74\x8b\x0b\x2a\xff\x33\x0c\x21\x36\x7b\x06\x62\x4f\xde\x30\x88\x7f\xda\x17\x2e\xe2\x51\xca\x9d\xea\x03\xca\x09\x48\x80\x22\x55\x71\x64\x5c\xc0\x27\xcd\x4c\x7a\x81\x38\x8e\x08\xc0\xa4\xa8\x77\x31\x91\x41\x08\x48\xa8\x94\x10\xf3\x19\xbd\xe2"..., ...} [pid 5848] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(4, 0x55557b796730 /* 2 entries */, 32768) = 48 [pid 5848] getdents64(4, 0x55557b796730 /* 0 entries */, 32768) = 0 [pid 5848] close(4) = 0 [pid 5848] rmdir("./15/file2") = 0 [pid 5848] umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] unlink("./15/binderfs") = 0 [pid 5848] getdents64(3, 0x55557b78e6f0 /* 0 entries */, 32768) = 0 [pid 5848] close(3) = 0 [pid 5848] rmdir("./15" [pid 5910] <... ioctl resumed>) = 0 [pid 5848] <... rmdir resumed>) = 0 [pid 5910] exit_group(0) = ? [pid 5848] mkdir("./16", 0777) = 0 [pid 5910] +++ exited with 0 +++ [pid 5848] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5845] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5910, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5848] <... openat resumed>) = 3 [pid 5845] restart_syscall(<... resuming interrupted clone ...> [pid 5848] ioctl(3, LOOP_CLR_FD) = 0 [pid 5848] close(3) = 0 [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5911 attached [pid 5911] set_robust_list(0x55557b78d660, 24 [pid 5848] <... clone resumed>, child_tidptr=0x55557b78d650) = 5911 [pid 5845] <... restart_syscall resumed>) = 0 [pid 5911] <... set_robust_list resumed>) = 0 [pid 5911] chdir("./16") = 0 [pid 5845] umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5911] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5845] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5911] <... prctl resumed>) = 0 [pid 5845] openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5911] setpgid(0, 0) = 0 [pid 5845] <... openat resumed>) = 3 [pid 5845] newfstatat(3, "", [pid 5911] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5845] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5911] <... openat resumed>) = 3 [pid 5911] write(3, "1000", 4 [pid 5845] getdents64(3, [pid 5911] <... write resumed>) = 4 [pid 5845] <... getdents64 resumed>0x55557b78e6f0 /* 4 entries */, 32768) = 112 [pid 5845] umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5911] close(3) = 0 [pid 5845] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5911] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5845] newfstatat(AT_FDCWD, "./16/binderfs", [pid 5911] write(1, "executing program\n", 18executing program [pid 5845] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5911] <... write resumed>) = 18 [pid 5845] unlink("./16/binderfs" [pid 5911] memfd_create("syzkaller", 0) = 3 [pid 5845] <... unlink resumed>) = 0 [pid 5911] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b52200000 [pid 5845] umount2("./16/cgroup.stat", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5845] newfstatat(AT_FDCWD, "./16/cgroup.stat", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5845] unlink("./16/cgroup.stat") = 0 [pid 5845] getdents64(3, 0x55557b78e6f0 /* 0 entries */, 32768) = 0 [pid 5845] close(3) = 0 [pid 5845] rmdir("./16") = 0 [pid 5845] mkdir("./17", 0777) = 0 [pid 5845] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5911] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5845] <... openat resumed>) = 3 [pid 5845] ioctl(3, LOOP_CLR_FD) = 0 [pid 5845] close(3) = 0 [pid 5845] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5911] <... write resumed>) = 524288 ./strace-static-x86_64: Process 5912 attached [pid 5912] set_robust_list(0x55557b78d660, 24 [pid 5911] munmap(0x7f9b52200000, 138412032 [pid 5845] <... clone resumed>, child_tidptr=0x55557b78d650) = 5912 [pid 5912] <... set_robust_list resumed>) = 0 [pid 5911] <... munmap resumed>) = 0 [pid 5912] chdir("./17") = 0 [pid 5911] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5912] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5911] <... openat resumed>) = 4 [pid 5912] <... prctl resumed>) = 0 [pid 5911] ioctl(4, LOOP_SET_FD, 3 [pid 5912] setpgid(0, 0) = 0 [pid 5911] <... ioctl resumed>) = 0 [pid 5912] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5911] close(3 [pid 5912] <... openat resumed>) = 3 [pid 5911] <... close resumed>) = 0 [pid 5912] write(3, "1000", 4 [pid 5911] close(4 [pid 5912] <... write resumed>) = 4 [pid 5912] close(3 [pid 5911] <... close resumed>) = 0 [pid 5912] <... close resumed>) = 0 [pid 5911] mkdir("./file2", 0777 [pid 5912] symlink("/dev/binderfs", "./binderfs" [pid 5911] <... mkdir resumed>) = 0 [pid 5912] <... symlink resumed>) = 0 [pid 5911] mount("/dev/loop3", "./file2", "hfsplus", MS_NOEXEC|MS_SYNCHRONOUS|MS_REC|MS_POSIXACL, "\x64\x65\x63\x6f\x6d\x70\x6f\x73\x65\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x74\x79\x70\x65\x3d\xa7\x86\x88\x28\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x31\x30\x30\x30\x30\x31\x2c\x6e\x6c\x73\x3d\x63\x70\x38\x36\x36\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30"...executing program [pid 5912] write(1, "executing program\n", 18) = 18 [pid 5912] memfd_create("syzkaller", 0) = 3 [pid 5912] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b52200000 [pid 5912] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5911] <... mount resumed>) = 0 [pid 5912] <... write resumed>) = 524288 [pid 5911] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5911] chdir("./file2") = 0 [pid 5911] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5911] getpid() = 5911 [pid 5911] openat(AT_FDCWD, "/dev/loop0", O_RDONLY) = 4 [pid 5911] openat(AT_FDCWD, "cgroup.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5912] munmap(0x7f9b52200000, 138412032 [pid 5911] <... openat resumed>) = 5 [pid 5912] <... munmap resumed>) = 0 [pid 5911] ioctl(4, LOOP_CONFIGURE, {fd=5, block_size=0, info={lo_offset=0, lo_number=0, lo_flags=LO_FLAGS_AUTOCLEAR|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xfe\xe8\xa2\xab\x78\xfc\x17\x9f\xd1\xf8\xa0\xe9\x1d\xda\xac\xa7\xbd\x64\xc6\xa4\xb4\xe0\x0d\x96\x83\xdd\xa1\xaf\x1e\xa8\x9d\xe2\xb7\xfb\x0a\x01", ...}} [pid 5912] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5911] <... ioctl resumed>) = 0 [ 66.073971][ T5911] loop3: detected capacity change from 0 to 1024 [pid 5912] <... openat resumed>) = 4 [pid 5912] ioctl(4, LOOP_SET_FD, 3 [pid 5911] ioctl(4, LOOP_SET_STATUS64, {lo_offset=0x5, lo_number=0, lo_flags=LO_FLAGS_USE_AOPS|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xeb\xbf\x52\x74\x8b\x0b\x2a\xff\x33\x0c\x21\x36\x7b\x06\x62\x4f\xde\x30\x88\x7f\xda\x17\x2e\xe2\x51\xca\x9d\xea\x03\xca\x09\x48\x80\x22\x55\x71\x64\x5c\xc0\x27\xcd\x4c\x7a\x81\x38\x8e\x08\xc0\xa4\xa8\x77\x31\x91\x41\x08\x48\xa8\x94\x10\xf3\x19\xbd\xe2"..., ...} [pid 5912] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5912] ioctl(4, LOOP_CLR_FD) = 0 [pid 5911] <... ioctl resumed>) = 0 [pid 5911] exit_group(0) = ? [pid 5911] +++ exited with 0 +++ [pid 5912] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5911, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5912] close(4 [pid 5848] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5848] umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5912] <... close resumed>) = 0 [pid 5912] close(3 [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5912] <... close resumed>) = 0 [pid 5848] newfstatat(3, "", [pid 5912] getpid( [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5912] <... getpid resumed>) = 5912 [pid 5848] getdents64(3, [pid 5912] openat(AT_FDCWD, "/dev/loop0", O_RDONLY [pid 5848] <... getdents64 resumed>0x55557b78e6f0 /* 4 entries */, 32768) = 112 [pid 5912] <... openat resumed>) = 3 [pid 5848] umount2("./16/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5912] openat(AT_FDCWD, "cgroup.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5848] <... umount2 resumed>) = 0 [pid 5848] umount2("./16/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./16/file2", [pid 5912] <... openat resumed>) = 4 [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5912] ioctl(3, LOOP_CONFIGURE, {fd=4, block_size=0, info={lo_offset=0, lo_number=0, lo_flags=LO_FLAGS_AUTOCLEAR|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xfe\xe8\xa2\xab\x78\xfc\x17\x9f\xd1\xf8\xa0\xe9\x1d\xda\xac\xa7\xbd\x64\xc6\xa4\xb4\xe0\x0d\x96\x83\xdd\xa1\xaf\x1e\xa8\x9d\xe2\xb7\xfb\x0a\x01", ...}} [pid 5848] umount2("./16/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5912] <... ioctl resumed>) = 0 [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./16/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5912] ioctl(3, LOOP_SET_STATUS64, {lo_offset=0x5, lo_number=0, lo_flags=LO_FLAGS_USE_AOPS|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xeb\xbf\x52\x74\x8b\x0b\x2a\xff\x33\x0c\x21\x36\x7b\x06\x62\x4f\xde\x30\x88\x7f\xda\x17\x2e\xe2\x51\xca\x9d\xea\x03\xca\x09\x48\x80\x22\x55\x71\x64\x5c\xc0\x27\xcd\x4c\x7a\x81\x38\x8e\x08\xc0\xa4\xa8\x77\x31\x91\x41\x08\x48\xa8\x94\x10\xf3\x19\xbd\xe2"..., ...} [pid 5848] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(4, 0x55557b796730 /* 2 entries */, 32768) = 48 [pid 5848] getdents64(4, 0x55557b796730 /* 0 entries */, 32768) = 0 [pid 5848] close(4) = 0 [pid 5848] rmdir("./16/file2") = 0 [pid 5848] umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] unlink("./16/binderfs") = 0 [pid 5848] getdents64(3, 0x55557b78e6f0 /* 0 entries */, 32768) = 0 [pid 5848] close(3) = 0 [pid 5848] rmdir("./16") = 0 [pid 5848] mkdir("./17", 0777) = 0 [pid 5848] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5848] ioctl(3, LOOP_CLR_FD) = 0 [pid 5848] close(3) = 0 [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5913 attached , child_tidptr=0x55557b78d650) = 5913 [pid 5913] set_robust_list(0x55557b78d660, 24) = 0 [pid 5913] chdir("./17") = 0 [pid 5913] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5913] setpgid(0, 0) = 0 [pid 5913] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5913] write(3, "1000", 4) = 4 [pid 5913] close(3) = 0 [pid 5913] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5913] write(1, "executing program\n", 18) = 18 [pid 5913] memfd_create("syzkaller", 0) = 3 [pid 5913] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b52200000 [pid 5912] <... ioctl resumed>) = 0 [pid 5912] exit_group(0) = ? [pid 5913] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5912] +++ exited with 0 +++ [pid 5845] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5912, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5845] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5845] umount2("./17", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5845] openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5845] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5845] getdents64(3, 0x55557b78e6f0 /* 4 entries */, 32768) = 112 [pid 5913] <... write resumed>) = 524288 [pid 5845] umount2("./17/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5913] munmap(0x7f9b52200000, 138412032 [pid 5845] newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5913] <... munmap resumed>) = 0 [pid 5845] unlink("./17/binderfs") = 0 [pid 5913] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5845] umount2("./17/cgroup.stat", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5913] ioctl(4, LOOP_SET_FD, 3 [pid 5845] newfstatat(AT_FDCWD, "./17/cgroup.stat", [pid 5913] <... ioctl resumed>) = 0 [pid 5845] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5913] close(3 [pid 5845] unlink("./17/cgroup.stat" [pid 5913] <... close resumed>) = 0 [pid 5913] close(4 [pid 5845] <... unlink resumed>) = 0 [pid 5913] <... close resumed>) = 0 [pid 5845] getdents64(3, [pid 5913] mkdir("./file2", 0777 [pid 5845] <... getdents64 resumed>0x55557b78e6f0 /* 0 entries */, 32768) = 0 [pid 5913] <... mkdir resumed>) = 0 [pid 5845] close(3 [pid 5913] mount("/dev/loop3", "./file2", "hfsplus", MS_NOEXEC|MS_SYNCHRONOUS|MS_REC|MS_POSIXACL, "\x64\x65\x63\x6f\x6d\x70\x6f\x73\x65\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x74\x79\x70\x65\x3d\xa7\x86\x88\x28\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x31\x30\x30\x30\x30\x31\x2c\x6e\x6c\x73\x3d\x63\x70\x38\x36\x36\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30"... [pid 5845] <... close resumed>) = 0 [pid 5913] <... mount resumed>) = 0 [pid 5845] rmdir("./17" [pid 5913] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5845] <... rmdir resumed>) = 0 [pid 5913] <... openat resumed>) = 3 [pid 5845] mkdir("./18", 0777 [pid 5913] chdir("./file2" [pid 5845] <... mkdir resumed>) = 0 [pid 5913] <... chdir resumed>) = 0 [pid 5845] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5913] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5845] <... openat resumed>) = 3 [pid 5913] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5845] ioctl(3, LOOP_CLR_FD [pid 5913] getpid( [pid 5845] <... ioctl resumed>) = 0 [pid 5913] <... getpid resumed>) = 5913 [pid 5845] close(3 [pid 5913] openat(AT_FDCWD, "/dev/loop0", O_RDONLY [pid 5845] <... close resumed>) = 0 [pid 5913] <... openat resumed>) = 4 [pid 5845] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5913] openat(AT_FDCWD, "cgroup.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000./strace-static-x86_64: Process 5914 attached ) = 5 [pid 5845] <... clone resumed>, child_tidptr=0x55557b78d650) = 5914 [pid 5913] ioctl(4, LOOP_CONFIGURE, {fd=5, block_size=0, info={lo_offset=0, lo_number=0, lo_flags=LO_FLAGS_AUTOCLEAR|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xfe\xe8\xa2\xab\x78\xfc\x17\x9f\xd1\xf8\xa0\xe9\x1d\xda\xac\xa7\xbd\x64\xc6\xa4\xb4\xe0\x0d\x96\x83\xdd\xa1\xaf\x1e\xa8\x9d\xe2\xb7\xfb\x0a\x01", ...}}) = 0 [pid 5914] set_robust_list(0x55557b78d660, 24 [pid 5913] ioctl(4, LOOP_SET_STATUS64, {lo_offset=0x5, lo_number=0, lo_flags=LO_FLAGS_USE_AOPS|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xeb\xbf\x52\x74\x8b\x0b\x2a\xff\x33\x0c\x21\x36\x7b\x06\x62\x4f\xde\x30\x88\x7f\xda\x17\x2e\xe2\x51\xca\x9d\xea\x03\xca\x09\x48\x80\x22\x55\x71\x64\x5c\xc0\x27\xcd\x4c\x7a\x81\x38\x8e\x08\xc0\xa4\xa8\x77\x31\x91\x41\x08\x48\xa8\x94\x10\xf3\x19\xbd\xe2"..., ...} [pid 5914] <... set_robust_list resumed>) = 0 [pid 5914] chdir("./18") = 0 [pid 5914] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5914] setpgid(0, 0) = 0 [pid 5914] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5914] write(3, "1000", 4) = 4 [pid 5914] close(3) = 0 [pid 5914] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5914] write(1, "executing program\n", 18executing program ) = 18 [pid 5914] memfd_create("syzkaller", 0) = 3 [pid 5914] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b52200000 [pid 5914] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5914] munmap(0x7f9b52200000, 138412032) = 0 [ 66.316637][ T5913] loop3: detected capacity change from 0 to 1024 [pid 5914] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5913] <... ioctl resumed>) = 0 [pid 5914] <... openat resumed>) = 4 [pid 5913] exit_group(0 [pid 5914] ioctl(4, LOOP_SET_FD, 3 [pid 5913] <... exit_group resumed>) = ? [pid 5914] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5913] +++ exited with 0 +++ [pid 5914] ioctl(4, LOOP_CLR_FD [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5913, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5914] <... ioctl resumed>) = 0 [pid 5848] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5848] umount2("./17", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5914] ioctl(4, LOOP_SET_FD, 3 [pid 5848] <... openat resumed>) = 3 [pid 5914] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5914] close(4 [pid 5848] newfstatat(3, "", [pid 5914] <... close resumed>) = 0 [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5914] close(3 [pid 5848] getdents64(3, 0x55557b78e6f0 /* 4 entries */, 32768) = 112 [pid 5848] umount2("./17/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5914] <... close resumed>) = 0 [pid 5848] <... umount2 resumed>) = 0 [pid 5914] getpid() = 5914 [pid 5848] umount2("./17/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./17/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] umount2("./17/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./17/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5914] openat(AT_FDCWD, "/dev/loop0", O_RDONLY [pid 5848] newfstatat(4, "", [pid 5914] <... openat resumed>) = 3 [pid 5914] openat(AT_FDCWD, "cgroup.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5914] ioctl(3, LOOP_CONFIGURE, {fd=4, block_size=0, info={lo_offset=0, lo_number=0, lo_flags=LO_FLAGS_AUTOCLEAR|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xfe\xe8\xa2\xab\x78\xfc\x17\x9f\xd1\xf8\xa0\xe9\x1d\xda\xac\xa7\xbd\x64\xc6\xa4\xb4\xe0\x0d\x96\x83\xdd\xa1\xaf\x1e\xa8\x9d\xe2\xb7\xfb\x0a\x01", ...}}) = 0 [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5914] ioctl(3, LOOP_SET_STATUS64, {lo_offset=0x5, lo_number=0, lo_flags=LO_FLAGS_USE_AOPS|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xeb\xbf\x52\x74\x8b\x0b\x2a\xff\x33\x0c\x21\x36\x7b\x06\x62\x4f\xde\x30\x88\x7f\xda\x17\x2e\xe2\x51\xca\x9d\xea\x03\xca\x09\x48\x80\x22\x55\x71\x64\x5c\xc0\x27\xcd\x4c\x7a\x81\x38\x8e\x08\xc0\xa4\xa8\x77\x31\x91\x41\x08\x48\xa8\x94\x10\xf3\x19\xbd\xe2"..., ...} [pid 5848] getdents64(4, 0x55557b796730 /* 2 entries */, 32768) = 48 [pid 5848] getdents64(4, 0x55557b796730 /* 0 entries */, 32768) = 0 [pid 5848] close(4) = 0 [pid 5848] rmdir("./17/file2") = 0 [pid 5848] umount2("./17/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] unlink("./17/binderfs") = 0 [pid 5848] getdents64(3, 0x55557b78e6f0 /* 0 entries */, 32768) = 0 [pid 5848] close(3) = 0 [pid 5848] rmdir("./17") = 0 [pid 5848] mkdir("./18", 0777) = 0 [pid 5848] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5848] ioctl(3, LOOP_CLR_FD) = 0 [pid 5848] close(3) = 0 [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5915 attached , child_tidptr=0x55557b78d650) = 5915 [pid 5915] set_robust_list(0x55557b78d660, 24) = 0 [pid 5915] chdir("./18") = 0 [pid 5915] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5915] setpgid(0, 0) = 0 [pid 5915] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5915] write(3, "1000", 4) = 4 [pid 5915] close(3) = 0 [pid 5915] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5915] write(1, "executing program\n", 18executing program ) = 18 [pid 5915] memfd_create("syzkaller", 0) = 3 [pid 5915] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b52200000 [pid 5915] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5915] munmap(0x7f9b52200000, 138412032) = 0 [pid 5915] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5915] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5915] close(3) = 0 [pid 5915] close(4) = 0 [pid 5915] mkdir("./file2", 0777) = 0 [pid 5914] <... ioctl resumed>) = 0 [pid 5914] exit_group(0) = ? [pid 5915] mount("/dev/loop3", "./file2", "hfsplus", MS_NOEXEC|MS_SYNCHRONOUS|MS_REC|MS_POSIXACL, "\x64\x65\x63\x6f\x6d\x70\x6f\x73\x65\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x74\x79\x70\x65\x3d\xa7\x86\x88\x28\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x31\x30\x30\x30\x30\x31\x2c\x6e\x6c\x73\x3d\x63\x70\x38\x36\x36\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30"... [pid 5914] +++ exited with 0 +++ [pid 5845] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5914, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5845] umount2("./18", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5845] openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5845] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5845] getdents64(3, 0x55557b78e6f0 /* 4 entries */, 32768) = 112 [pid 5845] umount2("./18/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5845] newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5915] <... mount resumed>) = 0 [pid 5845] unlink("./18/binderfs") = 0 [pid 5915] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5845] umount2("./18/cgroup.stat", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5915] <... openat resumed>) = 3 [pid 5845] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5915] chdir("./file2" [pid 5845] newfstatat(AT_FDCWD, "./18/cgroup.stat", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5915] <... chdir resumed>) = 0 [pid 5915] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5845] unlink("./18/cgroup.stat" [pid 5915] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5845] <... unlink resumed>) = 0 [pid 5915] getpid() = 5915 [pid 5845] getdents64(3, [pid 5915] openat(AT_FDCWD, "/dev/loop0", O_RDONLY [pid 5845] <... getdents64 resumed>0x55557b78e6f0 /* 0 entries */, 32768) = 0 [pid 5845] close(3 [pid 5915] <... openat resumed>) = 4 [pid 5845] <... close resumed>) = 0 [pid 5845] rmdir("./18" [pid 5915] openat(AT_FDCWD, "cgroup.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5845] <... rmdir resumed>) = 0 [pid 5845] mkdir("./19", 0777) = 0 [pid 5845] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5845] ioctl(3, LOOP_CLR_FD [pid 5915] <... openat resumed>) = 5 [pid 5845] <... ioctl resumed>) = 0 [pid 5845] close(3) = 0 [pid 5915] ioctl(4, LOOP_CONFIGURE, {fd=5, block_size=0, info={lo_offset=0, lo_number=0, lo_flags=LO_FLAGS_AUTOCLEAR|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xfe\xe8\xa2\xab\x78\xfc\x17\x9f\xd1\xf8\xa0\xe9\x1d\xda\xac\xa7\xbd\x64\xc6\xa4\xb4\xe0\x0d\x96\x83\xdd\xa1\xaf\x1e\xa8\x9d\xe2\xb7\xfb\x0a\x01", ...}} [pid 5845] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5915] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5915] ioctl(4, LOOP_SET_STATUS64, {lo_offset=0x5, lo_number=0, lo_flags=LO_FLAGS_USE_AOPS|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xeb\xbf\x52\x74\x8b\x0b\x2a\xff\x33\x0c\x21\x36\x7b\x06\x62\x4f\xde\x30\x88\x7f\xda\x17\x2e\xe2\x51\xca\x9d\xea\x03\xca\x09\x48\x80\x22\x55\x71\x64\x5c\xc0\x27\xcd\x4c\x7a\x81\x38\x8e\x08\xc0\xa4\xa8\x77\x31\x91\x41\x08\x48\xa8\x94\x10\xf3\x19\xbd\xe2"..., ...}./strace-static-x86_64: Process 5916 attached [pid 5916] set_robust_list(0x55557b78d660, 24 [pid 5845] <... clone resumed>, child_tidptr=0x55557b78d650) = 5916 [pid 5916] <... set_robust_list resumed>) = 0 [pid 5916] chdir("./19") = 0 [pid 5916] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 66.441889][ T5915] loop3: detected capacity change from 0 to 1024 [pid 5916] setpgid(0, 0) = 0 [pid 5916] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5916] write(3, "1000", 4) = 4 executing program [pid 5916] close(3 [pid 5915] <... ioctl resumed>) = 0 [pid 5916] <... close resumed>) = 0 [pid 5915] exit_group(0 [pid 5916] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5915] <... exit_group resumed>) = ? [pid 5916] write(1, "executing program\n", 18 [pid 5915] +++ exited with 0 +++ [pid 5916] <... write resumed>) = 18 [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5915, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5916] memfd_create("syzkaller", 0 [pid 5848] restart_syscall(<... resuming interrupted clone ...> [pid 5916] <... memfd_create resumed>) = 3 [pid 5916] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b52200000 [pid 5848] <... restart_syscall resumed>) = 0 [pid 5916] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5848] umount2("./18", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5916] <... write resumed>) = 524288 [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5916] munmap(0x7f9b52200000, 138412032 [pid 5848] <... openat resumed>) = 3 [pid 5848] newfstatat(3, "", [pid 5916] <... munmap resumed>) = 0 [pid 5916] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(3, [pid 5916] <... openat resumed>) = 4 [pid 5848] <... getdents64 resumed>0x55557b78e6f0 /* 4 entries */, 32768) = 112 [pid 5916] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 5848] umount2("./18/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5916] ioctl(4, LOOP_CLR_FD) = 0 [pid 5848] <... umount2 resumed>) = 0 [pid 5848] umount2("./18/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./18/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] umount2("./18/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5916] ioctl(4, LOOP_SET_FD, 3 [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5916] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5848] openat(AT_FDCWD, "./18/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5916] close(4 [pid 5848] <... openat resumed>) = 4 [pid 5916] <... close resumed>) = 0 [pid 5848] newfstatat(4, "", [pid 5916] close(3 [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(4, 0x55557b796730 /* 2 entries */, 32768) = 48 [pid 5848] getdents64(4, [pid 5916] <... close resumed>) = 0 [pid 5848] <... getdents64 resumed>0x55557b796730 /* 0 entries */, 32768) = 0 [pid 5916] getpid( [pid 5848] close(4 [pid 5916] <... getpid resumed>) = 5916 [pid 5916] openat(AT_FDCWD, "/dev/loop0", O_RDONLY [pid 5848] <... close resumed>) = 0 [pid 5916] <... openat resumed>) = 3 [pid 5848] rmdir("./18/file2" [pid 5916] openat(AT_FDCWD, "cgroup.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5848] <... rmdir resumed>) = 0 [pid 5916] ioctl(3, LOOP_CONFIGURE, {fd=4, block_size=0, info={lo_offset=0, lo_number=0, lo_flags=LO_FLAGS_AUTOCLEAR|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xfe\xe8\xa2\xab\x78\xfc\x17\x9f\xd1\xf8\xa0\xe9\x1d\xda\xac\xa7\xbd\x64\xc6\xa4\xb4\xe0\x0d\x96\x83\xdd\xa1\xaf\x1e\xa8\x9d\xe2\xb7\xfb\x0a\x01", ...}} [pid 5848] umount2("./18/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5916] <... ioctl resumed>) = 0 [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5916] ioctl(3, LOOP_SET_STATUS64, {lo_offset=0x5, lo_number=0, lo_flags=LO_FLAGS_USE_AOPS|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xeb\xbf\x52\x74\x8b\x0b\x2a\xff\x33\x0c\x21\x36\x7b\x06\x62\x4f\xde\x30\x88\x7f\xda\x17\x2e\xe2\x51\xca\x9d\xea\x03\xca\x09\x48\x80\x22\x55\x71\x64\x5c\xc0\x27\xcd\x4c\x7a\x81\x38\x8e\x08\xc0\xa4\xa8\x77\x31\x91\x41\x08\x48\xa8\x94\x10\xf3\x19\xbd\xe2"..., ...} [pid 5848] newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] unlink("./18/binderfs") = 0 [pid 5848] getdents64(3, 0x55557b78e6f0 /* 0 entries */, 32768) = 0 [pid 5848] close(3) = 0 [pid 5848] rmdir("./18") = 0 [pid 5848] mkdir("./19", 0777) = 0 [pid 5848] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5848] ioctl(3, LOOP_CLR_FD) = 0 [pid 5848] close(3) = 0 [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5917 attached , child_tidptr=0x55557b78d650) = 5917 [pid 5917] set_robust_list(0x55557b78d660, 24) = 0 [pid 5917] chdir("./19") = 0 [pid 5917] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5917] setpgid(0, 0) = 0 [pid 5917] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5917] write(3, "1000", 4) = 4 [pid 5917] close(3) = 0 [pid 5917] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 5917] write(1, "executing program\n", 18) = 18 [pid 5917] memfd_create("syzkaller", 0) = 3 [pid 5917] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b52200000 [pid 5917] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5917] munmap(0x7f9b52200000, 138412032) = 0 [pid 5917] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5917] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5917] close(3 [pid 5916] <... ioctl resumed>) = 0 [pid 5917] <... close resumed>) = 0 [pid 5917] close(4) = 0 [pid 5916] exit_group(0 [pid 5917] mkdir("./file2", 0777) = 0 [pid 5917] mount("/dev/loop3", "./file2", "hfsplus", MS_NOEXEC|MS_SYNCHRONOUS|MS_REC|MS_POSIXACL, "\x64\x65\x63\x6f\x6d\x70\x6f\x73\x65\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x74\x79\x70\x65\x3d\xa7\x86\x88\x28\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x31\x30\x30\x30\x30\x31\x2c\x6e\x6c\x73\x3d\x63\x70\x38\x36\x36\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30"... [pid 5916] <... exit_group resumed>) = ? [pid 5917] <... mount resumed>) = 0 [pid 5916] +++ exited with 0 +++ [pid 5845] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5916, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5917] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5917] chdir("./file2") = 0 [ 66.665783][ T5917] loop3: detected capacity change from 0 to 1024 [pid 5917] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5917] getpid() = 5917 [pid 5917] openat(AT_FDCWD, "/dev/loop0", O_RDONLY) = 4 [pid 5917] openat(AT_FDCWD, "cgroup.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5917] ioctl(4, LOOP_CONFIGURE, {fd=5, block_size=0, info={lo_offset=0, lo_number=0, lo_flags=LO_FLAGS_AUTOCLEAR|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xfe\xe8\xa2\xab\x78\xfc\x17\x9f\xd1\xf8\xa0\xe9\x1d\xda\xac\xa7\xbd\x64\xc6\xa4\xb4\xe0\x0d\x96\x83\xdd\xa1\xaf\x1e\xa8\x9d\xe2\xb7\xfb\x0a\x01", ...}}) = -1 EBUSY (Device or resource busy) [pid 5917] ioctl(4, LOOP_SET_STATUS64, {lo_offset=0x5, lo_number=0, lo_flags=LO_FLAGS_USE_AOPS|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xeb\xbf\x52\x74\x8b\x0b\x2a\xff\x33\x0c\x21\x36\x7b\x06\x62\x4f\xde\x30\x88\x7f\xda\x17\x2e\xe2\x51\xca\x9d\xea\x03\xca\x09\x48\x80\x22\x55\x71\x64\x5c\xc0\x27\xcd\x4c\x7a\x81\x38\x8e\x08\xc0\xa4\xa8\x77\x31\x91\x41\x08\x48\xa8\x94\x10\xf3\x19\xbd\xe2"..., ...} [pid 5845] umount2("./19", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5845] openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5845] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5845] getdents64(3, 0x55557b78e6f0 /* 4 entries */, 32768) = 112 [pid 5845] umount2("./19/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5845] newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5845] unlink("./19/binderfs") = 0 [pid 5845] umount2("./19/cgroup.stat", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5845] newfstatat(AT_FDCWD, "./19/cgroup.stat", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5845] unlink("./19/cgroup.stat") = 0 [pid 5845] getdents64(3, 0x55557b78e6f0 /* 0 entries */, 32768) = 0 [pid 5845] close(3) = 0 [pid 5845] rmdir("./19") = 0 [pid 5845] mkdir("./20", 0777) = 0 [pid 5845] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5917] <... ioctl resumed>) = 0 [pid 5845] <... openat resumed>) = 3 [pid 5845] ioctl(3, LOOP_CLR_FD [pid 5917] exit_group(0) = ? [pid 5845] <... ioctl resumed>) = 0 [pid 5845] close(3 [pid 5917] +++ exited with 0 +++ [pid 5845] <... close resumed>) = 0 [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5917, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5845] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5918 attached [pid 5848] umount2("./19", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5918] set_robust_list(0x55557b78d660, 24 [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5918] <... set_robust_list resumed>) = 0 [pid 5845] <... clone resumed>, child_tidptr=0x55557b78d650) = 5918 [pid 5848] openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5918] chdir("./20") = 0 [pid 5848] <... openat resumed>) = 3 [pid 5848] newfstatat(3, "", [pid 5918] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5918] <... prctl resumed>) = 0 [pid 5848] getdents64(3, [pid 5918] setpgid(0, 0 [pid 5848] <... getdents64 resumed>0x55557b78e6f0 /* 4 entries */, 32768) = 112 [pid 5918] <... setpgid resumed>) = 0 [pid 5918] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5848] umount2("./19/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5918] <... openat resumed>) = 3 [pid 5918] write(3, "1000", 4) = 4 [pid 5918] close(3 [pid 5848] <... umount2 resumed>) = 0 [pid 5848] umount2("./19/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./19/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] umount2("./19/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./19/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5848] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(4, 0x55557b796730 /* 2 entries */, 32768) = 48 [pid 5848] getdents64(4, 0x55557b796730 /* 0 entries */, 32768) = 0 [pid 5848] close(4) = 0 [pid 5848] rmdir("./19/file2" [pid 5918] <... close resumed>) = 0 [pid 5848] <... rmdir resumed>) = 0 [pid 5918] symlink("/dev/binderfs", "./binderfs" [pid 5848] umount2("./19/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./19/binderfs", [pid 5918] <... symlink resumed>) = 0 [pid 5848] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5918] write(1, "executing program\n", 18executing program [pid 5848] unlink("./19/binderfs" [pid 5918] <... write resumed>) = 18 [pid 5848] <... unlink resumed>) = 0 [pid 5848] getdents64(3, 0x55557b78e6f0 /* 0 entries */, 32768) = 0 [pid 5848] close(3 [pid 5918] memfd_create("syzkaller", 0 [pid 5848] <... close resumed>) = 0 [pid 5848] rmdir("./19" [pid 5918] <... memfd_create resumed>) = 3 [pid 5848] <... rmdir resumed>) = 0 [pid 5918] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5848] mkdir("./20", 0777 [pid 5918] <... mmap resumed>) = 0x7f9b52200000 [pid 5848] <... mkdir resumed>) = 0 [pid 5848] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5848] ioctl(3, LOOP_CLR_FD) = 0 [pid 5848] close(3) = 0 [pid 5918] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5918] <... write resumed>) = 524288 ./strace-static-x86_64: Process 5919 attached [pid 5918] munmap(0x7f9b52200000, 138412032 [pid 5848] <... clone resumed>, child_tidptr=0x55557b78d650) = 5919 [pid 5918] <... munmap resumed>) = 0 [pid 5918] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5919] set_robust_list(0x55557b78d660, 24 [pid 5918] ioctl(4, LOOP_SET_FD, 3 [pid 5919] <... set_robust_list resumed>) = 0 [pid 5919] chdir("./20") = 0 [pid 5918] <... ioctl resumed>) = 0 [pid 5919] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5918] close(3 [pid 5919] <... prctl resumed>) = 0 [pid 5918] <... close resumed>) = 0 [pid 5919] setpgid(0, 0) = 0 [pid 5918] close(4 [pid 5919] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5918] <... close resumed>) = 0 [pid 5919] <... openat resumed>) = 3 [pid 5918] mkdir("./file2", 0777) = 0 [pid 5919] write(3, "1000", 4) = 4 [pid 5918] mount("/dev/loop0", "./file2", "hfsplus", MS_NOEXEC|MS_SYNCHRONOUS|MS_REC|MS_POSIXACL, "\x64\x65\x63\x6f\x6d\x70\x6f\x73\x65\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x74\x79\x70\x65\x3d\xa7\x86\x88\x28\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x31\x30\x30\x30\x30\x31\x2c\x6e\x6c\x73\x3d\x63\x70\x38\x36\x36\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30"...executing program [pid 5919] close(3) = 0 [pid 5919] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5919] write(1, "executing program\n", 18) = 18 [pid 5919] memfd_create("syzkaller", 0) = 3 [pid 5919] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b52200000 [pid 5918] <... mount resumed>) = 0 [pid 5918] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5918] chdir("./file2") = 0 [pid 5918] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5918] getpid() = 5918 [pid 5918] openat(AT_FDCWD, "/dev/loop0", O_RDONLY [pid 5919] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5918] <... openat resumed>) = 4 [pid 5918] openat(AT_FDCWD, "cgroup.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5919] <... write resumed>) = 524288 [pid 5918] ioctl(4, LOOP_CONFIGURE, {fd=5, block_size=0, info={lo_offset=0, lo_number=0, lo_flags=LO_FLAGS_AUTOCLEAR|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xfe\xe8\xa2\xab\x78\xfc\x17\x9f\xd1\xf8\xa0\xe9\x1d\xda\xac\xa7\xbd\x64\xc6\xa4\xb4\xe0\x0d\x96\x83\xdd\xa1\xaf\x1e\xa8\x9d\xe2\xb7\xfb\x0a\x01", ...}}) = -1 EBUSY (Device or resource busy) [pid 5918] ioctl(4, LOOP_SET_STATUS64, {lo_offset=0x5, lo_number=0, lo_flags=LO_FLAGS_USE_AOPS|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xeb\xbf\x52\x74\x8b\x0b\x2a\xff\x33\x0c\x21\x36\x7b\x06\x62\x4f\xde\x30\x88\x7f\xda\x17\x2e\xe2\x51\xca\x9d\xea\x03\xca\x09\x48\x80\x22\x55\x71\x64\x5c\xc0\x27\xcd\x4c\x7a\x81\x38\x8e\x08\xc0\xa4\xa8\x77\x31\x91\x41\x08\x48\xa8\x94\x10\xf3\x19\xbd\xe2"..., ...} [pid 5919] munmap(0x7f9b52200000, 138412032) = 0 [ 66.838307][ T5918] loop0: detected capacity change from 0 to 1024 [pid 5919] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5919] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5919] close(3) = 0 [pid 5919] close(4) = 0 [pid 5919] mkdir("./file2", 0777) = 0 [pid 5919] mount("/dev/loop3", "./file2", "hfsplus", MS_NOEXEC|MS_SYNCHRONOUS|MS_REC|MS_POSIXACL, "\x64\x65\x63\x6f\x6d\x70\x6f\x73\x65\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x74\x79\x70\x65\x3d\xa7\x86\x88\x28\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x31\x30\x30\x30\x30\x31\x2c\x6e\x6c\x73\x3d\x63\x70\x38\x36\x36\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30"...) = 0 [pid 5919] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5919] chdir("./file2") = 0 [pid 5919] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5919] getpid() = 5919 [pid 5919] openat(AT_FDCWD, "/dev/loop0", O_RDONLY) = 4 [pid 5919] openat(AT_FDCWD, "cgroup.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5918] <... ioctl resumed>) = 0 [pid 5919] <... openat resumed>) = 5 [pid 5919] ioctl(4, LOOP_CONFIGURE, {fd=5, block_size=0, info={lo_offset=0, lo_number=0, lo_flags=LO_FLAGS_AUTOCLEAR|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xfe\xe8\xa2\xab\x78\xfc\x17\x9f\xd1\xf8\xa0\xe9\x1d\xda\xac\xa7\xbd\x64\xc6\xa4\xb4\xe0\x0d\x96\x83\xdd\xa1\xaf\x1e\xa8\x9d\xe2\xb7\xfb\x0a\x01", ...}}) = -1 EBUSY (Device or resource busy) [pid 5919] ioctl(4, LOOP_SET_STATUS64, {lo_offset=0x5, lo_number=0, lo_flags=LO_FLAGS_USE_AOPS|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xeb\xbf\x52\x74\x8b\x0b\x2a\xff\x33\x0c\x21\x36\x7b\x06\x62\x4f\xde\x30\x88\x7f\xda\x17\x2e\xe2\x51\xca\x9d\xea\x03\xca\x09\x48\x80\x22\x55\x71\x64\x5c\xc0\x27\xcd\x4c\x7a\x81\x38\x8e\x08\xc0\xa4\xa8\x77\x31\x91\x41\x08\x48\xa8\x94\x10\xf3\x19\xbd\xe2"..., ...} [pid 5918] exit_group(0) = ? [pid 5918] +++ exited with 0 +++ [pid 5845] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5918, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5845] umount2("./20", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5845] openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5845] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5845] getdents64(3, 0x55557b78e6f0 /* 4 entries */, 32768) = 112 [ 66.904575][ T5919] loop3: detected capacity change from 0 to 1024 [ 66.911379][ T5918] loop0: detected capacity change from 1024 to 3 [ 66.918601][ T5918] Dev loop0: unable to read RDB block 3 [ 66.924563][ T5918] loop0: unable to read partition table [ 66.931171][ T5918] loop0: partition table beyond EOD, truncated [ 66.937427][ T5918] loop_reread_partitions: partition scan of loop0 (Rt *3 !6{bO0.Qʝ H"Uqd\'Lz8w1AH) failed (rc=-5) [pid 5845] umount2("./20/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5919] <... ioctl resumed>) = 0 [pid 5919] exit_group(0) = ? [pid 5919] +++ exited with 0 +++ [pid 5845] <... umount2 resumed>) = 0 [pid 5845] umount2("./20/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5919, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5848] restart_syscall(<... resuming interrupted clone ...> [pid 5845] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5845] newfstatat(AT_FDCWD, "./20/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5845] umount2("./20/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5845] openat(AT_FDCWD, "./20/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5845] newfstatat(4, "", [pid 5848] <... restart_syscall resumed>) = 0 [pid 5845] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5845] getdents64(4, 0x55557b796730 /* 2 entries */, 32768) = 48 [pid 5848] umount2("./20", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5845] getdents64(4, [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5845] <... getdents64 resumed>0x55557b796730 /* 0 entries */, 32768) = 0 [pid 5848] openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5845] close(4 [pid 5848] <... openat resumed>) = 3 [pid 5845] <... close resumed>) = 0 [pid 5848] newfstatat(3, "", [pid 5845] rmdir("./20/file2" [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5845] <... rmdir resumed>) = 0 [pid 5848] getdents64(3, [pid 5845] umount2("./20/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] <... getdents64 resumed>0x55557b78e6f0 /* 4 entries */, 32768) = 112 [pid 5845] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] umount2("./20/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5845] newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5845] unlink("./20/binderfs") = 0 [pid 5845] getdents64(3, [pid 5848] <... umount2 resumed>) = 0 [pid 5845] <... getdents64 resumed>0x55557b78e6f0 /* 0 entries */, 32768) = 0 [pid 5845] close(3 [pid 5848] umount2("./20/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5845] <... close resumed>) = 0 [pid 5848] newfstatat(AT_FDCWD, "./20/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5845] rmdir("./20") = 0 [pid 5848] umount2("./20/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5845] mkdir("./21", 0777 [pid 5848] openat(AT_FDCWD, "./20/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5848] newfstatat(4, "", [pid 5845] <... mkdir resumed>) = 0 [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(4, [pid 5845] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5848] <... getdents64 resumed>0x55557b796730 /* 2 entries */, 32768) = 48 [pid 5845] <... openat resumed>) = 3 [pid 5848] getdents64(4, [pid 5845] ioctl(3, LOOP_CLR_FD [pid 5848] <... getdents64 resumed>0x55557b796730 /* 0 entries */, 32768) = 0 [pid 5845] <... ioctl resumed>) = 0 [pid 5848] close(4 [pid 5845] close(3 [pid 5848] <... close resumed>) = 0 [pid 5845] <... close resumed>) = 0 [pid 5848] rmdir("./20/file2" [pid 5845] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5848] <... rmdir resumed>) = 0 ./strace-static-x86_64: Process 5920 attached [ 66.960274][ T11] kworker/u8:0: attempt to access beyond end of device [ 66.960274][ T11] loop0: rw=1, sector=206, nr_sectors = 8 limit=3 [ 66.973776][ T11] kworker/u8:0: attempt to access beyond end of device [ 66.973776][ T11] loop0: rw=2049, sector=198, nr_sectors = 16 limit=3 [pid 5920] set_robust_list(0x55557b78d660, 24 [pid 5848] umount2("./20/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5845] <... clone resumed>, child_tidptr=0x55557b78d650) = 5920 [pid 5920] <... set_robust_list resumed>) = 0 [pid 5920] chdir("./21") = 0 [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5920] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5848] newfstatat(AT_FDCWD, "./20/binderfs", [pid 5920] <... prctl resumed>) = 0 [pid 5920] setpgid(0, 0) = 0 [pid 5848] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5920] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5848] unlink("./20/binderfs" [pid 5920] write(3, "1000", 4) = 4 [pid 5920] close(3) = 0 [pid 5920] symlink("/dev/binderfs", "./binderfs" [pid 5848] <... unlink resumed>) = 0 executing program [pid 5920] <... symlink resumed>) = 0 [pid 5848] getdents64(3, [pid 5920] write(1, "executing program\n", 18 [pid 5848] <... getdents64 resumed>0x55557b78e6f0 /* 0 entries */, 32768) = 0 [pid 5920] <... write resumed>) = 18 [pid 5848] close(3) = 0 [pid 5920] memfd_create("syzkaller", 0 [pid 5848] rmdir("./20" [pid 5920] <... memfd_create resumed>) = 3 [pid 5848] <... rmdir resumed>) = 0 [pid 5920] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5848] mkdir("./21", 0777 [pid 5920] <... mmap resumed>) = 0x7f9b52200000 [pid 5848] <... mkdir resumed>) = 0 [pid 5848] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5920] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5848] <... openat resumed>) = 3 [pid 5920] <... write resumed>) = 524288 [pid 5848] ioctl(3, LOOP_CLR_FD [pid 5920] munmap(0x7f9b52200000, 138412032 [pid 5848] <... ioctl resumed>) = 0 [pid 5848] close(3 [pid 5920] <... munmap resumed>) = 0 [pid 5848] <... close resumed>) = 0 [pid 5920] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5920] <... openat resumed>) = 4 ./strace-static-x86_64: Process 5921 attached [pid 5920] ioctl(4, LOOP_SET_FD, 3 [pid 5921] set_robust_list(0x55557b78d660, 24 [pid 5920] <... ioctl resumed>) = 0 [pid 5848] <... clone resumed>, child_tidptr=0x55557b78d650) = 5921 [pid 5921] <... set_robust_list resumed>) = 0 [pid 5921] chdir("./21") = 0 [pid 5920] close(3 [pid 5921] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5920] <... close resumed>) = 0 [pid 5921] <... prctl resumed>) = 0 [pid 5920] close(4 [pid 5921] setpgid(0, 0 [pid 5920] <... close resumed>) = 0 [pid 5920] mkdir("./file2", 0777) = 0 [pid 5921] <... setpgid resumed>) = 0 [pid 5921] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5920] mount("/dev/loop0", "./file2", "hfsplus", MS_NOEXEC|MS_SYNCHRONOUS|MS_REC|MS_POSIXACL, "\x64\x65\x63\x6f\x6d\x70\x6f\x73\x65\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x74\x79\x70\x65\x3d\xa7\x86\x88\x28\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x31\x30\x30\x30\x30\x31\x2c\x6e\x6c\x73\x3d\x63\x70\x38\x36\x36\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30"... [pid 5921] <... openat resumed>) = 3 [pid 5921] write(3, "1000", 4) = 4 [pid 5921] close(3) = 0 [pid 5921] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 5921] write(1, "executing program\n", 18) = 18 [pid 5921] memfd_create("syzkaller", 0) = 3 [pid 5921] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b52200000 [pid 5921] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5920] <... mount resumed>) = 0 [pid 5920] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5920] chdir("./file2") = 0 [pid 5920] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5920] getpid() = 5920 [pid 5920] openat(AT_FDCWD, "/dev/loop0", O_RDONLY) = 4 [ 67.108828][ T5920] loop0: detected capacity change from 0 to 1024 [pid 5920] openat(AT_FDCWD, "cgroup.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5921] <... write resumed>) = 524288 [pid 5920] <... openat resumed>) = 5 [pid 5921] munmap(0x7f9b52200000, 138412032) = 0 [pid 5920] ioctl(4, LOOP_CONFIGURE, {fd=5, block_size=0, info={lo_offset=0, lo_number=0, lo_flags=LO_FLAGS_AUTOCLEAR|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xfe\xe8\xa2\xab\x78\xfc\x17\x9f\xd1\xf8\xa0\xe9\x1d\xda\xac\xa7\xbd\x64\xc6\xa4\xb4\xe0\x0d\x96\x83\xdd\xa1\xaf\x1e\xa8\x9d\xe2\xb7\xfb\x0a\x01", ...}} [pid 5921] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5920] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5921] <... openat resumed>) = 4 [pid 5920] ioctl(4, LOOP_SET_STATUS64, {lo_offset=0x5, lo_number=0, lo_flags=LO_FLAGS_USE_AOPS|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xeb\xbf\x52\x74\x8b\x0b\x2a\xff\x33\x0c\x21\x36\x7b\x06\x62\x4f\xde\x30\x88\x7f\xda\x17\x2e\xe2\x51\xca\x9d\xea\x03\xca\x09\x48\x80\x22\x55\x71\x64\x5c\xc0\x27\xcd\x4c\x7a\x81\x38\x8e\x08\xc0\xa4\xa8\x77\x31\x91\x41\x08\x48\xa8\x94\x10\xf3\x19\xbd\xe2"..., ...} [pid 5921] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5921] close(3) = 0 [pid 5921] close(4) = 0 [pid 5921] mkdir("./file2", 0777) = 0 [pid 5921] mount("/dev/loop3", "./file2", "hfsplus", MS_NOEXEC|MS_SYNCHRONOUS|MS_REC|MS_POSIXACL, "\x64\x65\x63\x6f\x6d\x70\x6f\x73\x65\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x74\x79\x70\x65\x3d\xa7\x86\x88\x28\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x31\x30\x30\x30\x30\x31\x2c\x6e\x6c\x73\x3d\x63\x70\x38\x36\x36\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30"...) = 0 [pid 5921] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5921] chdir("./file2") = 0 [pid 5921] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5921] getpid() = 5921 [ 67.202647][ T5921] loop3: detected capacity change from 0 to 1024 [pid 5921] openat(AT_FDCWD, "/dev/loop0", O_RDONLY) = 4 [pid 5921] openat(AT_FDCWD, "cgroup.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5921] ioctl(4, LOOP_CONFIGURE, {fd=5, block_size=0, info={lo_offset=0, lo_number=0, lo_flags=LO_FLAGS_AUTOCLEAR|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xfe\xe8\xa2\xab\x78\xfc\x17\x9f\xd1\xf8\xa0\xe9\x1d\xda\xac\xa7\xbd\x64\xc6\xa4\xb4\xe0\x0d\x96\x83\xdd\xa1\xaf\x1e\xa8\x9d\xe2\xb7\xfb\x0a\x01", ...}}) = -1 EBUSY (Device or resource busy) [pid 5921] ioctl(4, LOOP_SET_STATUS64, {lo_offset=0x5, lo_number=0, lo_flags=LO_FLAGS_USE_AOPS|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xeb\xbf\x52\x74\x8b\x0b\x2a\xff\x33\x0c\x21\x36\x7b\x06\x62\x4f\xde\x30\x88\x7f\xda\x17\x2e\xe2\x51\xca\x9d\xea\x03\xca\x09\x48\x80\x22\x55\x71\x64\x5c\xc0\x27\xcd\x4c\x7a\x81\x38\x8e\x08\xc0\xa4\xa8\x77\x31\x91\x41\x08\x48\xa8\x94\x10\xf3\x19\xbd\xe2"..., ...} [pid 5920] <... ioctl resumed>) = 0 [pid 5920] exit_group(0) = ? [pid 5920] +++ exited with 0 +++ [pid 5845] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5920, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5845] restart_syscall(<... resuming interrupted clone ...>) = 0 [ 67.249264][ T5920] loop0: detected capacity change from 1024 to 3 [ 67.256659][ T5920] Dev loop0: unable to read RDB block 3 [ 67.262302][ T5920] loop0: unable to read partition table [ 67.268063][ T5920] loop0: partition table beyond EOD, truncated [ 67.275104][ T5920] loop_reread_partitions: partition scan of loop0 (Rt *3 !6{bO0.Qʝ H"Uqd\'Lz8w1AH) failed (rc=-5) [pid 5845] umount2("./21", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5845] openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5845] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5921] <... ioctl resumed>) = 0 [pid 5845] getdents64(3, 0x55557b78e6f0 /* 4 entries */, 32768) = 112 [pid 5921] exit_group(0) = ? [pid 5845] umount2("./21/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5921] +++ exited with 0 +++ [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5921, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5848] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5848] umount2("./21", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5845] <... umount2 resumed>) = 0 [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5845] umount2("./21/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] newfstatat(3, "", [pid 5845] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5845] newfstatat(AT_FDCWD, "./21/file2", [pid 5848] getdents64(3, [pid 5845] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] <... getdents64 resumed>0x55557b78e6f0 /* 4 entries */, 32768) = 112 [pid 5845] umount2("./21/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] umount2("./21/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5845] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5845] openat(AT_FDCWD, "./21/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5845] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5845] getdents64(4, 0x55557b796730 /* 2 entries */, 32768) = 48 [pid 5845] getdents64(4, [pid 5848] <... umount2 resumed>) = 0 [pid 5845] <... getdents64 resumed>0x55557b796730 /* 0 entries */, 32768) = 0 [pid 5845] close(4) = 0 [pid 5845] rmdir("./21/file2" [pid 5848] umount2("./21/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5845] <... rmdir resumed>) = 0 [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./21/file2", [pid 5845] umount2("./21/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5845] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] umount2("./21/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5845] newfstatat(AT_FDCWD, "./21/binderfs", [pid 5848] openat(AT_FDCWD, "./21/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5845] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] <... openat resumed>) = 4 [pid 5845] unlink("./21/binderfs" [pid 5848] newfstatat(4, "", [pid 5845] <... unlink resumed>) = 0 [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(4, [ 67.367489][ T11] kworker/u8:0: attempt to access beyond end of device [ 67.367489][ T11] loop0: rw=1, sector=206, nr_sectors = 8 limit=3 [ 67.380942][ T11] kworker/u8:0: attempt to access beyond end of device [ 67.380942][ T11] loop0: rw=2049, sector=198, nr_sectors = 16 limit=3 [pid 5845] getdents64(3, [pid 5848] <... getdents64 resumed>0x55557b796730 /* 2 entries */, 32768) = 48 [pid 5845] <... getdents64 resumed>0x55557b78e6f0 /* 0 entries */, 32768) = 0 [pid 5845] close(3) = 0 [pid 5848] getdents64(4, [pid 5845] rmdir("./21" [pid 5848] <... getdents64 resumed>0x55557b796730 /* 0 entries */, 32768) = 0 [pid 5845] <... rmdir resumed>) = 0 [pid 5848] close(4 [pid 5845] mkdir("./22", 0777 [pid 5848] <... close resumed>) = 0 [pid 5848] rmdir("./21/file2") = 0 [pid 5845] <... mkdir resumed>) = 0 [pid 5845] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5848] umount2("./21/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5845] <... openat resumed>) = 3 [pid 5845] ioctl(3, LOOP_CLR_FD [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./21/binderfs", [pid 5845] <... ioctl resumed>) = 0 [pid 5848] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5845] close(3 [pid 5848] unlink("./21/binderfs" [pid 5845] <... close resumed>) = 0 [pid 5848] <... unlink resumed>) = 0 [pid 5848] getdents64(3, 0x55557b78e6f0 /* 0 entries */, 32768) = 0 [pid 5845] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5848] close(3) = 0 [pid 5848] rmdir("./21"./strace-static-x86_64: Process 5922 attached ) = 0 [pid 5845] <... clone resumed>, child_tidptr=0x55557b78d650) = 5922 [pid 5922] set_robust_list(0x55557b78d660, 24 [pid 5848] mkdir("./22", 0777 [pid 5922] <... set_robust_list resumed>) = 0 [pid 5848] <... mkdir resumed>) = 0 [pid 5922] chdir("./22" [pid 5848] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5922] <... chdir resumed>) = 0 [pid 5922] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5848] <... openat resumed>) = 3 [pid 5922] <... prctl resumed>) = 0 [pid 5922] setpgid(0, 0 [pid 5848] ioctl(3, LOOP_CLR_FD) = 0 [pid 5922] <... setpgid resumed>) = 0 [pid 5922] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5848] close(3 [pid 5922] <... openat resumed>) = 3 [pid 5848] <... close resumed>) = 0 [pid 5922] write(3, "1000", 4 [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5923 attached [pid 5922] <... write resumed>) = 4 [pid 5922] close(3) = 0 [pid 5922] symlink("/dev/binderfs", "./binderfs" [pid 5923] set_robust_list(0x55557b78d660, 24 [pid 5922] <... symlink resumed>) = 0 executing program [pid 5923] <... set_robust_list resumed>) = 0 [pid 5922] write(1, "executing program\n", 18 [pid 5848] <... clone resumed>, child_tidptr=0x55557b78d650) = 5923 [pid 5923] chdir("./22" [pid 5922] <... write resumed>) = 18 [pid 5922] memfd_create("syzkaller", 0 [pid 5923] <... chdir resumed>) = 0 [pid 5922] <... memfd_create resumed>) = 3 [pid 5923] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5922] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5923] <... prctl resumed>) = 0 [pid 5922] <... mmap resumed>) = 0x7f9b52200000 [pid 5923] setpgid(0, 0) = 0 [pid 5923] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5923] write(3, "1000", 4) = 4 [pid 5922] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5923] close(3) = 0 [pid 5923] symlink("/dev/binderfs", "./binderfs" [pid 5922] <... write resumed>) = 524288 [pid 5923] <... symlink resumed>) = 0 [pid 5922] munmap(0x7f9b52200000, 138412032) = 0 [pid 5923] write(1, "executing program\n", 18executing program ) = 18 [pid 5922] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5923] memfd_create("syzkaller", 0 [pid 5922] <... openat resumed>) = 4 [pid 5922] ioctl(4, LOOP_SET_FD, 3 [pid 5923] <... memfd_create resumed>) = 3 [pid 5922] <... ioctl resumed>) = 0 [pid 5923] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b52200000 [pid 5923] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5922] close(3 [pid 5923] <... write resumed>) = 524288 [pid 5922] <... close resumed>) = 0 [pid 5923] munmap(0x7f9b52200000, 138412032 [pid 5922] close(4 [pid 5923] <... munmap resumed>) = 0 [pid 5922] <... close resumed>) = 0 [pid 5922] mkdir("./file2", 0777) = 0 [pid 5923] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5923] ioctl(4, LOOP_SET_FD, 3 [pid 5922] mount("/dev/loop0", "./file2", "hfsplus", MS_NOEXEC|MS_SYNCHRONOUS|MS_REC|MS_POSIXACL, "\x64\x65\x63\x6f\x6d\x70\x6f\x73\x65\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x74\x79\x70\x65\x3d\xa7\x86\x88\x28\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x31\x30\x30\x30\x30\x31\x2c\x6e\x6c\x73\x3d\x63\x70\x38\x36\x36\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30"... [pid 5923] <... ioctl resumed>) = 0 [pid 5922] <... mount resumed>) = 0 [pid 5923] close(3 [pid 5922] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5923] <... close resumed>) = 0 [pid 5923] close(4 [pid 5922] <... openat resumed>) = 3 [pid 5923] <... close resumed>) = 0 [pid 5922] chdir("./file2" [pid 5923] mkdir("./file2", 0777 [pid 5922] <... chdir resumed>) = 0 [pid 5922] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5923] <... mkdir resumed>) = 0 [pid 5922] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5923] mount("/dev/loop3", "./file2", "hfsplus", MS_NOEXEC|MS_SYNCHRONOUS|MS_REC|MS_POSIXACL, "\x64\x65\x63\x6f\x6d\x70\x6f\x73\x65\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x74\x79\x70\x65\x3d\xa7\x86\x88\x28\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x31\x30\x30\x30\x30\x31\x2c\x6e\x6c\x73\x3d\x63\x70\x38\x36\x36\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30"... [pid 5922] getpid() = 5922 [pid 5922] openat(AT_FDCWD, "/dev/loop0", O_RDONLY [pid 5923] <... mount resumed>) = 0 [pid 5922] <... openat resumed>) = 4 [pid 5923] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5922] openat(AT_FDCWD, "cgroup.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5923] chdir("./file2") = 0 [pid 5923] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5923] getpid() = 5923 [pid 5922] <... openat resumed>) = 5 [pid 5923] openat(AT_FDCWD, "/dev/loop0", O_RDONLY) = 4 [pid 5922] ioctl(4, LOOP_CONFIGURE, {fd=5, block_size=0, info={lo_offset=0, lo_number=0, lo_flags=LO_FLAGS_AUTOCLEAR|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xfe\xe8\xa2\xab\x78\xfc\x17\x9f\xd1\xf8\xa0\xe9\x1d\xda\xac\xa7\xbd\x64\xc6\xa4\xb4\xe0\x0d\x96\x83\xdd\xa1\xaf\x1e\xa8\x9d\xe2\xb7\xfb\x0a\x01", ...}} [pid 5923] openat(AT_FDCWD, "cgroup.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5922] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5922] ioctl(4, LOOP_SET_STATUS64, {lo_offset=0x5, lo_number=0, lo_flags=LO_FLAGS_USE_AOPS|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xeb\xbf\x52\x74\x8b\x0b\x2a\xff\x33\x0c\x21\x36\x7b\x06\x62\x4f\xde\x30\x88\x7f\xda\x17\x2e\xe2\x51\xca\x9d\xea\x03\xca\x09\x48\x80\x22\x55\x71\x64\x5c\xc0\x27\xcd\x4c\x7a\x81\x38\x8e\x08\xc0\xa4\xa8\x77\x31\x91\x41\x08\x48\xa8\x94\x10\xf3\x19\xbd\xe2"..., ...} [pid 5923] <... openat resumed>) = 5 [pid 5923] ioctl(4, LOOP_CONFIGURE, {fd=5, block_size=0, info={lo_offset=0, lo_number=0, lo_flags=LO_FLAGS_AUTOCLEAR|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xfe\xe8\xa2\xab\x78\xfc\x17\x9f\xd1\xf8\xa0\xe9\x1d\xda\xac\xa7\xbd\x64\xc6\xa4\xb4\xe0\x0d\x96\x83\xdd\xa1\xaf\x1e\xa8\x9d\xe2\xb7\xfb\x0a\x01", ...}}) = -1 EBUSY (Device or resource busy) [ 67.582310][ T5922] loop0: detected capacity change from 0 to 1024 [ 67.608546][ T5923] loop3: detected capacity change from 0 to 1024 [pid 5923] ioctl(4, LOOP_SET_STATUS64, {lo_offset=0x5, lo_number=0, lo_flags=LO_FLAGS_USE_AOPS|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xeb\xbf\x52\x74\x8b\x0b\x2a\xff\x33\x0c\x21\x36\x7b\x06\x62\x4f\xde\x30\x88\x7f\xda\x17\x2e\xe2\x51\xca\x9d\xea\x03\xca\x09\x48\x80\x22\x55\x71\x64\x5c\xc0\x27\xcd\x4c\x7a\x81\x38\x8e\x08\xc0\xa4\xa8\x77\x31\x91\x41\x08\x48\xa8\x94\x10\xf3\x19\xbd\xe2"..., ...}) = 0 [pid 5923] exit_group(0) = ? [ 67.659517][ T5922] loop0: detected capacity change from 1024 to 3 [ 67.699501][ T5922] Dev loop0: unable to read RDB block 3 [pid 5923] +++ exited with 0 +++ [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5923, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5848] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5922] <... ioctl resumed>) = 0 [pid 5848] umount2("./22", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5922] exit_group(0 [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5922] <... exit_group resumed>) = ? [pid 5848] openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5922] +++ exited with 0 +++ [pid 5848] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(3, [pid 5845] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5922, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5848] <... getdents64 resumed>0x55557b78e6f0 /* 4 entries */, 32768) = 112 [ 67.705273][ T5922] loop0: unable to read partition table [ 67.711067][ T5922] loop0: partition table beyond EOD, truncated [ 67.725142][ T5922] loop_reread_partitions: partition scan of loop0 (Rt *3 !6{bO0.Qʝ H"Uqd\'Lz8w1AH) failed (rc=-5) [pid 5848] umount2("./22/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5845] umount2("./22", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] <... umount2 resumed>) = 0 [pid 5845] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5845] openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5848] umount2("./22/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5845] <... openat resumed>) = 3 [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./22/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5845] newfstatat(3, "", [pid 5848] umount2("./22/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5845] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./22/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5845] getdents64(3, [pid 5848] <... openat resumed>) = 4 [pid 5845] <... getdents64 resumed>0x55557b78e6f0 /* 4 entries */, 32768) = 112 [pid 5848] newfstatat(4, "", [pid 5845] umount2("./22/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(4, 0x55557b796730 /* 2 entries */, 32768) = 48 [pid 5848] getdents64(4, 0x55557b796730 /* 0 entries */, 32768) = 0 [pid 5848] close(4) = 0 [pid 5848] rmdir("./22/file2") = 0 [pid 5848] umount2("./22/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5845] <... umount2 resumed>) = 0 [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] unlink("./22/binderfs" [pid 5845] umount2("./22/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] <... unlink resumed>) = 0 [pid 5845] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] getdents64(3, [pid 5845] newfstatat(AT_FDCWD, "./22/file2", [pid 5848] <... getdents64 resumed>0x55557b78e6f0 /* 0 entries */, 32768) = 0 [pid 5845] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] close(3 [pid 5845] umount2("./22/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] <... close resumed>) = 0 [pid 5845] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] rmdir("./22" [pid 5845] openat(AT_FDCWD, "./22/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5848] <... rmdir resumed>) = 0 [pid 5845] newfstatat(4, "", [pid 5848] mkdir("./23", 0777 [pid 5845] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5845] getdents64(4, 0x55557b796730 /* 2 entries */, 32768) = 48 [pid 5845] getdents64(4, 0x55557b796730 /* 0 entries */, 32768) = 0 [pid 5848] <... mkdir resumed>) = 0 [pid 5845] close(4) = 0 [pid 5845] rmdir("./22/file2" [pid 5848] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5845] <... rmdir resumed>) = 0 [ 67.814778][ T11] kworker/u8:0: attempt to access beyond end of device [ 67.814778][ T11] loop0: rw=1, sector=206, nr_sectors = 8 limit=3 [ 67.828935][ T11] kworker/u8:0: attempt to access beyond end of device [ 67.828935][ T11] loop0: rw=2049, sector=198, nr_sectors = 16 limit=3 [pid 5845] umount2("./22/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] <... openat resumed>) = 3 [pid 5845] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5845] newfstatat(AT_FDCWD, "./22/binderfs", [pid 5848] ioctl(3, LOOP_CLR_FD [pid 5845] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] <... ioctl resumed>) = 0 [pid 5848] close(3) = 0 [pid 5845] unlink("./22/binderfs") = 0 [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5845] getdents64(3, ./strace-static-x86_64: Process 5924 attached 0x55557b78e6f0 /* 0 entries */, 32768) = 0 [pid 5845] close(3 [pid 5848] <... clone resumed>, child_tidptr=0x55557b78d650) = 5924 [pid 5845] <... close resumed>) = 0 [pid 5924] set_robust_list(0x55557b78d660, 24 [pid 5845] rmdir("./22") = 0 [pid 5924] <... set_robust_list resumed>) = 0 [pid 5924] chdir("./23") = 0 [pid 5845] mkdir("./23", 0777 [pid 5924] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5845] <... mkdir resumed>) = 0 [pid 5924] setpgid(0, 0) = 0 [pid 5924] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5845] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5924] write(3, "1000", 4) = 4 [pid 5845] ioctl(3, LOOP_CLR_FD [pid 5924] close(3 [pid 5845] <... ioctl resumed>) = 0 [pid 5924] <... close resumed>) = 0 [pid 5845] close(3 [pid 5924] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5845] <... close resumed>) = 0 [pid 5924] write(1, "executing program\n", 18 [pid 5845] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program [pid 5924] <... write resumed>) = 18 [pid 5924] memfd_create("syzkaller", 0) = 3 [pid 5924] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b52200000 ./strace-static-x86_64: Process 5925 attached [pid 5845] <... clone resumed>, child_tidptr=0x55557b78d650) = 5925 [pid 5925] set_robust_list(0x55557b78d660, 24) = 0 [pid 5925] chdir("./23") = 0 [pid 5925] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5925] setpgid(0, 0) = 0 [pid 5925] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5924] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5925] <... openat resumed>) = 3 [pid 5925] write(3, "1000", 4 [pid 5924] <... write resumed>) = 524288 [pid 5925] <... write resumed>) = 4 [pid 5924] munmap(0x7f9b52200000, 138412032 [pid 5925] close(3) = 0 [pid 5924] <... munmap resumed>) = 0 [pid 5925] symlink("/dev/binderfs", "./binderfs" [pid 5924] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5924] ioctl(4, LOOP_SET_FD, 3 [pid 5925] <... symlink resumed>) = 0 executing program [pid 5925] write(1, "executing program\n", 18) = 18 [pid 5925] memfd_create("syzkaller", 0) = 3 [pid 5924] <... ioctl resumed>) = 0 [pid 5925] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b52200000 [pid 5924] close(3) = 0 [pid 5924] close(4) = 0 [pid 5924] mkdir("./file2", 0777 [pid 5925] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5924] <... mkdir resumed>) = 0 [pid 5924] mount("/dev/loop3", "./file2", "hfsplus", MS_NOEXEC|MS_SYNCHRONOUS|MS_REC|MS_POSIXACL, "\x64\x65\x63\x6f\x6d\x70\x6f\x73\x65\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x74\x79\x70\x65\x3d\xa7\x86\x88\x28\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x31\x30\x30\x30\x30\x31\x2c\x6e\x6c\x73\x3d\x63\x70\x38\x36\x36\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30"... [pid 5925] <... write resumed>) = 524288 [pid 5925] munmap(0x7f9b52200000, 138412032 [pid 5924] <... mount resumed>) = 0 [pid 5924] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5925] <... munmap resumed>) = 0 [pid 5924] <... openat resumed>) = 3 [pid 5925] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5924] chdir("./file2" [pid 5925] <... openat resumed>) = 4 [pid 5924] <... chdir resumed>) = 0 [pid 5925] ioctl(4, LOOP_SET_FD, 3 [ 67.984759][ T5924] loop3: detected capacity change from 0 to 1024 [pid 5924] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5925] <... ioctl resumed>) = 0 [pid 5924] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5925] close(3 [pid 5924] getpid( [pid 5925] <... close resumed>) = 0 [pid 5924] <... getpid resumed>) = 5924 [pid 5925] close(4 [pid 5924] openat(AT_FDCWD, "/dev/loop0", O_RDONLY [pid 5925] <... close resumed>) = 0 [pid 5924] <... openat resumed>) = 4 [pid 5924] openat(AT_FDCWD, "cgroup.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5925] mkdir("./file2", 0777 [pid 5924] <... openat resumed>) = 5 [pid 5925] <... mkdir resumed>) = 0 [pid 5924] ioctl(4, LOOP_CONFIGURE, {fd=5, block_size=0, info={lo_offset=0, lo_number=0, lo_flags=LO_FLAGS_AUTOCLEAR|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xfe\xe8\xa2\xab\x78\xfc\x17\x9f\xd1\xf8\xa0\xe9\x1d\xda\xac\xa7\xbd\x64\xc6\xa4\xb4\xe0\x0d\x96\x83\xdd\xa1\xaf\x1e\xa8\x9d\xe2\xb7\xfb\x0a\x01", ...}}) = -1 EBUSY (Device or resource busy) [pid 5924] ioctl(4, LOOP_SET_STATUS64, {lo_offset=0x5, lo_number=0, lo_flags=LO_FLAGS_USE_AOPS|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xeb\xbf\x52\x74\x8b\x0b\x2a\xff\x33\x0c\x21\x36\x7b\x06\x62\x4f\xde\x30\x88\x7f\xda\x17\x2e\xe2\x51\xca\x9d\xea\x03\xca\x09\x48\x80\x22\x55\x71\x64\x5c\xc0\x27\xcd\x4c\x7a\x81\x38\x8e\x08\xc0\xa4\xa8\x77\x31\x91\x41\x08\x48\xa8\x94\x10\xf3\x19\xbd\xe2"..., ...} [ 68.041499][ T5925] loop0: detected capacity change from 0 to 1024 [pid 5925] mount("/dev/loop0", "./file2", "hfsplus", MS_NOEXEC|MS_SYNCHRONOUS|MS_REC|MS_POSIXACL, "\x64\x65\x63\x6f\x6d\x70\x6f\x73\x65\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x74\x79\x70\x65\x3d\xa7\x86\x88\x28\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x31\x30\x30\x30\x30\x31\x2c\x6e\x6c\x73\x3d\x63\x70\x38\x36\x36\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30"... [pid 5924] <... ioctl resumed>) = 0 [pid 5924] exit_group(0) = ? [pid 5924] +++ exited with 0 +++ [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5924, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5848] restart_syscall(<... resuming interrupted clone ...> [pid 5925] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5925] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5848] <... restart_syscall resumed>) = 0 [pid 5925] ioctl(3, LOOP_CLR_FD) = 0 [pid 5848] umount2("./23", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5925] close(3 [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5925] <... close resumed>) = 0 [pid 5848] openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5848] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(3, 0x55557b78e6f0 /* 4 entries */, 32768) = 112 [pid 5848] umount2("./23/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 5848] umount2("./23/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5925] getpid( [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5925] <... getpid resumed>) = 5925 [pid 5848] newfstatat(AT_FDCWD, "./23/file2", [pid 5925] openat(AT_FDCWD, "/dev/loop0", O_RDONLY) = 3 [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5925] openat(AT_FDCWD, "cgroup.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5848] umount2("./23/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./23/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5925] <... openat resumed>) = 4 [pid 5848] newfstatat(4, "", [ 68.109296][ T5924] loop0: detected capacity change from 1024 to 3 [ 68.117630][ T5924] Dev loop0: unable to read RDB block 3 [ 68.123252][ T5924] loop0: unable to read partition table [ 68.128937][ T5924] loop0: partition table beyond EOD, truncated [ 68.135314][ T5924] loop_reread_partitions: partition scan of loop0 (Rt *3 !6{bO0.Qʝ H"Uqd\'Lz8w1AH) failed (rc=-5) [ 68.135598][ T5925] hfsplus: unable to find HFS+ superblock [pid 5925] ioctl(3, LOOP_CONFIGURE, {fd=4, block_size=0, info={lo_offset=0, lo_number=0, lo_flags=LO_FLAGS_AUTOCLEAR|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xfe\xe8\xa2\xab\x78\xfc\x17\x9f\xd1\xf8\xa0\xe9\x1d\xda\xac\xa7\xbd\x64\xc6\xa4\xb4\xe0\x0d\x96\x83\xdd\xa1\xaf\x1e\xa8\x9d\xe2\xb7\xfb\x0a\x01", ...}} [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5925] <... ioctl resumed>) = 0 [pid 5925] ioctl(3, LOOP_SET_STATUS64, {lo_offset=0x5, lo_number=0, lo_flags=LO_FLAGS_USE_AOPS|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xeb\xbf\x52\x74\x8b\x0b\x2a\xff\x33\x0c\x21\x36\x7b\x06\x62\x4f\xde\x30\x88\x7f\xda\x17\x2e\xe2\x51\xca\x9d\xea\x03\xca\x09\x48\x80\x22\x55\x71\x64\x5c\xc0\x27\xcd\x4c\x7a\x81\x38\x8e\x08\xc0\xa4\xa8\x77\x31\x91\x41\x08\x48\xa8\x94\x10\xf3\x19\xbd\xe2"..., ...} [pid 5848] getdents64(4, 0x55557b796730 /* 2 entries */, 32768) = 48 [pid 5848] getdents64(4, 0x55557b796730 /* 0 entries */, 32768) = 0 [pid 5848] close(4) = 0 [pid 5848] rmdir("./23/file2") = 0 [pid 5848] umount2("./23/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] unlink("./23/binderfs" [pid 5925] <... ioctl resumed>) = 0 [pid 5848] <... unlink resumed>) = 0 [pid 5925] exit_group(0) = ? [pid 5848] getdents64(3, 0x55557b78e6f0 /* 0 entries */, 32768) = 0 [pid 5848] close(3 [pid 5925] +++ exited with 0 +++ [pid 5848] <... close resumed>) = 0 [pid 5848] rmdir("./23" [pid 5845] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5925, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5845] umount2("./23", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] <... rmdir resumed>) = 0 [pid 5845] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5845] openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5848] mkdir("./24", 0777 [pid 5845] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] <... mkdir resumed>) = 0 [pid 5845] getdents64(3, 0x55557b78e6f0 /* 5 entries */, 32768) = 144 [pid 5848] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5845] umount2("./23/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] ioctl(3, LOOP_CLR_FD [pid 5845] newfstatat(AT_FDCWD, "./23/file2", [pid 5848] <... ioctl resumed>) = 0 [pid 5845] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] close(3) = 0 [pid 5845] umount2("./23/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5845] openat(AT_FDCWD, "./23/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5845] <... openat resumed>) = 4 [pid 5845] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5845] getdents64(4, 0x55557b796730 /* 2 entries */, 32768) = 48 [pid 5845] getdents64(4, 0x55557b796730 /* 0 entries */, 32768) = 0 [pid 5845] close(4) = 0 [pid 5845] rmdir("./23/file2") = 0 [pid 5845] umount2("./23/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5845] newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5845] unlink("./23/binderfs"./strace-static-x86_64: Process 5926 attached ) = 0 [pid 5926] set_robust_list(0x55557b78d660, 24 [pid 5848] <... clone resumed>, child_tidptr=0x55557b78d650) = 5926 [pid 5926] <... set_robust_list resumed>) = 0 [pid 5845] umount2("./23/cgroup.stat", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5926] chdir("./24" [pid 5845] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5926] <... chdir resumed>) = 0 [pid 5845] newfstatat(AT_FDCWD, "./23/cgroup.stat", [pid 5926] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5845] <... newfstatat resumed>{st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5926] <... prctl resumed>) = 0 [pid 5926] setpgid(0, 0 [pid 5845] unlink("./23/cgroup.stat" [pid 5926] <... setpgid resumed>) = 0 [pid 5845] <... unlink resumed>) = 0 [pid 5926] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5845] getdents64(3, [pid 5926] write(3, "1000", 4 [pid 5845] <... getdents64 resumed>0x55557b78e6f0 /* 0 entries */, 32768) = 0 [pid 5926] <... write resumed>) = 4 [pid 5926] close(3) = 0 [pid 5926] symlink("/dev/binderfs", "./binderfs" [pid 5845] close(3 [pid 5926] <... symlink resumed>) = 0 [pid 5845] <... close resumed>) = 0 [pid 5845] rmdir("./23" executing program [pid 5926] write(1, "executing program\n", 18 [pid 5845] <... rmdir resumed>) = 0 [pid 5926] <... write resumed>) = 18 [pid 5845] mkdir("./24", 0777 [pid 5926] memfd_create("syzkaller", 0 [pid 5845] <... mkdir resumed>) = 0 [pid 5845] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5926] <... memfd_create resumed>) = 3 [pid 5845] <... openat resumed>) = 3 [pid 5926] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b52200000 [pid 5845] ioctl(3, LOOP_CLR_FD) = 0 [pid 5845] close(3 [pid 5926] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5845] <... close resumed>) = 0 [pid 5926] <... write resumed>) = 524288 [pid 5845] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5927 attached [pid 5926] munmap(0x7f9b52200000, 138412032 [pid 5927] set_robust_list(0x55557b78d660, 24 [pid 5926] <... munmap resumed>) = 0 [pid 5927] <... set_robust_list resumed>) = 0 executing program [pid 5926] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5927] chdir("./24" [pid 5845] <... clone resumed>, child_tidptr=0x55557b78d650) = 5927 [pid 5927] <... chdir resumed>) = 0 [pid 5926] <... openat resumed>) = 4 [pid 5927] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5926] ioctl(4, LOOP_SET_FD, 3 [pid 5927] setpgid(0, 0 [pid 5926] <... ioctl resumed>) = 0 [pid 5927] <... setpgid resumed>) = 0 [pid 5927] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5927] write(3, "1000", 4) = 4 [pid 5927] close(3) = 0 [pid 5927] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5927] write(1, "executing program\n", 18) = 18 [pid 5927] memfd_create("syzkaller", 0) = 3 [pid 5927] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b52200000 [pid 5926] close(3) = 0 [pid 5926] close(4) = 0 [pid 5926] mkdir("./file2", 0777) = 0 [pid 5927] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5926] mount("/dev/loop3", "./file2", "hfsplus", MS_NOEXEC|MS_SYNCHRONOUS|MS_REC|MS_POSIXACL, "\x64\x65\x63\x6f\x6d\x70\x6f\x73\x65\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x74\x79\x70\x65\x3d\xa7\x86\x88\x28\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x31\x30\x30\x30\x30\x31\x2c\x6e\x6c\x73\x3d\x63\x70\x38\x36\x36\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30"... [pid 5927] munmap(0x7f9b52200000, 138412032) = 0 [pid 5926] <... mount resumed>) = 0 [pid 5926] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5927] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5926] chdir("./file2") = 0 [ 68.460062][ T5926] loop3: detected capacity change from 0 to 1024 [pid 5927] ioctl(4, LOOP_SET_FD, 3 [pid 5926] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5927] <... ioctl resumed>) = 0 [pid 5926] getpid( [pid 5927] close(3 [pid 5926] <... getpid resumed>) = 5926 [pid 5927] <... close resumed>) = 0 [pid 5926] openat(AT_FDCWD, "/dev/loop0", O_RDONLY [pid 5927] close(4 [pid 5926] <... openat resumed>) = 4 [pid 5927] <... close resumed>) = 0 [pid 5926] openat(AT_FDCWD, "cgroup.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5927] mkdir("./file2", 0777 [pid 5926] <... openat resumed>) = 5 [pid 5927] <... mkdir resumed>) = 0 [pid 5926] ioctl(4, LOOP_CONFIGURE, {fd=5, block_size=0, info={lo_offset=0, lo_number=0, lo_flags=LO_FLAGS_AUTOCLEAR|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xfe\xe8\xa2\xab\x78\xfc\x17\x9f\xd1\xf8\xa0\xe9\x1d\xda\xac\xa7\xbd\x64\xc6\xa4\xb4\xe0\x0d\x96\x83\xdd\xa1\xaf\x1e\xa8\x9d\xe2\xb7\xfb\x0a\x01", ...}}) = -1 EBUSY (Device or resource busy) [pid 5926] ioctl(4, LOOP_SET_STATUS64, {lo_offset=0x5, lo_number=0, lo_flags=LO_FLAGS_USE_AOPS|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xeb\xbf\x52\x74\x8b\x0b\x2a\xff\x33\x0c\x21\x36\x7b\x06\x62\x4f\xde\x30\x88\x7f\xda\x17\x2e\xe2\x51\xca\x9d\xea\x03\xca\x09\x48\x80\x22\x55\x71\x64\x5c\xc0\x27\xcd\x4c\x7a\x81\x38\x8e\x08\xc0\xa4\xa8\x77\x31\x91\x41\x08\x48\xa8\x94\x10\xf3\x19\xbd\xe2"..., ...} [ 68.516341][ T5927] loop0: detected capacity change from 0 to 1024 [pid 5927] mount("/dev/loop0", "./file2", "hfsplus", MS_NOEXEC|MS_SYNCHRONOUS|MS_REC|MS_POSIXACL, "\x64\x65\x63\x6f\x6d\x70\x6f\x73\x65\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x74\x79\x70\x65\x3d\xa7\x86\x88\x28\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x31\x30\x30\x30\x30\x31\x2c\x6e\x6c\x73\x3d\x63\x70\x38\x36\x36\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30"... [pid 5926] <... ioctl resumed>) = 0 [pid 5926] exit_group(0 [pid 5927] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5926] <... exit_group resumed>) = ? [pid 5927] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5926] +++ exited with 0 +++ [pid 5927] ioctl(3, LOOP_CLR_FD [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5926, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5927] <... ioctl resumed>) = 0 [pid 5927] close(3 [pid 5848] restart_syscall(<... resuming interrupted clone ...> [pid 5927] <... close resumed>) = 0 [pid 5927] getpid() = 5927 [pid 5927] openat(AT_FDCWD, "/dev/loop0", O_RDONLY [pid 5848] <... restart_syscall resumed>) = 0 [pid 5848] umount2("./24", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5848] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(3, 0x55557b78e6f0 /* 4 entries */, 32768) = 112 [pid 5848] umount2("./24/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5927] <... openat resumed>) = 3 [pid 5927] openat(AT_FDCWD, "cgroup.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5848] <... umount2 resumed>) = 0 [pid 5927] ioctl(3, LOOP_CONFIGURE, {fd=4, block_size=0, info={lo_offset=0, lo_number=0, lo_flags=LO_FLAGS_AUTOCLEAR|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xfe\xe8\xa2\xab\x78\xfc\x17\x9f\xd1\xf8\xa0\xe9\x1d\xda\xac\xa7\xbd\x64\xc6\xa4\xb4\xe0\x0d\x96\x83\xdd\xa1\xaf\x1e\xa8\x9d\xe2\xb7\xfb\x0a\x01", ...}}) = 0 [pid 5848] umount2("./24/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5927] ioctl(3, LOOP_SET_STATUS64, {lo_offset=0x5, lo_number=0, lo_flags=LO_FLAGS_USE_AOPS|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xeb\xbf\x52\x74\x8b\x0b\x2a\xff\x33\x0c\x21\x36\x7b\x06\x62\x4f\xde\x30\x88\x7f\xda\x17\x2e\xe2\x51\xca\x9d\xea\x03\xca\x09\x48\x80\x22\x55\x71\x64\x5c\xc0\x27\xcd\x4c\x7a\x81\x38\x8e\x08\xc0\xa4\xa8\x77\x31\x91\x41\x08\x48\xa8\x94\x10\xf3\x19\xbd\xe2"..., ...} [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./24/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] umount2("./24/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./24/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5848] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(4, 0x55557b796730 /* 2 entries */, 32768) = 48 [pid 5848] getdents64(4, 0x55557b796730 /* 0 entries */, 32768) = 0 [pid 5848] close(4) = 0 [pid 5848] rmdir("./24/file2") = 0 [ 68.559443][ T5926] loop0: detected capacity change from 1024 to 3 [ 68.568275][ T5926] Dev loop0: unable to read RDB block 3 [ 68.574349][ T5926] loop0: unable to read partition table [ 68.580378][ T5926] loop0: partition table beyond EOD, truncated [ 68.586999][ T5927] hfsplus: unable to find HFS+ superblock [ 68.588619][ T5926] loop_reread_partitions: partition scan of loop0 (Rt *3 !6{bO0.Qʝ H"Uqd\'Lz8w1AH) failed (rc=-5) [pid 5848] umount2("./24/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] unlink("./24/binderfs") = 0 [pid 5848] getdents64(3, 0x55557b78e6f0 /* 0 entries */, 32768) = 0 [pid 5848] close(3) = 0 [pid 5848] rmdir("./24") = 0 [pid 5927] <... ioctl resumed>) = 0 [pid 5927] exit_group(0 [pid 5848] mkdir("./25", 0777 [pid 5927] <... exit_group resumed>) = ? [pid 5848] <... mkdir resumed>) = 0 [pid 5927] +++ exited with 0 +++ [pid 5848] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5845] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5927, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5848] <... openat resumed>) = 3 [pid 5845] restart_syscall(<... resuming interrupted clone ...> [pid 5848] ioctl(3, LOOP_CLR_FD) = 0 [pid 5848] close(3) = 0 [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5845] <... restart_syscall resumed>) = 0 [pid 5845] umount2("./24", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5845] openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5848] <... clone resumed>, child_tidptr=0x55557b78d650) = 5928 [pid 5845] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5845] getdents64(3, 0x55557b78e6f0 /* 5 entries */, 32768) = 144 [pid 5845] umount2("./24/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5845] newfstatat(AT_FDCWD, "./24/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5845] umount2("./24/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5845] openat(AT_FDCWD, "./24/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5845] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5845] getdents64(4, 0x55557b796730 /* 2 entries */, 32768) = 48 [pid 5845] getdents64(4, 0x55557b796730 /* 0 entries */, 32768) = 0 [pid 5845] close(4) = 0 [pid 5845] rmdir("./24/file2") = 0 [pid 5845] umount2("./24/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5845] newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 ./strace-static-x86_64: Process 5928 attached [pid 5845] unlink("./24/binderfs") = 0 [pid 5928] set_robust_list(0x55557b78d660, 24) = 0 [pid 5928] chdir("./25" [pid 5845] umount2("./24/cgroup.stat", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5845] newfstatat(AT_FDCWD, "./24/cgroup.stat", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5928] <... chdir resumed>) = 0 [pid 5928] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5845] unlink("./24/cgroup.stat") = 0 [pid 5928] <... prctl resumed>) = 0 [pid 5845] getdents64(3, [pid 5928] setpgid(0, 0) = 0 [pid 5845] <... getdents64 resumed>0x55557b78e6f0 /* 0 entries */, 32768) = 0 [pid 5928] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5845] close(3 [pid 5928] <... openat resumed>) = 3 [pid 5845] <... close resumed>) = 0 [pid 5928] write(3, "1000", 4 [pid 5845] rmdir("./24" [pid 5928] <... write resumed>) = 4 [pid 5928] close(3) = 0 [pid 5845] <... rmdir resumed>) = 0 [pid 5928] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5845] mkdir("./25", 0777 [pid 5928] write(1, "executing program\n", 18 [pid 5845] <... mkdir resumed>) = 0 executing program [pid 5928] <... write resumed>) = 18 [pid 5928] memfd_create("syzkaller", 0 [pid 5845] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5928] <... memfd_create resumed>) = 3 [pid 5845] <... openat resumed>) = 3 [pid 5845] ioctl(3, LOOP_CLR_FD [pid 5928] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b52200000 [pid 5845] <... ioctl resumed>) = 0 [pid 5928] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5845] close(3) = 0 [pid 5845] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5929 attached , child_tidptr=0x55557b78d650) = 5929 [pid 5929] set_robust_list(0x55557b78d660, 24) = 0 [pid 5929] chdir("./25" [pid 5928] <... write resumed>) = 524288 [pid 5929] <... chdir resumed>) = 0 [pid 5928] munmap(0x7f9b52200000, 138412032 [pid 5929] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5929] setpgid(0, 0) = 0 [pid 5928] <... munmap resumed>) = 0 [pid 5929] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5928] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5928] ioctl(4, LOOP_SET_FD, 3 [pid 5929] <... openat resumed>) = 3 [pid 5928] <... ioctl resumed>) = 0 [pid 5928] close(3 [pid 5929] write(3, "1000", 4) = 4 [pid 5929] close(3 [pid 5928] <... close resumed>) = 0 [pid 5929] <... close resumed>) = 0 [pid 5928] close(4 [pid 5929] symlink("/dev/binderfs", "./binderfs" [pid 5928] <... close resumed>) = 0 [pid 5928] mkdir("./file2", 0777) = 0 [pid 5928] mount("/dev/loop3", "./file2", "hfsplus", MS_NOEXEC|MS_SYNCHRONOUS|MS_REC|MS_POSIXACL, "\x64\x65\x63\x6f\x6d\x70\x6f\x73\x65\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x74\x79\x70\x65\x3d\xa7\x86\x88\x28\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x31\x30\x30\x30\x30\x31\x2c\x6e\x6c\x73\x3d\x63\x70\x38\x36\x36\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30"... [pid 5929] <... symlink resumed>) = 0 [pid 5929] write(1, "executing program\n", 18executing program ) = 18 [pid 5929] memfd_create("syzkaller", 0) = 3 [pid 5929] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b52200000 [pid 5928] <... mount resumed>) = 0 [pid 5929] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5928] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5928] chdir("./file2") = 0 [pid 5929] <... write resumed>) = 524288 [pid 5928] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5929] munmap(0x7f9b52200000, 138412032 [pid 5928] <... openat resumed>) = -1 EBUSY (Device or resource busy) [ 68.760718][ T5928] loop3: detected capacity change from 0 to 1024 [pid 5929] <... munmap resumed>) = 0 [pid 5928] getpid() = 5928 [pid 5928] openat(AT_FDCWD, "/dev/loop0", O_RDONLY [pid 5929] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5928] <... openat resumed>) = 4 [pid 5929] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5928] openat(AT_FDCWD, "cgroup.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5929] close(3) = 0 [pid 5929] close(4) = 0 [pid 5928] <... openat resumed>) = 5 [pid 5928] ioctl(4, LOOP_CONFIGURE, {fd=5, block_size=0, info={lo_offset=0, lo_number=0, lo_flags=LO_FLAGS_AUTOCLEAR|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xfe\xe8\xa2\xab\x78\xfc\x17\x9f\xd1\xf8\xa0\xe9\x1d\xda\xac\xa7\xbd\x64\xc6\xa4\xb4\xe0\x0d\x96\x83\xdd\xa1\xaf\x1e\xa8\x9d\xe2\xb7\xfb\x0a\x01", ...}}) = -1 EBUSY (Device or resource busy) [pid 5928] ioctl(4, LOOP_SET_STATUS64, {lo_offset=0x5, lo_number=0, lo_flags=LO_FLAGS_USE_AOPS|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xeb\xbf\x52\x74\x8b\x0b\x2a\xff\x33\x0c\x21\x36\x7b\x06\x62\x4f\xde\x30\x88\x7f\xda\x17\x2e\xe2\x51\xca\x9d\xea\x03\xca\x09\x48\x80\x22\x55\x71\x64\x5c\xc0\x27\xcd\x4c\x7a\x81\x38\x8e\x08\xc0\xa4\xa8\x77\x31\x91\x41\x08\x48\xa8\x94\x10\xf3\x19\xbd\xe2"..., ...} [pid 5929] mkdir("./file2", 0777) = 0 [ 68.835623][ T5929] loop0: detected capacity change from 0 to 1024 [pid 5929] mount("/dev/loop0", "./file2", "hfsplus", MS_NOEXEC|MS_SYNCHRONOUS|MS_REC|MS_POSIXACL, "\x64\x65\x63\x6f\x6d\x70\x6f\x73\x65\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x74\x79\x70\x65\x3d\xa7\x86\x88\x28\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x31\x30\x30\x30\x30\x31\x2c\x6e\x6c\x73\x3d\x63\x70\x38\x36\x36\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30"... [pid 5928] <... ioctl resumed>) = 0 [pid 5928] exit_group(0 [pid 5929] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5928] <... exit_group resumed>) = ? [pid 5929] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5928] +++ exited with 0 +++ [pid 5929] <... openat resumed>) = 3 [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5928, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5929] ioctl(3, LOOP_CLR_FD) = 0 [pid 5848] umount2("./25", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5929] close(3 [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5929] <... close resumed>) = 0 [pid 5848] openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5929] getpid() = 5929 [pid 5929] openat(AT_FDCWD, "/dev/loop0", O_RDONLY) = 3 [pid 5848] <... openat resumed>) = 3 [pid 5848] newfstatat(3, "", [pid 5929] openat(AT_FDCWD, "cgroup.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 68.889273][ T5928] loop0: detected capacity change from 1024 to 3 [ 68.896907][ T5928] Dev loop0: unable to read RDB block 3 [ 68.902582][ T5928] loop0: unable to read partition table [ 68.908274][ T5928] loop0: partition table beyond EOD, truncated [ 68.914487][ T5928] loop_reread_partitions: partition scan of loop0 (Rt *3 !6{bO0.Qʝ H"Uqd\'Lz8w1AH) failed (rc=-5) [ 68.928369][ T5929] hfsplus: unable to find HFS+ superblock [pid 5848] getdents64(3, 0x55557b78e6f0 /* 4 entries */, 32768) = 112 [pid 5929] <... openat resumed>) = 4 [pid 5848] umount2("./25/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5929] ioctl(3, LOOP_CONFIGURE, {fd=4, block_size=0, info={lo_offset=0, lo_number=0, lo_flags=LO_FLAGS_AUTOCLEAR|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xfe\xe8\xa2\xab\x78\xfc\x17\x9f\xd1\xf8\xa0\xe9\x1d\xda\xac\xa7\xbd\x64\xc6\xa4\xb4\xe0\x0d\x96\x83\xdd\xa1\xaf\x1e\xa8\x9d\xe2\xb7\xfb\x0a\x01", ...}}) = 0 [pid 5848] <... umount2 resumed>) = 0 [pid 5929] ioctl(3, LOOP_SET_STATUS64, {lo_offset=0x5, lo_number=0, lo_flags=LO_FLAGS_USE_AOPS|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xeb\xbf\x52\x74\x8b\x0b\x2a\xff\x33\x0c\x21\x36\x7b\x06\x62\x4f\xde\x30\x88\x7f\xda\x17\x2e\xe2\x51\xca\x9d\xea\x03\xca\x09\x48\x80\x22\x55\x71\x64\x5c\xc0\x27\xcd\x4c\x7a\x81\x38\x8e\x08\xc0\xa4\xa8\x77\x31\x91\x41\x08\x48\xa8\x94\x10\xf3\x19\xbd\xe2"..., ...} [pid 5848] umount2("./25/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./25/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] umount2("./25/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./25/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5848] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(4, 0x55557b796730 /* 2 entries */, 32768) = 48 [pid 5848] getdents64(4, 0x55557b796730 /* 0 entries */, 32768) = 0 [pid 5848] close(4) = 0 [pid 5848] rmdir("./25/file2") = 0 [pid 5848] umount2("./25/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] unlink("./25/binderfs") = 0 [pid 5848] getdents64(3, 0x55557b78e6f0 /* 0 entries */, 32768) = 0 [pid 5848] close(3) = 0 [pid 5848] rmdir("./25") = 0 [pid 5848] mkdir("./26", 0777) = 0 [pid 5848] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5848] ioctl(3, LOOP_CLR_FD) = 0 [pid 5848] close(3) = 0 [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5930 attached , child_tidptr=0x55557b78d650) = 5930 [pid 5930] set_robust_list(0x55557b78d660, 24) = 0 [pid 5930] chdir("./26") = 0 [pid 5930] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5930] setpgid(0, 0) = 0 [pid 5930] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5930] write(3, "1000", 4) = 4 [pid 5930] close(3) = 0 [pid 5930] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5930] write(1, "executing program\n", 18executing program ) = 18 [pid 5929] <... ioctl resumed>) = 0 [pid 5930] memfd_create("syzkaller", 0) = 3 [pid 5929] exit_group(0 [pid 5930] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5929] <... exit_group resumed>) = ? [pid 5930] <... mmap resumed>) = 0x7f9b52200000 [pid 5930] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5929] +++ exited with 0 +++ [pid 5930] <... write resumed>) = 524288 [pid 5930] munmap(0x7f9b52200000, 138412032 [pid 5845] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5929, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5930] <... munmap resumed>) = 0 [pid 5930] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5845] umount2("./25", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5930] <... openat resumed>) = 4 [pid 5845] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5930] ioctl(4, LOOP_SET_FD, 3 [pid 5845] openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5845] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5845] getdents64(3, 0x55557b78e6f0 /* 5 entries */, 32768) = 144 [pid 5845] umount2("./25/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5845] newfstatat(AT_FDCWD, "./25/file2", [pid 5930] <... ioctl resumed>) = 0 [pid 5845] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5930] close(3 [pid 5845] umount2("./25/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5930] <... close resumed>) = 0 [pid 5930] close(4 [pid 5845] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5930] <... close resumed>) = 0 [pid 5845] openat(AT_FDCWD, "./25/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5930] mkdir("./file2", 0777) = 0 [pid 5845] <... openat resumed>) = 4 [pid 5930] mount("/dev/loop3", "./file2", "hfsplus", MS_NOEXEC|MS_SYNCHRONOUS|MS_REC|MS_POSIXACL, "\x64\x65\x63\x6f\x6d\x70\x6f\x73\x65\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x74\x79\x70\x65\x3d\xa7\x86\x88\x28\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x31\x30\x30\x30\x30\x31\x2c\x6e\x6c\x73\x3d\x63\x70\x38\x36\x36\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30"... [pid 5845] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5845] getdents64(4, 0x55557b796730 /* 2 entries */, 32768) = 48 [pid 5845] getdents64(4, 0x55557b796730 /* 0 entries */, 32768) = 0 [pid 5845] close(4) = 0 [pid 5845] rmdir("./25/file2") = 0 [pid 5845] umount2("./25/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5930] <... mount resumed>) = 0 [pid 5930] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5845] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5930] chdir("./file2" [pid 5845] newfstatat(AT_FDCWD, "./25/binderfs", [pid 5930] <... chdir resumed>) = 0 [pid 5845] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5930] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5845] unlink("./25/binderfs" [pid 5930] getpid() = 5930 [pid 5845] <... unlink resumed>) = 0 [pid 5930] openat(AT_FDCWD, "/dev/loop0", O_RDONLY) = 4 [pid 5845] umount2("./25/cgroup.stat", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5930] openat(AT_FDCWD, "cgroup.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5845] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5845] newfstatat(AT_FDCWD, "./25/cgroup.stat", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5845] unlink("./25/cgroup.stat") = 0 [pid 5845] getdents64(3, 0x55557b78e6f0 /* 0 entries */, 32768) = 0 [pid 5845] close(3) = 0 [pid 5845] rmdir("./25" [pid 5930] <... openat resumed>) = 5 [pid 5845] <... rmdir resumed>) = 0 [ 69.064048][ T5930] loop3: detected capacity change from 0 to 1024 [pid 5930] ioctl(4, LOOP_CONFIGURE, {fd=5, block_size=0, info={lo_offset=0, lo_number=0, lo_flags=LO_FLAGS_AUTOCLEAR|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xfe\xe8\xa2\xab\x78\xfc\x17\x9f\xd1\xf8\xa0\xe9\x1d\xda\xac\xa7\xbd\x64\xc6\xa4\xb4\xe0\x0d\x96\x83\xdd\xa1\xaf\x1e\xa8\x9d\xe2\xb7\xfb\x0a\x01", ...}} [pid 5845] mkdir("./26", 0777 [pid 5930] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5930] ioctl(4, LOOP_SET_STATUS64, {lo_offset=0x5, lo_number=0, lo_flags=LO_FLAGS_USE_AOPS|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xeb\xbf\x52\x74\x8b\x0b\x2a\xff\x33\x0c\x21\x36\x7b\x06\x62\x4f\xde\x30\x88\x7f\xda\x17\x2e\xe2\x51\xca\x9d\xea\x03\xca\x09\x48\x80\x22\x55\x71\x64\x5c\xc0\x27\xcd\x4c\x7a\x81\x38\x8e\x08\xc0\xa4\xa8\x77\x31\x91\x41\x08\x48\xa8\x94\x10\xf3\x19\xbd\xe2"..., ...} [pid 5845] <... mkdir resumed>) = 0 [pid 5845] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5930] <... ioctl resumed>) = 0 [pid 5845] <... openat resumed>) = 3 [pid 5930] exit_group(0 [pid 5845] ioctl(3, LOOP_CLR_FD) = 0 [pid 5930] <... exit_group resumed>) = ? [pid 5845] close(3) = 0 [pid 5930] +++ exited with 0 +++ [pid 5845] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5930, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5848] restart_syscall(<... resuming interrupted clone ...>./strace-static-x86_64: Process 5931 attached ) = 0 [pid 5845] <... clone resumed>, child_tidptr=0x55557b78d650) = 5931 [pid 5931] set_robust_list(0x55557b78d660, 24 [pid 5848] umount2("./26", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5931] <... set_robust_list resumed>) = 0 [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5931] chdir("./26" [pid 5848] openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5931] <... chdir resumed>) = 0 [pid 5848] newfstatat(3, "", [pid 5931] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5931] <... prctl resumed>) = 0 [pid 5848] getdents64(3, [pid 5931] setpgid(0, 0 [pid 5848] <... getdents64 resumed>0x55557b78e6f0 /* 4 entries */, 32768) = 112 [pid 5931] <... setpgid resumed>) = 0 [pid 5931] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5848] umount2("./26/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5931] <... openat resumed>) = 3 [pid 5931] write(3, "1000", 4) = 4 [pid 5931] close(3) = 0 [pid 5931] symlink("/dev/binderfs", "./binderfs" [pid 5848] <... umount2 resumed>) = 0 [pid 5931] <... symlink resumed>) = 0 executing program [pid 5931] write(1, "executing program\n", 18 [pid 5848] umount2("./26/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5931] <... write resumed>) = 18 [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./26/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] umount2("./26/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5931] memfd_create("syzkaller", 0 [pid 5848] openat(AT_FDCWD, "./26/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5931] <... memfd_create resumed>) = 3 [pid 5931] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5848] <... openat resumed>) = 4 [pid 5848] newfstatat(4, "", [pid 5931] <... mmap resumed>) = 0x7f9b52200000 [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5931] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5848] getdents64(4, 0x55557b796730 /* 2 entries */, 32768) = 48 [pid 5848] getdents64(4, 0x55557b796730 /* 0 entries */, 32768) = 0 [pid 5848] close(4) = 0 [pid 5848] rmdir("./26/file2") = 0 [pid 5931] <... write resumed>) = 524288 [pid 5848] umount2("./26/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5931] munmap(0x7f9b52200000, 138412032 [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5931] <... munmap resumed>) = 0 [pid 5848] newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] unlink("./26/binderfs" [pid 5931] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5848] <... unlink resumed>) = 0 [pid 5931] <... openat resumed>) = 4 [pid 5848] getdents64(3, 0x55557b78e6f0 /* 0 entries */, 32768) = 0 [pid 5931] ioctl(4, LOOP_SET_FD, 3 [pid 5848] close(3) = 0 [pid 5931] <... ioctl resumed>) = 0 [pid 5848] rmdir("./26" [pid 5931] close(3) = 0 [pid 5931] close(4) = 0 [pid 5931] mkdir("./file2", 0777) = 0 [pid 5931] mount("/dev/loop0", "./file2", "hfsplus", MS_NOEXEC|MS_SYNCHRONOUS|MS_REC|MS_POSIXACL, "\x64\x65\x63\x6f\x6d\x70\x6f\x73\x65\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x74\x79\x70\x65\x3d\xa7\x86\x88\x28\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x31\x30\x30\x30\x30\x31\x2c\x6e\x6c\x73\x3d\x63\x70\x38\x36\x36\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30"... [pid 5848] <... rmdir resumed>) = 0 [pid 5848] mkdir("./27", 0777) = 0 [pid 5931] <... mount resumed>) = 0 [pid 5848] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5931] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5848] <... openat resumed>) = 3 [pid 5931] <... openat resumed>) = 3 [pid 5931] chdir("./file2") = 0 [pid 5848] ioctl(3, LOOP_CLR_FD [pid 5931] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5848] <... ioctl resumed>) = 0 [pid 5931] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5848] close(3 [pid 5931] getpid( [pid 5848] <... close resumed>) = 0 [ 69.289513][ T5931] loop0: detected capacity change from 0 to 1024 [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5931] <... getpid resumed>) = 5931 [pid 5931] openat(AT_FDCWD, "/dev/loop0", O_RDONLY) = 4 [pid 5931] openat(AT_FDCWD, "cgroup.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000./strace-static-x86_64: Process 5932 attached [pid 5932] set_robust_list(0x55557b78d660, 24 [pid 5848] <... clone resumed>, child_tidptr=0x55557b78d650) = 5932 [pid 5932] <... set_robust_list resumed>) = 0 [pid 5931] <... openat resumed>) = 5 [pid 5932] chdir("./27") = 0 [pid 5931] ioctl(4, LOOP_CONFIGURE, {fd=5, block_size=0, info={lo_offset=0, lo_number=0, lo_flags=LO_FLAGS_AUTOCLEAR|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xfe\xe8\xa2\xab\x78\xfc\x17\x9f\xd1\xf8\xa0\xe9\x1d\xda\xac\xa7\xbd\x64\xc6\xa4\xb4\xe0\x0d\x96\x83\xdd\xa1\xaf\x1e\xa8\x9d\xe2\xb7\xfb\x0a\x01", ...}} [pid 5932] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5931] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5932] setpgid(0, 0 [pid 5931] ioctl(4, LOOP_SET_STATUS64, {lo_offset=0x5, lo_number=0, lo_flags=LO_FLAGS_USE_AOPS|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xeb\xbf\x52\x74\x8b\x0b\x2a\xff\x33\x0c\x21\x36\x7b\x06\x62\x4f\xde\x30\x88\x7f\xda\x17\x2e\xe2\x51\xca\x9d\xea\x03\xca\x09\x48\x80\x22\x55\x71\x64\x5c\xc0\x27\xcd\x4c\x7a\x81\x38\x8e\x08\xc0\xa4\xa8\x77\x31\x91\x41\x08\x48\xa8\x94\x10\xf3\x19\xbd\xe2"..., ...} [pid 5932] <... setpgid resumed>) = 0 [pid 5932] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5932] write(3, "1000", 4) = 4 [pid 5932] close(3) = 0 [pid 5932] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5932] write(1, "executing program\n", 18executing program ) = 18 [pid 5932] memfd_create("syzkaller", 0) = 3 [pid 5932] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b52200000 [pid 5932] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 5932] munmap(0x7f9b52200000, 138412032) = 0 [pid 5932] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [ 69.389262][ T5931] loop0: detected capacity change from 1024 to 3 [ 69.396226][ T5931] Dev loop0: unable to read RDB block 3 [ 69.401905][ T5931] loop0: unable to read partition table [ 69.407595][ T5931] loop0: partition table beyond EOD, truncated [ 69.414040][ T5931] loop_reread_partitions: partition scan of loop0 (Rt *3 !6{bO0.Qʝ H"Uqd\'Lz8w1AH) failed (rc=-5) [pid 5932] ioctl(4, LOOP_SET_FD, 3 [pid 5931] <... ioctl resumed>) = 0 [pid 5931] exit_group(0 [pid 5932] <... ioctl resumed>) = 0 [pid 5931] <... exit_group resumed>) = ? [pid 5932] close(3 [pid 5931] +++ exited with 0 +++ [pid 5932] <... close resumed>) = 0 [pid 5932] close(4) = 0 [pid 5932] mkdir("./file2", 0777 [pid 5845] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5931, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5932] <... mkdir resumed>) = 0 [pid 5845] umount2("./26", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 69.436748][ T5932] loop3: detected capacity change from 0 to 1024 [pid 5932] mount("/dev/loop3", "./file2", "hfsplus", MS_NOEXEC|MS_SYNCHRONOUS|MS_REC|MS_POSIXACL, "\x64\x65\x63\x6f\x6d\x70\x6f\x73\x65\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x74\x79\x70\x65\x3d\xa7\x86\x88\x28\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x31\x30\x30\x30\x30\x31\x2c\x6e\x6c\x73\x3d\x63\x70\x38\x36\x36\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30"... [pid 5845] openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5845] newfstatat(3, "", [pid 5932] <... mount resumed>) = 0 [pid 5845] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5845] getdents64(3, [pid 5932] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5845] <... getdents64 resumed>0x55557b78e6f0 /* 4 entries */, 32768) = 112 [pid 5932] <... openat resumed>) = 3 [pid 5845] umount2("./26/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5932] chdir("./file2") = 0 [pid 5932] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5932] getpid( [pid 5845] <... umount2 resumed>) = 0 [pid 5932] <... getpid resumed>) = 5932 [pid 5932] openat(AT_FDCWD, "/dev/loop0", O_RDONLY) = 4 [pid 5845] umount2("./26/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5932] openat(AT_FDCWD, "cgroup.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5845] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5845] newfstatat(AT_FDCWD, "./26/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5845] umount2("./26/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5932] <... openat resumed>) = 5 [pid 5845] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5845] openat(AT_FDCWD, "./26/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5932] ioctl(4, LOOP_CONFIGURE, {fd=5, block_size=0, info={lo_offset=0, lo_number=0, lo_flags=LO_FLAGS_AUTOCLEAR|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xfe\xe8\xa2\xab\x78\xfc\x17\x9f\xd1\xf8\xa0\xe9\x1d\xda\xac\xa7\xbd\x64\xc6\xa4\xb4\xe0\x0d\x96\x83\xdd\xa1\xaf\x1e\xa8\x9d\xe2\xb7\xfb\x0a\x01", ...}}) = -1 EBUSY (Device or resource busy) [pid 5845] <... openat resumed>) = 4 [pid 5932] ioctl(4, LOOP_SET_STATUS64, {lo_offset=0x5, lo_number=0, lo_flags=LO_FLAGS_USE_AOPS|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xeb\xbf\x52\x74\x8b\x0b\x2a\xff\x33\x0c\x21\x36\x7b\x06\x62\x4f\xde\x30\x88\x7f\xda\x17\x2e\xe2\x51\xca\x9d\xea\x03\xca\x09\x48\x80\x22\x55\x71\x64\x5c\xc0\x27\xcd\x4c\x7a\x81\x38\x8e\x08\xc0\xa4\xa8\x77\x31\x91\x41\x08\x48\xa8\x94\x10\xf3\x19\xbd\xe2"..., ...} [pid 5845] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 69.473232][ T2108] kworker/u8:6: attempt to access beyond end of device [ 69.473232][ T2108] loop0: rw=1, sector=206, nr_sectors = 8 limit=3 [ 69.487016][ T2108] kworker/u8:6: attempt to access beyond end of device [ 69.487016][ T2108] loop0: rw=2049, sector=198, nr_sectors = 16 limit=3 [pid 5845] getdents64(4, 0x55557b796730 /* 2 entries */, 32768) = 48 [pid 5845] getdents64(4, 0x55557b796730 /* 0 entries */, 32768) = 0 [pid 5845] close(4) = 0 [pid 5845] rmdir("./26/file2") = 0 [pid 5932] <... ioctl resumed>) = 0 [pid 5845] umount2("./26/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5845] newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5932] exit_group(0) = ? [pid 5845] unlink("./26/binderfs") = 0 [pid 5845] getdents64(3, [pid 5932] +++ exited with 0 +++ [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5932, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- [pid 5845] <... getdents64 resumed>0x55557b78e6f0 /* 0 entries */, 32768) = 0 [pid 5845] close(3) = 0 [pid 5848] umount2("./27", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5845] rmdir("./26" [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5845] <... rmdir resumed>) = 0 [pid 5848] <... openat resumed>) = 3 [pid 5845] mkdir("./27", 0777 [pid 5848] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(3, [pid 5845] <... mkdir resumed>) = 0 [pid 5848] <... getdents64 resumed>0x55557b78e6f0 /* 4 entries */, 32768) = 112 [pid 5845] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5848] umount2("./27/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5845] <... openat resumed>) = 3 [pid 5845] ioctl(3, LOOP_CLR_FD [pid 5848] <... umount2 resumed>) = 0 [pid 5845] <... ioctl resumed>) = 0 [pid 5848] umount2("./27/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5845] close(3 [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./27/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5845] <... close resumed>) = 0 [pid 5848] umount2("./27/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5845] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 5933 attached [pid 5848] openat(AT_FDCWD, "./27/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5845] <... clone resumed>, child_tidptr=0x55557b78d650) = 5933 [pid 5933] set_robust_list(0x55557b78d660, 24 [pid 5848] <... openat resumed>) = 4 [pid 5933] <... set_robust_list resumed>) = 0 [pid 5848] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5933] chdir("./27" [pid 5848] getdents64(4, [pid 5933] <... chdir resumed>) = 0 [pid 5933] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5848] <... getdents64 resumed>0x55557b796730 /* 2 entries */, 32768) = 48 [pid 5848] getdents64(4, [pid 5933] <... prctl resumed>) = 0 [pid 5848] <... getdents64 resumed>0x55557b796730 /* 0 entries */, 32768) = 0 [pid 5933] setpgid(0, 0 [pid 5848] close(4 [pid 5933] <... setpgid resumed>) = 0 [pid 5848] <... close resumed>) = 0 [pid 5933] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5848] rmdir("./27/file2") = 0 [pid 5933] <... openat resumed>) = 3 [pid 5848] umount2("./27/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5933] write(3, "1000", 4) = 4 [pid 5848] newfstatat(AT_FDCWD, "./27/binderfs", [pid 5933] close(3 [pid 5848] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5933] <... close resumed>) = 0 [pid 5848] unlink("./27/binderfs" [pid 5933] symlink("/dev/binderfs", "./binderfs" [pid 5848] <... unlink resumed>) = 0 [pid 5933] <... symlink resumed>) = 0 executing program [pid 5933] write(1, "executing program\n", 18) = 18 [pid 5933] memfd_create("syzkaller", 0 [pid 5848] getdents64(3, [pid 5933] <... memfd_create resumed>) = 3 [pid 5848] <... getdents64 resumed>0x55557b78e6f0 /* 0 entries */, 32768) = 0 [pid 5933] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5848] close(3 [pid 5933] <... mmap resumed>) = 0x7f9b52200000 [pid 5848] <... close resumed>) = 0 [pid 5848] rmdir("./27" [pid 5933] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5848] <... rmdir resumed>) = 0 [pid 5848] mkdir("./28", 0777) = 0 [pid 5848] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5933] <... write resumed>) = 524288 [pid 5848] <... openat resumed>) = 3 [pid 5933] munmap(0x7f9b52200000, 138412032 [pid 5848] ioctl(3, LOOP_CLR_FD) = 0 [pid 5848] close(3 [pid 5933] <... munmap resumed>) = 0 [pid 5933] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5848] <... close resumed>) = 0 [pid 5933] <... openat resumed>) = 4 [pid 5933] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5934 attached , child_tidptr=0x55557b78d650) = 5934 [pid 5934] set_robust_list(0x55557b78d660, 24) = 0 [pid 5934] chdir("./28") = 0 [pid 5934] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5934] setpgid(0, 0) = 0 [pid 5934] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5934] write(3, "1000", 4) = 4 [pid 5934] close(3) = 0 [pid 5934] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5934] write(1, "executing program\n", 18) = 18 [pid 5934] memfd_create("syzkaller", 0) = 3 [pid 5934] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b52200000 [pid 5934] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5933] close(3) = 0 [pid 5933] close(4) = 0 [pid 5933] mkdir("./file2", 0777) = 0 [pid 5933] mount("/dev/loop0", "./file2", "hfsplus", MS_NOEXEC|MS_SYNCHRONOUS|MS_REC|MS_POSIXACL, "\x64\x65\x63\x6f\x6d\x70\x6f\x73\x65\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x74\x79\x70\x65\x3d\xa7\x86\x88\x28\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x31\x30\x30\x30\x30\x31\x2c\x6e\x6c\x73\x3d\x63\x70\x38\x36\x36\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30"... [pid 5934] <... write resumed>) = 524288 [pid 5933] <... mount resumed>) = 0 [pid 5934] munmap(0x7f9b52200000, 138412032 [pid 5933] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5934] <... munmap resumed>) = 0 [pid 5933] <... openat resumed>) = 3 [pid 5933] chdir("./file2" [pid 5934] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5933] <... chdir resumed>) = 0 [pid 5933] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5934] <... openat resumed>) = 4 [pid 5933] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5934] ioctl(4, LOOP_SET_FD, 3 [pid 5933] getpid() = 5933 [pid 5933] openat(AT_FDCWD, "/dev/loop0", O_RDONLY) = 4 [pid 5933] openat(AT_FDCWD, "cgroup.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5934] <... ioctl resumed>) = 0 [pid 5934] close(3 [pid 5933] <... openat resumed>) = 5 [pid 5934] <... close resumed>) = 0 [pid 5933] ioctl(4, LOOP_CONFIGURE, {fd=5, block_size=0, info={lo_offset=0, lo_number=0, lo_flags=LO_FLAGS_AUTOCLEAR|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xfe\xe8\xa2\xab\x78\xfc\x17\x9f\xd1\xf8\xa0\xe9\x1d\xda\xac\xa7\xbd\x64\xc6\xa4\xb4\xe0\x0d\x96\x83\xdd\xa1\xaf\x1e\xa8\x9d\xe2\xb7\xfb\x0a\x01", ...}} [pid 5934] close(4 [pid 5933] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5934] <... close resumed>) = 0 [pid 5934] mkdir("./file2", 0777 [pid 5933] ioctl(4, LOOP_SET_STATUS64, {lo_offset=0x5, lo_number=0, lo_flags=LO_FLAGS_USE_AOPS|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xeb\xbf\x52\x74\x8b\x0b\x2a\xff\x33\x0c\x21\x36\x7b\x06\x62\x4f\xde\x30\x88\x7f\xda\x17\x2e\xe2\x51\xca\x9d\xea\x03\xca\x09\x48\x80\x22\x55\x71\x64\x5c\xc0\x27\xcd\x4c\x7a\x81\x38\x8e\x08\xc0\xa4\xa8\x77\x31\x91\x41\x08\x48\xa8\x94\x10\xf3\x19\xbd\xe2"..., ...} [pid 5934] <... mkdir resumed>) = 0 [ 69.802037][ T5933] loop0: detected capacity change from 0 to 1024 [ 69.841132][ T5934] loop3: detected capacity change from 0 to 1024 [pid 5934] mount("/dev/loop3", "./file2", "hfsplus", MS_NOEXEC|MS_SYNCHRONOUS|MS_REC|MS_POSIXACL, "\x64\x65\x63\x6f\x6d\x70\x6f\x73\x65\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x74\x79\x70\x65\x3d\xa7\x86\x88\x28\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x31\x30\x30\x30\x30\x31\x2c\x6e\x6c\x73\x3d\x63\x70\x38\x36\x36\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30"...) = 0 [pid 5934] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5934] chdir("./file2") = 0 [pid 5934] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5934] getpid() = 5934 [pid 5934] openat(AT_FDCWD, "/dev/loop0", O_RDONLY) = 4 [pid 5934] openat(AT_FDCWD, "cgroup.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5933] <... ioctl resumed>) = 0 [pid 5934] <... openat resumed>) = 5 [pid 5933] exit_group(0 [pid 5934] ioctl(4, LOOP_CONFIGURE, {fd=5, block_size=0, info={lo_offset=0, lo_number=0, lo_flags=LO_FLAGS_AUTOCLEAR|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xfe\xe8\xa2\xab\x78\xfc\x17\x9f\xd1\xf8\xa0\xe9\x1d\xda\xac\xa7\xbd\x64\xc6\xa4\xb4\xe0\x0d\x96\x83\xdd\xa1\xaf\x1e\xa8\x9d\xe2\xb7\xfb\x0a\x01", ...}} [pid 5933] <... exit_group resumed>) = ? [pid 5934] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5933] +++ exited with 0 +++ [pid 5934] ioctl(4, LOOP_SET_STATUS64, {lo_offset=0x5, lo_number=0, lo_flags=LO_FLAGS_USE_AOPS|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xeb\xbf\x52\x74\x8b\x0b\x2a\xff\x33\x0c\x21\x36\x7b\x06\x62\x4f\xde\x30\x88\x7f\xda\x17\x2e\xe2\x51\xca\x9d\xea\x03\xca\x09\x48\x80\x22\x55\x71\x64\x5c\xc0\x27\xcd\x4c\x7a\x81\x38\x8e\x08\xc0\xa4\xa8\x77\x31\x91\x41\x08\x48\xa8\x94\x10\xf3\x19\xbd\xe2"..., ...} [pid 5845] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5933, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5845] umount2("./27", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5845] openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5845] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5845] getdents64(3, 0x55557b78e6f0 /* 4 entries */, 32768) = 112 [ 69.899406][ T5933] loop0: detected capacity change from 1024 to 3 [ 69.907112][ T5933] Dev loop0: unable to read RDB block 3 [ 69.913175][ T5933] loop0: unable to read partition table [ 69.919422][ T5933] loop0: partition table beyond EOD, truncated [ 69.925583][ T5933] loop_reread_partitions: partition scan of loop0 (Rt *3 !6{bO0.Qʝ H"Uqd\'Lz8w1AH) failed (rc=-5) [pid 5845] umount2("./27/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5934] <... ioctl resumed>) = 0 [pid 5934] exit_group(0) = ? [pid 5845] <... umount2 resumed>) = 0 [pid 5934] +++ exited with 0 +++ [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5934, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5845] umount2("./27/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] umount2("./28", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5845] newfstatat(AT_FDCWD, "./27/file2", [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5845] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] <... openat resumed>) = 3 [pid 5845] umount2("./27/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] newfstatat(3, "", [pid 5845] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5845] openat(AT_FDCWD, "./27/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5845] <... openat resumed>) = 4 [pid 5848] getdents64(3, [pid 5845] newfstatat(4, "", [pid 5848] <... getdents64 resumed>0x55557b78e6f0 /* 4 entries */, 32768) = 112 [pid 5845] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] umount2("./28/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5845] getdents64(4, 0x55557b796730 /* 2 entries */, 32768) = 48 [pid 5845] getdents64(4, 0x55557b796730 /* 0 entries */, 32768) = 0 [pid 5845] close(4) = 0 [pid 5845] rmdir("./27/file2" [pid 5848] <... umount2 resumed>) = 0 [pid 5845] <... rmdir resumed>) = 0 [pid 5848] umount2("./28/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5845] umount2("./27/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./28/file2", [pid 5845] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5845] newfstatat(AT_FDCWD, "./27/binderfs", [pid 5848] umount2("./28/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5845] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 69.955065][ T2108] kworker/u8:6: attempt to access beyond end of device [ 69.955065][ T2108] loop0: rw=1, sector=206, nr_sectors = 8 limit=3 [ 69.968914][ T2108] kworker/u8:6: attempt to access beyond end of device [ 69.968914][ T2108] loop0: rw=2049, sector=198, nr_sectors = 16 limit=3 [pid 5845] unlink("./27/binderfs" [pid 5848] openat(AT_FDCWD, "./28/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5845] <... unlink resumed>) = 0 [pid 5848] <... openat resumed>) = 4 [pid 5848] newfstatat(4, "", [pid 5845] getdents64(3, [pid 5848] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(4, [pid 5845] <... getdents64 resumed>0x55557b78e6f0 /* 0 entries */, 32768) = 0 [pid 5845] close(3 [pid 5848] <... getdents64 resumed>0x55557b796730 /* 2 entries */, 32768) = 48 [pid 5845] <... close resumed>) = 0 [pid 5848] getdents64(4, 0x55557b796730 /* 0 entries */, 32768) = 0 [pid 5848] close(4 [pid 5845] rmdir("./27" [pid 5848] <... close resumed>) = 0 [pid 5848] rmdir("./28/file2") = 0 [pid 5845] <... rmdir resumed>) = 0 [pid 5845] mkdir("./28", 0777 [pid 5848] umount2("./28/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5845] <... mkdir resumed>) = 0 [pid 5848] newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] unlink("./28/binderfs" [pid 5845] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5848] <... unlink resumed>) = 0 [pid 5845] <... openat resumed>) = 3 [pid 5848] getdents64(3, [pid 5845] ioctl(3, LOOP_CLR_FD [pid 5848] <... getdents64 resumed>0x55557b78e6f0 /* 0 entries */, 32768) = 0 [pid 5845] <... ioctl resumed>) = 0 [pid 5845] close(3 [pid 5848] close(3 [pid 5845] <... close resumed>) = 0 [pid 5848] <... close resumed>) = 0 [pid 5845] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5848] rmdir("./28") = 0 ./strace-static-x86_64: Process 5935 attached [pid 5848] mkdir("./29", 0777 [pid 5845] <... clone resumed>, child_tidptr=0x55557b78d650) = 5935 [pid 5935] set_robust_list(0x55557b78d660, 24 [pid 5848] <... mkdir resumed>) = 0 [pid 5935] <... set_robust_list resumed>) = 0 [pid 5848] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5935] chdir("./28") = 0 [pid 5848] <... openat resumed>) = 3 [pid 5848] ioctl(3, LOOP_CLR_FD [pid 5935] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5848] <... ioctl resumed>) = 0 [pid 5935] <... prctl resumed>) = 0 [pid 5848] close(3 [pid 5935] setpgid(0, 0) = 0 [pid 5935] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5935] write(3, "1000", 4 [pid 5848] <... close resumed>) = 0 [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5936 attached [pid 5936] set_robust_list(0x55557b78d660, 24 [pid 5935] <... write resumed>) = 4 [pid 5936] <... set_robust_list resumed>) = 0 [pid 5935] close(3 [pid 5848] <... clone resumed>, child_tidptr=0x55557b78d650) = 5936 [pid 5936] chdir("./29" [pid 5935] <... close resumed>) = 0 [pid 5935] symlink("/dev/binderfs", "./binderfs" [pid 5936] <... chdir resumed>) = 0 [pid 5935] <... symlink resumed>) = 0 executing program [pid 5935] write(1, "executing program\n", 18) = 18 [pid 5936] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5936] setpgid(0, 0) = 0 [pid 5935] memfd_create("syzkaller", 0 [pid 5936] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5935] <... memfd_create resumed>) = 3 [pid 5936] write(3, "1000", 4) = 4 [pid 5936] close(3) = 0 [pid 5936] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5935] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0executing program [pid 5936] write(1, "executing program\n", 18 [pid 5935] <... mmap resumed>) = 0x7f9b52200000 [pid 5936] <... write resumed>) = 18 [pid 5936] memfd_create("syzkaller", 0) = 3 [pid 5935] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5936] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b52200000 [pid 5935] <... write resumed>) = 524288 [pid 5935] munmap(0x7f9b52200000, 138412032 [pid 5936] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5935] <... munmap resumed>) = 0 [pid 5935] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5935] ioctl(4, LOOP_SET_FD, 3 [pid 5936] <... write resumed>) = 524288 [pid 5936] munmap(0x7f9b52200000, 138412032 [pid 5935] <... ioctl resumed>) = 0 [pid 5936] <... munmap resumed>) = 0 [pid 5936] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5935] close(3 [pid 5936] <... openat resumed>) = 4 [pid 5935] <... close resumed>) = 0 [pid 5936] ioctl(4, LOOP_SET_FD, 3 [pid 5935] close(4) = 0 [pid 5935] mkdir("./file2", 0777) = 0 [pid 5935] mount("/dev/loop0", "./file2", "hfsplus", MS_NOEXEC|MS_SYNCHRONOUS|MS_REC|MS_POSIXACL, "\x64\x65\x63\x6f\x6d\x70\x6f\x73\x65\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x74\x79\x70\x65\x3d\xa7\x86\x88\x28\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x31\x30\x30\x30\x30\x31\x2c\x6e\x6c\x73\x3d\x63\x70\x38\x36\x36\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30"... [pid 5936] <... ioctl resumed>) = 0 [pid 5936] close(3) = 0 [pid 5936] close(4) = 0 [pid 5936] mkdir("./file2", 0777) = 0 [pid 5936] mount("/dev/loop3", "./file2", "hfsplus", MS_NOEXEC|MS_SYNCHRONOUS|MS_REC|MS_POSIXACL, "\x64\x65\x63\x6f\x6d\x70\x6f\x73\x65\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x74\x79\x70\x65\x3d\xa7\x86\x88\x28\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x31\x30\x30\x30\x30\x31\x2c\x6e\x6c\x73\x3d\x63\x70\x38\x36\x36\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30"... [pid 5935] <... mount resumed>) = 0 [pid 5936] <... mount resumed>) = 0 [pid 5936] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5935] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5936] <... openat resumed>) = 3 [pid 5935] <... openat resumed>) = 3 [pid 5936] chdir("./file2") = 0 [pid 5935] chdir("./file2" [pid 5936] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5935] <... chdir resumed>) = 0 [pid 5935] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5936] getpid() = 5936 [pid 5936] openat(AT_FDCWD, "/dev/loop0", O_RDONLY [pid 5935] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5936] <... openat resumed>) = 4 [pid 5935] getpid() = 5935 [pid 5936] openat(AT_FDCWD, "cgroup.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5935] openat(AT_FDCWD, "/dev/loop0", O_RDONLY) = 4 [ 70.233614][ T5935] loop0: detected capacity change from 0 to 1024 [ 70.257089][ T5936] loop3: detected capacity change from 0 to 1024 [pid 5935] openat(AT_FDCWD, "cgroup.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5936] <... openat resumed>) = 5 [pid 5935] <... openat resumed>) = 5 [pid 5936] ioctl(4, LOOP_CONFIGURE, {fd=5, block_size=0, info={lo_offset=0, lo_number=0, lo_flags=LO_FLAGS_AUTOCLEAR|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xfe\xe8\xa2\xab\x78\xfc\x17\x9f\xd1\xf8\xa0\xe9\x1d\xda\xac\xa7\xbd\x64\xc6\xa4\xb4\xe0\x0d\x96\x83\xdd\xa1\xaf\x1e\xa8\x9d\xe2\xb7\xfb\x0a\x01", ...}}) = -1 EBUSY (Device or resource busy) [pid 5936] ioctl(4, LOOP_SET_STATUS64, {lo_offset=0x5, lo_number=0, lo_flags=LO_FLAGS_USE_AOPS|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xeb\xbf\x52\x74\x8b\x0b\x2a\xff\x33\x0c\x21\x36\x7b\x06\x62\x4f\xde\x30\x88\x7f\xda\x17\x2e\xe2\x51\xca\x9d\xea\x03\xca\x09\x48\x80\x22\x55\x71\x64\x5c\xc0\x27\xcd\x4c\x7a\x81\x38\x8e\x08\xc0\xa4\xa8\x77\x31\x91\x41\x08\x48\xa8\x94\x10\xf3\x19\xbd\xe2"..., ...} [pid 5935] ioctl(4, LOOP_CONFIGURE, {fd=5, block_size=0, info={lo_offset=0, lo_number=0, lo_flags=LO_FLAGS_AUTOCLEAR|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xfe\xe8\xa2\xab\x78\xfc\x17\x9f\xd1\xf8\xa0\xe9\x1d\xda\xac\xa7\xbd\x64\xc6\xa4\xb4\xe0\x0d\x96\x83\xdd\xa1\xaf\x1e\xa8\x9d\xe2\xb7\xfb\x0a\x01", ...}}) = -1 EBUSY (Device or resource busy) [pid 5935] ioctl(4, LOOP_SET_STATUS64, {lo_offset=0x5, lo_number=0, lo_flags=LO_FLAGS_USE_AOPS|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xeb\xbf\x52\x74\x8b\x0b\x2a\xff\x33\x0c\x21\x36\x7b\x06\x62\x4f\xde\x30\x88\x7f\xda\x17\x2e\xe2\x51\xca\x9d\xea\x03\xca\x09\x48\x80\x22\x55\x71\x64\x5c\xc0\x27\xcd\x4c\x7a\x81\x38\x8e\x08\xc0\xa4\xa8\x77\x31\x91\x41\x08\x48\xa8\x94\x10\xf3\x19\xbd\xe2"..., ...} [pid 5936] <... ioctl resumed>) = 0 [pid 5936] exit_group(0) = ? [pid 5935] <... ioctl resumed>) = 0 [pid 5935] exit_group(0) = ? [pid 5935] +++ exited with 0 +++ [pid 5936] +++ exited with 0 +++ [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5936, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5848] restart_syscall(<... resuming interrupted clone ...> [pid 5845] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5935, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5845] restart_syscall(<... resuming interrupted clone ...> [pid 5848] <... restart_syscall resumed>) = 0 [pid 5845] <... restart_syscall resumed>) = 0 [pid 5848] umount2("./29", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5845] umount2("./28", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5845] openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5848] getdents64(3, [pid 5845] <... openat resumed>) = 3 [ 70.359117][ T5936] loop0: detected capacity change from 1024 to 3 [ 70.366310][ T5936] Dev loop0: unable to read RDB block 3 [ 70.371933][ T5936] loop0: unable to read partition table [ 70.377899][ T5936] loop0: partition table beyond EOD, truncated [ 70.384138][ T5936] loop_reread_partitions: partition scan of loop0 (Rt *3 !6{bO0.Qʝ H"Uqd\'Lz8w1AH) failed (rc=-5) [pid 5848] <... getdents64 resumed>0x55557b78e6f0 /* 4 entries */, 32768) = 112 [pid 5845] newfstatat(3, "", [pid 5848] umount2("./29/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5845] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5845] getdents64(3, 0x55557b78e6f0 /* 4 entries */, 32768) = 112 [pid 5845] umount2("./28/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] <... umount2 resumed>) = 0 [pid 5848] umount2("./29/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./29/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] umount2("./29/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./29/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5848] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(4, 0x55557b796730 /* 2 entries */, 32768) = 48 [pid 5845] <... umount2 resumed>) = 0 [pid 5848] getdents64(4, 0x55557b796730 /* 0 entries */, 32768) = 0 [pid 5845] umount2("./28/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] close(4 [pid 5845] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] <... close resumed>) = 0 [pid 5845] newfstatat(AT_FDCWD, "./28/file2", [pid 5848] rmdir("./29/file2" [pid 5845] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] <... rmdir resumed>) = 0 [pid 5845] umount2("./28/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5845] openat(AT_FDCWD, "./28/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5848] umount2("./29/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5845] <... openat resumed>) = 4 [pid 5848] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5845] newfstatat(4, "", [pid 5848] newfstatat(AT_FDCWD, "./29/binderfs", [pid 5845] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] unlink("./29/binderfs" [pid 5845] getdents64(4, 0x55557b796730 /* 2 entries */, 32768) = 48 [pid 5848] <... unlink resumed>) = 0 [pid 5845] getdents64(4, [pid 5848] getdents64(3, [pid 5845] <... getdents64 resumed>0x55557b796730 /* 0 entries */, 32768) = 0 [pid 5845] close(4 [pid 5848] <... getdents64 resumed>0x55557b78e6f0 /* 0 entries */, 32768) = 0 [pid 5845] <... close resumed>) = 0 [pid 5848] close(3) = 0 [pid 5845] rmdir("./28/file2" [pid 5848] rmdir("./29" [pid 5845] <... rmdir resumed>) = 0 [pid 5845] umount2("./28/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5848] <... rmdir resumed>) = 0 [pid 5845] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5845] newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 70.454071][ T11] kworker/u8:0: attempt to access beyond end of device [ 70.454071][ T11] loop0: rw=1, sector=206, nr_sectors = 8 limit=3 [ 70.467613][ T11] kworker/u8:0: attempt to access beyond end of device [ 70.467613][ T11] loop0: rw=2049, sector=198, nr_sectors = 16 limit=3 [pid 5848] mkdir("./30", 0777 [pid 5845] unlink("./28/binderfs" [pid 5848] <... mkdir resumed>) = 0 [pid 5845] <... unlink resumed>) = 0 [pid 5848] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5845] getdents64(3, [pid 5848] ioctl(3, LOOP_CLR_FD) = 0 [pid 5845] <... getdents64 resumed>0x55557b78e6f0 /* 0 entries */, 32768) = 0 [pid 5848] close(3 [pid 5845] close(3 [pid 5848] <... close resumed>) = 0 [pid 5845] <... close resumed>) = 0 [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5845] rmdir("./28") = 0 ./strace-static-x86_64: Process 5937 attached [pid 5845] mkdir("./29", 0777) = 0 [pid 5937] set_robust_list(0x55557b78d660, 24 [pid 5848] <... clone resumed>, child_tidptr=0x55557b78d650) = 5937 [pid 5937] <... set_robust_list resumed>) = 0 [pid 5845] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5937] chdir("./30" [pid 5845] <... openat resumed>) = 3 [pid 5845] ioctl(3, LOOP_CLR_FD [pid 5937] <... chdir resumed>) = 0 [pid 5845] <... ioctl resumed>) = 0 [pid 5937] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5845] close(3 [pid 5937] <... prctl resumed>) = 0 [pid 5937] setpgid(0, 0 [pid 5845] <... close resumed>) = 0 [pid 5937] <... setpgid resumed>) = 0 [pid 5845] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5938 attached [pid 5937] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5845] <... clone resumed>, child_tidptr=0x55557b78d650) = 5938 [pid 5937] write(3, "1000", 4) = 4 [pid 5937] close(3) = 0 [pid 5937] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5938] set_robust_list(0x55557b78d660, 24 executing program [pid 5937] write(1, "executing program\n", 18) = 18 [pid 5937] memfd_create("syzkaller", 0) = 3 [pid 5937] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b52200000 [pid 5938] <... set_robust_list resumed>) = 0 [pid 5937] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5938] chdir("./29") = 0 [pid 5938] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5938] setpgid(0, 0) = 0 [pid 5938] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5938] write(3, "1000", 4) = 4 [pid 5938] close(3) = 0 [pid 5937] <... write resumed>) = 524288 [pid 5938] symlink("/dev/binderfs", "./binderfs" [pid 5937] munmap(0x7f9b52200000, 138412032) = 0 [pid 5938] <... symlink resumed>) = 0 [pid 5937] openat(AT_FDCWD, "/dev/loop3", O_RDWRexecuting program [pid 5938] write(1, "executing program\n", 18 [pid 5937] <... openat resumed>) = 4 [pid 5938] <... write resumed>) = 18 [pid 5937] ioctl(4, LOOP_SET_FD, 3 [pid 5938] memfd_create("syzkaller", 0) = 3 [pid 5937] <... ioctl resumed>) = 0 [pid 5938] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b52200000 [pid 5937] close(3 [pid 5938] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5937] <... close resumed>) = 0 [pid 5937] close(4) = 0 [pid 5937] mkdir("./file2", 0777) = 0 [pid 5938] <... write resumed>) = 524288 [pid 5937] mount("/dev/loop3", "./file2", "hfsplus", MS_NOEXEC|MS_SYNCHRONOUS|MS_REC|MS_POSIXACL, "\x64\x65\x63\x6f\x6d\x70\x6f\x73\x65\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x74\x79\x70\x65\x3d\xa7\x86\x88\x28\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x31\x30\x30\x30\x30\x31\x2c\x6e\x6c\x73\x3d\x63\x70\x38\x36\x36\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30"... [pid 5938] munmap(0x7f9b52200000, 138412032) = 0 [pid 5938] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5937] <... mount resumed>) = 0 [pid 5937] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5938] ioctl(4, LOOP_SET_FD, 3 [pid 5937] chdir("./file2") = 0 [pid 5937] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5938] <... ioctl resumed>) = 0 [pid 5937] getpid() = 5937 [pid 5937] openat(AT_FDCWD, "/dev/loop0", O_RDONLY) = 4 [pid 5937] openat(AT_FDCWD, "cgroup.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5938] close(3) = 0 [pid 5938] close(4) = 0 [pid 5938] mkdir("./file2", 0777) = 0 [pid 5937] <... openat resumed>) = 5 [pid 5938] mount("/dev/loop0", "./file2", "hfsplus", MS_NOEXEC|MS_SYNCHRONOUS|MS_REC|MS_POSIXACL, "\x64\x65\x63\x6f\x6d\x70\x6f\x73\x65\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x74\x79\x70\x65\x3d\xa7\x86\x88\x28\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x31\x30\x30\x30\x30\x31\x2c\x6e\x6c\x73\x3d\x63\x70\x38\x36\x36\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30"... [ 70.610427][ T5937] loop3: detected capacity change from 0 to 1024 [ 70.650558][ T5938] loop0: detected capacity change from 0 to 1024 [pid 5937] ioctl(4, LOOP_CONFIGURE, {fd=5, block_size=0, info={lo_offset=0, lo_number=0, lo_flags=LO_FLAGS_AUTOCLEAR|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xfe\xe8\xa2\xab\x78\xfc\x17\x9f\xd1\xf8\xa0\xe9\x1d\xda\xac\xa7\xbd\x64\xc6\xa4\xb4\xe0\x0d\x96\x83\xdd\xa1\xaf\x1e\xa8\x9d\xe2\xb7\xfb\x0a\x01", ...}} [pid 5938] <... mount resumed>) = 0 [pid 5937] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5938] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5937] ioctl(4, LOOP_SET_STATUS64, {lo_offset=0x5, lo_number=0, lo_flags=LO_FLAGS_USE_AOPS|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xeb\xbf\x52\x74\x8b\x0b\x2a\xff\x33\x0c\x21\x36\x7b\x06\x62\x4f\xde\x30\x88\x7f\xda\x17\x2e\xe2\x51\xca\x9d\xea\x03\xca\x09\x48\x80\x22\x55\x71\x64\x5c\xc0\x27\xcd\x4c\x7a\x81\x38\x8e\x08\xc0\xa4\xa8\x77\x31\x91\x41\x08\x48\xa8\x94\x10\xf3\x19\xbd\xe2"..., ...} [pid 5938] <... openat resumed>) = 3 [pid 5938] chdir("./file2") = 0 [pid 5938] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5938] getpid() = 5938 [pid 5938] openat(AT_FDCWD, "/dev/loop0", O_RDONLY) = 4 [ 70.739227][ T5937] loop0: detected capacity change from 1024 to 3 [ 70.746589][ T5937] Dev loop0: unable to read RDB block 3 [ 70.746887][ T5938] syz-executor964: attempt to access beyond end of device [ 70.746887][ T5938] loop0: rw=0, sector=86, nr_sectors = 2 limit=3 [ 70.765515][ T5937] loop0: unable to read partition table [ 70.766623][ T5938] Buffer I/O error on dev loop0, logical block 43, async page read [ 70.771468][ T5937] loop0: partition table beyond EOD, [pid 5938] openat(AT_FDCWD, "cgroup.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5937] <... ioctl resumed>) = 0 [pid 5937] exit_group(0) = ? [pid 5937] +++ exited with 0 +++ [pid 5848] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5937, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [ 70.779133][ T5938] syz-executor964: attempt to access beyond end of device [ 70.779133][ T5938] loop0: rw=0, sector=88, nr_sectors = 2 limit=3 [ 70.797750][ T5937] truncated [ 70.797769][ T5937] loop_reread_partitions: partition scan of loop0 (Rt *3 !6{bO0.Qʝ H"Uqd\'Lz8w1AH) failed (rc=-5) [ 70.814586][ T5938] Buffer I/O error on dev loop0, logical block 44, async page read [ 70.823206][ T5938] syz-executor964: attempt to access beyond end of device [ 70.823206][ T5938] loop0: rw=0, sector=90, nr_sectors = 2 limit=3 [pid 5848] umount2("./30", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5848] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(3, 0x55557b78e6f0 /* 4 entries */, 32768) = 112 [pid 5848] umount2("./30/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 5848] umount2("./30/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./30/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] umount2("./30/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] openat(AT_FDCWD, "./30/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5848] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(4, 0x55557b796730 /* 2 entries */, 32768) = 48 [pid 5848] getdents64(4, 0x55557b796730 /* 0 entries */, 32768) = 0 [pid 5848] close(4) = 0 [pid 5848] rmdir("./30/file2") = 0 [pid 5848] umount2("./30/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5848] newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5848] unlink("./30/binderfs") = 0 [pid 5848] getdents64(3, 0x55557b78e6f0 /* 0 entries */, 32768) = 0 [pid 5848] close(3) = 0 [pid 5848] rmdir("./30") = 0 [pid 5848] mkdir("./31", 0777 [pid 5938] <... openat resumed>) = 5 [pid 5848] <... mkdir resumed>) = 0 [pid 5938] ioctl(4, LOOP_CONFIGURE, {fd=5, block_size=0, info={lo_offset=0, lo_number=0, lo_flags=LO_FLAGS_AUTOCLEAR|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xfe\xe8\xa2\xab\x78\xfc\x17\x9f\xd1\xf8\xa0\xe9\x1d\xda\xac\xa7\xbd\x64\xc6\xa4\xb4\xe0\x0d\x96\x83\xdd\xa1\xaf\x1e\xa8\x9d\xe2\xb7\xfb\x0a\x01", ...}} [pid 5848] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5938] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5848] ioctl(3, LOOP_CLR_FD) = 0 [pid 5848] close(3 [pid 5938] ioctl(4, LOOP_SET_STATUS64, {lo_offset=0x5, lo_number=0, lo_flags=LO_FLAGS_USE_AOPS|LO_FLAGS_PARTSCAN|LO_FLAGS_DIRECT_IO, lo_file_name="\xeb\xbf\x52\x74\x8b\x0b\x2a\xff\x33\x0c\x21\x36\x7b\x06\x62\x4f\xde\x30\x88\x7f\xda\x17\x2e\xe2\x51\xca\x9d\xea\x03\xca\x09\x48\x80\x22\x55\x71\x64\x5c\xc0\x27\xcd\x4c\x7a\x81\x38\x8e\x08\xc0\xa4\xa8\x77\x31\x91\x41\x08\x48\xa8\x94\x10\xf3\x19\xbd\xe2"..., ...} [pid 5848] <... close resumed>) = 0 [pid 5848] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5939 attached , child_tidptr=0x55557b78d650) = 5939 [pid 5939] set_robust_list(0x55557b78d660, 24) = 0 [pid 5939] chdir("./31") = 0 [pid 5939] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 70.836565][ T5938] Buffer I/O error on dev loop0, logical block 45, async page read [ 70.844621][ T5938] syz-executor964: attempt to access beyond end of device [ 70.844621][ T5938] loop0: rw=0, sector=92, nr_sectors = 2 limit=3 [ 70.858161][ T5938] Buffer I/O error on dev loop0, logical block 46, async page read [ 70.866226][ T5938] hfsplus: xattr searching failed [pid 5939] setpgid(0, 0) = 0 [pid 5939] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5938] <... ioctl resumed>) = 0 [pid 5939] write(3, "1000", 4 [pid 5938] exit_group(0 [pid 5939] <... write resumed>) = 4 [pid 5939] close(3) = 0 [pid 5938] <... exit_group resumed>) = ? [pid 5939] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5938] +++ exited with 0 +++ executing program [pid 5939] write(1, "executing program\n", 18) = 18 [pid 5845] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5938, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- [pid 5939] memfd_create("syzkaller", 0) = 3 [pid 5845] restart_syscall(<... resuming interrupted clone ...> [pid 5939] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5845] <... restart_syscall resumed>) = 0 [pid 5939] <... mmap resumed>) = 0x7f9b52200000 [pid 5939] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 5845] umount2("./29", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5939] <... write resumed>) = 524288 [pid 5939] munmap(0x7f9b52200000, 138412032 [pid 5845] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5939] <... munmap resumed>) = 0 [pid 5845] openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5939] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5845] newfstatat(3, "", [pid 5939] <... openat resumed>) = 4 [pid 5845] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5939] ioctl(4, LOOP_SET_FD, 3 [pid 5845] getdents64(3, 0x55557b78e6f0 /* 4 entries */, 32768) = 112 [pid 5845] umount2("./29/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5939] <... ioctl resumed>) = 0 [pid 5939] close(3) = 0 [pid 5939] close(4) = 0 [pid 5939] mkdir("./file2", 0777) = 0 [pid 5939] mount("/dev/loop3", "./file2", "hfsplus", MS_NOEXEC|MS_SYNCHRONOUS|MS_REC|MS_POSIXACL, "\x64\x65\x63\x6f\x6d\x70\x6f\x73\x65\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x34\x30\x2c\x74\x79\x70\x65\x3d\xa7\x86\x88\x28\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x31\x30\x30\x30\x30\x31\x2c\x6e\x6c\x73\x3d\x63\x70\x38\x36\x36\x2c\x75\x6d\x61\x73\x6b\x3d\x30\x30\x30\x30"...) = 0 [pid 5939] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5939] chdir("./file2") = 0 [pid 5939] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5939] getpid() = 5939 [pid 5939] openat(AT_FDCWD, "/dev/loop0", O_RDONLY) = 4 [pid 5939] openat(AT_FDCWD, "cgroup.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5845] <... umount2 resumed>) = 0 [pid 5845] umount2("./29/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)